Skip to main content

Overview

Enabling the Adapt CrowdStrike webhook integration requires a few steps on both CC and CrowdStrike.

CrowdStrike Configurations

There are two CrowdStrike Workflows that will be created:

  1. Zero Trust Assessment > Host assessment change > Overall assessment
  2. Alert > Identity Detection

Along with the Workflows, a Webhook Client will need to be configured on CrowdStrike’s end.

Control Center Configurations

  • The Webhook Client will point to a new Open Control Center API, built to handle HMAC calculations on payloads from CrowdStrike.
  • Feature flag ENABLE_ADAPT_CROWDSTRIKE_INTEGRATION must be enabled for this API to be available.
  • Vault configuration required: hypr.cc.crowdStrikeWebHookKey must be added. This key will match the secret key assigned to the Webhook Client, ensuring HMAC calculations match.

Configuring Webhook Client

Step 1: Navigate to the CrowdStrike Store

  • In the Falcon Navigation Bar, go to CrowdStrike Store > All Apps.

Step 2: Select Webhook Application

  • In the CrowdStrike Store, select the Webhook application.

Step 3: Add Configuration

  • Click Configure, which will open a pop-up window.

  • In this window, select Add Configuration.

  • Provide a name (any name, but note it as it will be used to assign Workflow Webhook calls).

  • Set Webhook URL to:

    {baseURLForCC}/rp/integrations/adapt/webhookclient/crowdstrike/eventshook

  • Set Signature Header Name to:

    x-cs-primary-signature

Step 4: Save Configuration

  • Click Save to finalize the webhook client setup.

Configuring Workflows

Workflows define when this webhook is fired and what information is included in the data sent to Control Center. These workflows track Identity Protection Risk Scores and Zero Trust Assessment results.

Accessing Workflow Configuration

  • In the CrowdStrike Navigation Bar, go to Fusion SOAR > Workflows.