Integrating Vanta & CrowdStrike

  • Updated

CrowdStrike is a cloud security tool with products including endpoint protection and cloud monitoring. You can connect CrowdStrike to Vanta to ensure user access to CrowdStrike is managed following your company's policies. You can also connect to Crowdstrike Spotlight to ingest and display vulnerabilities on the vulnerabilities page. If you have already integrated with CrowdStrike and you need to update the permissions, you may skip many of the steps in the instructions below and edit the existing Vanta Client in CrowdStrike.

 

Creating an API Client in CrowdStrike

  • You'll need Falcon Administrator permissions to set up an API Client.
  • Using the top-left menu, navigate to Support and Resources and select API Clients and keys.


Screen

  • Create a new API Client by clicking Add new API client

mceclip0.png

Set up your new API Client

  • Wait to exit the Add new API client window until you finish setting up the CrowdStrike integration in Vanta
  • Name the client a recognizable name, e.g., "Vanta Client." You can leave the description blank.

Screen_Shot_2022-08-23_at_11.15.47_AM.png

  • In the API Scopes section, check the boxes User Management, Hosts, and Prevention Policies in the Read Column. This will grant Vanta read-only access to User information in CrowdStrike. Click Add to create the API Client.

Screen_Shot_2022-08-23_at_11.15.56_AM.png

CrowdStrike will show you the three pieces of data you need to connect CrowdStrike to Vanta. Don't exit the window where these data are shown -- you'll need them to connect to Vanta. The data are:

  • Client ID: The public API Client ID
  • Client Secret: A secret shared between CrowdStrike and Vanta. This secret is only shown once. 
  • Base URL: The URL Vanta will use for API requests. This is usually https://api.crowdstrike.com, but it may be different for your instance.

Connecting CrowdStrike to Vanta

  • In a separate window or tab, open Vanta and navigate to Integrations
  • Search for Crowdstrick in the Available Integrations section and select Connect

Screenshot

  • Paste the Client ID, Client Secret, and Base URL from the previous steps into Vanta.


CrowdStrikeConnection.png

  • Click Done. Vanta will now fetch data from CrowdStrike regularly.

Monitoring Access

Monitoring Vulnerabilities

  • You can also use the Crowdstrike integration to monitor for vulnerabilities from Crowdstrike Spotlight. If you have not enabled the Crowdstrike integration already, ensure that you enable Spotlight during configuration.
  • If you have already enabled the Crowdstrike integration and want to ingest vulnerabilities, you will need to reconnect the integration and select Spotlight during configuration.
  • For more information on vulnerability management in Vanta, see our documentation here

Updating an Existing API Client

Do the below if you have already integrated but need to add more permissions to the Vanta Client.

  • You'll need Falcon Administrator permissions to set up an API Client.
  • Using the top-left menu, navigate to Support and resources > API Clients and keys.
  • Edit the Vanta API Client
  • In the API Scopes section, check the boxes User Management, Hosts, and Prevention Policies in the Read Column. This will grant Vanta read-only access to User information in CrowdStrike. Click Add to create the API Client.
  • Click Save