Alert Logic MDR and Fortra XDR customers can add security value to their CrowdStrike deployment though our Application Registry integration with CrowdStrike APIs.
On the 30th of September 2025, CrowdStrike will decommission its /detects API endpoint, which is utilized as part of the Alert Logic CrowdStrike Log Collector. Their recommendation is to transition to the /alerts API endpoint.
The Alert Logic engineering team has released an update to collect the data from this endpoint.
To ensure uninterrupted coverage between Alert Logic and your CrowdStrike environment, we will automatically update all existing configured CrowdStrike Log Collectors to include the new /alerts API endpoint. To start successfully ingest these logs, you must update the permissions associated with the currently configured API key by doing the following:
- On the CrowdStrike Falcon platform, go to API Clients and Keys.
- In the OAuth2 API Clients table, select your API key.
- In the API Scopes field, enable the Read scope for Alerts.
If you do not update the permissions associated with the API key, the CrowdStrike Log Collector will appear as Unhealthy within the Alert Logic Health Console.
We are automatically enrolling all currently deployed collectors, as this matches your initial intentions when you configured the collector. To exclude the /alerts API endpoint, contact our support team, and we can disable this for you.
For information on configuring the CrowdStrike Log Collector, see: Configure CrowdStrike Log Collector.
Comments
0 comments
Please sign in to leave a comment.