# CrowdStrike Falcon LogScale Integration

[CrowdStrike Falcon LogScale](https://www.crowdstrike.com/en-us/platform/next-gen-siem/falcon-logscale/) provides logging and observability service that gives organizations complete visibility to see anomalies, threats, and problems, and get to the root of what happened. With CrowdStrike Falcon LogScale integrated, log-based alerts – such as threshold breaches or anomaly detections – are forwarded to on-call responders via ilert. These alerts activate escalation paths and provide engineers with essential context to resolve issues quickly and confidently.

{% hint style="info" %}
Humio has been renamed to CrowdStrike Falcon LogScale
{% endhint %}

## In ilert: Create a CrowdStrike Falcon LogScale alert source

1. Go to **Alert sources** --> **Alert sources** and click on **Create new alert source**

   <figure><img src="/files/rmL9OoRxcWnDwcJZQm4Y" alt=""><figcaption></figcaption></figure>
2. Search for **CrowdStrike Falcon LogScale** in the search field, click on the CrowdStrike Falcon LogScale tile and click on **Next**.

   <figure><img src="/files/1WoRRYB5U40PbeMJ7Hit" alt=""><figcaption></figcaption></figure>
3. Give your alert source a name, optionally assign teams and click **Next**.
4. Select an **escalation policy** by creating a new one or assigning an existing one.

   <figure><img src="/files/y4Bakf2apGhBN56U8ZPR" alt=""><figcaption></figcaption></figure>
5. Select you [Alert grouping](/alerting/configure-alerting/alert-sources.md#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.

   <figure><img src="/files/nTlB0ZCIW1SP3dj6P9nO" alt=""><figcaption></figcaption></figure>
6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on **Finish setup** for now.
7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.

   <figure><img src="/files/iFF3BpyuIYMi49K1j7uk" alt=""><figcaption></figcaption></figure>

## In CrowdStrike Falcon LogScale

1. Create an Action by clicking **Alerts** -> **Actions** -> **New Action** from your dashboard

![C](/files/msIgP9hs05OKQ9eKFrGr)

2. Choose **Webhook** as type, fill in the name in this case **ilert-webhook**, and on Endpoint URL, put on the **Humio URL** that is generated on ilert

![](/files/qnlZQ3mniI1uVZfw5Rzj)

3. Save the Action Webhook by clicking on **Save Action** after scrolling down

![](/files/H3VSlOGvQm9IcBGZSGJf)

4. Add a new Alert by Clicking **Alerts -> Alerts -> New Alert**

![](/files/BG95WncGZYcZZV27Vwr5)

5. Create the Alert by specifying the query that you want the Alert to be based on, and don't forget to check **Alert Enabled** and put the **Webhook Action** that has been configured earlier

![](/files/RWGuflOKUQOUwFoz93Nk)

6. Save the alert, and upon the alert, the incident will be created on ilert side as well
7. For more information about LogScale Alerts please refer to the following: <https://library.humio.com/data-analysis/automated-alerts.html>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ilert.com/integrations/inbound-integrations/humio.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.