Crowdstrike
Crowdstrike enables you to collect and normalize Crowdstrike logs and lets you analyze the information through the LP_Crowdstrike dashboard. The dashboard visualizes event type distributions, top host generating detection, real-time response summary, successful and failed user login events, detection techniques and tactics, quarantined files and hosts generating higher severity event detections in your network. You can customize it to perform in-depth analysis by changing the data used in a search.
Key Information
You must configure the CEF config file in the system where the CrowdStrike Falcon SIEM Connector is running. Go to CEF Sample Configuration for the configuration file.
Enhancement
Description | Issue ID | Reference ID |
Added Syslog Collector based CrowdStrike log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. | KB-23297 | - |
Past Releases
CrowdStrike v5.0.2
Supported On: Logpoint v6.7.0 or later
Download: CrowdStrike_5.0.2.pak
SHA 256: e07b314f250cd8d7baa591939a849efa9404e6dbe915237aa21a284fe04792e3
Enhancements
Description | Issue ID | Reference ID | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Added a new report package LP_CrowdStrike. | KB-22158 | - | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated dashboard and search template to accurately populate the searched data. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Renamed the following fields in CrowdStrikeCEFCompiledNormalizer:
|
KB-21709 | - | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Added User and Login labels for twoFactorAuthenticate event in CrowdStrikeCEFCompiledNormalizer. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated the value of device_category field to EPP. The value is a general device category for tools like EDR and XDR. |
KB-22843 | - |
CrowdStrike v5.0.0
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.