Instructions for forwarding CrowdStrike logs to your Log Management device


  • CrowdStrike Falcon Platform
Clone Systems Log Management Device
  • The IP Address for the Clone Systems Log Management device

1. There are a number of different types of APIs in the CrowdStrike Falcon Platform. The two APIs we recommend for the SIEM integration are: Query API (which is an “on demand” API) and Streaming API (which provides event data as a continuous stream of data and is a “push based” API). Both of these APIs require their own set of credentials. Contact CrowdStrike to get access to both APIs.

Contact to get access to both of the CrowdStrike Falcon Platform APIs:

CrowdStrike Falcon Streaming API
CrowdStrike Falcon Query API

Note: Each of these APIs require a different set of credentials.

2. Once CrowdStrike support enables the Falcon Streaming API, you need to obtain a UUID and API key which will be used during your API Authentication.

Navigate your browser to

Enter your Email address: Your Email Address

Click Continue.

Enter your Password: Your Administrator password

Click Log In.

3. Navigate to the People App and then select the Customer tab.

Navigate to the People App > Customer tab.

Note: The People App is only visible to admins.

4. Click Reset API Key and then record the assigned API key and the UUID.

Note: Any previous API key will be invalidated by following these steps.

Click Reset API Key.

Record the assigned API Key and UUID.

5. Please provide the following values to Clone Systems to complete the configuration for forwarding CrowdStrike logs to your Log Management device:

For the CrowdStrike Falcon Streaming API:

  • Username
  • Password
  • UUID
  • API Key

For the CrowdStrike Falcon Query API:

  • Username
  • Password

For the CrowdStrike Falcon Streaming API:

– The URL is

For the CrowdStrike Falcon Query API:

– The URL is