Panther has the ability to fetch CrowdStrike events by integrating with the CrowdStrike Falcon Data Replicator.
Login to your Panther account
Go to Log analysis > Sources from the sidebar menu
Click Add Source
Select CrowdStrike from the list of available types
In the following form, fill in the following fields:
Name: A friendly name for the source e.g.
SQS Url: The url for the CrowdStrike-managed SQS queue that is provided to you by CrowdStrike.
AWS Access Key, AWS Access Secret: The AWS access key and secret provided to you by CrowdStrike. Panther will
use these keys in order to access the SQS queue as well as download the CrowdStrike log files from the CrowdStrike-managed S3 bucket.
Click on Next and then Save Source.
You are done! You can now start writing detections and exploring your CrowdStrike data.