Transform AWS Security Operations with Falcon Next-Gen SIEM

Perform on-demand queries for forensics, compliance, or audit use cases.
CrowdStrike is the first cybersecurity partner to introduce Quick Start for AWS. This guided setup directly connects Falcon Next-Gen SIEM to core AWS security services including AWS CloudTrail, AWS Security Hub, and Amazon GuardDuty.
The cloud era demands elasticity and scalability. Falcon Next-Gen SIEM, built for modern security operations, seamlessly scales with workloads to deliver unified visibility and context across AWS and hybrid environments. It’s built with native AI and automation to streamline manual tasks and provides intelligent data access to optimize what’s stored or searched based on business and security needs.
Discover active AWS security services like CloudTrail, GuardDuty, and Security Hub for continuous monitoring and ingest telemetry within minutes.

Simplify AWS Security Operations with Falcon Next-Gen SIEM

At AWS re:Invent, we’re announcing new innovations that deepen our partnership with the leader in cloud and expand the power of Falcon Next-Gen SIEM in AWS environments.
CrowdStrike is redefining how SOC teams turn cloud data into actionable intelligence by unifying speed, scale, and cost efficiency in one platform built for the cloud and AI era. Together with AWS, today we are announcing new integrations and consumption options designed to further simplify how customers secure and operationalize workloads on Amazon Web Services (AWS).
Deploy prebuilt detection rules to correlate AWS activity with other security data and uncover sophisticated threats.

Quick Start for AWS: Gain Visibility in Minutes

Together, we are introducing Quick Start for AWS for CrowdStrike Falcon® Next-Gen SIEM, pay-as-you-go pricing for Falcon Next-Gen SIEM and CrowdStrike Falcon® Cloud Security, and expanded integration with Amazon Athena. With these innovations, customers can onboard faster, scale as needed, and improve cost efficiency in accessing security and operational data across their AWS environments.
Federated search will combine the power of Falcon Next-Gen SIEM with the scale and cost efficiency of AWS. New federated search capabilities via Amazon Athena will provide fast and flexible access to data stored in Amazon S3 buckets. Analysts will be able to query data in place without needing to duplicate or reingest, enabling them to:

• Customers can use this guided onboarding process to automate key steps:
• Connect data sources through a guided onboarding wizard without the need for manual setup or special permissions.
• By streamlining how customers connect their AWS environments to CrowdStrike, organizations can unify data from endpoints, cloud workloads, and identities with AWS telemetry for comprehensive, cross-domain threat detection and response.
• Activate log parsers to normalize and enrich AWS events. 

Falcon Next-Gen SIEM correlates AWS data with telemetry from across the security ecosystem to provide the insights SOC teams need to detect, investigate, and respond to threats across cloud environments. It offers out-of-the-box dashboards for CloudTrail, VPC, and S3 monitoring and over 200 correlation rule templates for Cloudtrail. With Falcon Next-Gen SIEM and AWS data, teams can quickly identify threats like stolen AWS keys, unauthorized access, privilege escalation, and unusual traffic.

Federated Search with Amazon Athena: Query Smarter, Store Less

These integrations deliver an AWS-optimized approach to detection and response that is both scalable and cost-efficient. Teams can keep high-value data in Falcon Next-Gen SIEM for active investigations while storing rarely accessed data in low-cost storage. The result is faster insight when needed and smarter data management overall.

• Create a cost-effective data strategy by routing data to S3 using telemetry pipelines like CrowdStrike Falcon® Onum.
• With today’s innovations, CrowdStrike and AWS are making it easier for customers to adopt and scale with the CrowdStrike Falcon® platform across AWS environments.

Teams with Falcon Cloud Security can also query data directly from Falcon Next-Gen SIEM, reducing complexity with the power of the Falcon platform. By unifying AWS telemetry with data from endpoints, identities, and more, CrowdStrike provides the full picture of an attack, not just cloud activity. With AI and automation built into the Falcon platform, SOCs can simplify cloud complexity so teams can act with confidence at scale.