CrowdStrike Unveils Falcon Next-Gen SIEM Support for Microsoft Defender for Endpoint, Advancing Open Security Architecture

CrowdStrike announced that Falcon Next-Gen SIEM now ingests and correlates Microsoft Defender for Endpoint telemetry, enabling Microsoft endpoint customers to modernize security operations without deploying additional sensors.

CrowdStrike also unveiled native Falcon® Onum real-time data pipelines, federated search across third-party data stores, third-party intelligence integration, and its Query Translation Agent. Together, these innovations accelerate legacy SIEM transformation by eliminating migration friction, reducing ingestion and storage costs, and delivering real-time threat detection across heterogeneous environments.

“Strategic alignment and disciplined execution between industry leaders is what drives meaningful innovation and stronger security outcomes for customers,” said Daniel Bernard, chief business officer at CrowdStrike. “Our integration with Microsoft accelerates legacy SIEM transformation without the operational burden of deploying additional sensors. By advancing our open, data-agnostic architecture, we are giving organizations the flexibility, performance, and data economics to modernize security operations across any technology stack – meeting customers where they are to unlock the protection outcomes and value from Falcon.”

“It is great to see Microsoft Defender telemetry being leveraged within Falcon Next-Gen SIEM,” said Rob Lefferts, corporate vice president for threat protection at Microsoft. “Defender operates at a global scale, and integrations like this reinforce the importance of an open ecosystem where leading platforms interoperate to help customers improve security outcomes.”

Falcon Next-Gen SIEM has proven itself a scaled market disruptor, with performance and cost advantages that set it apart from legacy SIEMs. Growing 75 percent year-over-year,1 the business is accelerating adoption of the Falcon® platform as the operating system of cybersecurity.

Falcon Next-Gen SIEM for Defender accelerates SOC modernization for organizations standardized on Microsoft Defender for Endpoint protection. Organizations can ingest and correlate Defender telemetry with Falcon’s log data, threat intelligence, cross-domain context, and AI-driven analytics in real time, augmenting native detections without deploying a new endpoint sensor.

To accelerate the transition to the agentic SOC, CrowdStrike is delivering new innovations that eliminate architectural barriers to modern SIEM adoption, simplifying data onboarding, reducing cost, and increasing operational speed.