Splunk Add-on for CrowdStrike FDR

The Splunk Add-on for CrowdStrike FDR lets you collect event data stored in CrowdStrike and bring it into your own Splunk instance for retention and further analysis. The Add-on collects different logs and events from different sources monitored by the CrowdStrike platform and provides CIM-compatible knowledge to use with other Splunk apps. Crowdstrike FDR events must be fetched from an AWS S3 bucket that is provisioned for you. The integration utilizes AWS SQS to support scaling horizontally if required. Version 2.0.0 of the Splunk Add-on for Crowdstrike FDR contains the following new and changed features: -New monitoring dashboard -New events for CIM normalization -Updated events CIM normalization -FedRAMP certification -IPv6 compatibility

Built by Splunk LLC

Latest Version 2.0.4

February 13, 2025

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1

CIM Version: 5.x

Rating

0

(0)

Log in to rate this app

Support

Splunk Supported addon

Learn more

Ranking

#13

in Security, Fraud & Compliance

The Splunk Add-on for CrowdStrike FDR lets you collect event data stored in CrowdStrike and bring it into your own Splunk instance for retention and further analysis. The Add-on collects different logs and events from different sources monitored by the CrowdStrike platform and provides CIM-compatible knowledge to use with other Splunk apps. Crowdstrike FDR events must be fetched from an AWS S3 bucket that is provisioned for you. The integration utilizes AWS SQS to support scaling horizontally if required. Version 2.0.0 of the Splunk Add-on for Crowdstrike FDR contains the following new and changed features: -New monitoring dashboard -New events for CIM normalization -Updated events CIM normalization -FedRAMP certification -IPv6 compatibility