Home
Vantage
Administrator Guide
Information about the Administration section of Vantage, and the tasks that you can do in this part of the software.
Administration
Organization Settings
Integrations
The Integrations page lets you use one of the available applications to connect an organization with a third-party application.
CrowdStrike
Configure the CrowdStrike EDR integration
This task gives the necessary steps to configure the CrowdStrike EDR integration in your system. It helps you to select the necessary features, enter the required credentials, and apply the configuration to enhance asset enrichment.

Vantage
- Introduction
  An overview of Vantage.
- Administrator Guide
  Information about the Administration section of Vantage, and the tasks that you can do in this part of the software.
  - Administration
    - Administration page
      The administration page lets a user with administrator privileges configure settings and do other tasks.
    - System
    - Teams
    - Organization Settings
      - Update Policy
        The Update Policy page lets you view and set the update policy for Vantage and its sensors. You can select options that will keep your sensors updated with the latest version of the applicable software.
      - Features
        The Features page lets you configure Vantage to show, or hide, experimental and preview features for the selected organization.
      - Sensors Synchronization Settings
        The Settings Synchronization Settings (Sync) page shows the settings that this sensor inherits from its organization.
      - Tags
        The Tags page lets you assign tags to assets for access management purposes. This lets you constrain role assignments into a specific tag.
      - Zone configurations
      - Imports
        The Imports page lets you see the list of imported hardware configuration, or project files, from which asset information is extracted.
      - Asset Rules
        The Asset Rules page shows all the asset rules in your organization, and lets you add new ones.
      - Alert Close Options
        The Alert Close Options page lets you define custom explanations for closing an alert.
      - Alert Playbooks
        The Alert Playbooks page lets you define templates to follow to manage alerts. An alert playbook defines custom content that instructs alert operators, and other users, how to manage various types of alerts. Playbooks are associated with alerts that match criteria specified in an alert rule. When a matching alert is raised, the playbook's content is included on the new alert's Details page. You and your team can update this content to record progress and take notes particular to this alert.
      - Alert Rules
        The Alert Rules page shows all the alert rules that you have defined, and lets you add new ones.
      - Integrations
        The Integrations page lets you use one of the available applications to connect an organization with a third-party application.
        CrowdStrike
        Overview
        This documentation describes the CrowdStrike EDR integration with Nozomi Networks Vantage.
        Requirements
        The requirements for the CrowdStrike EDR integration.
        Configure the CrowdStrike EDR integration
        This task gives the necessary steps to configure the CrowdStrike EDR integration in your system. It helps you to select the necessary features, enter the required credentials, and apply the configuration to enhance asset enrichment.
        Tenable
      - Traffic Replays
        The Traffic Relays page lets you load demonstration data into your environment so that you can test various features and explore Vantage. Nozomi Networks provides several traffic replays, which demonstrate different scenarios, such as an OT-focused Power Station attack.
      - CLI
        The CLI page lets you select sensors and use the text field to enter a command to execute. Vantage shows the output of sensors in the web UI.
      - Migration tasks
        The Migration tasks page lets you update your Vantage instance and downstream sensors to adapt to changes in new versions of N2OS.
      - Audit Logs
        The Audit Logs page shows detailed operational information about your sensors and the activities that they monitor.
      - Backup Schedules
        The Backup Schedules page lets you manage, view, add, edit, and delete backup schedules.
  - Migration
  - SAML integration
- User Guide
  Information about the main features of Vantage and the tasks that you can do from the user interface (UI).
- Print format documentation
  A list of all the print-format documentation that is available for Vantage.

Configure the CrowdStrike EDR integration

This task gives the necessary steps to configure the CrowdStrike EDR integration in your system. It helps you to select the necessary features, enter the required credentials, and apply the configuration to enhance asset enrichment.

In the Administration > Features section, select the Preview experimental and preview features checkbox.

Go to > Integrations > Internal > CrowdStrike EDR.
In the bottom right corner, select Configure.
The CrowdStrike EDR integration settings page opens.
In the Description field, enter details that will help you to easily identify it in the future.
From the Endpoint dropdown, select the appropriate CrowdStrike endpoint.
In the Client ID field, enter the CrowdStrike client ID.
In the Client secret field, enter the CrowdStrike client secret.
Choose an option:
- Only enrich
- Create and enrich
If you chose Create and enrich, enter details in the CrowdStrike query filter.
Optional: Use the Vantage Asset query filter to filter the assets you would like to enrich.
For example, you can use a query such as: where assets include? Windows.

To make sure that your query is correct, you can use the Queries section to check and validate the query before you apply it to asset enrichment.

Note: You can only filter Vantage assets if the Create and enrich option is not selected. If it is selected, you can only use CrowdStrike filters.
To apply the configuration, select Add.