Configuring CrowdStrike Falcon Data Replicator to communicate with IBM QRadar

To collect CrowdStrike Falcon Data Replicator events, configure your Falcon Data Replicator to send JSON events to QRadar.

The IBM QRadar DSM for CrowdStrike Falcon Data Replicator supports events that are collected from the Falcon Data Replicator, with the help of Amazon AWS S3 REST API protocol.

Procedure

Configure CrowdStrike Falcon Data Replicator to communicate with QRadar by following the Configuration steps under Falcon Data Replicator setup at Crowdstrike FDR(https://falcon.us-2.crowdstrike.com/documentation/page/fa572b1c/falcon-data-replicator).

What to do next

Add a CrowdStrike Falcon Data Replicator - Amazon AWS S3 REST log source in QRadar. For more information, see Amazon AWS S3 REST API parameters for CrowdStrike Falcon Data Replicator log source.