CrowdStrike Falcon Data Replicator

The IBM® QRadar® DSM for CrowdStrike Falcon Data Replicator collects JSON events from a CrowdStrike Falcon Data Replicator.

To integrate the CrowdStrike Falcon Data Replicator with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM support website (http://www.ibm.com/support). Download and install the most recent version of the following RPMs on your QRadar Console.
    • Protocol Common RPM
    • Amazon AWS S3 REST API Protocol RPM
    • DSM Common RPM
    • CrowdStrike Falcon Host DSM RPM
  2. Configure your CrowdStrike Falcon Data Replicator device to send events to QRadar. For more information, see Configuring CrowdStrike Falcon Data Replicator to communicate with IBM QRadar.
  3. If QRadar does not automatically detect the log source, add a CrowdStrike Falcon Data Replicator log source on the QRadar Console. For more information, see Amazon AWS S3 REST API parameters for CrowdStrike Falcon Data Replicator log source.