CloudStrike Announces Falcon Next-Gen SIEM Support for Microsoft Defender for Endpoint, Advancing Open Security Architecture
CloudStrike announced support for Microsoft Defender for Endpoint telemetry in Falcon Next-Gen SIEM. This allows Microsoft endpoint users to modernize security operations without deploying additional sensors, accelerating the transition from legacy SIEMs.
📋 Article Processing Timeline
- 📰 Published: April 27, 2026 at 20:00
- 🔍 Collected: April 27, 2026 at 11:31
- 🤖 AI Analyzed: April 27, 2026 at 13:03 (1h 32m after Collected)
※This document is a translation of a press release announced in the United States on March 23, 2026.
CloudStrike (NASDAQ: CRWD) today announced support for ingesting and correlating Microsoft Defender for Endpoint telemetry in Falcon® Next-Gen SIEM. This enables Microsoft endpoint users to modernize security operations without deploying additional sensors.
CloudStrike also announced the native Falcon® Onum real-time data pipeline, federated search across third-party data stores, third-party intelligence integration, and a query translation agent. These innovations work together to accelerate the transformation of legacy SIEMs by eliminating migration barriers, reducing ingestion and storage costs, and enabling real-time threat detection in heterogeneous environments.
Daniel Bernard, Chief Business Officer at CloudStrike, stated:
"Strategic alignment and disciplined execution among industry leaders are the driving forces that bring truly meaningful innovation and stronger security outcomes to our customers. Our collaboration with Microsoft accelerates the transformation of legacy SIEMs without the operational burden of deploying additional sensors. Evolving an open, data-agnostic architecture provides the flexibility, performance, and data economics to modernize security operations across any technology stack. We can deliver Falcon's protection outcomes and value where our customers need it."
Rob Lefferts, Corporate Vice President, Threat Protection at Microsoft, stated:
"We are very pleased to see Microsoft Defender telemetry being leveraged within Falcon Next-Gen SIEM. Defender operates at a global scale, and such integrations underscore the importance of an open ecosystem where industry-leading platforms interoperate to improve customer security outcomes."
Cybersecurity Operating System
Falcon Next-Gen SIEM has proven its capabilities as a scalable, market-transforming solution that surpasses traditional SIEMs in both performance and cost. With 75% year-over-year growth (※1), the company is accelerating the adoption of the Falcon® platform as the cybersecurity operating system.
Falcon Next-Gen SIEM for Defender
Falcon Next-Gen SIEM for Defender accelerates SOC modernization for organizations that standardize on Microsoft Defender for Endpoint protection. Organizations can ingest and correlate Defender telemetry in real-time with Falcon's log data, threat intelligence, cross-domain context, and AI-powered analytics to enhance native detection without deploying new endpoint sensors.
Accelerating Agent-Based SOC Transformation
To accelerate the transition to an agent-based SOC, CloudStrike is delivering new innovations that eliminate architectural barriers to modern SIEM adoption, simplify data onboarding, reduce costs, and improve operational speed.
Native Falcon Onum Integration: Eliminates onboarding barriers and transforms data economics. Intelligent filtering and real-time in-pipeline detection enable up to 5x faster streaming, 50% reduction in storage costs, 70% faster incident response, and 40% reduction in ingestion overhead.
Federated Search Across Distributed Data Stores: Provides fast, flexible access to external data sources such as Falcon LogScale and ExtraHop. Analysts can query data where it resides, maintaining unified visibility while eliminating costly duplication and re-ingestion.
Third-Party Indicator Management: Enables the ingestion and operationalization of external Indicators of Compromise (IOCs). This enhances Falcon detection with curated and trusted threat correlation between first-party and third-party data.
CloudStrike (NASDAQ: CRWD) today announced support for ingesting and correlating Microsoft Defender for Endpoint telemetry in Falcon® Next-Gen SIEM. This enables Microsoft endpoint users to modernize security operations without deploying additional sensors.
CloudStrike also announced the native Falcon® Onum real-time data pipeline, federated search across third-party data stores, third-party intelligence integration, and a query translation agent. These innovations work together to accelerate the transformation of legacy SIEMs by eliminating migration barriers, reducing ingestion and storage costs, and enabling real-time threat detection in heterogeneous environments.
Daniel Bernard, Chief Business Officer at CloudStrike, stated:
"Strategic alignment and disciplined execution among industry leaders are the driving forces that bring truly meaningful innovation and stronger security outcomes to our customers. Our collaboration with Microsoft accelerates the transformation of legacy SIEMs without the operational burden of deploying additional sensors. Evolving an open, data-agnostic architecture provides the flexibility, performance, and data economics to modernize security operations across any technology stack. We can deliver Falcon's protection outcomes and value where our customers need it."
Rob Lefferts, Corporate Vice President, Threat Protection at Microsoft, stated:
"We are very pleased to see Microsoft Defender telemetry being leveraged within Falcon Next-Gen SIEM. Defender operates at a global scale, and such integrations underscore the importance of an open ecosystem where industry-leading platforms interoperate to improve customer security outcomes."
Cybersecurity Operating System
Falcon Next-Gen SIEM has proven its capabilities as a scalable, market-transforming solution that surpasses traditional SIEMs in both performance and cost. With 75% year-over-year growth (※1), the company is accelerating the adoption of the Falcon® platform as the cybersecurity operating system.
Falcon Next-Gen SIEM for Defender
Falcon Next-Gen SIEM for Defender accelerates SOC modernization for organizations that standardize on Microsoft Defender for Endpoint protection. Organizations can ingest and correlate Defender telemetry in real-time with Falcon's log data, threat intelligence, cross-domain context, and AI-powered analytics to enhance native detection without deploying new endpoint sensors.
Accelerating Agent-Based SOC Transformation
To accelerate the transition to an agent-based SOC, CloudStrike is delivering new innovations that eliminate architectural barriers to modern SIEM adoption, simplify data onboarding, reduce costs, and improve operational speed.
Native Falcon Onum Integration: Eliminates onboarding barriers and transforms data economics. Intelligent filtering and real-time in-pipeline detection enable up to 5x faster streaming, 50% reduction in storage costs, 70% faster incident response, and 40% reduction in ingestion overhead.
Federated Search Across Distributed Data Stores: Provides fast, flexible access to external data sources such as Falcon LogScale and ExtraHop. Analysts can query data where it resides, maintaining unified visibility while eliminating costly duplication and re-ingestion.
Third-Party Indicator Management: Enables the ingestion and operationalization of external Indicators of Compromise (IOCs). This enhances Falcon detection with curated and trusted threat correlation between first-party and third-party data.