Panther has the ability to fetch CrowdStrike events by integrating with the CrowdStrike Falcon Data Replicator.
Login to your CrowdStrike Falcon console
Navigate to the API Clients and Keys page
Click Create new credentials under the FDR AWS S3 Credentials and SQS Queue section
Copy down the Client ID, Secret ID, and SQS URL for the next steps
Login to your Panther deployment
Go to Log analysis > Sources from the sidebar menu
Click Add Source
Select CrowdStrike from the list of available types
Fill in the fields below:
Name: A friendly name for the source e.g.
SQS Url: The URL for the CrowdStrike-managed SQS queue, previously copied
AWS Access Key, AWS Access Secret: The AWS access key and secret, previously copied.
Click on Next and then Save Source.
You are done! You can now start writing detections and exploring your CrowdStrike data.