-
Notifications
You must be signed in to change notification settings - Fork 27
Home
nlabadie-crwd edited this page Oct 21, 2024
·
34 revisions
Welcome to the CrowdStrike Query Language community wiki!
- CQL Primer: a comprehensive guide on using CQL.
- CQL Building Blocks: this is a list of common questions we've seen in the field. If you've ever wondered how to accomplish X to get to Y, this is likely the place to start.
- FLTR Setup and Configuration: this walks you through the initial setup and configuration of Falcon Long Term Repository, aka FLTR.
- Falcon Hunting and Investigations: ever wondered how to hunt through Falcon data using CQL? Start here.
- FLC Basic Setup and Configuration: this walks you through a quick and easy setup of Falcon LogScale Collector.
- CrowdStrike Parsing Standard: this document describes the CrowdStrike Parsing Standard, aka CPS. This is the format used for parsers in Next-Gen SIEM.
- Event Forwarding Playground: this is a end-to-end setup of a self-contained single-node cluster, designed to test the Event Forwarding functionality of a self-hosted LogScale deployment.
- Build a Kubernetes Cluster and LogScale Deployment: this is a lab exercise where you'll build a Kubernetes cluster, deploy LogScale, and optionally enable TLS. Please not that it requires a valid LogScale license.