Add CrowdStrike Spotlight vulnerability evidence to Drata

This 5 Minute Flow shows how to automatically collect open vulnerability data from CrowdStrike Spotlight and upload it as external evidence to the relevant vulnerability management controls in Drata — turning a manual compliance task into a fully automated pipeline.

---

What You'll See:

• Trigger the workflow on demand via a Tines Page
• Pull all open vulnerabilities from CrowdStrike Spotlight, with automatic pagination to capture every result
• Retrieve full vulnerability details for each finding by ID
• Consolidate all vulnerability records into a single structured JSON evidence file
• Fetch all vulnerability management controls from Drata, paginating through results until all controls are captured
• Upload the CrowdStrike evidence file to each matching Drata control as an external evidence document with a creation date and one-year renewal schedule

---

Perfect For:

• Compliance and GRC teams: automating the collection and submission of vulnerability management evidence ahead of audits
• Security engineers managing CrowdStrike: eliminating manual exports of Spotlight data for compliance reporting
• Security operations teams using Drata: keeping vulnerability management controls continuously up to date without manual uploads
• IT and security teams bridging tools: connecting endpoint vulnerability data to compliance workflows without custom code

---

Requirements:

• CrowdStrike Falcon — OAuth2 credential with read permissions for the Spotlight Vulnerabilities scope
• Drata — API key credential with read and write access for the Controls, Users, and Personnel scopes
• Tines Resource — a crowdstrike_domain resource storing your CrowdStrike API base URL
• Familiarity with your Drata workspace structure and which controls map to vulnerability management is helpful but not required