Monitor CrowdStrike logs to gain complete visibility into your network activity, DNS requests, and other security events with Panther’s CrowdStrike integration.
CrowdStrike is a SaaS protection platform for endpoint security and threat intelligence. Panther can collect, normalize, and monitor CrowdStrike logs to help you identify suspicious activity in real time. Your normalized data is then retained to power future security investigations in a data lake powered by AWS or the cloud-native data platform, Snowflake.
Common security use cases for CrowdStrike with Panther include:
- Monitor security events and gain insights into DNS requests and activities across the network
- Correlate CrowdStrike data with other infrastructure data to monitor suspicious activity
- Analyze patterns to identify operational anomalies
How it Works
The integration is simple and fast:
- Create API credentials in CS Falcon
- Add CrowdStrike as a data source in Panther
- Panther will parse, normalize, and analyze your log data in real-time
- As rules are triggered, alerts are sent to your configured destinations
- Normalized logs can be searched from Panther’s Data Explorer
- Sit back and monitor your activity!
Learn more about Panther's supported log schema for CrowdStrike.