Skip to content

Notice

This guide is for the original release of AQtive Guard. For the current AQG SaaS platform, go to the AQtive Guard User Guide.

Getting started

To configure the CrowdStrike integration in AQtive Guard, you’ll need your CrowdStrike Base URL, Client ID, and Client secret. To obtain these:

  1. Log into your Falcon Console as a Falcon Administrator.
  2. Select Support then API Clients and Keys and + Add a new API Client. Specify a client name and description.
  3. In the API SCOPES section, select Read next to Detections, then select Add.
  4. Copy the Base URL, Client ID, and Secret values.

Caution

Do not copy the https:// portion of the Base URL.

Use

Configure the CrowdStrike integration

Log in to AQtive Guard as an administrator to complete the following steps.

  1. Select Settings from the menu bar, then select Integrations.
  2. From the integration options, select CrowdStrike.
  3. Paste the information you copied from CrowdStrike into the designated fields:
    • Your Base URL
    • Your API Client ID
    • Your API Client secret
  4. Select Save and then Test Connection to verify that your configuration was successful.

Important

You must select Save for the configuration to succeed.

Ingest CrowdStrike data

Follow these instructions to run a scan and ingest CrowdStrike data for analysis by AQtive Guard.

  1. In the AQtive Guard Web Interface, create or select your target project. This is where the scan file will be uploaded for analysis and reporting. Refer to Create a new project.
  2. Select Settings, then Scans from the menu bar to open the Scans page, then select the CrowdStrike tab.

  3. Select Start Scan and configure the following:

    • Scan name - a default date and time stamp is provided. You can change this to any unique name.
    • Project - select the project from the dropdown where you’ll upload the scan results.
    • Profile - select a profile from the dropdown, or leave as-is to use the default profile for the selected project.
    • Tags (optional) - custom tags to be attached to the scan.
    • Workload (optional) - the CPU percentage allowed. The default is 100%.
    • Max number of files (optional) - the maximum number of files to be scanned per second. The default is 0, which is no limit.
    • Max file size (optional) - the maximum file size allowed. The default is 1 MB.
    • Platform - select Linux or Windows.
    • Excluded directories (optional) - directories to be excluded from the scan.
    • Hostname (optional) - scan only endpoints that contain the entered text in their name.

    • Host activity (optional) - scan only endpoints that were pinged within the Last X hours.

      The Estimated number of affected hosts section will update as you fill in the required fields.

  4. Select Start a Scan to scan the selected endpoints and ingest the data into AQtive Guard for analysis.

Once the scan starts, AQtive Guard will return you to the Scans page where you can monitor the scan’s progress and details. Refer to Scans for details.