Issue

When trying to onboard a new Crowdstrike Event Streams log source I receive authentication errors.

Resolution

Depending on the specific error message, different fixes may apply:

If you are seeing a 403 access denied error please check this knowledge base article for more context:📄 Error: 403 access denied from Crowdstrike log source