CrowdStrike connector

Warning

This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

The CrowdStrike connector communicates with CrowdStrike Management Console via REST API.

To use this connector, you must have authority to run Endpoint Security connectors, which is an Actions and Connectors sub-feature privilege. Refer to Kibana privileges.

Create connectors in Kibana

You can create connectors in Stack Management > Connectors. For example:

Connector configuration

CrowdStrike connectors have the following configuration properties:

CrowdStrike API URL: The CrowdStrike tenant URL. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts.
CrowdStrike client ID: The CrowdStrike API client identifier.
Client secret: The CrowdStrike API client secret to authenticate the client ID.

Test connectors

At this time, you cannot test the CrowdStrike connector.