This document outlines the deployment and configuration of the CrowdStrike App v3 and above available for Splunk Enterprise and Splunk Cloud. This app is designed to work with the data that’s collected by the officially supported CrowdStrike Technical Add-Ons: CrowdStrike Event Streams Technical Add-On and CrowdStrike Intel Indicators Technical Add-On.
This app can be downloaded from Splunkbase here: https://splunkbase.splunk.com/app/5094
Previous versions available for download:
CrowdStrike Falcon® Splunk App User and Configuration Guide