CrowdStrike Falcon

LogScale HEC API

• add Lyftdata output splunk-hec
• configure Crowdstrike ingest endpoint URL
• configure HEC token
• configure Splunk fields: index, host, source, sourcetype, timestamp
• see also: LogScale HEC

LogScale Ingest APIs

• add Lyftdata output http-post
• configure Crowdstrike ingest endpoint URL
• configure required headers (Authorization: Bearer foo)
• see also: LogScale Ingest APIs

S3

https://www.crowdstrike.com/tech-hub/ng-siem/crowdstrike-falcon-logscale-s3-ingest/