Hi everyone,
I've been struggling to find a way to collect Crowdstrike Identity Protection logs in Google Chronicle.
Does anyone have any advice for this matter?
Thank you in advance.
There is a CS_IDP log type now, but with no default parser:
https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers#without-defa...
For collecting the events, they are available via the new Crowdstrike Alerts API but Google SecOps does not have a native integration to that new API yet, which will support regular Falcon alerts plus IDP alerts.
Hello, thanks for your response.
So would that be possible if i create a custom script to ingest these logs?