Skip to main content

Connect CrowdStrike to Anzenna

Integrate Anzenna with CrowdStrike Falcon to monitor endpoint detections, alerts, device inventory, and optionally enable real-time response capabilities.

Prerequisites

  • CrowdStrike Falcon administrator access
  • Anzenna account

  • Ability to create API clients in CrowdStrike Falcon

Step-by-Step Instructions

Part 1: Start in Anzenna

  1. Log into Anzenna and click Connect to CrowdStrike

Click on Connect to CrowdStrike

Part 2: Create an API Client in CrowdStrike Falcon

  1. Log into CrowdStrike Falcon and click the Menu icon

Click on Menu

  1. Click Support and resources

Click on Support and resources

  1. Click API clients and keys

Click on API clients and keys

  1. Click Create API client

Click on Create API client

  1. Type Anzenna as the Client name

Type Anzenna in Client name

Part 3: Configure API Permissions

  1. Set Alerts to Read

Allow Alerts to be read

  1. Set Detections to Read

Allow Detections to be read

  1. Set Hosts to Read (Write required for remediations)

Allow Hosts to be read

  1. Set Device Control Policies to Read

Allow Device Control Policies to be read

  1. Set Host Groups to Read (Write required for remediations)

  2. Set User management to Read

Allow User management to be read

  1. Set NGSIEM to Read and Write

Allow Access to NGSIEM

  1. Set Real Time Response to Read and Write, and Real Time Response (admin) to Write

Allow Real Time Response Access

  1. Click Create

Click on Create

Part 4: Copy Credentials to Anzenna

  1. Copy the Client ID to clipboard

Click on Copy to clipboard
  1. Paste the Client ID into Anzenna
Paste the copied client ID into input

  1. Copy the Client Secret to clipboard

Click on Copy to clipboard on client secret

  1. Paste the Client Secret into Anzenna and click Save

Paste the client secret in Anzenna Click on Save
Core Setup Complete!

Anzenna is now connected to CrowdStrike. Continue below to optionally configure Device Control and Real Time Response policies for deeper visibility and remediation.

Part 5: Configure Falcon Device Control Policies (Optional)

To get file exfiltration information, enable metadata collection in Device Control policies.

  1. Open Falcon Device Control Policies and edit your Windows policy — enable Enhanced file metadata detection and click Save

Open The Falcon Device Control Policies Edit Windows Device Control Policy

  1. Switch to Mac policy and repeat — enable Enhanced file metadata detection and click Save

Edit Mac Device Control Policy Edit Mac Device Control Policy save

Part 6: Configure Real Time Response Policies (Optional)

  1. In the side menu, click Host setup and management

In the side menu, click on Host setup and management

  1. Click Response policies

Click on Response policies

  1. Select Mac policies and open your selected policy for editing

Select Mac policies Open Your Selected Policy for Editing

  1. Enable Real Time Response

Enable Real Time Response

  1. Enable Custom Scripts

Enable Custom Scripts

  1. Enable put, run, and put-and-run

Enable put Enable run Enable put-and-run

  1. Click Save

Click on Save

  1. Repeat these steps for Windows and Linux (if applicable)

Repeat These Steps for Windows and Linux
You are all set!

Anzenna is now fully connected to CrowdStrike Falcon.