Morning all,
I hope you're doing well!
We've had some... "fun-times" should we say trying to ingest Crowdstrike FDR into our platform, and unfortunately still are without luck. According to support, the logs are coming in, but QRadar is failing to extract the logs from the txt.gz file that is pulls from the SQS queue (this is recommended by both AWS, CS, and IBM at this point).
Has anyone else had any issues with Crowdstrike, or for that matter ANY AWS SQS queues not being able to be extracted, parsed, or visible via. log activity?
Kind Regards,
Charlie
------------------------------
Charlie Kemp
------------------------------