This integration is for CrowdStrike products. It includes the following datasets for receiving logs:
falcondataset: consists of endpoint data and Falcon platform audit data forwarded from Falcon SIEM Connector.
crowdstrike / fdrdataset: consists of logs forwarded using the Falcon Data Replicator (data) & the enrichment tables that are synced through the replicator (e.g. aidmaster, userinfo, etc.)
Supported managed Crowdstrike log sources
The following are currently supported Matano managed log sources for Crowdstrike. Click through to view specific documentation for each log source.
The Crowdstrike Falcon Matano managed log source lets you ingest your Crowdstrike Falcon logs directly into Matano.
📄️ Falcon Data Replicator
The Crowdstrike managed log source lets you ingest your Crowdstrike FDR logs (data) directly into Matano and synchronize enrichment tables supported by the replicator (e.g. appinfo, aidmaster, etc.)