Malwarebytes Remediation for CrowdStrike allows you to scan and remediate endpoints in your CrowdStrike Falcon® environment. Follow these steps to setup and configure Malwarebytes Remediation for CrowdStrike:
- Log in to your CrowdStrike Falcon® Dashboard as a Falcon Administrator.
- Define a CrowdStrike API client. See the Defining your first API Client section in the CrowdStrike support article Getting Access to the CrowdStrike API.
- When creating your CrowdStrike API client, check the following required Read and Write API Scopes:
- Detections: Read
- Hosts: Read
- Host Groups: Read
- Incidents: Read
- Real time response (admin): Write
- Real time response: Read and Write
- When creating your CrowdStrike API client, check the following required Read and Write API Scopes:
- After creating your CrowdStrike API client, go to Configuration > Response Policies.
- For the policies that will utilize Malwarebytes Remediation for CrowdStrike, click Edit Policy.
- Under the Real Time Functionality section, switch the Enable All toggles on for Custom Scripts and High Risk Commands.
- Click Save to confirm your policy configurations.
- To configure Malwarebytes Remediation for Network Contained endpoints, see: Configure Malwarebytes Remediation for Crowdstrike Network Contained endpoints
- Download the Malwarebytes Remediation for CrowdStrike executable found in your purchase email.
- Run the executable.
- Create a Master Password upon initial registration of the product.
- Login using the Master Password.
- Click Managed Clients > Add Client.
- Enter your Name, Client ID, Secret ID, and select API Server. Click Ok.
- Select your Client, then Connect.
If your endpoints require a proxy to connect to the Internet, click the Proxy configuration button at the top-right and enter your proxy information.
If shown, download the latest Malwarebytes Remediation for CrowdStrike version by clicking New version available on the top left.
Return to the Malwarebytes Remediation for CrowdStrike integration guide.