How to configure CrowdStrike Integration

Cognito Detect integrates with the CrowdStrike Query API.

Step 1- Obtain CrowdStrike Query API credentials

To activate the CrowdStrike Query API you must have received Query API credentials from Crowdstrike Support. If you already have these you may proceed to Step 2.  If you do not yet have authentication credentials.  An email should be sent to and request the Query API authentication credentials.

Please note: Crowdstrike is moving to an OAUTH framework but does still support the legacy username/API token authentication method.  Vectra's Crowdstrike integration does not yet support OAUTH authentication and a username/API token should be requested from Crowdstrike.

The credentials should be sent to the email address registered on your CrowdStrike instance.

The API reference may be found at the official CrowdStrike document repository:

The email response from Crowdstrike should include the :

  • Username - (random 20 character alphanumeric string)
  • API Token

Step 2 - Enable Integration in Cognito Detect

In your Cognito Detect brain UI go to:

  • Settings, External Connectors, Edit, CrowdStrike and toggle On.
  • Enter the username and API Token obtained from Step 1 and click Save.
  • Crowdstrike Integration is now complete



Step 3 - Ensure Firewall allow TCP 443 egress from Brain to

Firewall from Brain to FQDN or Ips should be permitted over HTTPS 443.

Was this article helpful?
1 out of 1 found this helpful

Download PDF

Have more questions? Submit a request


Article is closed for comments.