Skip to main content
AliMhaerFathy
AliMhaerFathy
Explorer
December 3, 2024
Question

CrowdStrike Integration

  • December 3, 2024
  • 2 replies
  • 1359 views

Hello Everyone,

 

we have followed the docx below to integrate with the crowdStrike EDR:

Crowdstrike | FortiSIEM 7.2.4 | Fortinet Document Library

 

we have successfully received the below event types:

2024-12-02_141432.png 

 

Q1:- We didnt see any log related to the detection summary and alert of the EDR?

Q2:- Why is the reporting IP is the fortiSIEM supervisor, which is the discovery server, can we adjust that to be the Hostname of the CrowdStrike?

 

#fortisiem

@Anonymous

    2 replies

    adem_netsys
    adem_netsys
    Explorer III
    December 3, 2024

    Hi @AliMhaerFathy 

    Did you get the printout here from the reports? If I understand correctly, you need to add raw data instead of count in the display tab to see the raw log.

    You need to confirm the CrowdStrike ip by checking the devices in the CMDB tab. I suggest you check the reporting ip again with Device>action>historical events.

    AliMhaerFathy
    AliMhaerFathyAuthor
    Explorer
    December 4, 2024

    Ok, thanks!
    we integrated with CrowdStrike EDR using API, so the FortiSIEM Supervisor pulls the events.

    we can access EDR Events from Admin => Setup => Pull Events.

     

    We searched all the logs but the detection summary logs dont come out.

     

    Is there anything we can do to eneble receiving the detection summary?

    Terms & ConditionsAccessibility statement