SPL2 templates for Edge Processor and Ingest Processor for CrowdStrike FDR

Templates for CrowdStrike FDR are designed to help you reduce the size of CrowdStrike FDR events, drop noisy events.

Templates are available for the Edge Processor and Ingest Processor. See the following documentation for more inforamtion:

• Edge Processor
• Ingest Processor

Template name	Version	Use case	Availability
CrowdStrike FDR fields reduction in events	0.0.1	Reduce the size of CrowdStrike FDR sensor events emitted by the Splunk Add-on for CrowdStrike FDR by removing unnecessary data, null fields in the events, filtering out events with same local IP, removing noisy events. The compatibility with the Splunk Common Information Model (CIM) and Security Detections is preserved.	Edge Processor and Ingest Processor

Release Notes for the templates are available in the documentation.