cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
r_gine
Level 9
Report Inappropriate Content
Message 1 of 7

CrowdStrike Data Source

Has anyone successfully parsed CrowdStrike data?
Labels (1)
6 Replies
Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: CrowdStrike Data Source

@r_gine

 

I would recommend you to post your query to Crowdstrike support.

https://www.crowdstrike.com/contact-us/

Venu
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 3 of 7

Re: CrowdStrike Data Source

Yep. Custom Parsing via CS's SIEM connector syslog CEF.

r_gine
Level 9
Report Inappropriate Content
Message 4 of 7

Re: CrowdStrike Data Source

What 'Data Source Vendor'? 

Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 5 of 7

Re: CrowdStrike Data Source

Since it ain't a McAfee supported data source, you can just use any ASP data source, e.g. Linux or Generic (latter recommended by McAfee).

Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 6 of 7

Re: CrowdStrike Data Source

You can also use one of the predefined "User Defined" data source, and even rename it to CrowdStrike.

Brent
jp
Level 9
Report Inappropriate Content
Message 7 of 7

Re: CrowdStrike Data Source

We just set this up a couple weeks ago and it has been working very well. We set ours up as a generic data source.

In the Crowdstrike connector we configured it to send logs to SIEM in CEF format. SIEM has a parsing option for CEF logs. If you use that it will pull out the data pretty well. 

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.