I am having an issue with getting the API instance set up to connect Crowdstrike. Crowdstrike seems to need a POST request in order to pull the token, but it doesn't appear to be a way to add that if it is needed. After adding the Base URL, Client ID/Key, and Token URL provided by Crowdstrike, I get several errors. Could someone please advise the proper setup for the gov cloud instance? Below is the error I get in document form from Kibana.
"[
POST:{
"meta": {
"query_time": 0.000350391,
"powered_by": "device-api",
"trace_id": "4506edf4-a4a6-4b1d-9c31-e9aaecc4de4c"
},
"resources": null,
"errors": [
{
"code": 400,
"message": "The 'ids' parameter must be present at least once."
}
]
},
Processor json with tag json_event_original in pipeline logs-crowdstrike.host-1.42.0 failed with message: field [original] not present as part of path [event.original],
Processor conditional with tag in pipeline logs-crowdstrike.host-1.42.0 failed with message: cannot access method/field [policies] from a null def reference
]"