Integrate with CrowdStrike
With CrowdStrike integration you get access to additional signals that you can use to monitor corporate devices and allow or deny application access.
CrowdStrike offers the Falcon cybersecurity software for endpoint devices.
With the EAA-Crowdstrike integration, you can use Device Posture to calculate the status of the CrowdStrike Agent (CrowdStrike Falcon sensor) running on the user’s device. The Agent’s status can be reported as healthy if the CrowdStrike Agent is running on the device and communicating regularly with the CrowdStrike server, or unhealthy if the Agent is inactive. The CrowdStrike Agent status is included in the Device Posture security evaluation.
The following is the list of the CrowdStrike data that you can monitor in the Integration tab of the Device Details report:
|AID (Agent ID)||Identifies each installation of a Falcon sensor. If the
sensor is updated or reinstalled, the host gets a new AID. For this
reason, a single host can have multiple AID values over time.
Agent ID is also called a Sensor ID.
|CID (Customer ID)||Identifies your company's account with CrowdStrike.|
|AID/CID Status||Displays a status based on the validity of the AID and CID in the CrowdStrike cloud. If AID and CID are valid this signal returns Valid value, otherwise its value is Invalid.|
|Version||Reports the current version of the CrowdStrike Falcon sensor installed on a device.|
|Agent Status||Displays the health status of the CrowdStrike Falcon sensor. If the sensor communicates regularly to the CrowdStrike cloud, the status is set as Healthy. Otherwise, the status is indicated as Unhealthy.|
|Last Contact||Indicates the time that the CrowdStrike cloud last
received contact from the Falcon sensor on a given device. The time
indicated corresponds to the local time zone of Akamai Control Center user.
Note: Device Posture uses the value of the Last Contact signal to calculate the status of the CrowdStrike Agent Status.
Additionally, in order for the anti-malware detection feature to detect CrowdStrike as an anti-malware product, Crowdstrike Prevention Policy should have Quarantine & Security Center Registration enabled. To enable this setting go to,in the CrowdStrike portal.
- You must have access credentials to your CrowdStrike administrator portal.
- Install the EAA Client on the end user desktop macOS and Windows devices.
- Install and run the CrowdStrike Falcon Sensor on end user devices. The Falcon sensor must be properly associated with the customer account used to access and configure the CrowdStrike portal mentioned above.
- Authentication to the CrowdStrike API requires a Client ID and Client Secret. You can generate these credentials from the CrowdStrike portal.
- CrowdStrike integration is only supported for desktop (Windows and macOS) devices.
- In order for the integration to work correctly on macOS, the CrowdStrike Falcon utility and OS sysctl utility must be installed and accessible. See CrowdStrike documentation for further details.
- Configure CrowdStrike cloud to allow API access via Akamai Control Center.
- Configure Akamai Control Center for CrowdStrike integration.
Configure CrowdStrike cloud to allow API access via Akamai Control Center
- Log in to the CrowdStrike portal.
.The API Key page appears.
In API Clients,
click Add new API
The Add new API client dialog appears.
In Add new API
- In Client Name, enter a unique name for the API client.
- In Description, enter a description for the API client (Optional).
- In API Scopes, select Hosts (Read and Write) permissions.
The API client create dialog appears.
From the API client created
window, copy Client ID and
Note: You should copy the Client Secret now as you won't be able to retrieve its value later.
Configure Akamai Control Center for CrowdStrike integration
In the EAA Management
Portal, select .
The Device Posture page appears.
- On the Device Posture page, click Integrations.
Go to CrowdStrike and fill in the
Field Description Enabled Select Enabled to use CrowdStrike signals in tiers and tags.Note: If the CrowdStrike integration is not enabled, the CrowdStrike Status Healthy signal will not be displayed either in tiers and tags criteria. The agent status will also not appear in the inventory reports including filter criteria and device details. Base URL Enter your organization-specific Base URL
In most cases you can use the cloud environment US-1’s URL http://api.crowdstrike.comOther cloud environments and their corresponding base URLs are the following:
- US-GOV: api.laggar.gcw.crowdstrike.com
- EU-1: api.eu-1.crowdstrike.com
- US-2: api.us-2.crowdstrike.com
If none of these work, consult CrowdStrike for your Base URL.
Client ID and Client Secret Enter the Client ID and Client Secret.
To get your Client ID and Client Secret, go toin the CrowdStrike portal.
- Click Test Credentials to ensure the values are correct. A confirmation message appears if credentials' values are successfully tested.
- Use the CrowdStrike Status Healthy to configure risk tiers and tags. See Configure tiers and tags for more information.
- Use the CrowdStrike Healthy criterion to filter inventory reports for healthy and unhealthy devices. See Create an inventory report for more information.
- View the Integration section of the Device Details report report to check the CrowdStrike information.