CrowdStrike Falcon Integration Guide
Integrating PhishingBox with CrowdStrike Falcon allows you to automatically incorporate endpoint detection and response (EDR) data into your Human Risk Score framework. CrowdStrike alerts tied to user devices are directly associated with their PhishingBox target profiles, providing greater visibility into individual cyber risk.
Purpose of the Integration
The CrowdStrike integration enables PhishingBox to:
- Ingest devices and security alerts from CrowdStrike Falcon.
- Associate alerts to users (targets) when the device is matched.
- Adjust Human Risk Scores based on real-world detection activity.
This results in more comprehensive user risk profiles that consider both phishing behavior and endpoint threat intelligence.
Step-by-Step Configuration
Follow the steps below to connect your CrowdStrike account to PhishingBox.
Gather CrowdStrike API Credentials
- Log in to your CrowdStrike Falcon console.
- Navigate to Support > API Clients and Keys.
- Create or access an API client.
- Note the following credentials:
- Client ID
- Client Secret
-
Base URL (e.g.,
https://api.us-2.crowdstrike.com, based on your region)
Your API client should have appropriate scopes for event access, device management, and detections.
Configure the Integration in PhishingBox
- In PhishingBox, go to Integrations > CrowdStrike.
- Click the Setup button.
- In the configuration panel:
- Set the toggle to Active.
- Paste your Client ID, Client Secret, and Base URL.
Test & Save
- Click the Test button to validate your credentials.
- Once successful, the Last tested timestamp will update.
- Click Save to complete the setup.
The Save button is only available after a successful connection test.
Sync Behavior Summary
| Feature | Description |
|---|---|
| Device Sync | Retrieves devices managed by CrowdStrike Falcon |
| Target Matching | Matches devices to users (targets) in PhishingBox |
| Detection Import | Ingests detections like exploits, malware, or lateral movement attempts |
| Risk Score Impact | Automatically updates user risk scores based on threat severity |
Risk Scoring Logic
Once integrated, detection events from CrowdStrike contribute to the PhishingBox Human Risk Score:
- High-priority detections have greater impact.
- Frequent or unresolved issues further elevate risk.
- Combined with phishing test and training data, this provides a full-spectrum view of user risk.
💬 Need Help?
Need help retrieving credentials or interpreting alerts?
- Contact PhishingBox support or your assigned customer success manager.
- Refer to the CrowdStrike API Documentation for advanced token setup and permissions.