This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Collecting Crowdstrike IDP logs

Posted on 06-17-2024 08:11 AM
azibani
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi everyone,

I've been struggling to find a way to collect Crowdstrike Identity Protection logs in Google Chronicle.
Does anyone have any advice for this matter?

Thank you in advance.

0 2 140
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
TimNemceff
Staff
Reply posted on --/--/---- --:-- AM

There is a CS_IDP log type now, but with no default parser:
https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers#without-defa...

For collecting the events, they are available via the new Crowdstrike Alerts API but Google SecOps does not have a native integration to that new API yet, which will support regular Falcon alerts plus IDP alerts.

0 Likes

Posted on --/--/---- --:-- AM
azibani
Bronze 1
Bronze 1
In response to TimNemceff
Reply posted on --/--/---- --:-- AM

Hello, thanks for your response.
So would that be possible if i create a custom script to ingest these logs?

0 Likes
Top Solution Authors
View all