CrowdStrike has announced a major advancement in cybersecurity operations with Falcon Next-Gen SIEM, introducing support for Microsoft Defender for Endpoint telemetry.
The update enables organizations to modernize their security operations using Falcon Next-Gen SIEM without deploying additional endpoint sensors, marking a significant step toward open, data-agnostic security architectures.
Announced at RSA 2026, Falcon Next-Gen SIEM now ingests and correlates telemetry from Microsoft Defender for Endpoint, allowing Microsoft customers to integrate seamlessly into CrowdStrike’s ecosystem.
This capability empowers organizations to enhance threat detection and response while avoiding the operational complexity of adding new infrastructure.
Alongside this integration, CrowdStrike introduced several innovations within Falcon Next-Gen SIEM, including native Falcon® Onum real-time data pipelines, federated search capabilities across third-party data stores, third-party intelligence integration, and a Query Translation Agent.
These features are designed to accelerate legacy SIEM transformation by reducing ingestion and storage costs, eliminating migration friction, and enabling real-time threat detection across heterogeneous environments.
Also Read: CrowdStrike Positions Endpoint as Epicenter for AI Security with New Falcon Platform Innovations
“Strategic alignment and disciplined execution between industry leaders is what drives meaningful innovation and stronger security outcomes for customers,” said Daniel Bernard, chief business officer at CrowdStrike.
“Our integration with Microsoft accelerates legacy SIEM transformation without the operational burden of deploying additional sensors. By advancing our open, data-agnostic architecture, we are giving organizations the flexibility, performance, and data economics to modernize security operations across any technology stack – meeting customers where they are to unlock the protection outcomes and value from Falcon.”
“It is great to see Microsoft Defender telemetry being leveraged within Falcon Next-Gen SIEM,” said Rob Lefferts, corporate vice president for threat protection at Microsoft.
“Defender operates at a global scale, and integrations like this reinforce the importance of an open ecosystem where leading platforms interoperate to help customers improve security outcomes.”
Falcon Next-Gen SIEM: Disruptive Force in Cybersecurity Market
Falcon Next-Gen SIEM continues to position itself as a disruptive force in the cybersecurity market, delivering significant performance and cost advantages compared to legacy SIEM systems.
With reported 75 percent year-over-year growth, the platform is driving broader adoption of the Falcon® platform as the operating system of cybersecurity.
The newly introduced Falcon Next-Gen SIEM for Defender further accelerates SOC modernization for organizations relying on Microsoft Defender for Endpoint.
By combining Defender telemetry with Falcon’s log data, threat intelligence, cross-domain context, and AI-driven analytics, organizations gain enhanced visibility and detection capabilities in real time—without the need for additional endpoint sensors.
To support the evolution toward an agentic SOC, CrowdStrike is also introducing new capabilities within Falcon Next-Gen SIEM aimed at simplifying data onboarding, reducing costs, and improving operational efficiency.
Key innovations include:
- Native Falcon Onum Integration: Delivers up to 5X faster data streaming, reduces storage costs by 50 percent, enables 70 percent faster incident response, and lowers ingestion overhead by 40 percent through real-time detection and intelligent filtering.
- Federated Search Across Distributed Data Stores: Allows analysts to query data across platforms such as Falcon LogScale and ExtraHop without duplication or re-ingestion.
- Third-Party Indicator Management: Enhances threat detection by integrating external indicators of compromise (IOCs) with Falcon’s analytics engine.
- Query Translation Agent: Automatically converts legacy SIEM queries, including Splunk searches, into CrowdStrike Query Language (CQL), enabling faster migration and minimizing retraining requirements.
With these advancements, Falcon Next-Gen SIEM is reinforcing CrowdStrike’s vision of an open, scalable, and AI-driven cybersecurity platform that supports organizations in modernizing their security operations efficiently across diverse IT environments.
