Ingesting FDR Data
Humio can ingest Falcon Data Replicator (FDR) data into Humio without having to configure log shippers.
Ingesting FDR data can be used with self-hosted Humio clusters. For cloud customers, please contact the support team.
Non-FDR data should not be ingested into an FDR repository.
To configure FDR ingest:
Once the data has been ingested, you can examine the information using Ingesting FDR Data to a Repository.
Getting Insights Out of Your FDR Data
Once you have some FDR data ingested into Humio, you can use the Humio query language and other assorted features to get a deeper insight into your data.
In addition to containing the FDR parser the
crowdstrike/fdr package also
contains various queries, dashboards and alerts that can help you get
started on getting insights from your FDR data.
The number of events ingested per feed per repository can be seen in the metric LogScale Metrics.