GithubHelp home page GithubHelp logo

Comments (9)

carlosmmatos avatar carlosmmatos commented on June 30, 2024 1

Sure no problem:

CID is your Customer ID - every customer has this. If you were interested to see what your's was - you could log onto the console and go to the sensor downloads page.

  • Host setup and management -> Deploy -> Sensor downloads

This is the link to the event streams docs:
( you may have to change the link if you use another cloud )
https://falcon.crowdstrike.com/documentation/89/event-streams-apis

from cloud-aws.

jshcodes avatar jshcodes commented on June 30, 2024

That screenshot needs to be updated. The EC2 instance it should be looking at the FIG_API_BASE_URL parameter in Parameter Store for this value. (Defaulting to us1 / auto when it is not found.)

You are correct, you can use either the URL (with or without the https://) for this value, or you can use the shortname (usgov1).

from cloud-aws.

steven-tan avatar steven-tan commented on June 30, 2024

Thanks for the clarification @jshcodes ! The error isn't happening in logs now, but now I get a different message... any idea what might be causing this?

[ec2-user@sechub-crowdstrike-integration-2023-q3-fig log]$ sudo service fig status
Redirecting to /bin/systemctl status fig.service
● fig.service - Security Hub Integration
   Loaded: loaded (/usr/lib/systemd/system/fig.service; enabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Fri 2023-07-14 21:31:28 UTC; 1min 21s ago
  Process: 7883 ExecStart=/usr/bin/python3 /usr/share/fig/main.py &> /dev/null (code=exited, status=0/SUCCESS)
 Main PID: 7883 (code=exited, status=0/SUCCESS)

Jul 14 21:31:28 sechub-crowdstrike-integration-2023-q3-fig systemd[1]: fig.service holdoff time over, scheduling restart.
Jul 14 21:31:28 sechub-crowdstrike-integration-2023-q3-fig systemd[1]: Stopped Security Hub Integration.
Jul 14 21:31:28 sechub-crowdstrike-integration-2023-q3-fig systemd[1]: start request repeated too quickly for fig.service
Jul 14 21:31:28 sechub-crowdstrike-integration-2023-q3-fig systemd[1]: Failed to start Security Hub Integration.
Jul 14 21:31:28 sechub-crowdstrike-integration-2023-q3-fig systemd[1]: Unit fig.service entered failed state.
Jul 14 21:31:28 sechub-crowdstrike-integration-2023-q3-fig systemd[1]: fig.service failed.

from cloud-aws.

carlosmmatos avatar carlosmmatos commented on June 30, 2024

@steven-tan - Assuming you made the correct changes already to the FIG_API_BASE_URL, I would say to checkout the troubleshooting section, specifically around checking the application logs.

Also - running the application in standalone mode will help you better see the output for identifying potential issues.

Let us know what you find.

from cloud-aws.

steven-tan avatar steven-tan commented on June 30, 2024

@carlosmmatos - thanks for the response.

The application log shows this repeatedly, I'm not really sure how much of this is problematic (in particular missing parameters indicated which aren't reflected in the docs I think):

[ec2-user@sechub-crowdstrike-integration-2023-q3-fig log]$ tail -25 /usr/share/fig/fig-service.log

Thu Jul 20 18:32:52 2023 Specified configuration file not found

Thu Jul 20 18:32:52 2023 FIG_FALCON_CLIENT_ID parameter loaded successfully.

Thu Jul 20 18:32:52 2023 FIG_FALCON_CLIENT_SECRET parameter loaded successfully.

Thu Jul 20 18:32:52 2023 FIG_APP_ID parameter loaded successfully.

Thu Jul 20 18:32:52 2023 FIG_SEVERITY_THRESHOLD parameter loaded successfully.

Thu Jul 20 18:32:52 2023 FIG_SQS_QUEUE_NAME parameter loaded successfully.

Thu Jul 20 18:32:52 2023 FIG_API_BASE_URL parameter loaded successfully.

Thu Jul 20 18:32:52 2023 FIG_CONFIRM_PROVIDER SSM parameter not found

Thu Jul 20 18:32:52 2023 FIG_SSL_VERIFY SSM parameter not found

Thu Jul 20 18:32:52 2023 Configuration parameters loaded from SSM Parameter Store.

Thu Jul 20 18:32:53 2023 No streams available

Thu Jul 20 18:32:53 2023 Process terminated

from cloud-aws.

steven-tan avatar steven-tan commented on June 30, 2024

Also, running the command manually didn't yield anything I could see either...

[ec2-user@sechub-crowdstrike-integration-2023-q3-fig log]$ cd /usr/share/fig
[ec2-user@sechub-crowdstrike-integration-2023-q3-fig fig]$ sudo -u fig python3 main.py
/home/fig/.local/lib/python3.7/site-packages/boto3/compat.py:82: PythonDeprecationWarning: Boto3 will no longer support Python 3.7 starting December 13, 2023. To continue receiving service updates, bug fixes, and security updates please upgrade to Python 3.8 or later. More information can be found here: https://aws.amazon.com/blogs/developer/python-support-policy-updates-for-aws-sdks-and-tools/
  warnings.warn(warning, PythonDeprecationWarning)
[ec2-user@sechub-crowdstrike-integration-2023-q3-fig fig]$

from cloud-aws.

carlosmmatos avatar carlosmmatos commented on June 30, 2024

@steven-tan - since you are on usgov1 - have you put in a support request to have event streams enabled for your cid?

From the event streams docs:

Note: If your CrowdStrike cloud is US-GOV-1 and your CID doesn’t have event streams enabled, or if the status is unknown, contact Support for assistance.

I just want to make sure we're not missing anything.

from cloud-aws.

steven-tan avatar steven-tan commented on June 30, 2024

I appreciate the quick response @carlosmmatos - I'm pretty new to using/implementing this stuff, so a couple quick questions:

  1. What does CID refer to? Not familiar with the term in this context
  2. Are you able to link the actual event streams docs you are referring to? May help me answer my own questions.

I do believe we are on gov cloud, so if I understand correctly, I need to open a support case with CrowdStrike to ensure event stream configuration is correct. (Am going through that process now)

from cloud-aws.

carlosmmatos avatar carlosmmatos commented on June 30, 2024

@steven-tan I'm going to close this since it's been past 60 days. If you have any other questions, please open up a new issue.

Thanks

from cloud-aws.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.