Skip to content

Release notes for the Splunk Add-on for CrowdStrike FDR

Version 3.0.0 of the Splunk Add-on for Crowdstrike FDR was released on May 27, 2026. It is compatible with the following software, CIM versions, and platforms.

Component Description
Splunk platform versions 9.1.x, 9.2.x, 9.3.x, 9.4.x,
10.1.x,10.2.x,10.3.x,10.4.x
CIM 5.X
Platforms Platform independent
Vendor Products Crowdstrike FDR

New features

  • Added Bitmask lookups definitions for:

    • KerberosAnomaly
    • LdapSearchQueryClassification
    • VolumeTeardownFlags
    • RegConfigFlags
    • NtlmAvFlags
    • ModuleInitFlags
    • DriverPreventionStatusFlags
    • DotnetModuleFlags
    • DcPolicyFlags
    • AssemblyFlags
    • IntegrityLevel
    • FfcServiceFlags
    • AntiTamperStateFlag
    • PlatformSecuritySettings
    • CodeSigningFlags
    • SignInfoFlags
    • FileEcpBitmask
    • AutoUpdate
    • UserFlags
    • UserLogonFlags
    • UserGroupsBitmask
    • ConfigurationDescriptorAttributes
    • EndpointDescriptorAttributes
    • LocalIpAddressPipelineSource
    • IntegrityLevel
    • FileEcpBitmask
    • FileWrittenFlags
    • Status (NTSTATUS selection)
    • SignInfoFlags
    • AuthenticationFailureMsErrorCode
    • SuspectStackFlag

  • Introduced accelerated field ‘aid’ for collection ‘crowdstrike_ta_host_resolution_collection’ and ‘crowdstrike_ta_build_mac_ip_resolution_collection’.

  • Introduced the ‘SHA256HashData’ field for ‘crowdstrike_ta_build_appinfo_resolution_collection colelction’ and ‘UserSid’ for ‘crowdstrike_ta_build_userinfo_resolution_collection’.

  • CrowdStrike FDR now writes a separate log file for each configured input. This keeps logs from rotating too quickly and makes troubleshooting individual inputs easier.

  • Resolved security vulnerabilities in third-party dependencies to meet current security standards.

  • Python 3.7 is no longer supported. Python 3.8 or later is required.

Fixed issues

Version 3.0.0 of the Splunk Add-on for CrowdStrike FDR contains the following, if any, issues.

Known issues

Version 3.0.0 of the Splunk Add-on for CrowdStrike FDR contains the following, if any, issues.

Third-party software attributions

Version 3.0.0 of the Splunk Add-on for CrowdStike FDR contains the following third-party libraries.

Third-party software attributions for the Splunk Add-on for CrowdStike FDR