> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# CrowdStrike Falcon

> View endpoint detections, incidents, and agent health from CrowdStrike Falcon in Pwnbook.

<img src="https://mintcdn.com/pwnbook/noJyYhCscAD7TYUE/logos/crowdstrike_falcon.svg?fit=max&auto=format&n=noJyYhCscAD7TYUE&q=85&s=10be29006acfe9d1bb3b8a73f5bf1d57" alt="CrowdStrike Falcon" style={{ height: "32px", marginBottom: "16px" }} width="144" height="144" data-path="logos/crowdstrike_falcon.svg" />

## Overview

CrowdStrike Falcon is an endpoint detection and response (EDR) platform. The Pwnbook integration pulls detection and incident data from your Falcon environment so security teams can review endpoint activity alongside other findings without leaving the platform.

## Prerequisites

* A CrowdStrike Falcon account with API access
* A Falcon API client ID and secret (with Detections and Incidents read scope)
* Admin or Owner access in Pwnbook

## Setup

<Steps>
  <Step title="Create a Falcon API client">
    1. In the Falcon console, go to **Support & Resources → API Clients and Keys**.
    2. Click **Add new API client**.
    3. Grant the following scopes (read only): **Detections**, **Incidents**, **Hosts**.
    4. Copy the **Client ID** and **Client Secret**.
  </Step>

  <Step title="Configure in Pwnbook">
    1. Go to **Organization Settings → Marketplace → CrowdStrike**.
    2. Enter your **Client ID**, **Client Secret**, and **Cloud region** (US-1, US-2, EU-1, etc.).
    3. Click **Save & Test**.
  </Step>
</Steps>

## What's available

| View           | Description                                                  |
| -------------- | ------------------------------------------------------------ |
| **Detections** | Active and recent detections with severity, tactic, and host |
| **Incidents**  | Open incidents and their associated detections               |
| **Endpoints**  | Connected agent count and sensor health summary              |

## Workbench card

The **CrowdStrike Falcon** workbench card shows endpoint count, open detection count, and incident summary at a glance.
