- Have CrowdStrike CWP Subscription
- Have Chronicle Subscription
- Navigate to API Clients and Keys within CrowdStrike Falcon platform.
- Use Add new API client* button in the top right corner to create a new key pair
- Make sure only the following permissions are assigned to the key pair:
- Event streams: READ
- Hosts: READ
Your Chronicle support representative can provide this file.
Configure button leads you to application configuration page.
- Fill in Falcon OAuth2 API credentials obtained in Step 1 of this guide.
- Fill in Chronicle Customer ID and Chronicle Region