CrowdStrike Falcon® Splunk App User and Configuration Guide v3.x+

This document outlines the deployment and configuration of the CrowdStrike App v3 and above available for Splunk Enterprise and Splunk Cloud. This app is designed to work with the data that’s collected by the officially supported CrowdStrike Technical Add-Ons: CrowdStrike Event Streams Technical Add-On and CrowdStrike Intel Indicators Technical Add-On.

This app can be downloaded from Splunkbase here: https://splunkbase.splunk.com/app/5094

Previous versions available for download:
CrowdStrike Falcon® Splunk App User and Configuration Guide

Tech Hub

  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Hub.

Visit Tech Hub