QUESTION

How can I ingest CrowdStrike logs into Panther without a subscription to CrowdStrike's Falcon Data Replicator (FDR)?

ANSWER

To do this, use a custom log source. CrowdStrike FDR provides significant simplification, reducing the need to maintain multiple schemas for multiple CrowdStrike data types. Panther's built-in CrowdStrike connector is designed to work with FDR, so systems that don't employ FDR need to pass their CrowdStrike logs to Panther via a custom log source.