CrowdStrike
Cloudflare Zero Trust can integrate with Crowdstrike to require that users connect to certain applications from managed devices. This service-to-service posture check uses the WARP client to read endpoint data from Crowdstrike. Devices are identified by their serial numbers.
Device posture with Crowdstrike requires:
- Falcon Enterprise plan or above
- Crowdstrike agent is deployed on the device.
-
Cloudflare WARP client is deployed on the device. For a list of supported modes and operating systems, refer to Service providers.
The following CrowdStrike values are needed to set up the CrowdStrike posture check:
- Client ID
- Client Secret
- Base URL
- Customer ID
To retrieve those values:
- Log in to your Falcon Dashboard.
- Go to Support and resources > API Clients and Keys.
- Select Create API client and enter any name for the client.
- Turn on the following API permissions:
Scope Permission Detections Read Hosts Read Event Streams Read User Management Read Zero Trust Assessment Read - Select Create.
- Copy the Client ID, Client Secret, and Base URL to a safe place.
- Go to Host setup and management > Sensor downloads and copy your Customer ID.
- In Zero Trust ↗, go to Settings > WARP Client.
- Scroll down to Third-party service provider integrations and select Add new.
- Select Crowdstrike.
- Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
- Enter the Client ID and Client secret you noted down above.
- In Rest API URL, enter your Base URL.
- Enter your Customer ID.
- Choose a Polling frequency for how often Cloudflare Zero Trust should query CrowdStrike for information.
- Select Test and save.
- In Zero Trust ↗, go to Settings > WARP Client > Service provider checks.
- Select Add new.
- Select the Crowdstrike provider.
- Enter any name for the posture check.
- Configure the attributes required for the device to pass the posture check.
- Select Save.
- To test, go to Logs > Posture and verify that the service provider posture check is returning the expected results.
You can now use this posture check in a device posture policy.
Device posture data is gathered from the CrowdStrike Zero Trust Assessment APIs ↗. To learn more about how scores are calculated, refer to the CrowdStrike Zero Trust Assessment ↗ documentation.
| Selector | Description | Value |
|---|---|---|
| OS | OS signal score | 1 to 100 |
| Overall | Overall ZTA score | 1 to 100 |
| Sensor config | Sensor signal score | 1 to 100 |
| Version | ZTA score version | 2.1.0 |
| State | Current online status of the device | Online, Offline, or Unknown |
| Last seen | Elapsed time since the device was last seen. Only returned if its state is online or unknown. | In the last 1 hour, 3 hours, 6 hours, 12 hours, 24 hours, 7 days, 30 days, or more than 30 days |
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark