Documentation Index

Fetch the complete documentation index at: https://help.nordlayer.com/llms.txt

Use this file to discover all available pages before exploring further.

Forwarding NordLayer Logs to CrowdStrike via SIEM

Prev Next

This guide explains how to integrate CrowdStrike Falcon Next-Gen SIEM with NordLayer to enhance visibility and response capabilities. NordLayer Control Panel Actions and Network Connections logs are automatically forwarded to your CrowdStrike environment, enabling centralized monitoring and faster incident response.

Step 1. Initiate the setup in the NordLayer Control Panel

  1. Log into the NordLayer Control Panel and click the Integrations tab on the left side.

NordLayer integrations dashboard showing CrowdStrike Falcon and SentinelOne security connections

  1. Toggle on the CrowdStrike Falcon Next-Gen SIEM integration.

CrowdStrike Falcon setup modal with API Key and URL input fields

  1. A window will open with the API URL and API Key you'll need to continue setup on the CrowdStrike dashboard.

Step 2. Continue the setup on CrowdStrike

  1. Keep the NordLayer window open, and in a new tab, log in to the CrowdStrike Falcon portal.

CrowdStrike Endpoint Security Connectors menu showing data and cloud connector options

  1. Click the Menu icon and go to Connectors.

Next-Gen SIEM data connections dashboard displaying connection status and daily data ingest graph

  1. Go to the Data connections tab and click Add connection.

Data connectors table filtered by NordLayer showing Nord Security push connector entry

  1. Enter NordLayer in the search bar and select Nord Security NordLayer Data Connector.

NordLayer data connector configuration panel showing vendor details and push connector settings

  1. Click Configure.

NordLayer connector setup form with parsing enrichment options and resource links

  1. Fill in Connection name, Description, select appropriate checkboxes and click Create connection.

Connector setup progress modal explaining API key generation requirement for data transmission

  1. Confirm Connector creation notification.

NordLayer SIEM integration connection details showing pending status and API configuration

  1. Once creation is completed click the Generate API key on top right this window.

Connection setup modal displaying CID name, API key, and API URL for data transmission

  1. Copy the API URL and API Key.
Note

Make sure to note down the API URL and API Key, as they will not be available again.

Step 3. Finalize the setup

  1. Return to the NordLayer Control Panel and paste both API URL and API Key.

CrowdStrike Falcon setup modal with API Key and URL input fields

  1. Click Finish setup to complete the integration.

Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.

Can't find what you need?

Live chat

Contact our support to solve an issue live.

Chat functionality relies on cookies. By starting the chat, you agree to their use. Learn more in our Cookie Policy.