SIEM 210: Onboarding and Managing Data Sources in Falcon Next-Gen SIEM is a one-day course designed for security engineers, SOC administrators, security analysts, and data engineers who need to effectively integrate and manage diverse data sources within CrowdStrike Falcon® Next-Gen SIEM. Through instructor-led sessions with hands-on exercises and practical walkthroughs, participants will master comprehensive data source onboarding techniques, from initial connector discovery through ongoing monitoring and troubleshooting. The course emphasizes real-world application of data pipeline management, CrowdStrike Parsing Standard (CPS) implementation, and data normalization strategies to ensure reliable and optimized data flow across enterprise environments.
Course Highlights:
- Data connector discovery and configuration for various source types with comprehensive connection management strategies
- CrowdStrike Parsing Standard (CPS) implementation and custom field extraction for effective data normalization and compliance
- Data source integration techniques including AI Parser functionality for enhanced data extraction
- Monitoring and troubleshooting including data connection status and event errors
- Data management and enrichment strategies with lookup file creation and detection rule implementation at the parsing level
