CrowdStrike is a cloud security tool with products including endpoint protection and cloud monitoring. You can connect CrowdStrike to Vanta to ensure user access to CrowdStrike is managed following your company's policies.
Creating an API Client in CrowdStrike
- You'll need Falcon Administrator permissions to set up an API Client.
- Using the top-left menu, navigate to Support and resources > API Clients and keys.
- Create a new API Client by clicking Add new API client
Set up your new API Client
- Don't exit the Add new API client window until you've finished setting up the CrowdStrike integration in Vanta.
- Name the client a recognizable name, e.g., "Vanta Client." You can leave the description blank.
- In the API Scopes section, only check the box in the User Management row and the Read Column. This will grant Vanta read-only access to User information in CrowdStrike. Click Add to create the API Client.
CrowdStrike will show you the three pieces of data you need to connect CrowdStrike to Vanta. Don't exit the window where these data are shown -- you'll need them to connect to Vanta. The data are:
- Client ID: The public API Client ID
- Client Secret: A secret shared between CrowdStrike and Vanta. This secret is only shown once.
- Base URL: The URL Vanta will use for API requests. This is usually https://api.crowdstrike.com, but it may be different for your instance.
Connecting CrowdStrike to Vanta
- In a separate window or tab, open Vanta and navigate to Integrations. Find the "Cloud security tools" section, and click Connect to connect CrowdStrike.
- Paste the Client ID, Client Secret, and Base URL from the previous steps into Vanta.
- Click Done. Vanta will now fetch data from CrowdStrike regularly.
- You can use Access to see which users are authorized to access your CrowdStrike instance and which roles these users are assigned.
- Vanta will also run tests to ensure that you've linked users in CrowdStrike with users in Vanta and removed users from CrowdStrike when they are offboarded.