CrowdStrike Falcon DSM specifications
When you configure CrowdStrike Falcon understanding the specifications for the CrowdStrike Falcon DSM can help ensure a successful integration. For example, knowing what the supported version of CrowdStrike Falcon is before you begin can help reduce frustration during the configuration process.
The following table describes the specifications for the CrowdStrike Falcon DSM.
Specification | Value |
---|---|
Manufacturer | CrowdStrike |
DSM name | CrowdStrike Falcon |
RPM file name | DSM-CrowdStrikeFalconHost-QRadar_version-build_number.noarch.rpm |
Protocol | Syslog |
Event format | LEEF, JSON |
Recorded event types |
Incident Incident summary Detection summary Authentication Detection status update Uploaded IoCs Network containment IP whitelisting Policy management CrowdStrike store Falcon firewall management Real time response Event streams |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | No |
More information | CrowdStrike Falcon Platform website (https://www.crowdstrike.com/endpoint-security-products/falcon-platform/) |