Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
CCX CrowdStrike Products Extensions (Event Streams - Spotlight - FileVantage) app icon

CCX CrowdStrike Products Extensions (Event Streams - Spotlight - FileVantage)

About Us: CyberCX is Australia’s greatest force of cyber security experts. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk.

splunk product badge

Latest Version 1.1.2
August 11, 2025
Compatibility
Not Available
Platform Version: 10.0, 9.4, 9.3, 9.2, 9.1
CIM Version: 6.x, 5.x
Rating

0

(0)

Log in to rate this app
Support
CCX CrowdStrike Products Extensions (Event Streams - Spotlight - FileVantage) support icon
Developer Supported addon
About Us: CyberCX is Australia’s greatest force of cyber security experts. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk. Description: The CCX Add-on for Crowdstrike Products Extensions looks to provide additional field extraction and CIM compliance for Crowdstrike log sources captured via the Add-on CrowdStrike Falcon Event Streams Technical Add-On, CrowdStrike Falcon Spotlight Vulnerability Data, and CrowdStrike Falcon FileVantage Technical Add-On. This Technical Add-on does not replace the public Splunk Add-on for CrowdStrike Falcon Event Streams (https://splunkbase.splunk.com/app/5082/), CrowdStrike Falcon Spotlight Vulnerability Data (https://splunkbase.splunk.com/app/6167), and CrowdStrike Falcon FileVantage Technical Add-On (https://splunkbase.splunk.com/app/7090) but works as an additional extension to be deployed on Search Heads (only). Currently this add-on provides additional extraction and CIM compliance for sourcetypes "crowdstrike:spotlight:vulnerability:json", "CrowdStrike:Event:Streams:JSON", and "crowdstrike:filevantage:json' including the following log subtypes: - ActivityAuditEvent - IdentityProtectionEvent - CustomerIOCEvent - IdpDetectionSummaryEvent - IncidentSummaryEvent - ScheduledReportNotificationEvent - RemoteResponseSessionStartEvent - RemoteResponseSessionEndEvent - EppDetectionSummaryEvent - XdrDetectionSummaryEvent Fully compatible with Splunk Enterprise and Splunk Cloud, built by an Ops team for Ops teams. Features: - This TA currently supports logtypes tagged under the following CIM datamodels: Authentication, Change, Alerts, Data Acess, Vulnerabilities, Intrusion Detection (IDS), and Malware.

Categories

Created By

Henrique Linsmeyer

Type

addon

Downloads

1,791

Resources

Log in to report this app listing