# CrowdStrike (Next-Gen SIEM)

## Prerequisites

* CrowdStrike tenant with access to **Falcon LogScale** (or Next‑Gen SIEM).
* Permission to create **Ingest Tokens** on a target **Repository**.
* Network egress from Teleskope to your CrowdStrike ingest URL.

***

### 1) Create a LogScale Ingest Token & find your ingest URL

1. In the CrowdStrike Falcon console, open LogScale → choose your Repository (or create one dedicated to Teleskope alerts).
2. Go to Settings → Ingest Tokens → Create Token.
3. (Optional) Attach a parser to this token if you want custom field mapping.
4. Copy:
   * Ingest URL (examples: `https://cloud.us.humio.com`, `https://cloud.eu.humio.com`)
   * Ingest Token (bearer token)

Endpoints:

* Structured JSON: `POST /api/v1/ingest/humio-structured`

***

### 2) Add the CrowdStrike destination in Teleskope

**Policy Maker → Integrations → CrowdStrike**

Provide:

* **Base URL**: your LogScale URL (e.g., `https://cloud.us.humio.com`)
* **Bearer token**: the Ingest Token from step 1

> If your Teleskope environment doesn’t show a CrowdStrike destination yet, reach out to Teleskope support.

***

### 3) Create a policy

**Policy Maker → Create/Edit Policy**

1. Define your conditions as usual.
2. **Step 4 – Actions**: choose **Send to CrowdStrike**.

{% hint style="warning" %}
It is recommended to add CrowdStrike notifications after a policy has been created and the initial violations populated. A ticket is created per violation, so ensure that policies are sufficiently scoped.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.teleskope.ai/alerting-integrations/crowdstrike-next-gen-siem.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.