Skip to content

Forward Crowdstrike Falcon logs

Crowdstrike supports SIEM integration through a dedicated SIEM connector. In order to forward Crowdstrike Falcon logs to LogSentinel SIEM, follow the SIEM Connector guide

  1. Choose CEF as output format
  2. Point the SIEM connector to LogSentinel: 2.1 to a LogSentinel collector IP/hostname and the port configured (e.g. 2514) or 2.2. to syslog.logsentinel.com:515 (for TLS) for cloud-to-cloud integration