CrowdStrike Integration

You can use CrowdStrike as a source or a destination. Continue below to integrate as a source for CrowdStrike Falcon Data Replicator (FDR), or click here to integrate as a destination for CrowdStrike Next-Gen SIEM.

CrowdStrike FDR as a Source

Send Logs from CrowdStrike FDR to Realm

1. Log in to CrowdStrike Platform Console
2. Go to Support and resources > Falcon data replicator

3. Click Create Feed

4. Fill out the feed details:

   Feed name: Realm.Security

5. Turn the feed on
6. Leave Default settings selected

7. Click Next
8. Click Create feed

9. Copy the ClientID and save it in a safe place
10. Copy the Secret and save it in a safe place — you will not be able to see it again

11. Copy the Notifications URL

CrowdStrike NGSIEM as a Destination

Send Logs from Realm to CrowdStrike NGSIEM

Find the Event Connector

1. Log in to the CrowdStrike Falcon Platform console
2. Go to Next-Gen SIEM > Data onboarding

3. Search by Product:

   Falcon Logscale

4. Select Logscale Event connector

Fill Out the Add New Connector Form

1. Fill out the connector details:

   Data source: Realm.Security (this value gets stored in a field along with the data)Data Type: JSONConnector name: Realm.Security (shown on the My connectors page)Description: Receive logs from Realm.SecurityParser: JSON (Generic Source)

2. Select the T&C checkbox
3. Click Save

Get the API Key and API URL

1. A connector setup in progress confirmation dialog will appear — click Close
2. While the connector is being set up, copy the API URL from the connector details page

3. Setting up the connector may take a while. Refresh the connector details page. Once the connector is set up, click Generate API key
4. Copy the API Key and save it in a safe place — you will need to enter it in the Realm console

5. Copy the API URL — you will need to enter it in the Realm console