CrowdStrike Falcon Insight

The data source type for CrowdStrike Falcon Insight® collects alerts that are forwarded from CrowdStrike Falcon Insight.

To integrate CrowdStrike Falcon Insight with the QRadar® platform, complete the following steps:
  1. Configure your CrowdStrike Falcon Insight platform to send alerts to the QRadar platform. For more information, see Configuring CrowdStrike Insight to communicate with the QRadar platform.
  2. Add a CrowdStrike Falcon Insight data source.

    When you configure the data source, use the Universal Cloud REST API connector type to pull alerts from CrowdStrike Falcon Insight.

  3. Optional: If you want to enable federated search for your CrowdStrike system, configure a connection to the data source. For more information, see Connecting data sources for federated search and querying.

For more information about adding a data source, see Adding an ingestion data source.

If you are an IBM® QRadar user, see Terminology changes for QRadar customers.