Syslog data source parameters for CrowdStrike Falcon
If the QRadar® product does not automatically detect
the data source, add a CrowdStrike Falcon
data source in the QRadar product by using the Syslog connector.
When you use the Syslog connector, there are specific parameters that you must configure.
The following table describes the parameters that require specific values to collect Syslog
events from CrowdStrike Falcon:
| Parameter | Value |
|---|---|
| Data source type | CrowdStrike Falcon |
| Connector | Syslog |
| Data source identifier | The IP address or host name where the Falcon SIEM Connector is installed. |
For more information about adding a data source in the QRadar product, see Adding ingestion data sources.