Below we outline the guidance for connecting CrowdStrike to the Zip Console. If we are provisioning a CrowdStrike instance for you, this step will be completed by the Zip team. If your organization already has CrowdStrike provisioned, you can follow the below instructions to connect it with the Zip console.
Connecting Customer CrowdStrike Instance to the Zip Console
- Log in to CrowdStrike
- In the menu, go to
Documentation & Resources→Api clients and keysto create a service account.
- Click
Add new API clientin the top right corner.
- Create a new client named
Zip App. - Select the following read permissions: Alerts, Detections, Device control policies (if available), hosts, assets (if available), host groups, incidents, installation tokens, IOC management, IOCs, prevention policies, quarantined files, sensor download, sensor update policies, user management.
- Select the following write permissions: alerts, detections, device control policies (if available), hosts, host groups, incidents, prevention policies, sensor update policies.
- After you have created it, go to https://zipsecinc.cc/organizationsettings, click
Add New Provider→CrowdStrike. Copy the Client ID and Client Secret from CrowdStrike. - Expand the “Advanced Configuration” toggle at the bottom of the form
- Change the CrowdStrike API URL field to your CrowdStrike tenant’s base API URL. It should be one of the following:
- US-1:
https://api.crowdstrike.com - US-2:
https://api.us-2.crowdstrike.com - EU-1:
https://api.eu-1.crowdstrike.com - US-GOV-1:
https://api.laggar.gcw.crowdstrike.com - US-GOV-2:
https://api.us-gov-2.crowdstrike.mil
For organizations connecting to a CrowdStrike tenant in a different region other than
https://api.us-2.crowdstrike.comOtherwise, leave these fields as the default values.
Click Save.
- Save down the Client ID and Client Secret in a secure way (i.e. in a password manager).
Questions? Here’s how to reach us:
- Email: info@zipsecinc.cc