Falcon Next-Gen SIEM Supports Third-Party EDR Tools, Starting with Microsoft Defender

Keypoints

• Falcon Next-Gen SIEM now supports third-party EDR starting with Microsoft Defender, enabling unified detection, investigation, and response without replacing endpoint agents.
• Falcon Onum is embedded to provide real-time data ingestion, filtering, enrichment, and routing at the edge, improving streaming performance and reducing storage costs (projected up to 5x faster streaming and up to 50% lower storage).
• Federated search lets analysts query live, network (ExtraHop), and archived cloud data (Amazon S3 via Athena) and Falcon LogScale storage in place, avoiding costly re-ingestion and preserving existing investments.
• Third-Party Indicator Management operationalizes external threat intelligence by ingesting, enriching, scoring, deduplicating, and lifecycle-managing indicators and correlating them with telemetry and CrowdStrike intelligence.
• The Query Translation Agent (CrowdStrike Charlotte AI) automatically translates Splunk queries or plain-language requests into CrowdStrike Query Language (CQL) to accelerate SIEM migrations and preserve existing workflows.
• The platform unifies first- and third-party data under an AI-native, index-free search model to eliminate the “data tax,” streamline onboarding, and enable agentic automation and orchestration across heterogeneous environments.