Introduction to the CrowdStrike Falcon Automation PowerPack

Download this manual as a PDF file

This section describes the how to integrate CrowdStrike with SL1 using the CrowdStrike Falcon Automation PowerPack. This PowerPack also contains the Run Book Automation policies and Run Book Action policies you can use with the CrowdStrike Falcon Automation Synchronization PowerPack in PowerFlow.

This PowerPack is available with a ScienceLogic SL1 Standard solution. Contact your ScienceLogic Customer Success Manager or Customer Support to learn more.

What is the CrowdStrike Falcon Automation PowerPack?

The CrowdStrike Falcon Automation PowerPack includes automation policies and action policies that bidirectionally sync jobs, pipeline jobs, and node status between CrowdStrike and SL1.

The CrowdStrike Falcon Automation PowerPackb includes:

  • CrowdStrike: Clear Detection ID Run Book Automation policies
  • CrowdStrike: Clear Detection ID Run Book Action policy
  • CrowdStrike: Alert to Event event policy
  • PowerFlow CrowdStrike SOAP/XML Credentials

Installing the CrowdStrike Falcon Automation PowerPack

Before completing the steps in this section, you must import and install the latest version of the CrowdStrike Falcon Automation PowerPack.

IMPORTANT:: You must install and configure the CrowdStrike Falcon Automation Synchronization PowerPack version 1.0.0 before using the CrowdStrike Falcon Automation PowerPack.

The CrowdStrike Falcon Automation PowerPack requires SL1 version 11.1.0 or later. For details on upgrading SL1, see the appropriate SL1 Release Notes.

By default, installing a new version of a PowerPack overwrites all content from a previous version of that PowerPack that has already been installed on the target system. You can use the Enable Selective PowerPack Field Protection setting in the Behavior Settings page (System > Settings > Behavior) to prevent new PowerPacks from overwriting local changes for some commonly customized fields. (For more information, see the section on Global Settings.)

To download and install a PowerPack:

  1. Download the PowerPack from the ScienceLogic Support Site at https://support.sciencelogic.com/s/powerpacks.
  2. Go to the PowerPack Manager page (System > Manage > PowerPacks).
  3. In the PowerPack Manager page, click the Actions button, then select Import PowerPack. The Import PowerPack dialog box appears.
  4. Click the [Browse] button and navigate to the PowerPack file.
  5. When the PowerPack Installer modal appears, click the Install button to install the PowerPack.

If you exit the PowerPack Installer modal without installing the imported PowerPack, the imported PowerPack will not appear in the PowerPack Manager page. However, the imported PowerPack will appear in the Imported PowerPacks modal. This page appears when you click the Actions menu and select Install PowerPack.