CrowdStrike Announces Falcon LogScale and Falcon Complete LogScale

CrowdStrike provides a centralized log management strategy that brings together security and observability for SecOps, ITOps and DevOps teams

Every second, as your IT systems run every facet of your business, they are also creating data related to the health, performance and security of the systems themselves. This information, known as log data, is vital to SecOps, ITOps and DevOps teams as they seek to understand how the IT environment is functioning — and how secure those assets are.

In March 2021, CrowdStrike recognized the importance of log management and observability by acquiring Humio, a leading provider of log management technology. In the months since, our team has delivered new ways to use this technology to power better security processes for our customers while exploring new ways to use log management in DevOps, ITOps and other areas where enhanced observability is critical.

Today at Fal.Con 2022, we announced new products based on Humio technology that elevate the CrowdStrike Falcon® platform portfolio and expand our offerings into new markets. With these advancements, CrowdStrike is driving the convergence of security and observability with a centralized log management strategy that focuses on deriving insights from log data — and helping organizations easily access, ingest, store and analyze this critical and always-growing amount of information. 

The Critical Role of Observability in Security and Beyond

Falcon LogScale, formerly known as Humio, is now available as a standalone module to ingest, search, transform and retain all of your log data. ​​Built using a unique index-free architecture and advanced compression technology that minimizes hardware requirements, Falcon LogScale allows DevOps, ITOps and SecOps teams to aggregate, correlate and search live log data with sub-second latency. This powerful and versatile technology helps eliminate IT system blind spots and identify potential threats faster — all at a lower total cost of ownership than legacy log management platforms. 

For companies that want to outsource their log management and observability functions, Falcon Complete LogScale is our new fully managed service offering that combines the effectiveness of Falcon LogScale with CrowdStrike’s dedicated team of service professionals. Falcon Complete LogScale delivers highly personalized log management expertise to help you answer any query and gain valuable insights from your logs in real time.

While the data available to threat hunters and incident responders grows at an exponential rate, organizations are often limited to as little as 90 days of data retention, which inhibits their ability to add necessary context to investigations. Through scalable storage that minimizes the size and cost of retention, Falcon Long Term Repository is an upgrade that allows all Falcon customers to store their endpoint detection and response (EDR) data for as long as they want. Alone, this capability helps companies meet compliance requirements and perform historical investigations on Falcon telemetry. When combined with Falcon LogScale, Falcon EDR data can be correlated with other data sources to become a force multiplier for real-time and historic threat hunts. 

Finally, the CrowdStrike Data Fabric now provides an underlying set of capabilities across the Falcon platform. Rather than a module licensed separately, CrowdStrike Data Fabric underpins Falcon platform technology to enhance observability of your IT assets. The innovative data fabric works by ingesting distributed, third-party log data into the CrowdStrike Security Cloud and enriching it to enhance your threat hunting abilities. 

At CrowdStrike, we’re beyond excited to see what our customers will achieve with these powerful new capabilities. Together, we’re forging the future of security and observability!

Additional Resources

  • Read today’s press release announcing Falcon LogScale and the collection of related products.
  • Visit to learn more about Falcon LogScale, CrowdStrike’s new log management and observability module.
  • Visit the Falcon Long Term Repository product page to learn how to retain your EDR data for up to one year or longer.
  • Visit the Falcon Complete LogScale service page to learn how CrowdStrike Services can help with your log management and observability programs. 
  • Learn more about the CrowdStrike Falcon® platform by visiting the product webpage.
  • Test CrowdStrike next-gen AV for yourself. Start your free trial of Falcon Prevent™ today.
Related Content