CrowdStrike Falcon
The IBM QRadar DSM for CrowdStrike Falcon collects Syslog events that are forwarded by a Falcon SIEM Connector.
To integrate CrowdStrike Falcon with QRadar, complete the following steps:
- If automatic updates are not enabled, RPMs are available for download from the IBM® support website (http://www.ibm.com/support). Download and install the most recent
version of the following RPMs on your QRadar
Console:
- DSM Common RPM
- CrowdStrike Falcon Host DSM RPM
- Configure your Falcon SIEM connector to send events to QRadar. For more information, see Configuring CrowdStrike Falcon to communicate with QRadar.
- If QRadar does not automatically detect the log source, add a CrowdStrike Falcon log source on the QRadar Console. For more information, see Syslog log source parameters for CrowdStrike Falcon.