diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml
index 2ad730015f57..99161cac6543 100644
--- a/packages/crowdstrike/changelog.yml
+++ b/packages/crowdstrike/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.27.0"
+  changes:
+    - description: Allow aidmaster metadata to be retained after host enrichment.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/8715
 - version: "1.26.2"
   changes:
     - description: Do not populate `related.hosts` with IP values.
diff --git a/packages/crowdstrike/data_stream/fdr/agent/stream/aws-s3.yml.hbs b/packages/crowdstrike/data_stream/fdr/agent/stream/aws-s3.yml.hbs
index bf2760330723..0b7debc7a676 100644
--- a/packages/crowdstrike/data_stream/fdr/agent/stream/aws-s3.yml.hbs
+++ b/packages/crowdstrike/data_stream/fdr/agent/stream/aws-s3.yml.hbs
@@ -76,10 +76,12 @@ processors:
           key_field: crowdstrike.aid
           value_field: crowdstrike
           ignore_missing: false
+{{#unless keep_aidmaster}}
     - drop_event:
         when:
           contains:
             log.file.path: aidmaster
+{{/unless}}
   else:
     - cache:
         backend:
diff --git a/packages/crowdstrike/data_stream/fdr/agent/stream/stream.yml.hbs b/packages/crowdstrike/data_stream/fdr/agent/stream/stream.yml.hbs
index cd2f7e5f8ba1..c4c4df12eeb2 100644
--- a/packages/crowdstrike/data_stream/fdr/agent/stream/stream.yml.hbs
+++ b/packages/crowdstrike/data_stream/fdr/agent/stream/stream.yml.hbs
@@ -41,10 +41,12 @@ processors:
           key_field: crowdstrike.aid
           value_field: crowdstrike
           ignore_missing: false
+{{#unless keep_aidmaster}}
     - drop_event:
         when:
           contains:
             log.file.path: aidmaster
+{{/unless}}
   else:
     - cache:
         backend:
diff --git a/packages/crowdstrike/data_stream/fdr/manifest.yml b/packages/crowdstrike/data_stream/fdr/manifest.yml
index 05beb17919a7..ea1c921c826b 100644
--- a/packages/crowdstrike/data_stream/fdr/manifest.yml
+++ b/packages/crowdstrike/data_stream/fdr/manifest.yml
@@ -48,6 +48,14 @@ streams:
         type: bool
         multi: false
         default: true
+      - name: keep_aidmaster
+        required: true
+        show_user: false
+        title: Keep Original Host Metadata
+        description: Keep the aidmaster document after it has been used for event host enrichment.
+        type: bool
+        multi: false
+        default: false
       - name: host_metadata_ttl
         required: true
         show_user: true
@@ -216,6 +224,14 @@ streams:
         type: bool
         multi: false
         default: true
+      - name: keep_aidmaster
+        required: true
+        show_user: false
+        title: Keep Original Host Metadata
+        description: Keep the aidmaster document after it has been used for event host enrichment.
+        type: bool
+        multi: false
+        default: false
       - name: host_metadata_ttl
         required: true
         show_user: true
diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml
index 700d94842158..bc61f62315ba 100644
--- a/packages/crowdstrike/manifest.yml
+++ b/packages/crowdstrike/manifest.yml
@@ -1,6 +1,6 @@
 name: crowdstrike
 title: CrowdStrike
-version: "1.26.2"
+version: "1.27.0"
 description: Collect logs from Crowdstrike with Elastic Agent.
 type: integration
 format_version: "3.0.0"