This add on is designed to be a new installation and will replace the CrowdStrike Falcon Endpoint Add-on (https://splunkbase.splunk.com/app/3944/).
Splunk v8+ with Python 3
CrowdStrike OAuth2 Authentication
CrowdStrike US based, EU and GovCloud environments
Multiple customer environments
Multiple connections to a single Event Streams API, providing the AppID is unique within the CrowdStrike environment
CrowdStrike Resource Center: CrowdStrike Falcon Event Streams Add-On Guide
CrowdStrike Resource Center: CrowdStrike Falcon Event Streams Transition Guide
CrowdStrike Resource Center: CrowdStrike Falcon Event Streams Add-On Guide v3
CrowdStrike App
CrowdStrike Falcon Event Streams Technical Add-On
CrowdStrike Falcon Devices Technical Add-On
CrowdStrike Intel Indicator Technical Add-On
CrowdStrike Falcon Spotlight Technical Add-On
Update to align with Splunk Cloud requirements.
PLEASE REVIEW PUBLISHED DOCUMENTATION PRIOR TO INSTALLATION OR UPGRADE
Click here for the CrowdStrike Event Streams Add on for Splunk Guide V3
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.