https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1249731#M4239 <DIV>Has anyone here managed to receive alerts directly from CrowdStrike Next-Gen SIEM in XSOAR or XSIAM?</DIV> Mon, 09 Mar 2026 12:49:02 GMT Marcello_Lopes 2026-03-09T12:49:02Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1221708#M3912 <P data-start="81" data-end="95">Hi everyone,</P> <P data-start="97" data-end="261">How can I fetch Next-Gen SIEM alerts from CrowdStrike into XSOAR? I have already set up my Falcon integration, and I can fetch categories like endpoint detection.</P> <P data-start="263" data-end="482">As seen in the image, there is a query section available to fetch different detections. Additionally, in the fetch types section, there are detection options such as endpoint detection, incident, IDP, OFP, and Mobile etc.</P> <P data-start="484" data-end="708">However, I want to fetch all detections coming directly to Next-Gen SIEM. Is this possible? For example, Next-Gen SIEM includes various detections created through email, cloud, and custom rules etc. How can I fetch all of them?</P> <P data-start="710" data-end="717" data-is-last-node="" data-is-only-node="">Thanks!</P> Sun, 23 Feb 2025 12:09:53 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1221708#M3912 O.Isik 2025-02-23T12:09:53Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1222936#M3933 <P>Looking at a solution for this as well, in addition to being able to configure a query (not just search endpoints) in their advanced event search as we're migrating from their Humio/LogScale to Crowdstrike NG SIEM</P> Thu, 06 Mar 2025 18:41:19 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1222936#M3933 clopianohastey 2025-03-06T18:41:19Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1224914#M3962 <P>Has there been any resolution to your problem? I would also like to know if there's anyway to fetch the incidents/detections that are created from correlation rules. As you mentioned there are options for the different fetch types, but these do not fetch any alerts made by correlation rules from my experience.&nbsp;</P> Thu, 27 Mar 2025 13:28:25 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1224914#M3962 MustardMan 2025-03-27T13:28:25Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1227804#M4002 <P><SPAN>Hi, there is no existing content pack for CrowdStrike NG SIEM at this moment. However, it is expected to be available soon (most likely by the end of Q2).</SPAN></P> Wed, 30 Apr 2025 21:11:14 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1227804#M4002 oromeromoya 2025-04-30T21:11:14Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1246021#M4228 <P>Anyone find a method to run adhoc queries against NGSIEM with the current integrations?</P> Tue, 20 Jan 2026 16:05:09 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1246021#M4228 D.Richards989932 2026-01-20T16:05:09Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1249731#M4239 <DIV>Has anyone here managed to receive alerts directly from CrowdStrike Next-Gen SIEM in XSOAR or XSIAM?</DIV> Mon, 09 Mar 2026 12:49:02 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1249731#M4239 Marcello_Lopes 2026-03-09T12:49:02Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1252867#M4247 <P>Any updates one when we can query&nbsp;<SPAN>CrowdStrike Next-Gen SIEM data?&nbsp;</SPAN></P> Thu, 23 Apr 2026 15:33:32 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1252867#M4247 Bowden 2026-04-23T15:33:32Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1252869#M4248 <P>It has been added to the CS falcon integration, although the functionality is very limited.<BR />!cs-falcon-search-ngsiem-events<BR /><BR />It does not return any aggregated function results, so beware.</P> Thu, 23 Apr 2026 15:57:00 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/fetching-crowdstrike-next-gen-siem-alerts-into-soar/m-p/1252869#M4248 D.Richards989932 2026-04-23T15:57:00Z