CrowdStrike Falcon Devices Add-On for Splunk Guide 3.1+

This guide covers the deployment, configuration and usage of the CrowdStrike Falcon Devices Technical Add-on (TA) for Splunk v3.1 and above. The CrowdStrike Falcon Devices Technical Add-on for Splunk allows CrowdStrike customers to retrieve device data from the CrowdStrike Hosts API and index it into Splunk.

Download the Technical Add-On from Splunkbase: https://splunkbase.splunk.com/app/5570/

TECHNICAL CENTER

  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Visit the Tech Center