Skip to main content
Panther Knowledge Base

How can I ingest CrowdStrike logs into Panther without a subscription to CrowdStrike FDR?

  1. Last updated
  2. Save as PDF

QUESTION

How can I ingest CrowdStrike logs into Panther without a subscription to CrowdStrike's Falcon Data Replicator (FDR)?

ANSWER

To do this, use a custom log source. CrowdStrike FDR provides significant simplification, reducing the need to maintain multiple schemas for multiple CrowdStrike data types. Panther's built-in CrowdStrike connector is designed to work with FDR, so systems that don't employ FDR need to pass their CrowdStrike logs to Panther via a custom log source.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.