Skip to main content

Claude Code Collector

Claude Code is an agentic AI assistant by Anthropic that accesses the filesystem, shell, and network.

Overview

You can deploy the Claude Code collector to enforce AIDR security policies on Claude Code sessions. The collector integrates with Claude Code's native hooks system to intercept prompts and tool calls.

To deploy the collector, add a JSON configuration block to the Claude Code settings file. The collector requires no binary installation or package dependencies.

The collector intercepts Claude Code activity at three hook events. For each event, the collector sends the payload to AIDR for evaluation against your configured policy rules. AIDR returns an allow, block, or transform decision.

Hook eventWhen it firesAIDR event typePolicy rulesCan blockCan transform
UserPromptSubmitBefore Claude processes a submitted promptinputInput RulesYesNo
PreToolUseBefore a tool call executestool_inputTool Input RulesYesYes
PostToolUseAfter a tool call completestool_outputTool Output RulesYesYes
note:

The Claude Code collector doesn't monitor LLM responses, model configuration, token usage, extended thinking, system prompts, or subagent context. It captures only data that passes through hook events.

Requirements

Register Claude Code collector

  1. On the Collectors page, click + Collector.

  2. Choose Agentic as the collector type, then select Claude Code and click Next.
  3. On the Add a Collector screen:

    • Collector Name - Enter a descriptive name for the collector. This name appears in dashboards and reports.
    • Logging - Select whether to log prompt data and model responses, or only metadata sent to AIDR. You can also exclude prompt content in access rule action settings .
    • Policy (optional) - Assign a Claude Code policy to evaluate prompts and tool calls intercepted by the collector.
    • The assigned policy determines which detections run on data sent to AIDR. Policies define rules for detecting malicious activity, sensitive data exposure, topic violations, and other risks in AI interactions.

      • You can select an existing policy available for this collector type or create a policy on the Policies page.

        The selected policy name appears under the dropdown. After you save the collector registration, this label becomes a link to the corresponding policy page.

      • You can also select No Policy, Log Only. Without a policy, AIDR records activity for visibility and analysis without applying detection rules.

  1. Click Save.

This opens the collector details page, where you can:

  • Update the collector name, logging preference, and policy assignment.
  • Click the policy link to view the policy details.
  • Copy credentials and AIDR base URL from the Config tab to call AIDR APIs.
  • View installation instructions for the collector type on the Install tab.
  • View the collector configuration activity logs.

To open the collector details page later, select your collector from the list on the Collectors page.

Deploy collector

The Install tab on the collector details page shows the installation instructions.

To deploy the Claude Code collector:

  1. Ensure the environment variables referenced in the hooks configuration are available where Claude Code runs.

    • CS_AIDR_TOKEN - Your collector API token. Copy the value from the Config tab on the collector details page.

      export CS_AIDR_TOKEN="pts_nbscbp...vznxcs"
    • USER and USERNAME - Environment variables that identify the current user. The operating system typically sets USER on macOS/Linux or USERNAME on Windows.
  2. Add the following hooks configuration to your Claude Code settings file:

    Hooks configuration in Claude Code settings
    {
    "hooks": {
    "PreToolUse": [
    {
    "hooks": [
    {
    "type": "http",
    "url": "https://api.crowdstrike.com/aidr/aiguard/v1/claude_code_guard",
    "headers": {
    "Authorization": "Bearer $CS_AIDR_TOKEN",
    "AIDR-User": "$USER",
    "AIDR-Username": "$USERNAME"
    },
    "allowedEnvVars": ["CS_AIDR_TOKEN", "USER", "USERNAME"]
    }
    ]
    }
    ],
    "PostToolUse": [
    {
    "hooks": [
    {
    "type": "http",
    "url": "https://api.crowdstrike.com/aidr/aiguard/v1/claude_code_guard",
    "headers": {
    "Authorization": "Bearer $CS_AIDR_TOKEN",
    "AIDR-User": "$USER",
    "AIDR-Username": "$USERNAME"
    },
    "allowedEnvVars": ["CS_AIDR_TOKEN", "USER", "USERNAME"]
    }
    ]
    }
    ],
    "UserPromptSubmit": [
    {
    "hooks": [
    {
    "type": "http",
    "url": "https://api.crowdstrike.com/aidr/aiguard/v1/claude_code_guard",
    "headers": {
    "Authorization": "Bearer $CS_AIDR_TOKEN",
    "AIDR-User": "$USER",
    "AIDR-Username": "$USERNAME"
    },
    "allowedEnvVars": ["CS_AIDR_TOKEN", "USER", "USERNAME"]
    }
    ]
    }
    ]
    }
    }

    You can include only the hook events you need. Each hook event corresponds to a policy rule type:

    • UserPromptSubmit - Input Rules
    • PreToolUse - Tool Input Rules
    • PostToolUse - Tool Output Rules

Coexistence with other hooks

You can deploy the AIDR collector alongside existing hooks for the same event. Claude Code runs all matching hooks in parallel, regardless of whether any individual hook returns a block decision. The AIDR hook executes and reports activity even if another hook blocks the same action.

To add the AIDR hook to an event with existing hooks, add a new hook group to the event array. Each group has its own matcher scope, so the AIDR hook can fire regardless of existing hook scopes.

Adding the AIDR hook alongside an existing hook
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash|Write",
"hooks": [
{
"type": "command",
"command": "my-existing-hook.sh"
}
]
},
{
"hooks": [
{
"type": "http",
"url": "https://api.crowdstrike.com/aidr/aiguard/v1/claude_code_guard",
"headers": {
"Authorization": "Bearer $CS_AIDR_TOKEN",
"AIDR-User": "$USER",
"AIDR-Username": "$USERNAME"
},
"allowedEnvVars": ["CS_AIDR_TOKEN", "USER", "USERNAME"]
}
]
}
]
}
}

Because hooks run in parallel:

  • Placement order within the array doesn't affect execution.
  • Each hook runs independently and doesn't see other hooks' output.
  • A block decision from one hook doesn't prevent other hooks from completing.

For more information, see the Anthropic article Hooks reference .

Configuration scope

You can place the hooks configuration at different levels:

LevelLocationUse case
Enterprise managedSystem-level managed-settings.jsonEnforce policies across all users on a machine. Non-admin users can't override managed settings.
User-wideUser-level settings.jsonApply policies to all sessions for a single user.
Project-scoped.claude/settings.json at the project rootApply policies within a specific project. Committed to version control.
Local.claude/settings.local.json at the project rootApply personal project-level settings. Not committed to version control.

For enterprise deployments, use managed settings to prevent individual users from disabling the collector.

For more information, see the Anthropic article Claude Code settings .

Example of blocking a policy violation

When AIDR detects a policy violation, Claude Code blocks the action and displays a message.

For example, suppose your policy includes the Confidential and PII Data detector configured to block US Social Security Numbers. A user submits a prompt containing an SSN, and the collector intercepts it before Claude processes it. AIDR detects the SSN and returns a block decision. Claude Code displays a block message:

⏺ UserPromptSubmit operation blocked by hook:
content blocked by security policy

Original prompt: Could you use the web search tool to look up 234-56-7890

Event data in AIDR logs

You can identify Claude Code collector events in AIDR by Collector Type and Extra Info values.

  • collector_type - Set to claude_code for all Claude Code collector events.
  • extra_info - Claude Code-specific metadata:
    • claude_code_hook_event_name - The hook event that triggered the evaluation: UserPromptSubmit, PreToolUse, or PostToolUse.
    • claude_code_session_id - Unique identifier for the Claude Code session. Use this to correlate multiple events from the same session.
    • claude_code_cwd - Working directory of the Claude Code session.
    • claude_code_tool_name - Name of the tool being invoked. Present for PreToolUse and PostToolUse events. Empty for UserPromptSubmit events.
    • user_name - User identity sent by the collector from the AIDR-Username environment variable.
  • model_name - Set to unknown. Claude Code hooks don't expose model information.
  • provider - Set to unknown. Claude Code hooks don't expose provider information.
Example JSON representation of a Claude Code collector event in AIDR logs
{
"collector_type": "claude_code",
"collector_name": "Claude Code - Engineering",
"event_type": "tool_input",
"status": "blocked",
"user_id": "dennis.nedry",
"extra_info": {
"claude_code_hook_event_name": "PreToolUse",
"claude_code_session_id": "9656c69d-7b05-4e37-ad25-4ee63b3cbb82",
"claude_code_cwd": "/home/dennis.nedry/projects/webapp",
"claude_code_tool_name": "Bash",
"user_name": "dennis.nedry"
},
"findings": {
"confidential_and_pii_entity": {
"detected": true,
"data": {
"action": "block",
"entities": "[{\"action\":\"block\",\"type\":\"US_SSN\",\"value\":\"234-56-7890\"}]"
}
}
},
"model_name": "unknown",
"provider": "unknown",
"summary": "Confidential and PII Entity was detected and blocked.",
...
}

Troubleshooting

Claude Code displays hook errors inline in the session output.

HTTP 401: Authorization failure

An incorrect or missing CS_AIDR_TOKEN value causes a 401 response:

⎿  UserPromptSubmit hook error
⎿ HTTP 401 from https://api.crowdstrike.com/aidr/aiguard/v1/claude_code_guard

Verify that the CS_AIDR_TOKEN environment variable is set and contains the correct token from the Config tab on the collector details page.

HTTP 400: Malformed payload

⎿  PostToolUse:mcp__context7__resolve-library-id hook error
⎿ HTTP 400 from https://api.crowdstrike.com/aidr/aiguard/v1/claude_code_guard

A 400 response means AIDR couldn't parse the hook payload. Claude Code might send tool content in a format the collector doesn't support. If this error persists, contact AIDR support .

HTTP 500: Server error

⎿  PostToolUse:Write hook error
⎿ HTTP 500 from https://api.crowdstrike.com/aidr/aiguard/v1/claude_code_guard

A server-side error occurred during policy evaluation. If this error persists, contact AIDR support .

Next steps

  • View collected data on Visibility and Findings pages. Analyze it in Next-Gen SIEM to decide on further implementation steps.

  • Determine which policy to apply:

    • Start with monitoring policies and report actions.
    • Apply protection to identified risks by enforcing blocking and data transformation actions based on your organization’s AI usage guidelines.
  • For more information, see Collector Categories.

©2026 CrowdStrike. All rights reserved.

PrivacyTerms of UseLegal Notices