CrowdStrike Integration with WazuH

Operation Consultant

unread,

Jul 5, 2023, 12:00:44 PM7/5/23

to Wazuh mailing list

Hi All,

Any Suggestion,

How to Integrated CrowdStrike with WazuH.

Best Wishes,

Carlos Ezequiel Bordon

unread,

Jul 5, 2023, 1:55:20 PM7/5/23

to Operation Consultant, Wazuh mailing list

Hi,

The main configuration from Wazuh perspective is collecting the logs from the CrowdStrike file (assuming the location is /var/log/crowdstrike/falconhoseclient/output ) using :

multi-line-regex /var/log/crowdstrike/falconhoseclient/output ^{

Then you should create custom decoders/rules similar to those mentioned in wazuh/wazuh#8129 (comment) if the format of the received logs is different.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e0bea7e5-3bb2-45e9-906d-7e7fab6a75a7n%40googlegroups.com.

--

Wazuh

Carlos Bordon

CICD/DevOps

Operation Consultant

unread,

Jul 6, 2023, 5:26:52 AM7/6/23

to Carlos Ezequiel Bordon, Wazuh mailing list

where we call API details under wazuH-manager.

Operation Consultant

unread,

Jul 9, 2023, 1:48:41 PM7/9/23

to Wazuh mailing list

Any Suggestion here.

Varad Gunjkar

unread,

Jul 10, 2024, 5:40:36 AM7/10/24

to Wazuh | Mailing List

Refer this

Integrate_CrowdStrike_EDR_with_Wazuh_SIEM.pdf

Vishak Jaisimha

unread,

Aug 29, 2024, 5:19:21 AM8/29/24

to Wazuh | Mailing List

i dont think sudo apt-get install wazuh-integration-crowdstike exists is there any other way to do it ?
thanks

Reply all

Reply to author

Forward