falcon-integration-gateway

User Guide for deploying Falcon Integration Gateway from GKE Marketplace

Prerequisites:

Step 1: Obtain OAuth2 API credentials for CrowdStrike Falcon

api keys

Step 2: Create GCP Service Account for managing SCC findings

This service account will be used to create Falcon Findings in GCP Security Command Center. GCP Documentation can be consulted to set-up programmatic access to Security Command Center.

Command-line instructions

export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_NUMBER=$(gcloud projects list --filter="$PROJECT" --format="value(PROJECT_NUMBER)")
export ORG_ID="$(gcloud projects get-ancestors $PROJECT_ID | grep organization | cut -f1 -d' ')"
export SERVICE_ACCOUNT=falcon-integration-gateway
export KEY_LOCATION="./gcloud-secret-${SERVICE_ACCOUNT}.json"


# Create service account for this project
gcloud iam service-accounts create $SERVICE_ACCOUNT  --display-name \
 "Service Account for falcon-integration-gateway"  --project $PROJECT_ID

# Create key for the service account
gcloud iam service-accounts keys create $KEY_LOCATION  --iam-account \
 $SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com

# Grant the service account the securitycenter.admin role for the organization.
gcloud organizations add-iam-policy-binding $ORG_ID \
  --member="serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com" \
  --role='roles/securitycenter.admin'

# Encode credentials for passing them to Falcon Integration Gateway
base64 $KEY_LOCATION

Step 3: Navigate to Falcon Integration Gateway Listing Page

Marketplace Link

overview

Step 4: Configure the application

Configure button leads you to application configuration page.

configure

Step 5: Hit deploy button

Step 6: Verify the install

Navigate to GCP Security Command Center to confirm that new Findings Source called CrowdStrike Falcon has appeared.

scc

Detail of Finding created.

scc

This site is open source. Improve this page.