CrowdStrike
Cloudflare Zero Trust can integrate with Crowdstrike to require that users connect to certain applications from managed devices. This service-to-service posture check uses the WARP client to read endpoint data from Crowdstrike. Devices are identified by their serial numbers.
Device posture with Crowdstrike requires:
- Falcon Enterprise plan or above
- Crowdstrike agent is deployed on the device.
-
Cloudflare WARP client is deployed on the device. For a list of supported modes and operating systems, refer to Service providers.
The following CrowdStrike values are needed to set up the CrowdStrike posture check:
- Client ID
- Client Secret
- Base URL
- Customer ID
To retrieve those values:
-
Log in to your Falcon Dashboard.
-
Go to Support and resources > API Clients and Keys.
-
Select Add new API client and enter any name for the client.
-
Enable the Read API Scope for Zero Trust Assessment, Hosts, Detections, Event Streams, and User Management.
-
Select Add.
-
Copy the Client ID, Client Secret, and Base URL to a safe place.
-
Go to Host setup and management > Sensor downloads and copy your Customer ID.
-
Get an auth token from your CrowdStrike API endpoint:
This POST request authorizes Cloudflare Zero Trust to add CrowdStrike as a service provider. For more information, refer to the Crowdstrike auth token documentation ↗.
- In Zero Trust ↗, go to Settings > WARP Client.
- Scroll down to Device posture providers and select Add new.
- Select CrowdStrike.
- Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
- Enter the Client ID and Client secret you noted down above.
- Enter your Rest API URL.
- Enter your Customer ID.
- Choose a Polling frequency for how often Cloudflare Zero Trust should query CrowdStrike for information.
- Select Save.
You will see the new provider listed under Settings > WARP Client > Device posture providers. To ensure the values have been entered correctly, select Test.
- In Zero Trust ↗, go to Settings > WARP Client > Service provider checks.
- Select Add new.
- Select the Crowdstrike provider.
- Configure a device posture check and enter any name.
- Select Save.
Next, go to Logs > Posture and verify that the service provider posture check is returning the expected results.
Device posture data is gathered from the CrowdStrike Zero Trust Assessment APIs ↗. To learn more about how scores are calculated, refer to the CrowdStrike Zero Trust Assessment ↗ documentation.
Selector | Description | Value |
---|---|---|
OS | OS signal score | 1 to 100 |
Overall | Overall ZTA score | 1 to 100 |
Sensor config | Sensor signal score | 1 to 100 |
Version | ZTA score version | 2.1.0 |
State | Current online status of the device | Online, Offline, or Unknown |
Last seen | Elapsed time since the device was last seen. Only returned if its state is online or unknown . | In the last 1 hour, 3 hours, 6 hours, 12 hours, 24 hours, 7 days, 30 days, or more than 30 days |