CrowdStrike Falcon

Coralogix allows you to ingest Crowdstrike data and add its security context to your other application and infrastructure logs. Doing so leads to more efficient root-cause and impact analysis, and a faster and better response to security incidents. It makes Coralogix analysis and proactive management capabilities available in a unified way across your infrastructure different technology domains as well as across different constituencies (engineering, DevOps, SecOps etc.). You can see the big picture and dive into the details without missing any aspect of it. 

Follow these steps to get Crowdstrike data ingested into Coralogix:

You can use your log shipper of preference. This example uses Filebeat. See our integrations page for other available shippers.

Install Crowdstrike Falcon SIEM connector. Configure it to stream CrowdStrike events into a local file. By default the SIEM connector stores its data in /var/log/crowdstrike/falconhoseclient/. You can always change the default data storage location.

Install and configure Filebeat on the SIEM connector host, by following the information in this link.

If you have any questions about the integration and our Filebeat installation and configuration, Coralogix  Customer success is just a click away (the Intercom icon on the lower right corner of your screen) and will be more than happy to help.