CrowdStrike Falcon Data Replicator DSM specifications

The IBM QRadar DSM for CrowdStrike Falcon Data Replicator supports events that are collected from CrowdStrike FDR by using the Amazon AWS S3 REST API protocol.

The following table lists the specifications for the CrowdStrike Falcon Data Replicator DSM.

Table 1. CrowdStrike Falcon Data Replicator DSM specifications
Specification Value
Manufacturer CrowdStrike
DSM name Falcon Data Replicator
RPM file name DSM-CrowdStrikeFalconDataReplicator-QRadar_version-Build_number.noarch.rpm
Supported protocols Amazon AWS S3 REST API
Event format JSON
Automatically discovered? Yes
Includes identity? No
Includes custom properties? No
More information Falcon Data Replicator(https://falcon.us-2.crowdstrike.com/documentation/page/fa572b1c/falcon-data-replicator)