Skip to content

Home

Image title Image title

This supporting add-on comes with prebuilt content for CrowdStrike Identity data to be easily used with Splunk Enterprise Security's Identity database.

This Supporting add-on is only intended to work with Splunk Enterprise Security deployments.

Disclaimer

This Splunk Supporting Add-on is not affiliated with CrowdStrike, Inc. and is not sponsored or sanctioned by the CrowdStrike team. As such, the included documentation does not contain information on how to get started with CrowdStrike. Rather, this documentation serves as a guide to use CrowdStrike identity data with Splunk Enterprise Security. Please visit https://www.crowdstrike.com for more information about CrowdStrike.

Assumptions

This documentation assumes the following:

  1. You have a working Splunk Enterprise Security environment. This add-on is not intended to work without Splunk ES.
  2. You already have CrowdStrike identity data ingested using the Crowdstrike Falcon Identity Protection.
  3. Familiarity with setting up a new Asset source in Enterprise Security.

About

Info Description
SA-CrowdStrikeIdentities 1.0.0 - Splunkbase | GitHub
Splunk Enterprise Security Version (Required) 7.x | 6.x
CrowdStrike Falcon Identity Protection Add-on (Required) >=1.0.1
Add-on has a web UI No, this add-on does not contain views.

Quick Start


Last update: June 9, 2023