Torq

CrowdStrike provides endpoint protection, threat intelligence, and response services. 

Torq enables quick and easy integration with CrowdStrike, so you can automate anything and everything within moments. Torq's pre-built CrowdStrike steps include: 

- Add Host to Group
- Contain Host
- Create Indicator 
- Delete Host
- Download MTRE Report
- +55 more... 

If you don't see a step you need, you can <a href="https://kb.torq.io/en/articles/9183207-creating-custom-steps-in-torq-automate-anything">create your own</a> in various ways, such as using the Send an HTTP Request step or Torq’s Step Builder, and share it across your organization.

To <a href="https://kb.torq.io/en/articles/9130865-integration-triggers-in-torq-ingest-data">trigger</a> a Torq workflow based on events sent from CrowdStrike, look <a href="https://kb.torq.io/en/articles/9138382-crowdstrike#h_710a158d57">here</a>. ​

To use CrowdStrike <a href="https://kb.torq.io/en/articles/9122841-explore-torq-steps-workflow-building-blocks">steps</a> in Torq workflows, look <a href="#h_4e8aa3a543">here</a>.

Use CrowdStrike Steps in a Torq Workflow

This method of creating a CrowdStrike integration requires a Create a session step whenever you use <a href="https://kb.torq.io/en/articles/9138382-crowdstrike#h_30f9193ea5">CrowdStrike steps</a>. It has been replaced with the <a href="https://kb.torq.io/en/articles/9138382-crowdstrike#h_0a64cdded1">CrowdStrike </a><a href="https://kb.torq.io/en/articles/9138382-crowdstrike#h_0a64cdded1">API Client steps integration</a>. To use the API-key method, please <a href="https://kb.torq.io/en/articles/9094913-grant-temporary-workspace-access-to-torq-support">contact Torq support</a>.

Step One: Generate a CrowdStrike API Key

Navigate to API Clients and Keys: Click the menu and go to Support &gt; Resources and tools &gt; API Clients and Keys.

Create a Client: Click Create API client.

1. Give the client a unique and meaningful name. For example, <code>TorqWorkflows</code>.
2. Give the client a relevant description. For example, <code>This key is used in Torq workflows to automate investigations of CrowdStrike detections</code>.
3. Select one or more scopes for the key. You must apply relevant scopes to perform desired actions within Torq workflows. For example, if you want to modify or edit a detection within a workflow, you need to apply the <code>Read</code> and <code>Write</code> scope for <code>Detections</code>.

Save Information: Copy and save the values for the following fields, which you must enter when configuring the CrowdStrike steps integration in Torq. Be sure to save them somewhere - you will not be able to access them again.

1. Navigate to API Clients and Keys: Click the menu and go to Support &gt; Resources and tools &gt; API Clients and Keys.
2. Create a Client: Click Create API client.
 1. Give the client a unique and meaningful name. For example, <code>TorqWorkflows</code>.
 2. Give the client a relevant description. For example, <code>This key is used in Torq workflows to automate investigations of CrowdStrike detections</code>.
 3. Select one or more scopes for the key. You must apply relevant scopes to perform desired actions within Torq workflows. For example, if you want to modify or edit a detection within a workflow, you need to apply the <code>Read</code> and <code>Write</code> scope for <code>Detections</code>. 
3. Finalize: Click Create.

4. Save Information: Copy and save the values for the following fields, which you must enter when configuring the CrowdStrike steps integration in Torq. Be sure to save them somewhere - you will not be able to access them again. 
 1. CLIENT ID
 2. SECRET
 3. BASE URL

Step Two: Create a CrowdStrike Steps Integration in Torq

Navigate to Integration: In Torq, go to Build &gt; Integrations &gt; Steps &gt; CrowdStrike and click Add.

1. Give the integration a unique and meaningful name - you cannot change this later.
2. Add the Base URL created <a href="https://kb.torq.io/en/articles/9138382-crowdstrike#h_d9b440d4bb">earlier</a>. 
3. Add the Client ID created earlier. 
4. Add the Clicent Secret created earlier.

Finalize: Click Add to save.

1. Navigate to Integration: In Torq, go to Build &gt; Integrations &gt; Steps &gt; CrowdStrike and click Add.
2. Set Up Integration:
 1. Give the integration a unique and meaningful name - you cannot change this later.
 2. Add the Base URL created <a href="https://kb.torq.io/en/articles/9138382-crowdstrike#h_d9b440d4bb">earlier</a>. 
 3. Add the Client ID created earlier. 
 4. Add the Clicent Secret created earlier. 
3. Finalize: Click Add to save.

Step Three: Use CrowdStrike Steps in a Workflow

Access Token: CrowdStrike requires an <a href="https://auth0.com/docs/secure/tokens/access-tokens" rel="nofollow noopener noreferrer" target="_blank">access token</a> for API call sessions.

Add Step: Before using CrowdStrike steps in a workflow, you must add the CrowdStrike step <code>Create a session</code> to your canvas.

Automate Token Creation: This generates an access token, which will then be used as an input parameter for subsequent CrowdStrike steps within that workflow.

1. A new access token is created per workflow execution. 

1. Access Token: CrowdStrike requires an <a href="https://auth0.com/docs/secure/tokens/access-tokens" rel="nofollow noopener noreferrer" target="_blank">access token</a> for API call sessions. 
2. Add Step: Before using CrowdStrike steps in a workflow, you must add the CrowdStrike step <code>Create a session</code> to your canvas. 

3. Automate Token Creation: This generates an access token, which will then be used as an input parameter for subsequent CrowdStrike steps within that workflow. 
 
 1. A new access token is created per workflow execution.

Now that you've added your integration check out these specially crafted templates by Torq's security experts. Visit Torq's template library for <a href="https://app.torq.io/templates?" rel="nofollow noopener noreferrer" target="_blank">more</a>.

<a href="https://app.torq.io/templates?id=f03eea1d-cf7a-462d-86bb-7b4490b4d45f" rel="nofollow noopener noreferrer" target="_blank">Create Cases from Crowdstrike Detections found in Splunk</a>

<a href="https://app.torq.io/templates?id=9b5458f7-8854-460f-823a-470c6138a20d" rel="nofollow noopener noreferrer" target="_blank">Create IOCs on Malicious Files from a CrowdStrike Incident</a>

<a href="https://app.torq.io/templates?id=e798353d-7858-438a-a337-ac61e0c82391" rel="nofollow noopener noreferrer" target="_blank">Request File Download From CrowdStrike Using Real-Time Response</a>

- <a href="https://app.torq.io/templates?id=f03eea1d-cf7a-462d-86bb-7b4490b4d45f" rel="nofollow noopener noreferrer" target="_blank">Create Cases from Crowdstrike Detections found in Splunk</a>
- <a href="https://app.torq.io/templates?id=9b5458f7-8854-460f-823a-470c6138a20d" rel="nofollow noopener noreferrer" target="_blank">Create IOCs on Malicious Files from a CrowdStrike Incident</a>
- <a href="https://app.torq.io/templates?id=e798353d-7858-438a-a337-ac61e0c82391" rel="nofollow noopener noreferrer" target="_blank">Request File Download From CrowdStrike Using Real-Time Response</a>

Integrate CrowdStrike with Torq to automate event response workflows using API key configurations.

CrowdStrike (Legacy)

Create a custom design with text, images, and links

Hyperautomation™

Blog

Our Story

HyperSOC™

Resources

Security And Compliance

Technology Partners

Careers

Legal & Compliance

Contact Us

WHY TORQ

RESOURCES

COMPANY

API Documentation

Torq Academy

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Tickets

No access to tickets portal

English

url(https://downloads.intercomcdn.com/i/o/eomhaz2o/650488/453c3f06f99ecd5c993f4e92378d/1fbc1f558d986ce509cc6e195facae95.png)

Use CrowdStrike Steps in a Torq Workflow

Step One: Generate a CrowdStrike API Key

Step Two: Create a CrowdStrike Steps Integration in Torq

Step Three: Use CrowdStrike Steps in a Workflow

Templates