We are thrilled to announce the expansion of our Log Streams capabilities with direct support for CrowdStrike Next-Gen SIEM using the HTTP Event Collector (HEC) protocol.

With the explosion of workloads – and the growth of AI agents – having the data that illuminates the access attempts each non-human identity has made is a critical source of information for incident response, proactive threat hunting, and auditing. Being able to see approved access, as well as details about unapproved access attempts, can be the difference between an organization “running fine” and one that sustains a breach.

This new integration makes it simpler than ever for organizations to centralize their critical Aembit access authorization and audit events, while still allowing the use of existing Logs Streams such as AWS S3 bucket, GCP Bucket, and Splunk for active log processing, archiving, and alerting.

Beyond the new SIEM Log Stream, Aembit’s core integration with CrowdStrike is focused on workload identity and access management (IAM) and conditional access. This integration leverages the CrowdStrike Falcon platform to achieve Zero Trust for workloads by checking the real-time security posture of non-human identities. 

Specifically, the Aembit Workload IAM Platform assesses whether the Falcon agent is installed and running on a client workload, using this security status as a dynamic condition to authorize or deny access to sensitive server workloads, applications, and data. This process allows organizations to enforce least privilege access policies that are based on identity, policy, and workload health, providing an essential layer of security that moves beyond reliance on static secrets.

The Power of Centralized Logging

In today’s distributed environments, security and observability depend on a unified view of system activity. While network-level information such as IP addresses and system information are still important, they are not enough, especially when it comes to non-human identity and cloud-based systems that may be tied to dozens of users, service accounts, microservices, and applications. 

Identity-based information is pivotal in determining who the actor is, either user or non-human, how the system was identified and attested, and where their static or ephemeral credentials came from.

This release is dedicated to helping organizations that rely on centralized logging to aggregate data and unlock powerful insights:

• Quickly Determine System Issues: By unifying logs in a central SIEM, operations teams can quickly correlate security and operational events to determine downtime and other issues in the system, minimizing mean time to resolution (MTTR).
• Enhance Security Posture: Centralized logs allow security teams to better lock down access and find anomalous behavior by applying machine learning models and sophisticated queries across all data, providing a holistic view of user and workload activity.
• Fuel Modern Analysis: Organizations are increasingly leveraging AI/ML to query the logs using natural language. By streaming comprehensive security data into your SIEM, you ensure your advanced analytics tools have the rich context necessary to detect subtle threats and compliance drift.

Seamless Integration with HEC

Our new Log Stream uses the industry-standard HTTP Event Collector (HEC) protocol to rapidly stream Aembit Edge event logs and audit logs directly to your CrowdStrike Next-Gen SIEM instance. This integration enhances threat detection capabilities, improves incident management, and streamlines compliance monitoring by providing detailed records of who accessed what, when, and from where.

Our logs use standards-based json which is easily parsed by the CrowdStrike Next-Gen SIEM using a standard Data Connector. The entire configuration takes a couple of minutes to complete. Aembit also sends administrators out-of-band notifications automatically if Log Stream transactions fail.

Summary of configuration steps:

1. Generate an API key in the SIEM.
2. Add the API key generated, along with the URL and port to your self-hosted or cloud CrowdStrike SIEM, in the Aembit Log Stream configuration.