Overview
CrowdStrike is a single agent solution to stop breaches, ransomware, and cyber attacks with comprehensive visibility and protection across endpoints, workloads, data, and identity.
The CrowdStrike integration allows you to collect real-time CrowdStrike detection events and alerts as Datadog logs.
Setup
Installation
No installation is required.
Configuration
Enabling event streaming
Before you can connect to the Event Stream, contact the CrowdStrike support team to enable the streaming of APIs on your customer account.
Connecting your CrowdStrike Account
Once streaming is enabled, add a new API client in CrowdStrike:
- Sign in to the Falcon console.
- Go to Support > API Clients and Keys.
- Click Add new API client.
- Enter a descriptive client name that identifies your API client in Falcon and in API action logs (for example,
Datadog
). - Optionally, enter a description such as your API client’s intended use.
- Select Read access for all API scopes.
- Click Add.
Enabling log collection
Add the API client details on the CrowdStrike integration tile in Datadog:
- Click Connect a CrowdStrike Account.
- Copy over your API client ID, client secret, and API domain.
- Optionally, enter a list of tags separated by comma.
- Click Submit.
After a few minutes, logs with the source crowdstrike
appear on the Crowdstrike Log Overview dashboard.
Data Collected
Metrics
The CrowdStrike integration does not include any metrics.
Events
The CrowdStrike integration allows Datadog to ingest the following events:
- Detection Summary
- Firewall Match
- Identity Protection
- Idp Detection Summary
- Incident Summary
- Authentication Events
- Detection Status Updates
- Uploaded IoCs
- Network Containment Events
- IP Allowlisting Events
- Policy Management Events
- CrowdStrike Store Activity
- Real Time Response Session Start/End
- Event stream start/stop
These events appear on the Crowdstrike Log Overview dashboard.
Service Checks
The CrowdStrike integration does not include any service checks.
Troubleshooting
Need help? Contact Datadog support.