Connecting CrowdStrike logs to your Panther Console
Panther supports two methods for onboarding CrowdStrike logs:
CrowdStrike Falcon Data Replicator
Replicate log data from your CrowdStrike environment to an S3 bucket. This method is supported for Crowdstrike.FDREvent logs.
Crowdstrike.FDREvent
Follow the Falcon Data Replicator documentation here.
CrowdStrike Event Streams
Pull logs from the CrowdStrike Event Streams API. This method is supported for Crowdstrike.EventStreams logs.
Crowdstrike.EventStreams
Follow the Event Streams documentation here.
Last updated 1 year ago
Was this helpful?
