Use Case
Enterprise customers who have deployed CrowdStrike Falcon Prevent want to protect their endpoints against high and critical severity malware threats detected by BlueHex Secure, industry's first Real-time Deep Learning Platform for Cloud and Network Security.
Configuration
Email support@crowdstrike.com to ask for access to CrowdStrike Falcon Query API
Generate a GPG public / private key pair and attach to the Support Portal case regarding this API request
https://supportportal.crowdstrike.com/s/article/PGP-Email-Encryption-Basics-Using-GPG
Install GPG:
Windows: https://www.gpg4win.org/
Mac: https://gpgtools.org/
Linux: GPG is usually installed by default.Receive API credentials in support portal. [Attachments: Query-API-Creds_<customer name>.txt.asc]
Decrypt Falcon Query API credentials. To decrypt this message.asc file,to a decrypted version file, api.txt enter the following command:
$ gpg --ouput api.txt --decrypt message.asc
You will be prompted to enter the passphrase you set to use your private key to decrypt the message.Provide API credentials to Blue Hexagon. Please send the api.txt from Step 4 to support@bluehexagon.ai
Blue Hexagon Support will configure the BlueHex Secure appliance to send malware hashes to CrowdStrike Cloud.
Verify the configuration is working by comparing threats in BlueHex Secure Console and Crowdstrike Console.