Crowdstrike Falcon Spotlight Configuration Guide

1. Introduction

• The CrowdStrike Falcon Spotlight connector integrates with CrowdStrike’s cloud-native vulnerability management tool to collect real-time vulnerability data from endpoints. It uses API-based communication to ingest details such as CVEs, asset metadata, and patch status. This integration supports a variety of security and compliance use cases, enabling visibility into exposure without the need for traditional scans.
• The connector’s main purpose is to automate the ingestion and use of vulnerability data to enhance detection, response, and compliance workflows. It helps identify unpatched vulnerabilities, prioritize threats based on risk, and streamline security operations by providing actionable insights directly from CrowdStrike’s endpoint telemetry.

2. Prerequisites

• Access to the CrowdStrike Falcon Console
• Administrator privileges

3. Crowdstrike Falcon Spotlight Setup Guide

3.1. Get Connector Parameters

• Log in to CrowdStrike Falcon.
• Click on the Menu.
• Go to Support and resources → API clients and keys.
• Click on the Create API Client button.
• Create an API Client with the required set of permissions (permissions can be edited after creation as well).
• As you click the create button, the Client ID, Secret, and Base URL will only be shown once, so copy and store them.

3.2. Configure Crowdstrike Falcon Spotlight in ASCERA

• Log in to ASCERA.
• Navigate to Settings → Connector Profiles.
• Click on the Create Connector Profile button.
• Configure the CrowdStrike Falcon Spotlight connector with the required credentials (see section 3.1).

4. FAQs and Troubleshooting