Welcome to the Docs!
The SA-CrowdstrikeDevices add-on allows Splunk Enterprise Security admins to use CrowdStrike device data with the Asset Database. This documentation will cover the components used in the add-on and advanced configurations.
This Supporting add-on is only intended to work with Splunk Enterprise Security deployments.
This Splunk Supporting Add-on is not affiliated with Crowdstrike, Inc. and is not sponsored or sanctioned by the Crowdstrike team. As such, the included documentation does not contain information on how to get started with Crowdstrike. Rather, this documentation serves as a guide to use Crowdstrike device data with Splunk Enterprise Security. Please visit https://www.crowdstrike.com for more information about Crowdstrike.
This documentation assumes the following:
- You have a working Splunk Enterprise Security environment. This add-on is not intended to work without Splunk ES.
- You already have Crowdstrike device data ingested using the Crowdstrike Devices technical add-on.
- Familiarity with setting up a new Asset source in Enterprise Security.
|SA-CrowdstrikeDevices||1.1.1 - Splunkbase | GitHub|
|Splunk Enterprise Security Version (Required)||7.x | 6.x|
|Crowdstrike Devices Add-on (Required)||3.x|
|Add-on has a web UI||No, this add-on does not contain views.|