Which combination of scope and permissions must be configured to create an API token that allows you to create and get the results of a query job in Next-Gen SIEM?
The correct answer is C. NGSIEM with both read and write permissions .
CrowdStrike integration guidance for querying Next-Gen SIEM event data states that the API client needs the NGSIEM scope with both Read and Write permissions . The documentation explains why: Write is required to create the search/query job, and Read is required to retrieve the query results.
Why the other options are incorrect:
A is incorrect because the documented requirement is Read + Write ; there is no documented “execute” permission in the cited guidance. B is incorrect because read-only access would let you read results but not create the query job. D is incorrect because write-only access would let you submit the job but not read the results back.
==========
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit