Jump to Content
Query Docs
HomeGuidesDiscussions
v1.0

Log InQuery Docs
Log In
v1.0HomeGuidesDiscussions

Welcome

  • Welcome to Query!
  • Getting Started
  • Product Architecture
  • Security & Privacy

Search & Results

  • Query Search Basics
  • Search Progress and Results
  • Visualizing Results

Administration

  • Team Management
  • Data Connections Sources
  • Query Connect
  • Configure Dynamic Schema's

Integrations

  • Query Integration Table of Contents
  • AWS S3/Athena
  • Active Directory (LDAP)
  • Cofense
  • CrowdStrike Falcon Endpoint Protection Platform
    • CrowdStrike Falcon Endpoint Protection API
    • CrowdStrike FDR Data Stored in Amazon S3
    • CrowdStrike Data Stored in Amazon S3
    • AWS S3 & Glue Example IAM Policy
  • Jamf
  • Microsoft Azure Active Directory
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office 365
  • Microsoft Intune
  • Okta
  • Splunk Enterprise & Cloud
  • VirusTotal
  • VMWare Carbon Black Cloud Enterprise EDR

OCSF

  • Normalization and the OCSF Data Model

SPLUNK APP

  • About Query's Splunk App
  • Splunk App Setup and Administration
  • Running Federated Search from Splunk

CrowdStrike Falcon Endpoint Protection Platform

Suggest Edits

Overview

CrowdStrike Falcon is one of the leading solutions in the Endpoint Protection Platform (EPP) market.

Instructions for connecting Query to CrowdStrike data for three common patterns are included in this section:

  • Direct connection to the CrowdStrike Falcon Endpoint Protection API
  • CrowdStrike data stored in Amazon S3 using Falcon Data Replicator (FDR)
  • CrowdStrike data stored in Amazon S3

Updated about 2 months ago


  • Table of Contents
    • Overview
COMPANY

Product

About

Careers

Leadership

Board of Directors

RESOURCES

Blogs

Newsroom

Videos

White Papers

LEGAL

Privacy & Cookie Policy

Compliance & Security

CONTACT

Book a Demo

Contact Sales


Query

3423 Piedmont Road NE
• Atlanta, GA 30305
©2023 Query, All Rights Reserved.