Connecting CrowdStrike Falcon Exposure Management to Drata allows for the automated, continuous monitoring of SLA due dates and evidence collection of vulnerabilities issues required for compliance.
This integration automates evidence collection for the Vulnerability Scanning test, which is mapped to DCF-18 by default.
Prerequisite
Create a CrowdStrike Falcon API Client ID and Secret. Ensure to save the values; you will need to enter those values when connecting to Drata.
In the CrowdStrike Falcon console, navigate to the API Clients and Keys page and select on Create API client.
Enter the details for the API.
When prompted, enable the following API scopes:
Vulnerabilities: Read
Hosts: Read
Host Groups: Read
User Management: Read
Prevention Policies: Read
Device Control Policies: Read
Response policies: Read
Sensor Update Policies: Read
Note: Drata will pull up to 1,000 new or updated vulnerabilities for each connection daily, ordered by severity from critical to low. You can select what kind of vulnerabilities will be synced based on the severity when connecting.
Connect CrowdStrike Falcon Exposure Management to Drata
Go to the Connections page.
Search for and select Arnica from the available integrations.
Configure which vulnerabilities Drata will sync. These selections are also included in the test result report for visibility.
Severity: Select the vulnerability levels to include, such as Critical, High, or Medium.
Critical and High are auto-selected.
First seen on: Drata will sync vulnerabilities detected on or after the selected date.
Select the connect button to proceed.
Enter the Client ID and Secret and the Base URL. The base URL that corresponds to the cloud where your CrowdStrike integration is hosted. It has the format of
https://api[<deployment>].crowdstrike.com
. Use one of the following URLs based on your region:
Drata automatically begins syncing vulnerabilities based on your configurations.
You can view the findings by selecting the View Findings after connecting Arnica or navigating directly to the Vulnerabilities page through the left-side navigation menu.
Learn more at Vulnerabilities help article.