CrowdStrike Unified Alerts Technical Add-On

CrowdStrike Unified Alert Add-on provide CrowdStrike customers with the ability to collect multiple types of detections and alerts from a single Splunk Add-on leveraging CrowdStrike's Unified Alerts API. The data sets provided in the Unified Alerts events are some of the most comprehensive provided via CrowdStrike API. Customers that want to collect more detailed information around detections than what's provided in the Event Streams API should deploy this add-on. NOTE: The types of detections shown depend on the active Falcon subscriptions. The some examples of the types of detections that are available for collection are: Endpoint detections Mobile detections Identity-based detections Cloud runtime detections

Built by CrowdStrike

Latest Version 2.3.1

December 26, 2023

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0

CIM Version: 5.x

Rating

0

(0)

Log in to rate this app

Support

Developer Supported addon

Learn more

Ranking

#49

in Endpoint

CrowdStrike Unified Alert Add-on provide CrowdStrike customers with the ability to collect multiple types of detections and alerts from a single Splunk Add-on leveraging CrowdStrike's Unified Alerts API. The data sets provided in the Unified Alerts events are some of the most comprehensive provided via CrowdStrike API. Customers that want to collect more detailed information around detections than what's provided in the Event Streams API should deploy this add-on. NOTE: The types of detections shown depend on the active Falcon subscriptions. The some examples of the types of detections that are available for collection are: Endpoint detections Mobile detections Identity-based detections Cloud runtime detections