Skip to main content

CrowdStrike Identity Protection

Integrate CrowdStrike IdP with Torq to automate event response workflows using API key configurations.

Updated yesterday

CrowdStrike Identity Protection focuses on identity threat detection, specifically aimed at protecting user identities against fraud, credential theft, and more. The CIP API is tailored for managing and protecting identity-related data

Torq enables quick and easy integration with CrowdStrike Identity Protection, so you can automate anything and everything within moments. Torq's public CrowdStrike Identity Protection steps include:

  • Add Comment

  • Add to Traffic Exclusion List

  • Create Session

  • Get Entry Details

  • +6 more...

If you don't see a step you need, you can create your own in various ways, such as using the Send an HTTP Request step or Torq’s Step Builder, and share it across your organization.

To use CrowdStrike Identity Protection steps in Torq workflows, look here.

Use CrowdStrike Identity Protection Steps in Torq

Step One: Generate a CrowdStrike API Client

  1. Navigate to API Clients and Keys: Click the menu and go to Support > Resources and tools > API Clients and Keys.

  2. Create a Client: Click Create API client.

    1. Give the client a unique and meaningful name. For example, TorqWorkflows.

    2. Give the client a relevant description. For example, This key is used in Torq workflows to automate IDP investigations.

    3. For CrowdStrike Identity Protection API access, you must ensure that the permissions are set to allow access to identity-related resources. This may include enabling permissions related to identity monitoring, fraud detection, and authentication logging.

  3. Finalize: Click Create.

  4. Save Information: Copy and save the values for the following fields, which you must enter when configuring the CrowdStrike steps integration in Torq. Be sure to save them somewhere - you cannot access them again.

    1. CLIENT ID

    2. SECRET

    3. BASE URL

Step Two: Create a CrowdStrike Identity Protection Steps Integration in Torq

  1. Navigate to the Integration: Go to Build > Integrations > Steps > CrowdStrike Identity Protection and click Add Instance.

  2. Fill in the Details: Give the integration a unique and meaningful name.

    1. In the Base URL field, paste the URL you copied earlier.

    2. In the Client ID field, paste the ID that you copied earlier in step one.

    3. In the Client Secret, paste the secret that you copied earlier.

  3. Finalize: Click Add.

Step Three: Use CrowdStrike Steps in a Workflow

  1. Access Token: CrowdStrike requires an access token for API call sessions.

  2. Add Step: Before using CrowdStrike IdP steps in a workflow, you must add the CrowdStrike step Create a session to your canvas.

  3. Automate Token Creation: This generates an access token, which will then be used as an input parameter for subsequent CrowdStrike IdP steps within that workflow.

    1. A new access token is created per workflow execution.

Related Articles
CrowdStrike
CrowdStrike Streaming
Cyera
Clutch Security
CrowdStrike (Legacy)
Did this answer your question?