Introduction to the CrowdStrike Falcon Automation PowerPack

Download this manual as a PDF file

This section describes the how to integrate CrowdStrike with SL1 using the CrowdStrike Falcon Automation PowerPack. This PowerPack also contains the Run Book Automation policies and Run Book Action policies you can use with the CrowdStrike Falcon Automation SyncPack in PowerFlow.

This PowerPack is available with a ScienceLogic SL1 Standard solution. Contact your ScienceLogic Customer Success Manager or Customer Support to learn more.

What is the CrowdStrike Falcon Automation PowerPack?

The CrowdStrike Falcon Automation PowerPack includes automation policies and action policies that bidirectionally sync jobs, pipeline jobs, and node status between CrowdStrike and SL1.

The CrowdStrike Falcon Automation PowerPackb includes:

  • CrowdStrike: Clear Detection ID Run Book Automation policies
  • CrowdStrike: Clear Detection ID Run Book Action policy
  • CrowdStrike: Alert to Event event policy
  • PowerFlow CrowdStrike SOAP/XML Credentials

Installing the CrowdStrike Falcon Automation PowerPack

Before completing the steps in this section, you must import and install the latest version of the CrowdStrike Falcon Automation PowerPack.

IMPORTANT:: You must install and configure the CrowdStrike Falcon Automation SyncPack version 1.0.0 before using the CrowdStrike Falcon Automation PowerPack.

The CrowdStrike Falcon Automation PowerPack requires SL1 version 11.1.0 or later. For details on upgrading SL1, see the appropriate SL1 Release Notes.

By default, installing a new version of a PowerPack overwrites all content from a previous version of that PowerPack that has already been installed on the target system. You can use the Enable Selective PowerPack Field Protection setting in the Behavior Settings page (System > Settings > Behavior) to prevent new PowerPacks from overwriting local changes for some commonly customized fields. (For more information, see the section on Global Settings.)

To download and install the PowerPack:

  1. Search for and download the PowerPack from the PowerPacks page (Product Downloads > PowerPacksSyncPacks) at the ScienceLogic Support Site.
  2. In SL1, go to the PowerPacks page (System > Manage > PowerPacks).
  3. Click the Actions button and choose Import PowerPack. The Import PowerPack dialog box appears.
  4. Click [Browse] and navigate to the PowerPack file from step 1.
  5. Select the PowerPack file and click Import. The PowerPack Installer modal displays a list of the PowerPack contents.
  6. Click Install. The PowerPack is added to the PowerPacks page.

If you exit the PowerPack Installer modal without installing the imported PowerPack, the imported PowerPack will not appear in the PowerPacks page. However, the imported PowerPack will appear in the Imported PowerPacks modal. This page appears when you click the Actions menu and select Install PowerPack.