Application: Devo 360 for Crowdstrike

[ 1 Purpose ] [ 2 Prerequisites ] [ 3 Open app ] [ 4 Use app ]

Purpose

The Devo 360 for CrowdStrike application is a pre-built knowledge base of dashboards and alerts that delivers real-time visibility and expedites analysis of Devo users’ CrowdStrike infrastructures. It helps you use the Devo Platform to optimize resources and detect threats targeting your Crowdstrile infrastructure.

Prerequisites

To use the Devo 360 Crowdstrike, you must have the following data sources available on your domain:

edr.crowdstrike.canon ^{learn more}
edr.crowdstrike.cannon.networkconnectip4 ^{learn more}
edr.crowdstrike.cannon.processrollup2 ^{learn more}
edr.crowdstrike.dnsrequest ^{learn more}
edr.crowdstrike.falconstreaming ^{learn more}
error_warning_danger_stop_fillededr.crowdstrike.falconstreaming.detection_summary ^{learn more}
edr.crowdstrike.falconstreaming.auth_activity ^{learn more}
edr.crowdstrike.falconstreaming.incide ^{learn more}
error_warning_danger_stop_fillededr.crowdstrike.falconstreaming.user_a ^{learn more}
edr.crowdstrike.falconstreaming.user_activity_quarantined_files ^{learn more}

Open app

Once the app has been installed, you can use the Open button at the top right of the card in Exchange to access it and use it as intended. You can also access the app via the Navigation pane.

Use app

Once inside the app, you can use it as required. Refer to Devo 360 for Crowdstrike for a detailed walkthrough.