Overview
CrowdStrike Falcon is an endpoint detection and response (EDR) platform. The Pwnbook integration pulls detection and incident data from your Falcon environment so security teams can review endpoint activity alongside other findings without leaving the platform.Prerequisites
- A CrowdStrike Falcon account with API access
- A Falcon API client ID and secret (with Detections and Incidents read scope)
- Admin or Owner access in Pwnbook
Setup
Create a Falcon API client
- In the Falcon console, go to Support & Resources → API Clients and Keys.
- Click Add new API client.
- Grant the following scopes (read only): Detections, Incidents, Hosts.
- Copy the Client ID and Client Secret.
What’s available
| View | Description |
|---|---|
| Detections | Active and recent detections with severity, tactic, and host |
| Incidents | Open incidents and their associated detections |
| Endpoints | Connected agent count and sensor health summary |