Follow the steps below to integrate CrowdStrike Falcon with Britive.
Log in to Britive with administrator privileges.
Click on System admin -> Endpoint Privilege Management.
Click on New Integration from the Endpoint Privilege Management page.
Click on the “+” button in front of the CrowdStrike Falcon application to add a new integration.
Enter the following values in the Application tab:
Enter the Application Name and Application Description.
Select the attribute for Account Mapping to map the users in Britive with accounts in CrowdStrike Falcon. Only one user can be mapped to an account. This is an optional field, required only for automated mapping during scanning.
Select an attribute for Device Mapping to map the users in Britive with devices in CrowdStrike Falcon. A single user can be mapped to multiple devices. Make sure to select an attribute that contains the device ID of the device. This is an optional field, required only for automated mapping during scanning.
Click on Next.
Enter the following values in the Settings tab:
Enter the Login URL.
Enter the Client ID and Client Secret, generated in the Creating a CrowdStrike API Key section.
Enter a value in Filter for devices (included devices) to filter the specific devices or endpoints that you want to scan. This filter supports CrowdStrike Falcon syntax. To know more about it, see Falcon Query Language.
Enable Scan login history for accounts to scan login history per device. If disabled, only the last logged-in users are scanned.
Enter Maximum session duration for profiles under Profile Settings.
Click Save and Test. A pop displays a success message if the environment is correctly configured. If any error message is displayed, review the error, correct the configuration, and test again.
Click on the Scan button under the Scans tab to get the details of devices (endpoints) and accounts (last logged-in user) from CrowdStrike Falcon.
Click on the Data tab to check the following details added after the scan:
Permissions: If access is provided, scripts that can be used for granting and revoking access for end users on devices.
Accounts: Last logged-in users' data from devices. Click Map/Unmap from the Action column of an account to map or unmap identity to this account.
Devices: List of all devices unless a filter is applied.
Click View Details to view all details related to a device.
Click Map/Unmap from the Actions column of a device to map or unmap identity to this device.
Managing Britive Profiles
After integrating CrowdStrike Falcon with Britive, you can create profiles in Britive that correspond to the accounts or devices on CrowdStrike Falcon. You can check out or check in Britive profiles to elevate access to these devices.
Log in to Britive with administrator privileges.
Click on System admin -> Endpoint Privilege Management.
Click on Manage for a CrowdStrike Falcon and click on the Profiles tab.
Click on the Create Profile button and enter the following details to create a profile:
Enter the Name and Description under the General section.
Enter the Expiration Timeout and Expiration Extension (optional) under the Expiration section.
Click on Done.
For existing or newly created profiles, enter the following details in different tabs:
Platform:
Click on the Edit button.
Select an operating system in the Platform tab to map the profile to the correct platform to run the PowerShell scripts.
Click on Save.
Permissions: Every profile must have the following permission scripts configured:
Grant: Execute script for granting access.
Select from list: Select from a list of permission scripts.
Type Manually: Type the name of the permission manually.
Revoke: Execute script for revoking access.
Select from list: Select from a list of permission scripts.
Type Manually: Type the name of the permission manually.
Policies: See Policies.
Advanced Settings: Advanced Settings