Choosing the Right CrowdStrike Falcon Cloud Collector

CrowdStrike supports two APIs to retrieve events – Falcon Streaming API and Falcon Data Replicator (FDR). For the CrowdStrike Falcon (via API) Cloud Collector, Exabeam connects to the CrowdStrike data source Falcon Streaming API to get real time data. For the CrowdStrike Falcon (via S3) cloud collector, Exabeam collects the data from S3 bucket to which CrowdStrike forwards logs. Refer to the following table to select the Cloud Collector that suits your requirements.

Cloud Collector	Considerations
CrowdStrike Falcon (via API) Cloud Collector	Supported data sources – Audit events and alerts Behavior – Collects events using the Falcon Streaming API. When to use – Use this collector based on the data sources that you want the collector to ingest. Installation – Configure the CrowdStrike Falcon (via API) Cloud Collector according to the instructions.
CrowdStrike Falcon (via FDR) Cloud Collector	Supported data sources – Raw threat graph events Behavior – Collects all the events stored in a S3 bucket from a single source using CrowdStrike Falcon Replicator. When to use – Use this collector based on the data sources that you want the collector to ingest. Installation – Configure the CrowdStrike Falcon (via FDR) Cloud Collector according to the instructions.

CollectorsCloud Collectors Administration Guide

Table of ContentsTable of Contents

Choosing the Right CrowdStrike Falcon Cloud Collector