Bots From Extension: crowdstrike
Crowdstrike - Collect inventory information from Crowdstrike
This extension provides 6 bots.
Bot @crowdstrike:alert-data
Bot Position In Pipeline: Sink
Get all alerts data from Crowdstrike.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| timestamp | DateTime | CFXQL for filtering the data for a specified time period. Default is last 7 days. Ex: timestamp is after -2days & timestamp is before -1day |
Bot @crowdstrike:alerts
Bot Position In Pipeline: Sink
Get alert IDs from Crowdstrike.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| tag | Text | Falcon Group tag. |
Bot @crowdstrike:behavior-data
Bot Position In Pipeline: Sink
Get all behaviors data from Crowdstrike.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
Bot @crowdstrike:host-data
Bot Position In Pipeline: Sink
Get all hosts data from Crowdstrike.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| tag | Text | Falcon Group tag. |
Bot @crowdstrike:incident-data
Bot Position In Pipeline: Sink
Get all incidents data from Crowdstrike.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
Bot @crowdstrike:query-device-data
Bot Position In Pipeline: Sink
Get all query hosts data from Crowdstrike.
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| column_name* | Text | Column Name which contains IP Addresses | |
| concurrent_discovery | Text | 10 | Number of concurrent jobs to run |
| tag | Text | Falcon Group tag. |