CrowdStrike Audit Event Correlation

Summary CrowdStrike creates logs in JSON format and sends 2 different datasets to the same sourcetype; security events from their detection tools and audit events from their management tool.  These audit tools contain analyst data about when they mark events as true positive, and withing CrowdStrike these are joined with the security event itself.  To […]

Continue Reading →