CrowdStrike-ArcSight Integration
Posted by Julanne Rutten
Thursday, April 09, 2020 00:00
The CrowdStrike Falcon™ platform defends organizations against ransomware and other advanced threats by combining next-generation AV and indicator of attack (IOA) technology with EDR (endpoint detection and response) and a 24/7 threat hunting service—all delivered via a single lightweight agent.
This integration will allow users to ingest CrowdStrike alerts and logs into their ArcSight SIEM, enabling correlation and automation activities. Users will set up the SIEM Connector client to connect to the CrowdStrike Streaming API and then direct the output from the Connector client to ArcSight. Read more