Sources
API-Polling-Sources
Crowdstrike

CrowdStrike

CrowdStrike logs are ingested by utilizing the CrowdStrike streaming events service that they offer. Every 60 seconds we connect to your CrowsStrike event streams and ingest any events that are forwarded.

Setup

Login to your CrowdStrike account and navigate to API clients and keys under the Support and resources section.

Create a new OAuth2 API Client from this page. Give the client a name and optional description. RunReveal only requires Read access to Event Streams for ingestion to work.

Save the Client ID, Client Secret, and Base URL that is displayed once created. You will need these when setting up your RunReveal source.

In RunReveal, create a new CrowdStrike source. Give it a name and fill in the values from your API client.

Once added CrowdStrike events should start ingesting within a few minutes.

Cloudflare Audit LogsGcp