If you're having trouble at any stage please contact us at support@skyformation.com.
Preface
CrowdStrike Falcon is a suite of services as endpoint protection, threat intelligence and incident response. Falcon management service is delivered as a cloud service.
The CrowdStrike Falcon connector will help you with:
- Get and keep the granular activities from CrowdStrike Falcon at the organization’s central log or event management system for compliance, investigation or forensic needs.
- Get the CrowdStrike Falcon alerts at your SIEM/SOC systems
CrowdStrike Falcon Audit Sources & Events Supported
| Audit Source (API) | Service/Module Covered | Event Types | Notes |
|---|---|---|---|
| Falcon Streaming API | full audit events and alerts | administrative actions, alerts | |
| CrowdStrike Falcon Data Replicator (FDR) | CrowdStrike FDR | The raw Threat Graph event (aka Falcon platform) | Events are forwarded by CrowdStrike to AWS S3 bucket and and collected the SkyFormation connector from there. |
How to on-board CrowdStrike Falcon Connector to SkyFormation
Adding CrowdStrike Falcon Connector To SkyFormation Platform
Comments
0 comments
Please sign in to leave a comment.