Hey,
We've recently had issues with QRadar and Crowdstrike connections, but we settled with using Falcon Endpoint as an app and getting the logs through that. After doing so, we started to get some detections (finally!) - but after doing so we noticed only a small number of detections were actually coming through, an example is that in Crowdstrike we had 12 alerts/detections, yet only two came through QRadar - is there a reason this might be?
------------------------------
Charlie Kemp
SOC Manager
------------------------------