Syslog log source parameters for CrowdStrike Falcon
If QRadar® does not automatically detect the log source, add a CrowdStrike Falcon log source on the QRadar Console by using the Syslog protocol.
When you use the Syslog protocol, there are specific parameters that you must configure.
The following table describes the parameters that require specific values to collect Syslog
events from CrowdStrike Falcon Connector:
| Parameter | Value |
|---|---|
| Log Source type | CrowdStrike Falcon |
| Protocol Configuration | Syslog |
| Log Source Identifier | The IP address or host name where the Falcon SIEM Connector is installed. |
For more information about the protocol parameters and their values, see Adding a log source.