CrowdStrike Integration

You can use CrowdStrike as a source or a destination. Continue below to integrate as a source for CrowdStrike Falcon Data Replicator (FDR), or click here to integrate as a destination for CrowdStrike Next-Gen SIEM.

CrowdStrike FDR as a Source

Send Logs from CrowdStrike FDR to Realm

1. Log in to CrowdStrike Platform Console.
2. Go to Support and resources > Falcon data replicator.

3. Click on Create Feed.

4. Enter feed name: Realm.Security
5. Turn the feed on.
6. Leave Default settings selected.

7. Click Next.
8. Click Create feed.

9. Copy ClientID and save it in a safe place.
10. Copy Secret and save it in a safe place. You will not be able to see it again.

11. Copy Notifications URL.

CrowdStrike NGSIEM as a Destination

Send Logs from Realm to CrowdStrike NGSIEM

Find the event connector

1. Login to CrowdStrike Falcon Platform console.
2. Go to Next-Gen SIEM > Data onboarding: https://falcon.us-2.crowdstrike.com/data-connectors/

3. Search by Product:

Falcon Logscale

4. Select Logscale Event connector.

Fill out the Add new connector form

1. Data source: Realm.Security (revist for a better default) -> This value gets stored in a field along with the data.
2. Data Type: Select JSON.
3. Connector name:

Realm.Security

(this is just to show on the My connectors page)
4. Description:

Receive logs from Realm.Security

5. Parser: JSON (Generic Source)
6. Select T&C checkbox.
7. Click Save.

Get the API key and API URL

1. You should see a connector setup in progress confirmation dialog box. Click Close.
2. While the connector is being setup, copy the API URL from the connector details page.

3. Setting up the FDR connector could take a while. Refresh the connector details page. Once the connector is setup, click Generate API key to generate an API Key.
4. Copy API Key and save it in a safe place. You will need to enter it in the Realm console.

5. Copy API URL. You will need to enter it in the Realm console.