CrowdStrike (NASDAQ: CRWD) announced that its Falcon Next-Gen SIEM now ingests and correlates Microsoft Defender for Endpoint telemetry without requiring additional sensors. The integration allows Microsoft endpoint customers to modernize security operations using existing infrastructure.

The company also introduced Falcon Onum real-time data pipelines, federated search across third-party data stores, third-party intelligence integration, and a Query Translation Agent. These features are designed to reduce migration friction and ingestion costs while providing real-time threat detection across different environments.

"Our integration with Microsoft accelerates legacy SIEM transformation without the operational burden of deploying additional sensors," said Daniel Bernard, chief business officer at CrowdStrike.

Rob Lefferts, corporate vice president for threat protection at Microsoft, said the integration reinforces the importance of an open ecosystem where platforms work together to improve security outcomes.

CrowdStrike reported that its Next-Gen SIEM business grew 75 percent year-over-year. The Falcon Next-Gen SIEM for Defender allows organizations to combine Defender telemetry with Falcon's log data, threat intelligence, and AI-driven analytics without deploying new endpoint sensors.

The company's new innovations include native Falcon Onum integration, which the company states delivers faster streaming, lower storage costs, and reduced incident response times. The federated search feature extends access to external data sources including Falcon LogScale and ExtraHop.

The Query Translation Agent automatically converts legacy SIEM queries, including Splunk searches, into CrowdStrike Query Language to help with migration processes.

The announcement was made at RSA 2026, according to the press release.