Difference between all Crowdstrike available Parsers

Forum|Forum|2 years ago
February 9, 2024
26 replies
676 views

+7

TheSecOpsGuy
Bronze 5

Hi Everyone,

As per Chronicle documenation , we have 4 below pre built parsers. Would you please let me know the difference bewteen them ? I can see two parsers for the same category EDR.

Vendor / Product Category Ingestion label Format Latest Update

CrowdStrike Detection Monitoring	EDR	CS_DETECTS	JSON	2023-07-21 View Change
CrowdStrike Falcon	EDR	CS_EDR	JSON	2023-12-22 View Change
CrowdStrike Falcon Stream	Alerts	CS_STREAM	KV (LEEF)	2022-07-18 View Change
Crowdstrike IOC	IOC	CROWDSTRIKE_IOC	JSON	2023-08-23 View Change

Show first post

1
2

Forum|pagination.label 2 / 2

DevinDeManche
Bronze 1
Forum|Forum|8 months ago
June 13, 2025

The CS_DETECT feed and API supports the new Alerts API now.

That confirms my findings that logs collected by both feeds are the same. The parsing by CS_ALERTS is slightly improved and I've submitted a request for those improvements to be added to CS_DETECT. Do we know why this parser was created if CS_DETECT already supports the new API?

Like

1
2

Forum|pagination.label 2 / 2

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded