Welcome to the Docs!
The CrowdStrike Falcon Identity Protection Add-on for Splunk Add-on allows ingestion of the CrowdStrike identity data into Splunk enabling the data to be used with other Splunk Apps, such as Enterprise Security.
This Splunk Supporting Add-on is not affiliated with Crowdstrike, Inc. and is not sponsored or sanctioned by the Crowdstrike team. Please visit https://www.crowdstrike.com for more information about Crowdstrike.
This documentation assumes the following:
- You have a working Splunk environment.
- You have CrowdStrike Falcon Identity Protection
- Basic familiarity with Splunk and CrowdStrike.
SA-CrowdStrikeIdentities for Enterprise Security
Be sure to checkout SA-CrowdStrikeIdentities for Enterprise Security to automatically populate your asset database using this data.
|TA-crowdstrike-devices||1.0.2 - Splunkbase | GitHub|
|CrowdStrike Falcon Identity Protection (Required)||Find out more )|
|Add-on has a web UI||Yes, this add-on has a setup page.|