CrowdStrike Connector

SailPoint’s CrowdStrike connector is an Identity Risk SaaS connector that securely connects with your CrowdStrike system and aggregates the account details, along with the risk information for Identity Protection. This connector is developed in SaaS Platform Connectivity, which is next-generation pure SaaS Connectivity that doesn't require any Virtual Appliance.

The core capability of this connector is Identity Protection - Risky User Alert Feature which bring the risk information from CrowdStrike Falcon system.

With the security reports in CrowdStrike, you can gauge the probability of compromised user accounts in your environment. A user flagged for risk is an indicator for a user account that might have been compromised. The risky user represents the probability that a given identity or account is compromised. These risks are calculated offline using CrowdStrike's internal and external threat intelligence sources. The supported Risky User Alert attributes are riskScore, riskScoreSeverity, and riskFactors.

Support Level: SailPoint Delivered

This SaaS Connector is developed by SailPoint's Engineering team and supported under the annual SailPoint support and maintenance. Reach out to SailPoint support for assistance.

Supported Use Cases

• Full Account Aggregation
• Single Account Aggregation
• Identity Protection - Risky User Alert Feature

Supported Versions

• Any Version (Cloud)

Related Documentation

• Identity Security Cloud

Out of the Box Availability 

SailPoint is offering this connector on the new SaaS Connectivity Platform for Identity Security Cloud. Connectors running on this new platform do not require a virtual appliance.