Synthetic data: Crowdstrike injection
Purpose
Injection to provide sample data to test the Activeboards “CrowdStrike Detections Navigator and CrowdStrike Endpoints Overview and the App Devo 360 for CrowdStrike.
This is a one shot injection of the table edr.crowdstrike.falconstreaming.detection_summary
learn more and the events of the file are sent at a frequency of 1 second.
Open synthetic data
Once the synthetic data has been launched, you can use the Open button at the top right of the card in Exchange to access the search window, where you can check the data table with the synthetic data. You can also access the data table using finders or LINQ via the Navigation pane (Data Search area → Explore your data tab).
Use synthetic data
After launching the synthetic data, you can use it in various contexts, such as the search window to perform operations to analyze the data, Activeboards to visualize and analyze the data graphically, or alerts to specify conditions to find anomalous events.
Synthetic data included inside a use case perform a key role in it, as they provide the necessary data to successfully understand what the use case intends to demonstrate.