Skip to main content
Sumo Logic

Collect Logs for CrowdStrike Falcon Host (Falcon Platform)

This procedure explains how to collect logs from Google Apps and ingest them into Sumo Logic.

Sumo Logic App

Now that you have configured Google Apps logs, install the Sumo Logic App for Google Apps to take advantage of the preconfigured searches and dashboards to analyze your Google Apps data.

To collect logs for CrowdStrike Falcon Host platform, you need to configure the following:

  1. A Sumo Logic Installed Collector and Syslog Source.
  2. CrowdStrike Falcon SIEM Connector.

This procedure details these steps. 

The Sumo Logic Installed Collector and CrowdStrike Falcon SIEM Connector can be located on the same machine or different machines, but Sumo Logic recommends that you locate them both on the same machine for best performance.

Crowdstrike Falcon Host Platform Flow

Configure Sumo Logic Installed Collector and Syslog Source

To collect logs for CrowdStrike Falcon Host platform, in Sumo Logic, configure the following:

  1. An Installed Collector.
  2. Configure a Syslog Source for CrowdStrike on that Collector.

When you configure the Syslog Source, make sure that the Time Zone is set to to GMT (Etc/UTC).

Also, make sure to take note of the protocol (TCP or UDP) and Port number. You will need this information to configure the CloudStrike Falcon SIEM Connector.

Configure the CrowdStrike Falcon SIEM Connector

Refer to the CrowdStrike Falcon Host SIEM Connector Feature Guide documentation hosted in the Falcon UI to configure the SIEM Connector and then configure that connector to send data to the Sumo Logic Syslog Source you created in the previous section.

  1. From the conversation icon, select Docs:CrowdStrike Documentation
  2. Under Feature Guides, select Falcon Host SIEM Connector Feature Guide.CrowdStrike Falcon Host Platform Guide Links