CrowdStrike named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.  Download report

Cribl Edge and CrowdStrike SIEM Connector Configuration Guide v1.4

siem-cover

This document is designed for customers that want to use Cribl as the central ingestion and distribution platform for CrowdStrike Event Stream API data. This guide demonstrates how to combine the collection capabilities of CrowdStrike's SIEM connector with the processing and routing capabilities of Cribl Edge. The SIEM connector will output a JSON structured file locally for Cribl Edge to monitor, collect, process and route to the required destinations.