Skip to main content
CrowdStrike Falcon

Overview

CrowdStrike Falcon is an endpoint detection and response (EDR) platform. The Pwnbook integration pulls detection and incident data from your Falcon environment so security teams can review endpoint activity alongside other findings without leaving the platform.

Prerequisites

  • A CrowdStrike Falcon account with API access
  • A Falcon API client ID and secret (with Detections and Incidents read scope)
  • Admin or Owner access in Pwnbook

Setup

1

Create a Falcon API client

  1. In the Falcon console, go to Support & Resources → API Clients and Keys.
  2. Click Add new API client.
  3. Grant the following scopes (read only): Detections, Incidents, Hosts.
  4. Copy the Client ID and Client Secret.
2

Configure in Pwnbook

  1. Go to Organization Settings → Marketplace → CrowdStrike.
  2. Enter your Client ID, Client Secret, and Cloud region (US-1, US-2, EU-1, etc.).
  3. Click Save & Test.

What’s available

ViewDescription
DetectionsActive and recent detections with severity, tactic, and host
IncidentsOpen incidents and their associated detections
EndpointsConnected agent count and sensor health summary

Workbench card

The CrowdStrike Falcon workbench card shows endpoint count, open detection count, and incident summary at a glance.