About Us:
CyberCX is Australia’s greatest force of cyber security experts. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk.
Description:
The CCX Add-on for Crowdstrike Products Extensions looks to provide additional field extraction and CIM compliance for Crowdstrike log sources captured via the Add-on CrowdStrike Falcon Event Streams Technical Add-On, CrowdStrike Falcon Spotlight Vulnerability Data, and CrowdStrike Falcon FileVantage Technical Add-On.
This Technical Add-on does not replace the public Splunk Add-on for CrowdStrike Falcon Event Streams (https://splunkbase.splunk.com/app/5082/), CrowdStrike Falcon Spotlight Vulnerability Data (https://splunkbase.splunk.com/app/6167), and CrowdStrike Falcon FileVantage Technical Add-On (https://splunkbase.splunk.com/app/7090) but works as an additional extension to be deployed on Search Heads (only).
Currently this add-on provides additional extraction and CIM compliance for sourcetypes "crowdstrike:spotlight:vulnerability:json", "CrowdStrike:Event:Streams:JSON", and "crowdstrike:filevantage:json' including the following log subtypes:
- ActivityAuditEvent
- IdentityProtectionEvent
- CustomerIOCEvent
- IdpDetectionSummaryEvent
- IncidentSummaryEvent
- ScheduledReportNotificationEvent
- RemoteResponseSessionStartEvent
- RemoteResponseSessionEndEvent
- EppDetectionSummaryEvent
- XdrDetectionSummaryEvent
Fully compatible with Splunk Enterprise and Splunk Cloud, built by an Ops team for Ops teams.
Features:
- This TA currently supports logtypes tagged under the following CIM datamodels: Authentication, Change, Alerts, Data Acess, Vulnerabilities, Intrusion Detection (IDS), and Malware.
Created By
Henrique Linsmeyer
Resources
Log in to report this app listing