Skip to main content

Set up the CrowdStrike Workload Protection connector

CrowdStrike Workload Protection is a cloud-native security solution designed to protect workloads across hybrid and multi-cloud environments. It helps organizations prevent breaches by offering runtime protection, vulnerability management, and compliance enforcement.

By integrating CrowdStrike Workload Protection, VRM leverages its insights to recommend the best next actions for security teams, ensuring seamless alignment with their broader tool stack and promoting a unified, strategic approach to security management.

Create API client

Set up a CrowdStrike API client for secure access to the CrowdStrike API.

Prerequisites:

Ensure you have access to CrowdStrike Falcon with sufficient permissions to create an API client.

To complete this task:

  1. Log in to the CrowdStrike Falcon platform.
  2. From the top-left menu, select Support and Resources > Resources and tools > API Clients and Keys.
  3. From the left navigation menu, select Settings > API Keys.
  4. Select Create API Client.
  5. Enter a name and description for the client.
  6. Select the Read permission for the Falcon Container Image scope. CrowdStrike scope selection
  7. Select Create.
  8. Copy the API Client ID, API Client Secret, and Base URL to a secure location.

Create a VRM connector

  1. In VRM, from the left navigation menu, select the Settings icon settings_icon.png.
  2. Select Add Connector.
  3. Select the CrowdStrike Workload Protection tile.
  4. Enter a name for the connector.
  5. Enter the Client ID and Client Secret you generated in Falcon.
  6. For Endpoint URL, enter the Base URL of the instance you copied in Falcon.
  7. Select Add Connector.

Validate your data

After successfully connecting the CrowdStrike Workload Protection connector within VRM, it will take some time for VRM to fetch the asset data.

After the connector has completed the fetch, validate that VRM correctly ingested the data.

  1. In VRM, select Findings Findings icon from the left navigation menu.
  2. Select the Finding Source filter and select CrowdStrike Workload Protection.

The Findings table displays the CrowdStrike Workload Protection vulnerability findings.

Last updated on