Skip to content

Notice

This guide is for the original release of AQtive Guard. For the current AQG SaaS platform, go to the AQtive Guard User Guide.

Reference

Integration flow

The following diagram illustrates the flow of data from AQtive Guard to launch a scan through CrowdStrike, then retrieve and analyze the resulting trace file.

  1. When you select the targets to launch a scan in the AQtive Guard Web UI, the AQtive Guard API (1) connects to the CrowdStrike API (2).
  2. The CrowdStrike API runs the AQtive Guard Filesystem Scanner on the targeted remote hosts (3).
  3. The remote hosts provide filesystem data to be analyzed by AQtive Guard. Data collected from the remote hosts is collected in CrowdStrike’s cloud storage (4).
  4. The data is sent from CrowdStrike to AQtive Guard storage (5) to be analyzed by the AQtive Guard Network Analyzer (6).
  5. The analyzed data is presented in the AQtive Guard Web UI dashboard (7).

API requirements

The AQtive Guard CrowdStrike integration uses the following Falcon API scopes:

  • Hosts (read)
  • Host groups (read, write)
  • Real time response (admin) (write)
  • Real time response audit (read)
  • Real time response (read, write)