Skip to content

This repository contains Community and Field contributed content for LogScale

License

Notifications You must be signed in to change notification settings

CrowdStrike/logscale-community-content

Repository files navigation

CrowdStrike

Community Content

Welcome to the Community Content Repository. This covers both NG-SIEM and LogScale.

To keep it simple, we'll just use the name CQL Community Content for this repo. What is CQL? It's the CrowdStrike Query Language used in both NG-SIEM and LogScale. There is content in here that applies to both.

This repository contains community and field contributed content which includes:

  • Complete Packages
  • Queries
  • Dashboards
  • Alerts
  • Lookup Files

...as well as Tutorials and FAQs.

NOTE: These are not meant as replacements for the official documentation or the LogScale Package Marketplace. However, please feel free to use and contribute as much as you'd like.

Content

Here's a quick summary of the various folders in this repository:

  • Log-Sources:
    • Complete packages grouped by vendor and application.
    • Queries, dashboards, alerts, etc.
  • Config-Samples:
    • These folders contain quick starts, configuration examples, and other useful artifacts.
  • Next-Gen-SIEM:
    • Content related specifically to Next-Gen SIEM, e.g. dashboards, queries, etc.
  • Parsers-Only:
    • Standalone parsers beyond the official ones.
  • Queries-Only:
    • Standalone CQL queries for NG-SIEM and LogScale.

Wiki

The wiki can be found here.

Issues and Questions

Is something going wrong? GitHub Issues are used to report bugs and errors. You can check to see if anyone else has reported the issue or create a new issue here: Report Issue

About

This repository contains Community and Field contributed content for LogScale

Resources

License

Code of conduct

Stars

Watchers

Forks

Languages