How to integrate Cowdstrike with wazuh

Skip to first unread message

Operation Consultant

Dec 1, 2022, 12:39:08 PM12/1/22
to Wazuh mailing list
How to integrate Cowdstrike with wazuh

Anthony Faruna

Dec 1, 2022, 1:07:08 PM12/1/22
to Operation Consultant, Wazuh mailing list

Thank you for using Wazuh

The main configuration from Wazuh perspective is collecting the logs from the crowdstrike file (assuming the location is /var/log/crowdstrike/falconhoseclient/output ) using :
    <multiline_regex replace="wspace">^{</multiline_regex>
Then you might need to create custom decoders/rules similar to the ones mentioned in if the format of the received logs is different.

I hope this answers your question

Best Regards

On Thu, Dec 1, 2022 at 6:39 PM Operation Consultant <> wrote:
How to integrate Cowdstrike with wazuh

You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
Reply all
Reply to author
0 new messages