CrowdStrike Identity Protection

crowdstrike identity protection provides advanced monitoring and protection of user identities against unauthorized access and threats crowdstrike identity protection is a robust platform designed to enhance identity threat detection and response by integrating with swimlane turbine, this connector allows users to query identity protection data using graphql, providing a seamless way to access and analyze identity related information this integration empowers security teams to automate identity threat detection and response processes, improving efficiency and reducing the time to mitigate potential threats prerequisites before you can use the crowdstrike identity protection connector for turbine, you'll need access to the crowdstrike api this requires the following oauth2 authorization using the following parameters url the endpoint for accessing crowdstrike's api services client id a unique identifier for your application to authenticate with the api client secret a secret key used in conjunction with the client id to authenticate token url the url where the oauth2 token can be obtained this connector integrates exclusively with identity endpoint api provided by crowdstrike capabilities this connector provides the following capabilities query identity protection asset setup the connector requires the oauth2 client credential additional documentation https //docs swimlane com/connectors/crowdstrike identity protection https //falcon crowdstrike com/documentation/page/a2a7fc0e/crowdstrike oauth2 based apis configurations oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required token url string required client id the client id string required client secret the client secret string required audience permission scopes for this action string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions query identity protection query identity protection in crowdstrike using graphql requires a json body with a query parameter endpoint url /identity protection/combined/graphql/v1 method post input argument name type required description query string optional parameter for query identity protection input example {"json body" {"query" "{entities(roles \[builtinadministratorrole] sortkey\ primary display name sortorder\ ascending first 5) {nodes{primarydisplayname secondarydisplayname}}}"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data entities object response data data entities nodes array response data data entities nodes file name string response data data entities nodes file string response data extensions object output field extensions extensions runtime number time value extensions remainingpoints number output field extensions remainingpoints extensions reset number output field extensions reset extensions consumedpoints number output field extensions consumedpoints output example {"status code" 200,"response headers" {"server" "nginx","date" "thu, 16 nov 2023 07 43 36 gmt","content type" "application/json; charset=utf 8","content length" "112","connection" "keep alive","cache control" "no cache","content encoding" "gzip","etag" "w/\\"76 wxojdde1egxcfofaoarcmubuhq0\\"","expires" "thu, 16 nov 2023 07 43 35 gmt","pragma" "no cache","strict transport security" "max age=15724800; includesubdomains, max age=31536000; includesubdomains","x appliance date" "2023 11 16t07 43 36+00 response headers header description example cache control directives for caching mechanisms no cache connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 112 content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated thu, 16 nov 2023 07 43 36 gmt etag an identifier for a specific version of a resource w/"76 wxojdde1egxcfofaoarcmubuhq0" expires the date/time after which the response is considered stale thu, 16 nov 2023 07 43 35 gmt pragma http response header pragma no cache server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=15724800; includesubdomains, max age=31536000; includesubdomains x appliance date http response header x appliance date 2023 11 16t07 43 36 +00 00 x appliance id http response header x appliance id 38e4055c 061d 4ee4 a21f ffefd648c15a x content type options http response header x content type options nosniff x cs region http response header x cs region us 1 x cs traceid http response header x cs traceid 1ea3951c dbbd 4e62 8cd4 991c7c78c471 x dns prefetch control http response header x dns prefetch control off x download options http response header x download options noopen x frame options http response header x frame options sameorigin x powered by http response header x powered by express x preempt version http response header x preempt version 5 58 56190 x ratelimit limit the number of requests allowed in the current rate limit window 6000 x ratelimit remaining the number of requests remaining in the current rate limit window 5998, 5999 x xss protection http response header x xss protection 1; mode=block