Activeboard: CrowdStrike Detections Navigator
- Former user (Deleted)
- Laszlo Frazer
- Former user (Deleted)
Purpose
This Activeboard allows you to analyze the complete log of detections generated by CrowdStrike by its combined classification, enrichment, and filtering capabilities. You can get detailed insights into the level of criticality or the techniques and tactics used, or filter the information by endpoint or command line.
Included widgets
SimpleValue0: Simple value widget | Detections by 30m by Criticality: Line chart widget | Detections by IP, Criticaly (Select and IP): Table widget |
Detections Last 24h: Simple value widget | Detections over Time by Computer: Area chart widget | Selected IPs Detections Summary(s): Table widget |
Detections Last 7d: Simple value widget | Detections by Computer, User: Voronoi widget | Filter - Computer: Select input |
High or critical last 7d: Simple value widget | Detections - Allowed - Policy Would Have Acted if Enabled: Table widget | Filter - CommandLine Contains: Text box input |
High or Critial Last 24h: Simple value widget | Detections by Tactic, Technique, Computer, File: Voronoi widget | Detection Log: Table widget |
Prerequisites
To run this Activeboard, you must have the following data source available in your domain:
edr.crowdstrike.falconstreaming.detection_summarylearn more
Open Activeboard
Once you have installed the Activeboard, you can use the Open button at the top right of the card in Exchange to access it and see the different widgets populated with the relevant data. You can also access the Activeboard area via the Navigation pane.
Data loading takes too long?
Sometimes some widgets take time to upload the data, it is possible to speed up the process by creating aggregation tasks. Refer to the Aggregation tasks article to learn how to do it.
Use Activeboard
After installing and opening the Activeboard, you can use its widgets to visualize and monitor data. To do this, each widget offers a variety of customization and visualization options. Refer to Using widgets and Using inputs to know them all.