CrowdStrike Next-Gen SIEM Configuration Guide for Sink

This guide walks you through creating a CrowdStrike Next-Gen SIEM HTTP Event Connector (HEC), and gathering the configuration needed to create a Sink integration for CrowdStrike Next-Gen SIEM.

Create a new Data Connector

1. Log in to the console

Log in to your CrowdStrike Console instance with administrative privileges. Without administrative privileges you will not have access to create the data connector.

2. Create an HTTP Event Connector (HEC) for Service Integration

Open the main menu and navigate to the Data connectors > Data connections. In the Connections section click the '+ Add connection' button.

Click the 'Filter by connector name' dropdown, type in "HTTP" and click 'Apply'. You should now see the "HEC / HTTP Event Connector" in the list. Select this connector by clicking on it and then click the 'Configure' button.

Fill in the form with the following values:

Data source: your desired data source value
Data Type: JSON
Connector Name: your desired connector name
Parsers: json (Generic Source)

Affirm your adherence to the CrowdStrike Terms and Conditions by checking the box and then click Save.

A modal will appear indicating the connector is being set up. Close the modal and wait for the connector setup to finish. Once the connector is ready to receive data, you will see a notification bar at the top of the connector page. On the right hand side click the Generate API Key button.

A new modal will appear with your API URL and API Key values. Copy these to a safe location.

Configure the Integration

Create your integration by supplying all the configuration values.

URL

This is the API URL gathered in step 2

Token Secret

This is the API Key gathered in step 2

Create a new Data Connector

1. Log in to the console

2. Create an HTTP Event Connector (HEC) for Service Integration

Configure the Integration

Was this helpful?