I believe you have followed documentation from app exchange and support also validated it.
You might want to validate:
1 OAuth2 credentials
2. if Event Stream API has been enabled by Crowdstrike support
3. tcpdump on qradar.
If you are not seeing any traffic in tcpdump then issue is mostly on CS side, I would engage CS support and QR support to see both sides
------------------------------
[Ashish] [Khandewale] [Security Consultant]
[SIOC]
[IBM Canada]
------------------------------
Original Message:
Sent: Mon January 31, 2022 03:15 AM
From: Jaco Stander
Subject: CrowdStrike Falcon Endpoint No event
Hi,
I'm trying to use the CrowdStrike Falcon Endpoint app for QRadar.
I have setup the API in Crowdstrike and I added the client config in the app.
I'm not seeing any events on the Crowdstrike Endpoint log source I created.
I have logged a support case to Crowdstrike and I was told the client is making successful connections.
Has anyone setup the app yet, what am I missing or doing wrong.
Must add I'm fairly new to QRadar.
------------------------------
Jaco Stander
------------------------------