Document toolboxDocument toolbox

Activeboard: CrowdStrike Endpoints Overview Activeboard

Owned by Former user (Deleted)
Last updated: May 25, 2023 by Borja Moro Moreno
2 min read
[ 1 Purpose ] [ 2 Prerequisites ] [ 3 Open Activeboard ] [ 4 Use Activeboard ]

Purpose

This Activeboard allows you to understand the general status of the managed client devices from a threat standpoint. You can also reach high visibility levels through the incorporated filtering options that include per-user, device, or tactic type types of data aggregation.

Filter by Host: Select input

Detections by Computer, User: Voronoi widget

Detection Log: Table widget

Detections over Time by Computer: Area chart widget

Detections by Tactic, Technique, Computer, File: Voronoi widget

 

Prerequisites

To use this Activeboard you must have the following sources available on your domain:

  • edr.crowdstrike.falconstreaming.detection_summary learn more

Open Activeboard

Once you have installed the Activeboard, you can use the Open button at the top right of the card in Exchange to access it and see the different widgets populated with the relevant data. You can also access the Activeboard area via the Navigation pane.

Data loading takes too long?

Sometimes some widgets take time to upload the data, it is possible to speed up the process by creating aggregation tasks. Refer to Aggregation tasks article to learn how to do it.

Use Activeboard

After installing and opening the Activeboard, you can use its widgets to visualize and monitor data. To do this, each widget offers a variety of customization and visualization options. Refer to Using widgets and Using inputs to know them all.