This guide provides instructions to enhance Beyond Identity policies with information obtained from an integration with Crowdstrike that results in making policy decisions:
- For a Crowdstrike-configured device, and
- The risk of a device based on the Zero Trust Assessment Score (ZTA)
ZTA is included with Falcon Insight, customers just have to reach out to email@example.com and request that the ZTA feature flag be enabled. From there, you’ll see that the ZTA scope is unlocked in the API credentials dashboard. You can also check that the data.zta file has been populated at the following locations:
MacOS: /Library/Application Support/Crowdstrike/ZeroTrustAssessment
The data.zta file includes the Crowdstrike Agent ID. Beyond Identity uses this ID to retrieve details of the host from the Crowdstrike API.
Step 1. Get the API credentials from Crowdstrike to configure in Beyond Identity.
- Log into the Falcon UI and navigate to Support > API Clients and Keys. In the Crowdstrike API Clients and Keys screen, click Add new API client.
- In the Add new API client dialog, enter the following information:
- Client Name: Beyond Identity
- Optional description.
- Apply a checkmark as follows:
- Hosts Read and Write
- Zero Trust Assessment Read
- Click Add.
- The API client created dialog is displayed containing the Client ID, Secret, and Base URL. Copy the CLIENT ID, SECRET, and BASE URL. These will be needed in Step 2. Configure Beyond Identity.
- Click DONE.
- The Integration screen is updated to reflect that CrowdStrike Falcon is connected.
Step 2. Configure Beyond Identity
- Log in to the Beyond Identity Admin Console and select Integrations from the left menu.
- From the Integrations page, click ENDPOINT MANAGEMENT.
- Click the Crowdstrike Falcon Edit icon that appears when hovering to the right of the Crowdstrike row.
- In the Install Crowdstrike dialog, provide the following information obtained in Step 1.
- Base Url
- Client ID
- Client Secret
- Click Save Changes.
Step 3. Write a policy using the Zero Trust Assessment Score attribute.
- Beyond Identity Admin Console and select Policy from the left menu.
- From the Policy page, select Edit Policy > Add Rule and configure a Zero Trust Assessment Score. See the following example:
- Click Add.