If you're having trouble at any stage please contact us at firstname.lastname@example.org.
CrowdStrike Falcon is a suite of services as endpoint protection, threat intelligence and incident response. Falcon management service is delivered as a cloud service.
The CrowdStrike Falcon connector will help you with:
- Get and keep the granular activities from CrowdStrike Falcon at the organization’s central log or event management system for compliance, investigation or forensic needs.
- Get the CrowdStrike Falcon alerts at your SIEM/SOC systems
CrowdStrike Falcon Audit Sources & Events Supported
|Audit Source (API)||Service/Module Covered||Event Types||Notes|
|Falcon Streaming API||full audit events and alerts||administrative actions, alerts|
|CrowdStrike Falcon Data Replicator (FDR)||CrowdStrike FDR||The raw Threat Graph event (aka Falcon platform)||Events are forwarded by CrowdStrike to AWS S3 bucket and and collected the SkyFormation connector from there.|
How to on-board CrowdStrike Falcon Connector to SkyFormation