CrowdStrike

Owned by Arun Raman
Last updated: Apr 29, 2021
1 min read

Use Case

Enterprise customers who have deployed CrowdStrike Falcon Prevent want to protect their endpoints against high and critical severity malware threats detected by BlueHex Secure, industry's first real-time Deep Learning Platform for Cloud and Network Security.

Configuration

  1. Email support@crowdstrike.com to ask for access to CrowdStrike Falcon Query API

  2. Generate a GPG public / private key pair and attach to the Support Portal case regarding this API request
    https://supportportal.crowdstrike.com/s/article/PGP-Email-Encryption-Basics-Using-GPG
    Install GPG:
    Windows: https://www.gpg4win.org/
    Mac: https://gpgtools.org/
    Linux: GPG is usually installed by default.

  3. Receive API credentials in support portal. [Attachments: Query-API-Creds_<customer name>.txt.asc]

  4. Decrypt Falcon Query API credentials. To decrypt this message.asc file,to a decrypted version file, api.txt enter the following command:
    $ gpg --ouput api.txt --decrypt message.asc
    You will be prompted to enter the passphrase you set to use your private key to decrypt the message.

  5. Provide API credentials to Blue Hexagon. Please send the api.txt from Step 4 to support@bluehexagon.ai

  6. Blue Hexagon Support will configure the BlueHex Secure appliance to send malware hashes to CrowdStrike Cloud.

  7. Verify the configuration is working by comparing threats in BlueHex Secure Console and Crowdstrike Console.

Blue Hexagon Proprietary