# Crowdstrike Integrations with Splunk Enterprise and ES

## Connections Required (Firewall Rules)

Allow access from Splunk Search Head server to the following APIs

* <https://api.us-2.crowdstrike.com>
* <https://firehose.us-2.crowdstrike.com>

## Documentation

* [CrowdStrike Falcon Event Strems Add-On](https://www.crowdstrike.com/wp-content/uploads/2022/12/CrowdStrike-Falcon-Event-Streams-Add-on-Guide-v3.pdf)
* [CrowdStrike Intel Indicators Add-on](https://www.crowdstrike.com/wp-content/uploads/2022/12/CrowdStrike-Falcon-Intel-Indicator-Add-on-Guide.pdf)
* [CrowdStrike Falcon Devices Add-on](https://www.crowdstrike.com/wp-content/uploads/2022/12/CrowdStrike-Falcon-Device-Technical-Add-On-Guide-v3.1.5.pdf)
* [CrowdStrike Falcon Spotlight Vulnerability Data Add-on](https://www.crowdstrike.com/wp-content/uploads/2023/03/CrowdStrike-Falcon-Spotlight-Vulnerability-Technical-Add-on-Guide-v3.2.pdf)
* [CrowdStrike Scheduled Search Add-on](https://www.crowdstrike.com/wp-content/uploads/2023/05/CrowdStrike-Scheduled-Search-Technical-Add-Guide-v2.2.0.pdf)
* [CrowdStrike Falcon FileVantage Add-on](https://www.crowdstrike.com/wp-content/uploads/2023/11/crowdstrike-falcon-filevantage-add-on-splunk.pdf)
* [CrowdStrike Unified Alerts Add-on](https://www.crowdstrike.com/wp-content/uploads/2023/11/crowdstrike-splunk-unified-alerts-guide.pdf)
* [CrowdStrike Falcon Identity Protection Add-on](https://splunk-ta-crowdstrike.ztsplunker.com/)
* [SA-CrowdStrikeIdentities for Enterprise Security](https://splunk-sa-crowdstrike-id.ztsplunker.com/)