This guide walks you through creating a CrowdStrike Next-Gen SIEM HTTP Event Connector (HEC), and gathering the configuration needed to create a Sink integration for CrowdStrike Next-Gen SIEM.

Create a new Data Connector

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude

1. Log in to the console

Log in to your CrowdStrike Console instance with administrative privileges. Without administrative privileges you will not have access to create the data connector.

2. Create an HTTP Event Connector (HEC) for Service Integration

Open the main menu and navigate to the Next-Gen SIEM > Data onboarding. In the Connections section click the '+ Add connection' button.

Click the + Add Connection button.

Click the 'Filter by connector name' dropdown, type in "HTTP" and click 'Apply'. You should now see the "HEC / HTTP Event Connector" in the list. Select this connector by clicking on it and then click the 'Configure' button.

Give your new connector a name, and then fill in the form with the following values:

• Vendor: Generic
• Vendor Product: Generic

Create a new parser if needed

If you have created a generic JSON parser, skip this step, otherwise click the "Create New Parser" button.

If you are creating a new parser, give it a name such as 'generic-json', select "Blank template", and click Create. Select all the content in the "Parser Script" section and remove it. Add the following contents:

parseJson()

Events sent to CrowdStrike are already in CPS format by default, parsing the JSON is all that is necessary. Click "Save and exit". This will put you back on the new Event Collection form.

Select your generic JSON parser by name from the dropdown.

Affirm your adherence to the CrowdStrike Terms and Conditions by checking the box and then click Save.

A modal will appear indicating the connector is being set up. Close the modal and wait for the connector setup to finish. Once the connector is ready to receive data, you will see a notification bar at the top of the connector page. On the right hand side click the Generate API Key button.

A new modal will appear with your API URL and API Key values. Copy these to a safe location.

Configure the Integration

Create your integration by supplying all the configuration values.

URL

This is the API URL gathered in step 2

Token Secret

This is the API Key gathered in step 2