Warning

This app is archived. App archiving documentation

CrowdStrike Unified Alerts Technical Add-On app icon

CrowdStrike Unified Alerts Technical Add-On

THIS APP HAS BEEN REPLACED BY THE FALCON DETECTIONS TECHNICAL ADD-ON (https://splunkbase.splunk.com/app/8100).

Built by
splunk product badge
screenshot
screenshot
Latest Version 2.3.1
December 26, 2023
Compatibility
Splunk Enterprise
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0
CIM Version: 5.x
Rating

0

(0)

Log in to rate this app
Support
CrowdStrike Unified Alerts Technical Add-On support icon
Not Supported
Ranking

#47

in Endpoint
THIS APP HAS BEEN REPLACED BY THE FALCON DETECTIONS TECHNICAL ADD-ON (https://splunkbase.splunk.com/app/8100). CrowdStrike Unified Alert Add-on provide CrowdStrike customers with the ability to collect multiple types of detections and alerts from a single Splunk Add-on leveraging CrowdStrike's Unified Alerts API. The data sets provided in the Unified Alerts events are some of the most comprehensive provided via CrowdStrike API. Customers that want to collect more detailed information around detections than what's provided in the Event Streams API should deploy this add-on. NOTE: The types of detections shown depend on the active Falcon subscriptions. The some examples of the types of detections that are available for collection are: Endpoint detections Mobile detections Identity-based detections Cloud runtime detections

Categories

Endpoint, Security, Fraud & Compliance

Created By

CrowdStrike

Type

addon

Downloads

1,132

Licensing

Splunk End User License for Third Party Content(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing