CrowdStrike Falcon® Long Term Repository
The world’s leading AI-native platform for long-term data retention
The world’s leading AI-native platform for long-term data retention
Hunt down threats faster than ever with scalable, cost-effective storage and search for CrowdStrike data.
Get the full picture with Falcon Long Term Repository

Enhanced threat hunting at scale
Get deep, contextual and faster analytics on massive amounts of historical and real-time security data across your dispersed environment to uncover hidden threats and detect irregularities that may suggest malicious behavior.

Longer data retention with extended visibility
Retain and unify your security telemetry for a year or more with cost-effective scalable storage, enabling extended visibility across endpoints, workloads, identities and more for enhanced completeness and accuracy during investigations.

Threat context visualization with powerful searches
Falcon Long Term Repository (LTR) offers a feature-rich query language and index-free search capabilities that allow you to run complex queries and lightning-fast searches on log data for enhanced threat context and actionable insights.
Why Falcon Long Term Repository
Extend storage and accelerate response
Gain historical and real-time threat context
Gain historical and real-time threat context
- Enable long-term storage: Reduce cost and improve visibility with long-term scalable storage of historical and real-time CrowdStrike Falcon® platform data, along with additional logs. Store and manage your data for a year or more, enabling enhanced threat context for more complete and accurate analysis and accelerated detection and remediation.
- Hunt threats at unprecedented scale: Get deep, contextual and faster analytics on massive amounts of security data, including correlated CrowdStrike Falcon® indicators of compromise (IOCs), to uncover hidden threats in your dispersed environment and detect irregularities that may suggest malicious behavior.
- Detect potential attacks faster: Gain valuable and contextual insights with sub-second latency searches including advanced threat and vulnerability investigations

Operationalize your security data at scale
Operationalize your security data at scale
- Unify distributed data sets: Collect and analyze all log data in one place to minimize context switching, providing a single comprehensive view of your environment for actionable threat insights.
- Reduce cost and improve visibility: Get cost-effective, scalable storage with industry-leading compression levels, minimizing resource and compute requirements and simplifying deployment and setup.
- Access fast and custom search: Leverage a feature-rich query language and index-free search capabilities through historic and real-time data, allowing you to ask any questions of your Falcon data to get immediate answers for advanced threat and vulnerability investigations.

Enable enriched data and threat analytics
Enable enriched data and threat analytics
- Leverage the CrowdStrike Security Cloud: Use enriched data from the CrowdStrike Security Cloud — the world’s largest unified, threat-centric data fabrics, correlating trillions of security events per day with indicators of attack (IOAs) — to strengthen your threat analytics and hunting.
- Receive alerts for critical threats: Enable custom alerts for events that matter most to you based on streaming data in real time, enabling faster threat detection and investigation.
- Meet compliance and security requirements: Store and manage Falcon data for one or multiple years, enabling complete and accurate investigation and analysis, and helping you achieve compliance and gain visibility over attack paths.
