Sprinto Dashboard

Crowdstrike Spotlight Integration

Introduction

The following guide will help you integrate Crowdstrike Spotlight with Sprinto to manage vulnerabilities.

CrowdStrike Spotlight is a cybersecurity tool designed to provide organizations with real-time visibility and intelligence regarding their security posture. It leverages advanced threat intelligence and analytics to help identify vulnerabilities, prioritize security risks, and respond to potential threats.

How does this integration help

The following integration helps Sprinto monitor vulnerabilities from the Crowdstrike Spotlight service and ensures they are resolved within the defined SLA to meet compliance requirements.

Available Sprinto checks

Below are the available Sprinto checks for Crowdstrike Spotlight integration:

Crowdstrike Spotlight vulnerability alert should be resolved within SLA

The Sprinto check starts failing if any detected vulnerability is in the open status on the integrated account. How to fix: Take the required action in order to resolve the detected vulnerability, then update the vulnerability status to Closed status on the integrated account. Sprinto detects the status change and sets the check status to “Passing.”

Before you begin

  • Log in to the Sprinto admin portal with your credentials.

  • Ensure you have Admin access to the Crowdstrike Spotlight account to perform this integration.

  • This integration is powered by Leen. Sprinto utilizes Leen’s API for dataflow on Sprinto.

Procedure

  1. Create an API key on Crowdstrike Spotlight.

    • Log in to your Crowdstrike Spotlight account.

    • From the Crowdstrike Falcon console, navigate to API clients and Keys page and click on Create API client.

    • Enter the following details to generate a key:

      • Client Name: Sprinto

      • Description: Enter your use case for the generated API key. For example, building integration for vulnerability monitoring with Sprinto.

    • Select the following API scopes:

      • Vulnerabilities - Read

      • Hosts - Read

      • Host Groups - Read

    • Click Create. Securely copy the generated Client ID and Client Secret. We will need these details later on Sprinto. Note: Record your API client secret somewhere safe. After the credential window is closed, the secret is no longer visible.

    • Copy your Crowdstrike Spotlight account’s base URL from the browser’s address bar.

  2. Integrate Crowdstrike Spotlight with Sprinto.

    • From the Sprinto admin portal, navigate to Security Hub > Settings > Integrations and select the Available tab.

    • Click Connect next to Crowdstrike Spotlight.

    • Read the on-screen instructions and click Next.

    • Select the acknowledgment checkbox, and click Connect to Crowdstrike spotlight. Note: Ensure the pop-up window is enabled on your browser.

    • In the respective fields from Step 1, enter the Client ID, Client Secret, and Base URL and click Connect.

  3. Add Crowdstrike Spotlight as a vulnerability monitoring source.

    • Navigate to Security Hub > Vulnerabilities > Overview, and click + Add monitoring source.

    • Click Choose next to Crowdstrike Spotlight.

    • Click Add Crowdstrike Spotlight.

Support

Please get in touch with our support team if you have any queries related to the integration or need any assistance.

PreviousBreathe IntegrationNextGoogle Cloud Platform

Last updated