Endpoints accessed by the CrowdStrike Intelligence collector
Available from v1.0.0
Data Source | Subtype | Service | Table |
---|---|---|---|
Hosts | - |
|
|
Description Hosts are endpoints that run the Falcon sensor. You can get information and details about these agents. | |||
End point
Check the | |||
Incidents | - |
|
|
Description Incidents are events that occur in an organization which can represent a cybersecurity threat or an attack. | |||
End point
Check the | |||
Spotlight | - |
|
|
Description Vulnerabilities are known security risks in an operating system, application, hardware, firmware, or other part of a computing stack. | |||
End point
Check the | |||
Behaviors | - |
|
|
Description Behaviors are patterns of data transmissions in a network that are out of the norm, used to detect anomalies before cyber attacks occur. | |||
End point
Check the | |||
File Vantage | - |
|
|
Description Collect data about changes to files, folders, and registries with Falcon FileVantage APIs. Store this data to help you meet certain compliance recommendations and requirements as listed in the Sarbanes-Oxley Act, National Institute for Standards and Technology (NIST), Health Insurance Portability and Accountability Act (HIPAA), and others. | |||
End point
Check the |
For more information on how the events are parsed, visit our page.
Available from v1.3.0
Data Source | Subtype | Service | Table |
---|---|---|---|
Event Stream (eStream) |
|
|
|
|
|
| |
|
|
| |
|
|
| |
|
|
| |
status:deprecated by crowdstrike |
|
status:use epp detection summary See v1.11.0 | |
|
| Depending on the event's
| |
Description The Streaming API provides several types of events. | |||
End point The endpoints are dynamically generated by following this (simplified) approach:
|
For more information on how the events are parsed, visit our page.
Available from v1.10.0
Data Source | Subtype | Service | Table |
---|---|---|---|
Alerts | - |
|
|
Description Alerts are events that occur in an organization which can represent a cybersecurity threat or an attack. | |||
End point
|
For more information on how the events are parsed, visit our page.
Available from v1.11.0
Data Source | Subtype | Service | Table |
---|---|---|---|
Event Stream (eStream) |
|
|
|
Description Platform detection summaries. | |||
End point The endpoints are dynamically generated by following this (simplified) approach:
|
For more information on how the events are parsed, visit our page.
Available from v1.12.0
Data Source | Subtype | Service | Table |
---|---|---|---|
Indicators |
|
|
|
Description The Indicators endpoints allows you to query for various types of indicators: indicators related to various adversaries, indicators of a specific confidence level, indicators associated with reports, and so on. | |||
End point
Check the |