Help
FortiSIEM Discussions
AliMhaerFathy
New Contributor II

Created on ‎12-03-2024 07:14 AM

CrowdStrike Integration

Hello Everyone,

 

we have followed the docx below to integrate with the crowdStrike EDR:

Crowdstrike | FortiSIEM 7.2.4 | Fortinet Document Library

 

we have successfully received the below event types:

2024-12-02_141432.png 

 

Q1:- We didnt see any log related to the detection summary and alert of the EDR?

Q2:- Why is the reporting IP is the fortiSIEM supervisor, which is the discovery server, can we adjust that to be the Hostname of the CrowdStrike?

 

#fortisiem

@Community

144
0 Kudos
2 REPLIES 2
adem_netsys
Contributor

Created on ‎12-03-2024 11:32 AM

Hi @AliMhaerFathy 

Did you get the printout here from the reports? If I understand correctly, you need to add raw data instead of count in the display tab to see the raw log.

You need to confirm the CrowdStrike ip by checking the devices in the CMDB tab. I suggest you check the reporting ip again with Device>action>historical events.

127
0 Kudos
AliMhaerFathy
New Contributor II

Created on ‎12-04-2024 01:01 AM

Ok, thanks!
we integrated with CrowdStrike EDR using API, so the FortiSIEM Supervisor pulls the events.

we can access EDR Events from Admin => Setup => Pull Events.

 

We searched all the logs but the detection summary logs dont come out.

 

Is there anything we can do to eneble receiving the detection summary?

98
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.