Preview App Support in the Sumo Logic Community
CrowdStrike Falcon Host provides endpoint security and threat intelligence services via the cloud. It consolidates multiple security functions into a single lightweight agent, and provides visibility to the service through integrations with a central security analytics platform like Sumo Logic.
The Sumo Logic App for CrowdStrike Falcon Host allows you to analyze CrowdStrike security events by type, status, and detection method. You can use the App to investigate CrowdStrike-specific events and provide operational visibility to team members from pre-configured searches and Dashboards, without logging into the CrowdStrike console.
The Sumo Logic App for CrowdStrike Falcon Host analyzes two log types:
- Detection Summary Events
- Authentication Events
For details on the format and definitions, refer to CrowdStrike documentation at https://www.crowdstrike.com/resource...lcon-connector.