All Apps and Add-ons

Crowdstrike Falcon Event Streams TA add account option does not have API key, just username password

reswob10
Explorer

I installed the Crowdstrike Falcon Event Streams TA on my all-in-one Splunk after creating the API key on my Crowdstrike instance per the instructions in the add on guide.  But when I went to the app, then to configuration, then account, and from there clicked the 'Add' button to add an account, the input fields are 'Account Name', 'Username', and 'Password'.  Not, as the guide says, 'Account name', 'ClientID', and 'Secret'.

I have not found anything so far to switch from username/password to clientid/secret.  What am I missing?

Thanks

Labels (1)
Tags (2)
0 Karma
1 Solution

VatsalJagani
Champion

@reswob10 - I know that sounds funny, but add ClientID in place of username and ClientSecret in place of password.

I have done some code analysis for you to figure out that:

VatsalJagani_0-1651394403913.png

 

I hope this helps!!! Upvote/karma would be appreciated!!!

View solution in original post

0 Karma

reswob10
Explorer

That did work.  Thanks.   

0 Karma

VatsalJagani
Champion

@reswob10 - I know that sounds funny, but add ClientID in place of username and ClientSecret in place of password.

I have done some code analysis for you to figure out that:

VatsalJagani_0-1651394403913.png

 

I hope this helps!!! Upvote/karma would be appreciated!!!

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...