If you're having trouble at any stage please contact us at support@skyformation.com. 

Preface

CrowdStrike Falcon is a suite of services as endpoint protection, threat intelligence and incident response. Falcon management service is delivered as a cloud service. 

The CrowdStrike Falcon connector will help you with:

• Get and keep the granular activities from CrowdStrike Falcon at the organization’s central log or event management system for compliance, investigation or forensic needs.
• Get the CrowdStrike Falcon alerts at your SIEM/SOC systems 

What is it

SkyFormation Cloud Connector for CrowdStrike, is part of the SkyFormation Cloud Connectors module. It continuously ingests audit events from multiple audit sources in CrowdStrike Falcon account, unify the events into a common application events format, enrich the events with needed detection context and send the events to any existing SIEM/SOC system. 

How it works

SkyFormation Cloud Connector for CrowdStrike retrieves the events from the Falcon service through its APIs. Before sending the events to the existing SIEM/SOC system the connector will

• Unify the events into the SkyFormation unified application events format
• Embed the origin event into the SkyFormation event
• Complement the event with missing information
• Enrich the event with detection context as AD identity information
• Encode the resulted event into a standard format (e.g. CEF)
• Send the event to the existing SIEM/SOC system over syslog

CrowdStrike Falcon Audit Sources & Events Supported

How to on-board CrowdStrike Falcon Connector to SkyFormation

Adding CrowdStrike Falcon Connector To SkyFormation Platform