This technical add-on is designed to facilate the ingestion of CrowdStrike Falcon Data Replicator (FDR) primary and secondary data types into a Splunk environment.
The data provided by FDR is not "real time" and not recommended for use in alerting use cases. The CrowdStrike Event Streams API is designed to facilitate rapid audit and alert data transfer, the Splunk Add-On for the Event Streams API can be found here: CrowdStrike Falcon Event Streams Technical Add-On
For customers interested collecting the AID Master data from FDR, it's also recommended to review the information that is available via the Falcon Devices API. The CrowdStrike Falcon Devices TA can facilitate ingestion of that data into Splunk and can be found here: CrowdStrike Falcon Devices Technical Add-On
Splunk v8+ with Python 3
CrowdStrike Provide FDR S3 and SQS infrastructures
CrowdStrike US based, EU and GovCloud environments
Multiple customer environments
CrowdStrike Falcon Event Streams Technical Add-On
CrowdStrike Falcon Devices Technical Add-On
CrowdStrike Intel Indicator Technical Add-On
CrowdStrike Falcon Data Replicator (FDR) Technical Add-On
This release is to align with Splunk's requirements for jQuery 3.5, address reported bug(s), improve performance and add reporting features.
Resolves a reported issue preventing some events from being filtered.
Data input log descriptions include the name of the input.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.