Skip to main content
Sumo Logic

CrowdStrike Falcon Endpoint Protection

 

CrowdStrike Falcon Endpoint Protection
The CrowdStrike Falcon Endpoint Protection App provides visibility into the security posture of your endpoints as analyzed by the CrowdStrike Falcon Endpoint Protection platform. The app allows you to analyze indicators of compromise (IOCs) by affected users, tactic, technique, and objective, and identify hosts on your network with the highest malware detections. The dashboards in this app help identify threats and incidents, from which you can drill down to investigate further.

The CrowdStrike Falcon Endpoint Protection App provides visibility into the security posture of your endpoints as analyzed by the CrowdStrike Falcon Endpoint Protection platform. The app allows you to analyze indicators of compromise (IOCs) by affected users, tactic, technique, and objective, and identify hosts on your network with the highest malware detections. The dashboards in this app help identify threats and incidents, from which you can drill down to investigate further.

The CrowdStrike Falcon Endpoint Protection Platform is a cloud-native framework that protects endpoints to stop breaches and improve performance with the robust power of the cloud combined with an intelligent, lightweight endpoint agent.

Log Types 

The CrowdStrike Falcon Endpoint Protection App uses the following log types:

  • Detection Event 

  • Authentication Event

  • Detection Status Update Event

For more information on Events, please refer to the CrowdStrike Falcon Endpoint Protection Streaming API Event Dictionary