Back to Integrations
CrowdStrike
Microsoft Entra ID (Azure Active Directory)
integrationCrowdStrike node
HTTP Request
integrationMicrosoft Entra ID (Azure Active Directory) node
HTTP Request

CrowdStrike and Microsoft Entra ID (Azure Active Directory) integration

Save yourself the work of writing custom integrations for CrowdStrike and Microsoft Entra ID (Azure Active Directory) and use n8n instead. Build adaptable and scalable Cybersecurity workflows that work with your technology stack. All within a building experience you will love.

Get started
See n8n in action

How to connect CrowdStrike and Microsoft Entra ID (Azure Active Directory)

  • Step 1: Create a new workflow
  • Step 2: Add and configure nodes
  • Step 3: Connect
  • Step 4: Customize and extend your integration
  • Step 5: Test and activate your workflow

Step 1: Create a new workflow and add the first step

In n8n, click the "Add workflow" button in the Workflows tab to create a new workflow. Add the starting point – a trigger on when your workflow should run: an app event, a schedule, a webhook call, another workflow, an AI chat, or a manual trigger. Sometimes, the HTTP Request node might already serve as your starting point.

CrowdStrike and Microsoft Entra ID (Azure Active Directory) integration: Create a new workflow and add the first step

Step 2: Add and configure CrowdStrike and Microsoft Entra ID (Azure Active Directory) nodes using the HTTP Request nodes

You can find CrowdStrike and Microsoft Entra ID (Azure Active Directory) nodes in the nodes panel and drag them onto your workflow canvas. These nodes will be added as HTTP Request nodes with pre-configured credential types. The HTTP Request node makes custom API calls to CrowdStrike and Microsoft Entra ID (Azure Active Directory). Configure CrowdStrike and Microsoft Entra ID (Azure Active Directory) nodes one by one: input data on the left, parameters in the middle, and output data on the right.

CrowdStrike and Microsoft Entra ID (Azure Active Directory) integration: Add and configure CrowdStrike and Microsoft Entra ID (Azure Active Directory) nodes using the HTTP Request nodes

Step 3: Connect CrowdStrike and Microsoft Entra ID (Azure Active Directory)

A connection establishes a link between CrowdStrike and Microsoft Entra ID (Azure Active Directory) (or vice versa) to route data through the workflow. Data flows from the output of one node to the input of another. You can have single or multiple connections for each node.

CrowdStrike and Microsoft Entra ID (Azure Active Directory) integration: Connect CrowdStrike and Microsoft Entra ID (Azure Active Directory)

Step 4: Customize and extend your CrowdStrike and Microsoft Entra ID (Azure Active Directory) integration

Use n8n's core nodes such as If, Split Out, Merge, and others to transform and manipulate data. Write custom JavaScript or Python in the Code node and run it as a step in your workflow. Connect CrowdStrike and Microsoft Entra ID (Azure Active Directory) with any of n8n’s 1000+ integrations, and incorporate advanced AI logic into your workflows.

CrowdStrike and Microsoft Entra ID (Azure Active Directory) integration: Customize and extend your CrowdStrike and Microsoft Entra ID (Azure Active Directory) integration

Step 5: Test and activate your CrowdStrike and Microsoft Entra ID (Azure Active Directory) workflow

Save and run the workflow to see if everything works as expected. Based on your configuration, data should flow from CrowdStrike and Microsoft Entra ID (Azure Active Directory) or vice versa. Easily debug your workflow: you can check past executions to isolate and fix the mistake. Once you've tested everything, make sure to save your workflow and activate it.

CrowdStrike and Microsoft Entra ID (Azure Active Directory) integration: Test and activate your CrowdStrike and Microsoft Entra ID (Azure Active Directory) workflow

Build your own CrowdStrike and Microsoft Entra ID (Azure Active Directory) integration

Create custom CrowdStrike and Microsoft Entra ID (Azure Active Directory) workflows by choosing triggers and actions. Nodes come with global operations and settings, as well as app-specific parameters that can be configured. You can also use the HTTP Request node to query data from any app or service with a REST API.

Supported API Endpoints for CrowdStrike

  • Hosts
  • Alerts
  • Detection
  • Users
GetDeviceDetails
Retrieve device details for a specific host.
GET
/devices/entities/devices/v1
QueryDevicesByFilter
Query devices by filter.
GET
/devices/queries/devices/v1
PerformDeviceAction
Perform a device action such as 'Contain' or 'Lift Containment'.
POST
/devices/entities/devices-actions/v2
GetDeviceSnapshots
Get snapshots of device status.
GET
/devices/entities/snapshots/v1
GetDeviceDetailsById
Retrieve device details for a specific host by device ID.
GET
/devices/entities/devices/v1?ids={device_id}

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

GetAlerts
Retrieve a list of alerts.
GET
/alerts/queries/alerts/v1
GetAlertDetails
Retrieve details of a specific alert.
GET
/alerts/entities/alerts/v1
AcknowledgeAlert
Acknowledge a specific alert.
POST
/alerts/entities/alerts-actions/v1
UpdateAlert
Update details of a specific alert.
PATCH
/alerts/entities/alerts/v1
DeleteAlert
Delete a specific alert.
DELETE
/alerts/entities/alerts/v1

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

QueryDetections
Retrieve detections based on provided query parameters.
GET
/detects/queries/detects/v1
GetDetectionDetails
Retrieve details for a specific detection.
GET
/detects/entities/detects/v1
UpdateDetection
Update details of a specific detection.
PATCH
/detects/entities/detects/v1
AcknowledgeDetection
Acknowledge a specific detection.
POST
/detects/entities/detects-actions/v1
DeleteDetection
Delete a specific detection.
DELETE
/detects/entities/detects/v1

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

GetUsers
Retrieve a list of users.
GET
/users/queries/users/v1
GetUserDetails
Retrieve details of a specific user.
GET
/users/entities/users/v1
CreateUser
Create a new user.
POST
/users/entities/users/v1
UpdateUser
Update details of a specific user.
PATCH
/users/entities/users/v1
DeleteUser
Delete a specific user.
DELETE
/users/entities/users/v1

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

Supported API Endpoints for Microsoft Entra ID (Azure Active Directory)

  • Users
  • Groups
  • Applications
  • Groups Members
List Users
Retrieve a list of user objects.
GET
/users
Create User
Create a new user.
POST
/users
Get User
Retrieve the properties and relationships of user object.
GET
/users/{userId}
Update User
Update the properties of a user object.
PATCH
/users/{userId}
Delete User
Delete a user.
DELETE
/users/{userId}

To set up Microsoft Entra ID (Azure Active Directory) integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to Microsoft Entra ID (Azure Active Directory) to query the data you need using the URLs you provide.

See the example here

Take a look at the Microsoft Entra ID (Azure Active Directory) official documentation to get a full list of all API endpoints

List Groups
Retrieve a list of group objects.
GET
/groups
Create Group
Create a new group.
POST
/groups
Get Group
Retrieve the properties and relationships of a group object.
GET
/groups/{groupId}
Update Group
Update the properties of a group object.
PATCH
/groups/{groupId}
Delete Group
Delete a group.
DELETE
/groups/{groupId}

To set up Microsoft Entra ID (Azure Active Directory) integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to Microsoft Entra ID (Azure Active Directory) to query the data you need using the URLs you provide.

See the example here

Take a look at the Microsoft Entra ID (Azure Active Directory) official documentation to get a full list of all API endpoints

List Applications
Retrieve a list of application objects.
GET
/applications
Create Application
Create a new application.
POST
/applications
Get Application
Retrieve the properties and relationships of an application object.
GET
/applications/{applicationId}
Update Application
Update the properties of an application object.
PATCH
/applications/{applicationId}
Delete Application
Delete an application.
DELETE
/applications/{applicationId}

To set up Microsoft Entra ID (Azure Active Directory) integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to Microsoft Entra ID (Azure Active Directory) to query the data you need using the URLs you provide.

See the example here

Take a look at the Microsoft Entra ID (Azure Active Directory) official documentation to get a full list of all API endpoints

List Group Members
Retrieve a list of the members of a group.
GET
/groups/{groupId}/members
Add Group Member
Add a member to a group.
POST
/groups/{groupId}/members/$ref
Get Group Member
Retrieve a member of a group.
GET
/groups/{groupId}/members/{memberId}
Remove Group Member
Remove a member from a group.
DELETE
/groups/{groupId}/members/{memberId}/$ref
Update Group Member
Update the properties of a group member.
PATCH
/groups/{groupId}/members/{memberId}

To set up Microsoft Entra ID (Azure Active Directory) integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to Microsoft Entra ID (Azure Active Directory) to query the data you need using the URLs you provide.

See the example here

Take a look at the Microsoft Entra ID (Azure Active Directory) official documentation to get a full list of all API endpoints

CrowdStrike and Microsoft Entra ID (Azure Active Directory) integration details

integrationCrowdStrike node
HTTP Request
CrowdStrike

CrowdStrike is a cybersecurity company known for its cloud-based endpoint security platform, Falcon. It provides advanced threat detection and response solutions, leveraging artificial intelligence and machine learning to protect organizations from cyberattacks and breaches.

integrationMicrosoft Entra ID (Azure Active Directory) node
HTTP Request
Microsoft Entra ID (Azure Active Directory)

Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It provides secure authentication and authorization for users, enabling them to access applications, resources, and services in the Azure cloud and other integrated applications.

Use case

The SOAR platform you want

Mountains of monotonous tasks make building and monitoring your workflows a chore. Not anymore.

Learn more

FAQs

  • Can CrowdStrike connect with Microsoft Entra ID (Azure Active Directory)?

  • Can I use CrowdStrike’s API with n8n?

  • Can I use Microsoft Entra ID (Azure Active Directory)’s API with n8n?

  • Is n8n secure for integrating CrowdStrike and Microsoft Entra ID (Azure Active Directory)?

  • How to get started with CrowdStrike and Microsoft Entra ID (Azure Active Directory) integration in n8n.io?

Looking to integrate CrowdStrike and Microsoft Entra ID (Azure Active Directory) in your company?

Contact Sales

Over 3000 companies switch to n8n every single week

Why use n8n to integrate CrowdStrike with Microsoft Entra ID (Azure Active Directory)

Build complex workflows, really fast

Build complex workflows, really fast

Handle branching, merging and iteration easily.
Pause your workflow to wait for external events.

Code when you need it, UI when you don't

Simple debugging

Your data is displayed alongside your settings, making edge cases easy to track down.

Use templates to get started fast

Use 1000+ workflow templates available from our core team and our community.

Reuse your work

Copy and paste, easily import and export workflows.

Implement complex processes faster with n8n

Get started
red iconyellow iconred iconyellow icon

Automate without limits

Made with ♥ in Berlin
Impressum | Legal | Privacy

Report a vulnerability
© 2024 n8n | All rights reserved.