Splunk Add-on for CrowdStrike FDR

The Splunk Add-on for CrowdStrike FDR lets you collect event data stored in CrowdStrike and bring it into your own Splunk instance for retention and further analysis.
The Add-on collects different logs and events from different sources monitored by the CrowdStrike platform and provides CIM-compatible knowledge to use with other Splunk apps. Crowdstrike FDR events must be fetched from an AWS S3 bucket that is provisioned for you. The integration utilizes AWS SQS to support scaling horizontally if required. Version 2.0.0 of the Splunk Add-on for Crowdstrike FDR contains the following new and changed features: -New monitoring dashboard -New events for CIM normalization -Updated events CIM normalization -FedRAMP certification -IPv6 compatibility ---- Additional Note: For Splunk Cloud customers: You can now ingest CrowdStrike data with Data Manager, providing the most scalable and efficient solution for managing your FDR feeds. By utilizing the Splunk Add-on for CrowdStrike FDR, this integration automates complex configurations and ensures seamless, high-performance data processing as your environment scales. Streamline your security operations today with this robust, infrastructure-ready ingestion method. Data Manager is a built-in application exclusively available within the Splunk Cloud Platform. documentation: https://help.splunk.com/en/splunk-cloud-platform/ingest-data-from-cloud-services/data-manager-user-manual/1.16/crowdstrike-data/crowdstrike-introduction