Malwarebytes Remediation for CrowdStrike allows you to scan and remediate endpoints in your CrowdStrike Falcon® environment. Follow these steps to setup and configure Malwarebytes Remediation for CrowdStrike:
- Log in to your CrowdStrike Falcon® Dashboard as a Falcon Administrator.
- Define a CrowdStrike API client. See the Defining your first API Client section in the CrowdStrike support article Getting Access to the CrowdStrike API.
- When creating your CrowdStrike API client, check the following required Read and Write API Scopes:
- Detections: Read
- Hosts: Read
- Host Groups: Read
- Incidents: Read
- Real time response (admin): Write
- Real time response: Read and Write
- When creating your CrowdStrike API client, check the following required Read and Write API Scopes:
- After creating your CrowdStrike API client, go to Configuration > Response Policies.
- For the policies that will utilize Malwarebytes Remediation for CrowdStrike, click Edit Policy.
- Under the Real Time Functionality section, switch the Enable All toggles on for Custom Scripts and High Risk Commands.
- Click Save to confirm your policy configurations.
- To configure Malwarebytes Remediation for Network Contained endpoints, see: Configure Malwarebytes Remediation for Crowdstrike Network Contained endpoints
- Download the Malwarebytes Remediation for CrowdStrike executable found in your purchase email.
- Run the executable.
- Create a Master Password upon initial registration of the product.
- Login using the Master Password.
- Click Managed Clients > Add Client.
- Enter your Name, Client ID, Secret ID, and select API Server. Click Ok.
- Select your Client, then Connect.
If your endpoints require a proxy to connect to the Internet, click the Proxy configuration button at the top-right and enter your proxy information.
Return to the Malwarebytes Remediation for CrowdStrike integration guide.