Crowdstrike Integrations with Splunk Enterprise and ES

Connections Required (Firewall Rules)

Allow access from Splunk Search Head server to the following APIs

• https://api.us-2.crowdstrike.com

• https://firehose.us-2.crowdstrike.com

Documentation

• CrowdStrike Falcon Event Strems Add-On

• CrowdStrike Intel Indicators Add-on

• CrowdStrike Falcon Devices Add-on

• CrowdStrike Falcon Spotlight Vulnerability Data Add-on

• CrowdStrike Scheduled Search Add-on

• CrowdStrike Falcon FileVantage Add-on

• CrowdStrike Unified Alerts Add-on

• CrowdStrike Falcon Identity Protection Add-on

• SA-CrowdStrikeIdentities for Enterprise Security