Splunk® Supported Add-ons

Splunk Add-on for CrowdStrike FDR

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for Crowdstrike

Version 1.2.0 of the Splunk Add-on for Crowdstrike was released on April 20, 2022. See Release Notes for the latest updates.

Version 1.0.0

Splunk platform versions 8.1, 8.2
Platforms Platform independent
Vendor Products Crowdstrike FDR

Known issues

Version 1.0.0 of the Splunk Add-on for CrowdStrike FDR contains the following issues.

  • In the Splunk Cloud Platform stack, by default there is no connectivity using Splunk REST API port 8089 from IDM to search heads. Additionally, IDM has limited index time field extraction capabilities (in comparison to a heavy forwarder). Both these factors do not allow the add-on to perform solution for index-time host resolution. Consider using an external heavy forwarder to make index-time host resolution work.
  • If a heavy forwarder is installed on the Windows 2019 Datacenter, then the INGEST_EVAL with lookup() instruction can cause a crash of the Splunk service. This issue means that the Splunk Add-on for Crowdstrike FDR can not be used in such environments. Consider using a Linux host instead

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Crowdstrike does not incorporate any third-party software or libraries.

Last modified on 03 May, 2022
Release notes for the Splunk Add-on for CrowdStrike

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters