This guide covers the deployment, configuration and usage of the CrowdStrike Falcon Detection Technical Add-on (TA) for Splunk v2.0.0 and above. The CrowdStrike Falcon Detection Technical Add-on for Splunk allows CrowdStrike customers to retrieve detection event data from CrowdStrike APIs and index it into Splunk.
For deploying and configuring the CrowdStrike Falcon Detection Splunk Technical Add-On located on Splunkbase: https://splunkbase.splunk.com/app/8100
