Peregrine is a powerful native application to optimize the functions of CrowdStrike Falcon's API. To begin using Peregrine, it is necessary to have the correct credentials through both CrowdStrike and Peregrine, following cybersecurity best practice to ensure your assets are protected. You’ll need your CrowdStrike Customer Identification (CID), visible in the Falcon Console, before you get started.
For current CrowdStrike users, an API client and scope can be defined through your Falcon Administrator (the person on your team with administrative access to CrowdStrike Falcon’s console). API scope determines access levels, from viewing detections to managing systems, tenants, and users. “Once an API client is defined and a scope is set, any number of customer tools can query the CrowdStrike API using the given credentials,” explains CrowdStrike.
Administrator access for Peregrine has similar levels of permissions determined by credentials. It is recommended to designate at least one Peregrine Administrator to utilize all Peregrine functions.
Peregrine access requires a few credential handshakes in order to work successfully and remain secure. In the CrowdStrike Falcon console, your Falcon Administrator must create API clients and keys with the appropriate read/write access for any user who will also have access to Peregrine.
It is essential to define each user’s access levels correctly through CrowdStrike. Higher level user access in Peregrine will not allow actions that are disallowed by CrowdStrike permissions to be communicated and resolved through the CrowdStrike API.
Once API clients are defined, each client will also receive a Client ID and Client Secret through CrowdStrike Falcon. These credentials are required to link Peregrine to the CrowdStrike account and enable full application capability.
If you are reading this, you are already here! Time to Download Peregrine to your system.
Currently, Peregrine is only available for Windows. We do have plans for releases with MacOS and Linux. Be sure to sign up on the homepage for alerts of those launches.
Peregrine on Windows is delivered as a self-contained and signed executable(exe) file. This means that you don't need to install Peregrine on your system, you will be able to run the program directly from wherever you store the file on your system. The first time you run the program, a folder will be created to store encrypted keys for your account. Be sure to put this file where you can easily get to it.
To unlock the full capability of Peregrine and begin maximizing your real time response, you will need a trial activation key.
We offer a 30-day trial for new organizations to Peregrine. This will allow you to view and test the many functions designed to make managing your endpoint detection and response quick, simple, and accurate. Simply submit your name and email address to receive your trial invitation key as well as further instructions to the email you provided.
Upon full access, the power of Peregrine is yours. Enter all credentials in the opening window to initiate the secure handshakes and explore the powerful single host and batch actions Peregrine makes possible.