This integration is for CrowdStrike products. It includes the following datasets for receiving logs:

  • falcon dataset: consists of endpoint data and Falcon platform audit data forwarded from Falcon SIEM Connector.
  • crowdstrike / fdr dataset: consists of logs forwarded using the Falcon Data Replicator (data) & the enrichment tables that are synced through the replicator (e.g. aidmaster, userinfo, etc.)

Supported managed Crowdstrike log sources

The following are currently supported Matano managed log sources for Crowdstrike. Click through to view specific documentation for each log source.