![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)
π Note
Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.
When you create a Hypersync between Hyperproof and Crowdstrike, you can automatically collect the following proof types:
Crowdstrike Falcon proof types and fields
Proof type | Fields | Testable |
Device Control Policies | Name, Description, Platform, Enagled, Created On Groups | Yes |
Endpoint Detections | Vulnerability, Severity, First Detected, Status, Hours to Resolution, Hostname, Platform | Yes |
List of Host Groups | Name, Description, Group Type, Created On, Number of Hosts, Assignment Rule | Yes |
List of Hosts | Hostname, Platform, Platform criteria, OS Version, OS Build, System Manufacturer, System Product Name, Containment Status, Last Seen | Yes |
List of Users | Name, Email, Roles | Yes |
Prevention Policies | Name, Description, Platform Name, Enabled, Created On, Groups, Policy Details | Yes |
Sensor Update Policies | Name, Description, Platform Name, Enabled, Created On, Sensor Version, Uninstall Protection, Groups | Yes |
β
Crowdstrike notes on proof types
Endpoint Detections
The Endpoint Detections proof type can collect up to 10,000 detections before timing out. The Crowdstrike API stops sending records when a maximum of 10,000 is reached. If your detections exceed this limit, apply a Severity filter to reduce the volume of data in a single sync.
List of Hosts
The List of Hosts proof type can collect up to 140,000 hosts before timing out. If your infrastructure exceeds this limit, we recommend applying an offered criteria filter such as 'Platform' (Windows, Mac, Linux) to reduce the volume of data in one sync.
This Hypersync supports importing a user list for an access review. See Importing a list of application users with a Hypersync for more information.
Additional documentation
π Note
You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need.
β
Additionally, you can create multiple Hypersyncs for a single control or label.
Configuring an API client in Crowdstrike
Authentication type: Custom
β
Custom authentication parameters: Region, Client ID, Secret
An API client must be created in Crowdstrike prior to setting up a Hypersync. This produces a Client ID and a Client Secret that are both needed to set up the Crowdstrike Hypersync.
From the Falcon Cloud Console, navigate to Support and resources > Resources and tools > API Clients and keys.
Click Create API client.
Add a descriptive client name.
Select the scopes you need and click Create.
The following minimum API scopes are required for the Hypersync for Crowdstrike to work. Providing read access for these scopes ensures that future Hypersyncs will work as intended.
Alerts
Device Control Policies
Hosts
Host Groups
Prevention Policies
Sensor Update Policies
User Management
Use the Copy button to copy your new API client secret and store it somewhere safe. After the credential window is closed, the secret is no longer visible.
Click Done.
Tips
Only a Crowdstrike user with the Falcon Administrator role can view, create, or modify API clients.
API clients are not associated with a specific named user account. In Hyperproof Settings > Connected accounts, the Client ID can be found in the connection tile.
The Client Secret is only shown once, and should be stored in a secure place. The Client ID and Client Secret are needed for the Hypersync credentials.
The following regions are supported: US1, US2, and EU1.
Key rotation can be facilitated by creating multiple API clients for Hypersyncs.