CrowdStrike Logs

Connecting CrowdStrike logs to your Panther Console

Panther supports two methods for onboarding CrowdStrike logs:

CrowdStrike Falcon Data Replicator
- Replicate log data from your CrowdStrike environment to an S3 bucket. This method is supported for Crowdstrike.FDREvent logs.
- Follow the Falcon Data Replicator documentation here.
CrowdStrike Event Streams
- Pull logs from the CrowdStrike Event Streams API. This method is supported for Crowdstrike.EventStreams logs.
- Follow the Event Streams documentation here.

Last updated 6 months ago

Was this helpful?