search

CrowdStrike (Next-Gen SIEM)

hashtag
Prerequisites

  • CrowdStrike tenant with access to Falcon LogScale (or Next‑Gen SIEM).

  • Permission to create Ingest Tokens on a target Repository.

  • Network egress from Teleskope to your CrowdStrike ingest URL.

hashtag
1) Create a LogScale Ingest Token & find your ingest URL

  1. In the CrowdStrike Falcon console, open LogScale → choose your Repository (or create one dedicated to Teleskope alerts).

  2. Go to Settings → Ingest Tokens → Create Token.

  3. (Optional) Attach a parser to this token if you want custom field mapping.

  4. Copy:

    • Ingest URL (examples: https://cloud.us.humio.com, https://cloud.eu.humio.com)

    • Ingest Token (bearer token)

Endpoints:

  • Structured JSON: POST /api/v1/ingest/humio-structured

hashtag
2) Add the CrowdStrike destination in Teleskope

Policy Maker → Integrations → CrowdStrike

Provide:

  • Base URL: your LogScale URL (e.g., https://cloud.us.humio.com)

  • Bearer token: the Ingest Token from step 1

If your Teleskope environment doesn’t show a CrowdStrike destination yet, reach out to Teleskope support.

hashtag
3) Create a policy

Policy Maker → Create/Edit Policy

  1. Define your conditions as usual.

  2. Step 4 – Actions: choose Send to CrowdStrike.

circle-exclamation

It is recommended to add CrowdStrike notifications after a policy has been created and the initial violations populated. A ticket is created per violation, so ensure that policies are sufficiently scoped.

PreviousJiraNextTines

Last updated

Was this helpful?