What Changed
TacitRed CrowdStrike v3.0.2 fixes a region-specific authentication failure in the IOC automation playbook. The CrowdStrike_BaseUrl parameter was hardcoded to https://api.us-2.crowdstrike.com, causing deployment failures for customers on other CrowdStrike regions.
Security Impact (Visibility & Fidelity)
Deployments from customers on US-1 (https://api.crowdstrike.com) or EU-1 (https://api.eu-1.crowdstrike.com) regions experienced complete authentication failures when using the default configuration. The playbook would fail to connect to CrowdStrike Falcon APIs, resulting in zero IOC synchronization between TacitRed threat intelligence and CrowdStrike.
Per PR description: Customers on US-1 or EU-1 who deploy without changing the default get authentication failures — this confirms the hardcoded US-2 endpoint was incompatible with other CrowdStrike regions.
Fix Details
- Cleared CrowdStrike_BaseUrl defaultValue to empty string — customers must now specify their regional API URL during deployment
- Added regional URL guidance to parameter description referencing CrowdStrike Falcon → Support → API Clients & Keys
- Updated deployment template to include all three CrowdStrike regional endpoints:
- US-1: https://api.crowdstrike.com (most common)
- US-2: https://api.us-2.crowdstrike.com
- EU-1: https://api.eu-1.crowdstrike.com
Organizations using this solution should upgrade to v3.0.2 and verify their regional CrowdStrike API endpoint is correctly configured.
Affected Files
(packaging artefacts: 3.0.2.zip, ReleaseNotes.md, Solution_TacitRedCrowdStrikeAutomation.json, mainTemplate.json)