Skip to content


Image title Image title

The SA-CrowdstrikeDevices add-on allows Splunk Enterprise Security admins to use Crowdstrike device data with the Asset Database.

Example Output SA-CrowdstrikeDevices Example SA-CrowdstrikeDevices Example

This Supporting add-on is only intended to work with Splunk Enterprise Security deployments.


This Splunk Supporting Add-on is not affiliated with Crowdstrike, Inc. and is not sponsored or sanctioned by the Crowdstrike team. As such, the included documentation does not contain information on how to get started with Crowdstrike. Rather, this documentation serves as a guide to use Crowdstrike device data with Splunk Enterprise Security. Please visit for more information about Crowdstrike.


This documentation assumes the following:

  1. You have a working Splunk Enterprise Security environment. This add-on is not intended to work without Splunk ES.
  2. You already have Crowdstrike device data ingested using the Crowdstrike Devices technical add-on.
  3. Familiarity with setting up a new Asset source in Enterprise Security.


Info Description
SA-CrowdstrikeDevices 1.1.1 - Splunkbase | GitHub
Splunk Enterprise Security Version (Required) 7.x | 6.x
Crowdstrike Devices Add-on (Required) 3.x
Add-on has a web UI No, this add-on does not contain views.

Quick Start

Last update: April 20, 2023