02-23-2025 04:09 AM
Hi everyone,
How can I fetch Next-Gen SIEM alerts from CrowdStrike into XSOAR? I have already set up my Falcon integration, and I can fetch categories like endpoint detection.
As seen in the image, there is a query section available to fetch different detections. Additionally, in the fetch types section, there are detection options such as endpoint detection, incident, IDP, OFP, and Mobile etc.
However, I want to fetch all detections coming directly to Next-Gen SIEM. Is this possible? For example, Next-Gen SIEM includes various detections created through email, cloud, and custom rules etc. How can I fetch all of them?
Thanks!
03-06-2025 10:41 AM
Looking at a solution for this as well, in addition to being able to configure a query (not just search endpoints) in their advanced event search as we're migrating from their Humio/LogScale to Crowdstrike NG SIEM
03-27-2025 06:28 AM
Has there been any resolution to your problem? I would also like to know if there's anyway to fetch the incidents/detections that are created from correlation rules. As you mentioned there are options for the different fetch types, but these do not fetch any alerts made by correlation rules from my experience.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
