CrowdStrike Unveils Falcon Next-Gen SIEM Support for Microsoft Defender for Endpoint, Advancing Open Security Architecture

Key Terms

siem technical

SIEM (Security Information and Event Management) is a software system that gathers and analyzes security-related data from across a company's computers and networks to spot suspicious activity, like a central security dashboard that flags and explains alarms from many sensors. For investors it matters because a strong SIEM helps prevent costly breaches, supports regulatory compliance, and can reduce financial and reputational risk; for vendors it can be a key revenue and growth area.

endpoint technical

An endpoint in clinical research is the specific outcome investigators decide in advance to measure whether a treatment is effective or safe, such as symptom improvement, survival time, or a change in a lab value. For investors it matters because meeting or missing these pre-set goals is the main signal regulators and the market use to judge a drug’s prospects—like a race’s finish line that determines if a product can move forward, win approval, and generate revenue.

telemetry technical

Telemetry is the automatic collection and transmission of measurements from remote devices, systems, or patients to a central system for monitoring and analysis—like a car sending engine, speed and location data back to a dashboard. For investors it matters because telemetry provides real-time evidence of product performance, safety and user behavior, helping assess revenue potential, operational risk, regulatory compliance and whether a product is meeting market demand.

federated search technical

A federated search is a system that lets users enter one search query and retrieve results from multiple separate databases or sources at once, without copying all the data into one place. For investors, it matters because companies that use federated search can deliver faster, more complete access to information—similar to a librarian who checks several libraries at once—improving decision speed, customer experience, and potential competitive advantage.

Falcon Next-Gen SIEM ingests Microsoft endpoint telemetry with no Falcon sensor required, as new innovations accelerate legacy SIEM transformation across heterogeneous environments

AUSTIN, Texas & SAN FRANCISCO--(BUSINESS WIRE)-- RSA 2026 -- CrowdStrike (NASDAQ: CRWD) today announced that Falcon® Next-Gen SIEM now ingests and correlates Microsoft Defender for Endpoint telemetry, enabling Microsoft endpoint customers to modernize security operations without deploying additional sensors.

CrowdStrike also unveiled native Falcon® Onum real-time data pipelines, federated search across third-party data stores, third-party intelligence integration, and its Query Translation Agent. Together, these innovations accelerate legacy SIEM transformation by eliminating migration friction, reducing ingestion and storage costs, and delivering real-time threat detection across heterogeneous environments.

“Strategic alignment and disciplined execution between industry leaders is what drives meaningful innovation and stronger security outcomes for customers,” said Daniel Bernard, chief business officer at CrowdStrike. “Our integration with Microsoft accelerates legacy SIEM transformation without the operational burden of deploying additional sensors. By advancing our open, data-agnostic architecture, we are giving organizations the flexibility, performance, and data economics to modernize security operations across any technology stack – meeting customers where they are to unlock the protection outcomes and value from Falcon.”

“It is great to see Microsoft Defender telemetry being leveraged within Falcon Next-Gen SIEM,” said Rob Lefferts, corporate vice president for threat protection at Microsoft. “Defender operates at a global scale, and integrations like this reinforce the importance of an open ecosystem where leading platforms interoperate to help customers improve security outcomes.”

The Operating System of Cybersecurity

Falcon Next-Gen SIEM has proven itself a scaled market disruptor, with performance and cost advantages that set it apart from legacy SIEMs. Growing 75 percent year-over-year,¹ the business is accelerating adoption of the Falcon® platform as the operating system of cybersecurity.

Falcon Next-Gen SIEM for Defender

Falcon Next-Gen SIEM for Defender accelerates SOC modernization for organizations standardized on Microsoft Defender for Endpoint protection. Organizations can ingest and correlate Defender telemetry with Falcon’s log data, threat intelligence, cross-domain context, and AI-driven analytics in real time, augmenting native detections without deploying a new endpoint sensor.

Agentic SOC Transformation

To accelerate the transition to the agentic SOC, CrowdStrike is delivering new innovations that eliminate architectural barriers to modern SIEM adoption, simplifying data onboarding, reducing cost, and increasing operational speed.

• Native Falcon Onum Integration: Eliminates onboarding friction and transforms data economics, delivering up to 5X faster streaming, 50 percent lower storage costs, 70 percent faster incident response, and 40 percent less ingestion overhead through intelligent filtering and real-time, in-pipeline detection.
• Federated Search Across Distributed Data Stores: Extends fast, flexible access to external data sources, including Falcon LogScale and ExtraHop. Analysts can query data where it lives, eliminating costly duplication and re-ingestion while maintaining unified visibility.
• Third-Party Indicator Management: Enables ingestion and operationalization of external indicators of compromise (IOCs), enriching Falcon detections with curated, high-confidence threat correlation across first- and third-party data.
• Query Translation Agent: Expanding CrowdStrike’s Agentic Security Workforce, this intelligent agent automatically converts legacy SIEM queries, including Splunk searches, into CrowdStrike Query Language (CQL), accelerating migration, preserving analyst workflows, and eliminating retraining friction.

To learn more about Falcon Next-Gen SIEM:

• Visit booth #N-5845 at RSA
• Read our blog
• Visit our website

Future Products Disclaimer

This press release may include discussion of unreleased services or features. Any unreleased services or features referenced here are still in development and subject to change. Customers should make their purchase decisions based upon features that are currently available.

About CrowdStrike

CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft, and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting, and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity, and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/
Follow us: Blog | X | LinkedIn | Instagram
Start a free trial today: https://www.crowdstrike.com/trial

© 2026 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services.

¹ FY26 Earnings

View source version on businesswire.com: https://www.businesswire.com/news/home/20260322055275/en/

Media Contact

Jake Schuster

CrowdStrike Corporate Communications

press@crowdstrike.com

Source: CrowdStrike