Skip to content

DevicePostureIntegration

Source: src/Cloudflare/Devices/PostureIntegration.ts

A Cloudflare Zero Trust device posture integration — a service-to- service connection to a third-party endpoint security provider (CrowdStrike, Intune, Kolide, Workspace ONE, …) whose signals power *_s2s device posture rules.

Cloudflare validates the configured credentials against the live provider API at create/update time, so a reachable third-party tenant is required.

Creating a posture integration

Section titled “Creating a posture integration”

CrowdStrike Falcon

const falcon = yield* Cloudflare.DevicePostureIntegration("Falcon", {
  type: "crowdstrike_s2s",
  interval: "10m",
  config: {
    apiUrl: "https://api.crowdstrike.com",
    clientId: Alchemy.env("CROWDSTRIKE_CLIENT_ID"),
    clientSecret: Redacted.make(process.env.CROWDSTRIKE_SECRET!),
    customerId: "ccid-1234",
  },
});

Custom service-to-service provider behind Access

const custom = yield* Cloudflare.DevicePostureIntegration("Custom", {
  type: "custom_s2s",
  interval: "30m",
  config: {
    apiUrl: "https://posture.example.com/check",
    clientSecret: Redacted.make(process.env.POSTURE_SECRET!),
    accessClientId: serviceToken.clientId,
    accessClientSecret: serviceToken.clientSecret,
  },
});

Reference the integration from a posture rule

yield* Cloudflare.DevicePostureRule("FalconScore", {
  type: "crowdstrike_s2s",
  input: { connectionId: falcon.integrationId, os: "windows" },
});