Step 2 - Configure CrowdStrike SIEM Integration

To configure crowdstrike SIEM integration with Avanan:

  1. Access the Avanan Administrator Portal.
  2. From the left navigation panel, go to Security Settings > Security Engines.
  3. Scrolldown to the SIEM Integration and click Configure.

    The Configure SIEM Integration pop-up appears.

  4. From the Transport dropdown, select Crowdstrike NG-SIEM.
  5. In the CrowdStrike Event Collector Host / URL field, enter the API URL copied in Step 1.
  6. In the Bearer Token field, enter the API Key copied in Step 1.
  7. From the Format dropdown, select JSON (Crowdstrike ECS compatible).
  8. To allow SIEM to collect your system logs, select the Collect System logs checkbox.
  9. (Optional) If you want to add custom fields to every event forwarded from CrowdStrike to your SIEM platform:
    1. Select the Add custom field checkbox.
    2. In the Custom field name field, enter the required name.
    3. In the Custom field value field, enter the required value.
    Note:

    You can add only up to five custom fields.

  10. Click Save.

After you configured the CrowdStrike SIEM integration, Avanan sends logs to CrowdStrike.