# CrowdStrike Falcon

Copy as Markdown[Open in ChatGPT](https://chatgpt.com/?q=Read%20https%3A%2F%2Fcoralogix.com%2Fdocs%2Fintegrations%2Fsecurity%2Fcrowdstrike-falcon.md%20and%20help%20me%20with%20my%20question%20about%20this%20Coralogix%20documentation%20page.)[Open in Claude](https://claude.ai/new?q=Read%20https%3A%2F%2Fcoralogix.com%2Fdocs%2Fintegrations%2Fsecurity%2Fcrowdstrike-falcon.md%20and%20help%20me%20with%20my%20question%20about%20this%20Coralogix%20documentation%20page.)

## Overview[​](#overview "Direct link to Overview")

CrowdStrike events include critical security insights by aggregating and forwarding endpoint detection and response (EDR) data. It provides detailed information about malicious activity, behavioral anomalies, and system vulnerabilities, allowing organizations to quickly identify and mitigate potential threats. Forward CrowdStrike events into Coralogix to centralize your security data for advanced correlation and analysis across multiple data sources. This holistic security view allows you to become more efficient in detecting and investigating sophisticated threats and reduce time to respond to security incidents.

## Prerequisites[​](#prerequisites "Direct link to Prerequisites")

Obtain the following parameters from CrowdStrike console:

* API client with Read access for Event Streams

* API client ID

* API client secret

**STEP 1**. In the CrowdStrike Falcon console, navigate to **Support and resources > Resources and tools > API clients and keys**.

**STEP 2**. Create an API client with Read access for Event Streams.

**STEP 3**. Copy the API client ID and API client secret.

## Configuration[​](#configuration "Direct link to Configuration")

**STEP 1**. From your Coralogix toolbar, navigate to **Data Flow** > **Integrations**, select CrowdStrike and click **Connect**.

**STEP 2**. Click **Add New**.

**STEP 3**. Define the integration settings:

* **Integration name**. This field is automatically populated, but may be modified.

* **Application name**. Select an application name.

* **Subsystem name**. Select a subsystem name. This field will default to "CrowdStrike", but may be modified.

* **CrowdStrike cloud.** Organization-specific base URL, which will depend on your account type.

  * US-1 (<https://api.crowdstrike.com/sensors/entities/datafeed/v2>)

  * US-2 (<https://api.us-2.crowdstrike.com/sensors/entities/datafeed/v2>)

  * EU-1 (<https://api.eu-1.crowdstrike.com/sensors/entities/datafeed/v2>)

  * US-GOV-1 (<https://api.laggar.gcw.crowdstrike.com/sensors/entities/datafeed/v2>)

* **CrowdStrike API client ID**. CrowdStrike API client ID created above.

* **CrowdStrike API client secret**. CrowdStrike API client secret created above.

* **Event types**. Choose which types of logs to monitor:

  * DetectionSummaryEvent

  * EppDetectionSummaryEvent

  * AuthActivityAuditEvent

  * UserActivityAuditEvent

  * HashSpreadingEvent

  * RemoteResponseSessionStartEvent

  * RemoteResponseSessionEndEvent

  * FirewallMatchEvent

  * CSPMSearchStreamingEvent

  * CSPMIOAStreamingEvent

  * IncidentSummaryEvent

  * CustomerIOCEvent

  * IDPDetectionSummaryEvent

  * IdentityProtectionEvent

  * ReconNotificationSummaryEvent

  * ScheduledReportNotificationEvent

  * MobileDetectionSummaryEvent

  * DataProtectionDetectionSummaryEvent

**STEP 4**. Click **Create** to finish.

[![](/docs/assets/images/image1-30f7699196bbffb4cbee4c2475b7d438.webp)](https://coralogix.com/docs/docs/assets/images/image1-30f7699196bbffb4cbee4c2475b7d438.webp)
