Falcon Next-Gen SIEM
CrowdStrike Falcon Next-Gen SIEM unifies security data from across your entire environment into a single, searchable platform.
Write custom parsers to ingest and normalize any log source, map fields to the CrowdStrike Parsing Standard, and make third-party data searchable alongside native Falcon telemetry.
Parser Development
Section titled “Parser Development”Whether you’re integrating a new vendor, building internal tooling, or extending CrowdStrike’s detection capabilities, these resources give you everything you need to build parsers that are consistent, performant, and production-ready.
CrowdStrike Parsing Standard Data format specification based on Elastic Common Schema (ECS) with documented deviations and extensions.
CPS-Compliant Parsers Parser fields, tags, differences from ECS, and rules for managing non-ECS fields.
Parser Guidelines Rules for creating parsers including test data requirements, PII restrictions, and sample data standards.
Parser Template Complete section structure, metadata fields, and downloadable starter examples.
Vendor Guidelines Naming rules and complete vendor-to-legal-name reference.
Module Guidelines Standardized #event.module values by vendor and product for parser development.
observer.type Guidelines Non-exhaustive list of valid #observer.type values for parser development.
Deprecated Parsers Migration guide for deprecated parsers with recommended replacement mappings.
Versions Change history and version details for the CrowdStrike Parsing Standard.