Forward Crowdstrike Falcon logs¶
Crowdstrike supports SIEM integration through a dedicated SIEM connector. In order to forward Crowdstrike Falcon logs to LogSentinel SIEM, follow the SIEM Connector guide
- Choose CEF as output format
- Point the SIEM connector to LogSentinel: 2.1 to a LogSentinel collector IP/hostname and the port configured (e.g. 2514) or 2.2. to syslog.logsentinel.com:515 (for TLS) for cloud-to-cloud integration