Skip to main content

Connect CrowdStrike to Anzenna

Integrate Anzenna with CrowdStrike Falcon to monitor endpoint detections, alerts, device inventory, and optionally enable real-time response capabilities.

Prerequisites

  • CrowdStrike Falcon administrator access
  • Anzenna account
  • Ability to create API clients in CrowdStrike Falcon

Step-by-Step Instructions

Part 1: Start in Anzenna

  1. Log into Anzenna and click Connect to CrowdStrike
Click on Connect to CrowdStrike

Part 2: Create an API Client in CrowdStrike Falcon

  1. Log into CrowdStrike Falcon and click the Menu icon
Click on Menu
  1. Click Support and resources
Click on Support and resources
  1. Click API clients and keys
Click on API clients and keys
  1. Click Create API client
Click on Create API client
  1. Type Anzenna as the Client name
Type Anzenna in Client name

Part 3: Configure API Permissions

  1. Set Alerts to Read
Allow Alerts to be read
  1. Set Detections to Read
Allow Detections to be read
  1. Set Hosts to Read (Write required for remediations)
Allow Hosts to be read
  1. Set Device Control Policies to Read
Allow Device Control Policies to be read
  1. Set Host Groups to Read (Write required for remediations)
  2. Set User management to Read
Allow User management to be read
  1. Set NGSIEM to Read and Write
Allow Access to NGSIEM
  1. Set Real Time Response to Read and Write, and Real Time Response (admin) to Write
Allow Real Time Response Access
  1. Click Create
Click on Create

Part 4: Copy Credentials to Anzenna

  1. Copy the Client ID to clipboard
Click on Copy to clipboard
  1. Paste the Client ID into Anzenna
Paste the copied client ID into input
  1. Copy the Client Secret to clipboard
Click on Copy to clipboard on client secret
  1. Paste the Client Secret into Anzenna and click Save
Paste the client secret in Anzenna Click on Save
Core Setup Complete!

Anzenna is now connected to CrowdStrike. Continue below to optionally configure Device Control and Real Time Response policies for deeper visibility and remediation.

Part 5: Configure Falcon Device Control Policies (Optional)

To get file exfiltration information, enable metadata collection in Device Control policies.

  1. Open Falcon Device Control Policies and edit your Windows policy — enable Enhanced file metadata detection and click Save
Open The Falcon Device Control Policies Edit Windows Device Control Policy
  1. Switch to Mac policy and repeat — enable Enhanced file metadata detection and click Save
Edit Mac Device Control Policy Edit Mac Device Control Policy save

Part 6: Configure Real Time Response Policies (Optional)

  1. In the side menu, click Host setup and management
In the side menu, click on Host setup and management
  1. Click Response policies
Click on Response policies
  1. Select Mac policies and open your selected policy for editing
Select Mac policies Open Your Selected Policy for Editing
  1. Enable Real Time Response
Enable Real Time Response
  1. Enable Custom Scripts
Enable Custom Scripts
  1. Enable put, run, and put-and-run
Enable put Enable run Enable put-and-run
  1. Click Save
Click on Save
  1. Repeat these steps for Windows and Linux (if applicable)
Repeat These Steps for Windows and Linux
You are all set!

Anzenna is now fully connected to CrowdStrike Falcon.