This guide covers the deployment, configuration and usage of the CrowdStrike Falcon® Event Streams Technical Add-on (TA) for Splunk v3.5 and above. The CrowdStrike Falcon® Event Streams Technical Add-on for Splunk allows CrowdStrike customers to collect event data from the CrowdStrike Event Streams API and send it to Splunk to index it for further analysis, tracking and logging.
Download the Technical Add-On from Splunkbase: https://splunkbase.splunk.com/app/5082/
Previous versions available for download:
CrowdStrike Falcon® Event Streams Add-on For Splunk Guide v3+
Discover More at our
Resource Center
Tech Hub
For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Hub.
Visit Tech Hub