Logo
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
default.png

Crowdstrike

Crowdstrike enables you to collect and normalize Crowdstrike logs and lets you analyze the information through the LP_Crowdstrike dashboard. The dashboard visualizes event type distributions, top host generating detection, real-time response summary, successful and failed user login events, detection techniques and tactics, quarantined files and hosts generating higher severity event detections in your network. You can customize it to perform in-depth analysis by changing the data used in a search.

Release Details
Version: 5.1.0
Release date: April 26, 2024
Supported On: Logpoint v7.4.0 or later for log source template
Release date: CrowdStrike guide
SHA 256: c1ee91ad1dfcca81f57915f6298f15a685743678d729f83fdeaf294b140180a9
Download

 

 

 

 

 

 

 

 

 

Key Information

You must configure the CEF config file in the system where the CrowdStrike Falcon SIEM Connector is running. Go to CEF Sample Configuration for the configuration file. 

Enhancement

Description Issue ID Reference ID
Added Syslog Collector based CrowdStrike log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. KB-23297 -

Past Releases

CrowdStrike v5.0.2

Release Date: December 19, 2023

Supported On: Logpoint v6.7.0 or later

Download: CrowdStrike_5.0.2.pak

SHA 256: e07b314f250cd8d7baa591939a849efa9404e6dbe915237aa21a284fe04792e3

Enhancements

Description Issue ID Reference ID
Added a new report package LP_CrowdStrike.  KB-22158 -
Updated dashboard and search template to accurately populate the searched data. 

Renamed the following fields in CrowdStrikeCEFCompiledNormalizer:

Former Field Name 

Updated Field Name Event
pdf_handleoperationdowngraded handled_operation_downgraded -
pdf_fsoperationblocked fsoperation_blocked
pdf_detect detect
pdf_criticalprocessdisabled critical_process_disabled
pdf_bootupsafeguardenabled bootup_saftgarden_enabled
pdf_blockingunsupportedordisabled blocking_unsupported_or_disabled
parentimagefilename parent_process
parentcommandline parent_command
nat_destination_address source_address
incidentstarttime start_ts
incidentendtime end_ts
grandparentimagefilename grand_parent_process
grandparentcommandline grand_parent_command
external_id host_id
event_id event_type
detectionid detection_id
destination_host  host
pdf_indicator indicator
pdf_killprocess kill_process
pdf_killparent kill_parent
pdf_killactionfailed kill_action_failed
pdf_inddetmask inddet_mask
csmtrpatterndisposition  csmtr_pattern_disposition
pdf_killsubprocess kill_subprocess
pdf_operationblocked operation_blocked
pdf_policydisabled policy_disabled
pdf_processblocked process_blocked
pdf_quarantinefile quarentine_file
pdf_quarantinemachine quarantine_machine
pdf_registryoperationblocked registry_operation_blocked
pdf_rooting rooting
pdf_sensoronly sensor_only
quarantinefilepath quarantine_path
quarantinefilesha256 hash
severityname log_level
sha256filehash hash_sha256
source_hardware_address hardware_address
target_user user
windows_destination_domain domain
action attack_tag DetectionSummary
category attack_category
updatestatus status UserActivityAudit
appendComment comment
assigntoname assigned_to
assigntouserid assigned_user

remoteresponsesessionstarttimestamp 

start_ts RemoteResponseSessionStart
sessionid session_id
agentIdString host_id
remoteresponsesessionstarttimestamp end_ts

targetname 

target UserLogin
ioctype ioc_type
iocvalue ioc_value
associatedfile associated_file
KB-21709 -
Added User and Login labels for twoFactorAuthenticate event in CrowdStrikeCEFCompiledNormalizer.
Updated the value of device_category field to EPP. The value is a general device category for tools like EDR and XDR. 
KB-22843 -

 

CrowdStrike v5.0.0

Release Date: 2022-08-25

Supported On: Logpoint v6.7.0 or later

Download: CrowdStrike_5.0.0.pak

Support

If you have any questions or require assistance, create a support ticket.

Comments

Article is closed for comments.

Follow

Related articles

  • FortiGate
  • ChatGPT Integration
  • Universal REST API Fetcher
  • Mod Security
  • ProtectiveDNS
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.