Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

Integrate Crowdstrike EDR with Dune Security

Dune's flexible integration approach starts with one critical data point and scales with your organization.

Dune Security offers powerful tools to integrate CrowdStrike's Endpoint Detection and Response (EDR) features, focusing on enhancing identity protection, threat detection, and automating security responses. However, every organization's environment is unique. Dune's flexible integration approach starts with one critical data point and scales with your organization.

1. Getting Started with CrowdStrike API Integration

Initial Setup: One Data Point to Start

Before scaling the full range of CrowdStrike's capabilities, we start by integrating one key data point into Dune Security. This allows you to understand the impact before expanding into other areas.

  • Generating API Keys for Initial Integration
    • Prerequisite: CrowdStrike Falcon Administrator access.
    • In the CrowdStrike Falcon Platform:
      1. Go to API Clients and Keys.
      2. Select Add New API Client.
      3. Set up your API client:
        • Client Name: Dune Security Hosts
        • API Scopes: Start with Read scopes for Hosts API.
      4. Generate your API credentials (Client ID & Secret Key) and securely share them with your Dune Security administrator.

With this initial data point—Host API—Dune will begin analyzing endpoint security behavior, providing immediate insights into your organization's current risk posture.

2. Scaling Features Based on Your Environment

Once the first data point is successfully integrated, Dune Security can scale based on your needs, gradually adding more layers of protection:

Identity Threat Detection and Response (ITDR)

  • Start: Integrating data from CrowdStrike’s Hosts API to monitor user behavior and detect compromised credentials.
  • Scale: As your environment evolves, expand to Incidents API and Indicators API for deeper monitoring of security incidents tied to user activity.

By correlating this information, Dune Security offers:

  • Enhanced Visibility: Immediate flagging of suspicious behaviors.
  • Automated Incident Response: Streamlined responses triggered in real-time as threats arise.

Incident Data Correlation

  • Start: Begin with Incident Data from the Hosts API, focusing on basic alerts.
  • Scale: Add advanced analysis of past incidents across users and systems, improving the ability to identify attack patterns and asset risk correlations.

This gradual scaling allows your organization to improve defenses based on real-world feedback and risk prioritization.

3. Benefits of Gradual Integration

Every organization's environment is unique. Instead of deploying all integrations at once, Dune allows you to scale based on your organizational readiness and current risk posture.

  • Step 1: Host API Integration – Start with analyzing user device interactions, providing a baseline of security risks related to endpoints.
  • Step 2: Indicator and Incident API Scaling – Once initial insights are gathered, progressively integrate Incidents and Indicators to correlate incident responses with endpoint activities, further improving threat detection.

This approach ensures minimal disruption and delivers actionable data at every stage.

4. Customizing Security Based on Your Needs

  • Recommendations for Clients Without Spotlight

    • If your organization lacks advanced tools like Spotlight, Dune will focus on leveraging CrowdStrike’s core ITDR functionalities. This includes continuous user monitoring and incident data analysis, providing essential threat mitigation without requiring additional software investments.

  • Training & Compliance: With Dune Security’s adaptive training modules, each new data point fuels tailored security education for your employees, ensuring they remain vigilant as risks evolve.

5. Real-Time Monitoring & Reporting

Through Dune's platform, you will receive tailored insights that grow as your integration with CrowdStrike deepens:

  • User-Level Risk Profiles: Personalized risk assessments based on initial CrowdStrike data, showing which employees are most at risk.
  • Expanded Reporting: As more APIs are integrated, the reporting grows to provide more comprehensive insights into your security posture.

Conclusion: Start Small, Scale with Confidence

Dune Security’s integration with CrowdStrike offers a scalable solution. By starting with one critical data point, you gain immediate insights and the ability to strategically expand your defenses based on real data. This approach ensures that your organization's unique environment is accounted for, allowing you to scale effectively as your security needs evolve.

For assistance or questions about scaling your CrowdStrike integration with Dune Security, reach out to your Dune Security support representative.