CrowdStrike Falcon Endpoint Protection via AMA

Copper Contributor

we are planning to integrate crowdstrike to sentinel.

I have few doubts about it.

1. after creating api clients in falcon portal. Using which protocol data flows to CEF collector server.

2.How API created in crowdstrike are communicating with cef server mean Data flow.

 

Thanks

1 Reply
The API is the way forward and it could support enrichment which CEF does not. API however is not as immediate as CEF connection;
however CEF suffers from inability to filter irrelevant logs via DCR; which would increase processing costs in Sentinel - which seem to be always increasing and not going down.
Your SOC needs to draw value with SOAR into Crowdstrike with automatic device isolation etc. Most SOCs are geared out of the box to Microsoft xDR solutions and ignore other vendors at their peril.