CROWDSTRIKE’S Falcon Next-Gen SIEM can now ingest Microsoft Defender telemetry, with Defender for Endpoint becoming the first EDR to integrate into the SIEM and enabling Defender data to support third-party EDRs. The integration, announced alongside CrowdStrike’s Falcon Onum for real-time log processing, means Defender telemetry can be processed at scale and supports intelligent filtering and real-time analytics, according to CrowdStrike.
The story also notes that CrowdStrike has entered the Microsoft Marketplace, making its offerings available to customers signing cloud usage agreements under the Microsoft Azure Consumption Commitment. CrowdStrike’s chief business officer, Daniel Bernard, frames the move as part of a broader ecosystem partnership with Microsoft, while the article also highlights a history of criticism of Microsoft by CrowdStrike’s CEO, George Kurtz, in relation to past vulnerabilities.
The piece closes by pointing to Onum’s role in the platform and to the potential for hybrid, cross-vendor security workflows enabled by the new Defender telemetry ingestion, as noted by the author.