When configuring a new image registry connection for aprivately hosted container registryin CrowdStrike Falcon Cloud Security, the required and most critical action is toverify the token and secretused for authentication. Private registries require explicit credentials so Falcon can securely access and assess container images for vulnerabilities, malware, and misconfigurations.
CrowdStrike supports multiple private registry types (such as private Docker registries or cloud-native registries with restricted access). In all cases, Falcon relies on valid authentication credentials—typically a token, username/password, or service account secret—to pull image metadata and layers. If these credentials are incorrect, expired, or misconfigured, image assessment will fail even if the registry connection appears configured.
Other options may be relevant in specific environments but are not universally required at creation time. Registry URLs are validated during setup, and allowlisting IP addresses may be necessary only if strict network controls are in place. Secret expiration checks are a maintenance concern, not a mandatory creation step.
Therefore, the required action when creating a private registry connection is toverify the token and secret.
