Log Forwarding > Cloud Solutions > CrowdStrike
CROWDSTRIKE

Instructions for forwarding CrowdStrike logs to your Log Management device
PREREQUISITES
CrowdStrike
- CrowdStrike Falcon Platform
Clone Systems Log Management Device
- The IP Address for the Clone Systems Log Management device
INSTRUCTIONS
1
There are a number of different types of APIs in the CrowdStrike Falcon Platform. The two APIs we recommend for the SIEM integration are: Query API (which is an “on demand” API) and Streaming API (which provides event data as a continuous stream of data and is a “push based” API). Both of these APIs require their own set of credentials. Contact CrowdStrike to get access to both APIs.
Contact support@crowdstrike.com to get access to both of the CrowdStrike Falcon Platform APIs:
- CrowdStrike Falcon Streaming API
- CrowdStrike Falcon Query API
Note: Each of these APIs require a different set of credentials.
2
Once CrowdStrike support enables the Falcon Streaming API, you need to obtain a UUID and API key which will be used during your API Authentication.
Navigate your browser to https://falcon.crowdstrike.com/login/
Enter your Email address: Your Email Address
Click Continue.
Enter your Password: Your Administrator password
Click Log In.
3
Navigate to the People App and then select the Customer tab.
Navigate to the People App > Customer tab.
Note: The People App is only visible to admins.
4
Click Reset API Key and then record the assigned API key and the UUID.
Note: Any previous API key will be invalidated by following these steps.
Click Reset API Key.
Record the assigned API Key and UUID.
5
Please provide the following values to Clone Systems to complete the configuration for forwarding CrowdStrike logs to your Log Management device:
For the CrowdStrike Falcon Streaming API:
- Username
- Password
- UUID
- API Key
For the CrowdStrike Falcon Query API:
- Username
- Password
Note:
For the CrowdStrike Falcon Streaming API:
- The URL is https://firehose.crowdstrike.com/sensors/entities/datafeed/v1
For the CrowdStrike Falcon Query API:
- The URL is https://falconapi.crowdstrike.com/