You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: crowdstrike_fdr/README.md
+4-15Lines changed: 4 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,25 +10,13 @@ Integrate CrowdStrike FDR with Datadog to gain insights into Authentication & Id
10
10
11
11
### Set up data replication from CrowdStrike FDR to a customer-owned S3 bucket
12
12
13
-
#### Configure the CrowdStrike FDR feed
14
-
1. Log in to the **CrowdStrike Falcon** platform.
15
-
2. Go to **Support and resources** > **Resources and tools** > **Falcon data replicator**.
16
-
3. In the **FDR feeds** tab, click **Create feed**.
17
-
4. Provide a feed name.
18
-
5. Set the feed **status** to on.
19
-
6. Select **Customize your FDR feed** in the **How do you want to create this feed?** option.
20
-
7. Click **Next**.
21
-
8. Include only the required **Event name** from the **Primary events** tab.
22
-
9. Click **Next**.
23
-
10. Click **Create feed**.
24
-
25
13
#### Setup a custom AWS S3 bucket
26
14
1. Sign in to the AWS Management Console and navigate to Amazon S3.
27
15
2. Provide the details as mentioned below:
28
16
-**Bucket name**: Enter a Bucket name (must be globally unique and begins with the prefix `crowdstrike-fdr` to comply with integration naming requirements).
29
17
-**AWS Region**: Choose a region.
30
18
- You can only use your S3 bucket if you're using the US-1, US-2, or EU-1 CrowdStrike clouds.
31
-
- Ensure that your bucket resides in the same AWS region as your Falcon CID where the FDR feed is provisioned.
19
+
- Ensure that your bucket resides in the same AWS region as your Falcon CID.
32
20
CrowdStrike terminology for cloud regions differs slightly from AWS, as shown in this table.
33
21
| CrowdStrike region | AWS region |
34
22
|--------------------|--------------|
@@ -80,8 +68,9 @@ Integrate CrowdStrike FDR with Datadog to gain insights into Authentication & Id
80
68
4. Click **Create Case**.
81
69
5. Provide `FDR to send data to a customer-owned S3 bucket` as a **Case Title**.
82
70
6. In the **Description** section of the support case, be sure to include the following details:
83
-
- The Falcon Customer ID (CID) where your FDR feed is provisioned
84
-
- FDR feed name created in `Configure CrowdStrike FDR Feed` section
71
+
- The Falcon Customer ID (CID)
72
+
- Indicate the below type of events you wish to have provided in this new FDR feed.
73
+
- primary events (All events found within the Events Data Dictionary)
85
74
- The ARN of the custom S3 bucket copied in **Step-8** from `Setup Custom AWS S3 Bucket`
86
75
- Confirmation that the bucket has been set up according to the specifications outlined
87
76
7. **Customer ID (CID)**: Provide Falcon Customer ID
0 commit comments