★Start Free★
Guides

CrowdStrike Integration

Suggest Edits

Overview

The CrowdStrike integration enables Jit to automatically retrieve CSPM and ASPM findings from your CrowdStrike Falcon platform.
Once connected, Jit ingests posture findings, misconfigurations, alerts, and asset data through the Falcon API, enriching them with Jit’s knowledge graph for correlation, dashboards, and automated agent workflows.

Setup Requirements

Before connecting the integration, ensure:

  • You have a CrowdStrike Falcon account
  • You can create or edit API Clients and Keys
  • You are logged in to the correct Falcon region
  • You have a Jit account with admin permissions

This integration uses Client ID, Client Secret, and API Region for authentication.

Required API Permissions

To allow Jit to ingest findings from CrowdStrike, your API Client must include the following Falcon permissions, all set to Read.

Required CrowdStrike API Scopes (Read-Only)

PermissionRequired AccessWhy It’s Needed
AlertsReadAllows Jit to retrieve detection insights tied to posture and application findings.
ASPM Read-OnlyReadFetches application security posture and misconfiguration findings.
CSPM RegistrationReadRequired to discover cloud assets and CSPM posture information.
Cloud Security API DetectionsReadEnables Jit to ingest cloud misconfiguration and security API findings.

Important:
Missing any of these four permission groups will prevent Jit from retrieving critical findings and will cause partial or failed syncs.

How to Retrieve Credentials in CrowdStrike

Follow these steps in the Falcon Console:

  1. Log in to your Falcon Console at
    https://falcon.<region>.crowdstrike.com

  2. Navigate to ☰ Menu → Support & Resources → API Clients and Keys

  3. Click Create API Client (or open an existing client)

  4. Give it a descriptive name, e.g. “Jit Integration”

  5. Under Permissions, enable (all with Read access):

    • Alerts
    • ASPM Read-Only
    • CSPM Registration
    • Cloud Security API Detections

  6. Save the client to generate:

    • Client ID
    • Client Secret (shown only once — copy immediately)

  7. Determine your API Region from your console URL:

    Console URLRegion Value
    falcon.crowdstrike.comapi
    falcon.us-2.crowdstrike.comapi.us-2
    falcon.eu-1.crowdstrike.comapi.eu-1
    falcon.laggar.gcw.crowdstrike.comapi.laggar.gcw

You now have all the values needed to complete the integration in Jit.

Connecting CrowdStrike to Jit

  1. Go to the Integrations page in Jit
  2. Select CrowdStrike
  3. Fill in:
    • Client ID
    • Client Secret
    • API Region
  4. Click Continue
  5. Jit will validate the credentials and activate the integration

Once connected, Jit will begin syncing data automatically.

Need Help?

If you need assistance configuring the integration or verifying permissions, contact Jit Support.

Updated 24 days ago