OpenCTI-Platform · jabesq · Jan 6, 2026 · Jan 6, 2026
diff --git a/stream/crowdstrike-endpoint-security/README.md b/stream/crowdstrike-endpoint-security/README.md
@@ -48,39 +48,10 @@ Key features:
 
 ## Configuration variables
 
-There are a number of configuration options, which are set either in `docker-compose.yml` (for Docker) or in `config.yml` (for manual deployment).
-
-### OpenCTI environment variables
-
-| Parameter     | config.yml | Docker environment variable | Mandatory | Description                                          |
-|---------------|------------|-----------------------------|-----------|------------------------------------------------------|
-| OpenCTI URL   | url        | `OPENCTI_URL`               | Yes       | The URL of the OpenCTI platform.                     |
-| OpenCTI Token | token      | `OPENCTI_TOKEN`             | Yes       | The default admin token set in the OpenCTI platform. |
-
-### Base connector environment variables
-
-| Parameter                  | config.yml                | Docker environment variable             | Default                        | Mandatory | Description                                                                    |
-|----------------------------|---------------------------|-----------------------------------------|--------------------------------|-----------|--------------------------------------------------------------------------------|
-| Connector ID               | id                        | `CONNECTOR_ID`                          |                                | Yes       | A unique `UUIDv4` identifier for this connector instance.                      |
-| Connector Name             | name                      | `CONNECTOR_NAME`                        | CrowdstrikeEndpointSecurity    | No        | Name of the connector.                                                         |
-| Connector Scope            | scope                     | `CONNECTOR_SCOPE`                       | crowdstrike-endpoint-security  | No        | The scope of the connector.                                                    |
-| Live Stream ID             | live_stream_id            | `CONNECTOR_LIVE_STREAM_ID`              |                                | Yes       | The Live Stream ID of the stream created in the OpenCTI interface.             |
-| Log Level                  | log_level                 | `CONNECTOR_LOG_LEVEL`                   | error                          | No        | Determines the verbosity of the logs: `debug`, `info`, `warn`, or `error`.     |
-| Consumer Count             | consumer_count            | `CONNECTOR_CONSUMER_COUNT`              | 10                             | No        | Number of consumer/worker threads that will push data to CrowdStrike.          |
-| Ignore Types               | ignore_types              | `CONNECTOR_IGNORE_TYPES`                | label,marking-definition,identity | No    | Comma-separated list of entity types to ignore from the stream.                |
-
-### Connector extra parameters environment variables
-
-| Parameter                  | config.yml                      | Docker environment variable              | Default                      | Mandatory | Description                                                |
-|----------------------------|---------------------------------|------------------------------------------|------------------------------|-----------|-----------------------------------------------------------|
-| CrowdStrike API Base URL   | crowdstrike.api_base_url        | `CROWDSTRIKE_API_BASE_URL`               | https://api.crowdstrike.com  | No        | The CrowdStrike API base URL.                              |
-| CrowdStrike Client ID      | crowdstrike.client_id           | `CROWDSTRIKE_CLIENT_ID`                  |                              | Yes       | The CrowdStrike API Client ID.                             |
-| CrowdStrike Client Secret  | crowdstrike.client_secret       | `CROWDSTRIKE_CLIENT_SECRET`              |                              | Yes       | The CrowdStrike API Client Secret.                         |
-| Permanent Delete           | crowdstrike.permanent_delete    | `CROWDSTRIKE_PERMANENT_DELETE`           | false                        | No        | Permanently delete IOCs in CrowdStrike when deleted in OpenCTI. |
-| Falcon for Mobile Active   | crowdstrike.falcon_for_mobile_active | `CROWDSTRIKE_FALCON_FOR_MOBILE_ACTIVE` | false                     | No        | Enable Android and iOS platform support.                   |
-| Metrics Enable             | metrics.enable                  | `METRICS_ENABLE`                         | false                        | No        | Whether to enable Prometheus metrics.                      |
-| Metrics Address            | metrics.addr                    | `METRICS_ADDR`                           | 0.0.0.0                      | No        | Bind IP address for metrics endpoint.                      |
-| Metrics Port               | metrics.port                    | `METRICS_PORT`                           | 9113                         | No        | Port for metrics endpoint.                                 |
+Find all the configuration variables available here: [Connector Configurations](./__metadata__/CONNECTOR_CONFIG_DOC.md)
+
+_The `opencti` and `connector` options in the `docker-compose.yml` and `config.yml` are the same as for any other connector.
+For more information regarding these variables, please refer to [OpenCTI's documentation on connectors](https://docs.opencti.io/latest/deployment/connectors/)._
 
 ## Deployment
 

diff --git a/stream/crowdstrike-endpoint-security/__metadata__/CONNECTOR_CONFIG_DOC.md b/stream/crowdstrike-endpoint-security/__metadata__/CONNECTOR_CONFIG_DOC.md
@@ -17,7 +17,6 @@ Below is an exhaustive enumeration of all configurable parameters available, eac
 | CONNECTOR_TYPE | `const` |  | `STREAM` | `"STREAM"` |  |
 | CONNECTOR_LIVE_STREAM_LISTEN_DELETE | `boolean` |  | boolean | `true` | Whether to listen for delete events on the live stream. |
 | CONNECTOR_LIVE_STREAM_NO_DEPENDENCIES | `boolean` |  | boolean | `true` | Whether to ignore dependencies when processing events from the live stream. |
-| CONNECTOR_IGNORE_TYPES | `array` |  | string | `["label", "marking-definition", "identity"]` | Ignoring types from OpenCTI |
 | CROWDSTRIKE_API_BASE_URL | `string` |  | Format: [`uri`](https://json-schema.org/understanding-json-schema/reference/string#built-in-formats) | `"https://api.crowdstrike.com"` | Crowdstrike base url. |
 | CROWDSTRIKE_PERMANENT_DELETE | `boolean` |  | boolean | `false` | Select whether or not to permanently delete data in Crowdstrike when data is deleted in OpenCTI. If set to `True`, `CONNECTOR_LIVE_STREAM_LISTEN_DELETE` must be set to `True`. |
 | CROWDSTRIKE_FALCON_FOR_MOBILE_ACTIVE | `boolean` |  | boolean | `false` | Crowdstrike client secret used to connect to the API. |

diff --git a/stream/crowdstrike-endpoint-security/__metadata__/connector_config_schema.json b/stream/crowdstrike-endpoint-security/__metadata__/connector_config_schema.json
@@ -60,18 +60,6 @@
       "description": "Whether to ignore dependencies when processing events from the live stream.",
       "type": "boolean"
     },
-    "CONNECTOR_IGNORE_TYPES": {
-      "default": [
-        "label",
-        "marking-definition",
-        "identity"
-      ],
-      "description": "Ignoring types from OpenCTI",
-      "items": {
-        "type": "string"
-      },
-      "type": "array"
-    },
     "CROWDSTRIKE_API_BASE_URL": {
       "default": "https://api.crowdstrike.com",
       "description": "Crowdstrike base url.",

diff --git a/stream/crowdstrike-endpoint-security/docker-compose.yml b/stream/crowdstrike-endpoint-security/docker-compose.yml
@@ -12,7 +12,6 @@ services:
       # - CONNECTOR_LIVE_STREAM_LISTEN_DELETE=true
       # - CONNECTOR_LIVE_STREAM_NO_DEPENDENCIES=true
       # - CONNECTOR_LOG_LEVEL=error
-      # - CONNECTOR_IGNORE_TYPES=label,marking-definition,identity
       # - CROWDSTRIKE_API_BASE_URL=https://api.crowdstrike.com
       - CROWDSTRIKE_CLIENT_ID=ChangeMe
       - CROWDSTRIKE_CLIENT_SECRET=ChangeMe

diff --git a/stream/crowdstrike-endpoint-security/src/config.yml.sample b/stream/crowdstrike-endpoint-security/src/config.yml.sample
@@ -10,7 +10,6 @@ connector:
 #   live_stream_listen_delete: true
 #   live_stream_no_dependencies: true
 #   log_level: 'error'
-#   ignore_types: label,marking-definition,identity
 
 crowdstrike:
 #   api_base_url: 'https://api.crowdstrike.com'

diff --git a/stream/crowdstrike-endpoint-security/src/crowdstrike_connector/settings.py b/stream/crowdstrike-endpoint-security/src/crowdstrike_connector/settings.py
@@ -27,10 +27,6 @@ class StreamConnectorConfig(BaseStreamConnectorConfig):
     live_stream_id: str = Field(
         description="The ID of the live stream to connect to.",
     )
-    ignore_types: ListFromString = Field(
-        description="Ignoring types from OpenCTI",
-        default=["label", "marking-definition", "identity"],
-    )
 
 
 class CrowdstrikeEndpointSecurityConfig(BaseConfigModel):