Skip to content
LogoLogScale DocumentationFull Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support
help

Versions of this Page

    • Integrations
      • Akamai Technologies, Inc.
        • akamai/asec
          • Package akamai/asec Release Notes
          • Parsers and Generated Fields
      • Amazon Web Services (AWS)
        • aws/guardduty
          • Package aws/guardduty Release Notes
          • Parsers and Generated Fields
        • aws/vpcflow
          • Package aws/vpcflow Release Notes
          • Parsers and Generated Fields
        • aws/fsx
          • Package aws/fsx Release Notes
          • Parsers and Generated Fields
        • aws/s3-server-access
          • Package aws/s3-server-access Release Notes
          • Parsers and Generated Fields
        • aws/cloudtrail
          • Package aws/cloudtrail Release Notes
          • Parsers and Generated Fields
        • aws/waf
          • Package aws/waf Release Notes
          • Parsers and Generated Fields
      • Apache
        • apache/kafka-metricbeat
          • apache/kafka-metricbeat Dashboards
        • apache/http-server
          • Package apache/http-server Release Notes
          • Parsers and Generated Fields
          • Apache HTTP Server Configuration
          • Installing the Package in LogScale
          • Configure Ingest for Apache HTTP Server
          • Verify Data is Arriving in LogScale
          • Extending Parsers for Custom Logs
          • apache/http-server Dashboards
      • AppOmni, Inc
        • appomni/appomni
          • Parsers and Generated Fields
      • Apple Inc.
        • apple/unifiedlog
          • Parsers and Generated Fields
      • Armis, Inc.
        • armis/centrix-iot
          • Parsers and Generated Fields
      • Asimily
        • asimily/iomt
          • Package asimily/iomt Release Notes
          • Parsers and Generated Fields
      • Broadcom Inc.
        • broadcom/proxysg
          • Package broadcom/proxysg Release Notes
          • Parsers and Generated Fields
      • Check Point Software Technologies Ltd.
        • checkpoint/ngfw
          • Package checkpoint/ngfw Release Notes
          • Parsers and Generated Fields
      • Cisco Systems, Inc.
        • cisco/duo
          • Package cisco/duo Release Notes
          • Parsers and Generated Fields
        • cisco/ios
          • Package cisco/ios Release Notes
          • Parsers and Generated Fields
        • cisco/ise
          • Package cisco/ise Release Notes
          • Parsers and Generated Fields
        • cisco/asa
          • Package cisco/asa Release Notes
          • cisco/asa Dashboards
        • cisco/firepower
          • Parsers and Generated Fields
        • cisco/meraki
          • Package cisco/meraki Release Notes
          • Parsers and Generated Fields
        • cisco/umbrella
          • Package cisco/umbrella Release Notes
          • Parsers and Generated Fields
      • Citrix Systems, Inc.
        • citrix/netscaler
          • Package citrix/netscaler Release Notes
          • Parsers and Generated Fields
      • Claroty Ltd.
        • claroty/ctd
          • Package claroty/ctd Release Notes
          • Parsers and Generated Fields
      • Cloudflare, Inc.
        • cloudflare/area1emailsecurity
          • Installing the Package
          • Configuring Ingest for Cloudflare Area 1 Logs
          • Verify Data is Arriving in LogScale
          • cloudflare/area1emailsecurity Dashboards
        • cloudflare/zerotrust
          • Package cloudflare/zerotrust Release Notes
          • Parsers and Generated Fields
      • Corelight
        • corelight/threathuntingguide
          • Parsers and Generated Fields
          • Using Corelight Packages
          • Sample Queries
          • Zeek (Bro) Network Security Monitor
      • CrowdStrike Holdings, Inc.
        • crowdstrike/fltr-tutorial
          • Package crowdstrike/fltr-tutorial Release Notes
          • crowdstrike/fltr-tutorial Dashboards
        • crowdstrike/fltr-core
          • Package crowdstrike/fltr-core Release Notes
          • crowdstrike/fltr-core Dashboards
        • crowdstrike/fdr
          • Parsers and Generated Fields
          • crowdstrike/fdr Dashboards
        • crowdstrike/fltr-firewall-adversaries
          • crowdstrike/fltr-firewall-adversaries Dashboards
        • crowdstrike/ioc
          • Package crowdstrike/ioc Release Notes
          • crowdstrike/ioc Dashboards
        • crowdstrike/falcon-devices
          • crowdstrike/falcon-devices Dashboards
        • crowdstrike/intel-indicators
          • crowdstrike/intel-indicators Dashboards
        • crowdstrike/fltr-identityprotection
          • Package crowdstrike/fltr-identityprotection Release Notes
          • crowdstrike/fltr-identityprotection Dashboards
        • crowdstrike/logscale-slack
        • crowdstrike/logscale-opsgenie
        • crowdstrike/fltr-lolbins
          • Package crowdstrike/fltr-lolbins Release Notes
        • crowdstrike/siem-connector
          • crowdstrike/siem-connector Dashboards
        • crowdstrike/logscale-pagerduty
        • crowdstrike/spotlight
          • Package crowdstrike/spotlight Release Notes
          • crowdstrike/spotlight Dashboards
        • crowdstrike/logscale-splunk-on-call
      • CyberArk
        • cyberark/pam
          • cyberark/pam Dashboards
        • cyberark/vault
          • cyberark/vault Dashboards
      • Darktrace Limited
        • darktrace/detect
          • Package darktrace/detect Release Notes
          • Parsers and Generated Fields
      • Dell, Inc.
        • dell/isilon
          • Package dell/isilon Release Notes
          • Parsers and Generated Fields
      • Docker
        • docker/metrics
          • docker/metrics Dashboards
      • Dragos
      • ExtraHop Networks, Inc.
        • extrahop/revealx
          • extrahop/revealx Dashboards
      • F5, Inc.
        • f5networks/big-ip-apm
          • Package f5networks/big-ip-apm Release Notes
          • Parsers and Generated Fields
        • f5networks/bigip
          • Package f5networks/bigip Release Notes
          • Parsers and Generated Fields
      • Forcepoint LLC
        • forcepoint/dlp
          • Package forcepoint/dlp Release Notes
          • Parsers and Generated Fields
      • Fortinet Inc.
        • fortinet/fortigate
          • Package fortinet/fortigate Release Notes
          • Parsers and Generated Fields
        • fortinet/fortimail
          • Package fortinet/fortimail Release Notes
          • Parsers and Generated Fields
      • Github
        • github/events
          • github/events Dashboards
      • Google
        • google/chronicle-ioc
          • Parsers and Generated Fields
          • google/chronicle-ioc Dashboards
        • google/chronicle-alerts
          • Parsers and Generated Fields
          • google/chronicle-alerts Dashboards
        • google/chrome-enterprise-security-events
          • Package google/chrome-enterprise-security-events Release Notes
          • Parsers and Generated Fields
          • google/chrome-enterprise-security-events Dashboards
        • google/gcp-audit
          • google/gcp-audit Dashboards
      • HAProxy Technologies LLC
        • haproxy/haproxy
          • Package haproxy/haproxy Release Notes
          • Parsers and Generated Fields
      • HPE Aruba Networking
        • aruba/clearpass
          • Package aruba/clearpass Release Notes
          • Parsers and Generated Fields
      • Humio
        • humio/insights
          • Package humio/insights Release Notes
          • Parsers and Generated Fields
          • humio/insights Dashboards
        • humio/vector-metrics
          • humio/vector-metrics Dashboards
        • humio/activity
          • humio/activity Dashboards
      • Imperva, Inc.
        • imperva/cloud-waf
          • Package imperva/cloud-waf Release Notes
          • Parsers and Generated Fields
          • imperva/cloud-waf Dashboards
      • Infoblox
        • infoblox/nios
          • Package infoblox/nios Release Notes
          • Parsers and Generated Fields
      • Island Technology, Inc
        • island/island
          • Package island/island Release Notes
          • Parsers and Generated Fields
          • island/island Dashboards
      • Juniper Networks, Inc.
        • juniper/srx
          • Package juniper/srx Release Notes
          • Parsers and Generated Fields
      • Linux
        • linux/system-logs
          • Package linux/system-logs Release Notes
          • linux/system-logs Dashboards
      • Medigate
      • Microsoft Corporation
        • microsoft/iis
          • Parsers and Generated Fields
          • Microsoft IIS Server Configuration
          • Installing the Package in LogScale
          • Configure Ingest for Microsoft IIS Server
          • Verify Data is Arriving in LogScale
          • Extending Parsers for Custom Logs
          • microsoft/iis Dashboards
        • microsoft/sysmon
          • Package microsoft/sysmon Release Notes
          • Parsers and Generated Fields
        • microsoft/dhcp-server
          • Package microsoft/dhcp-server Release Notes
          • Parsers and Generated Fields
        • microsoft/microsoft365
          • Package microsoft/microsoft365 Release Notes
          • Parsers and Generated Fields
          • microsoft/microsoft365 Dashboards
        • microsoft/windows-dns-debug
          • Package microsoft/windows-dns-debug Release Notes
          • Parsers and Generated Fields
        • microsoft/dhcp-client
          • Package microsoft/dhcp-client Release Notes
          • Parsers and Generated Fields
      • Mimecast Services Ltd.
        • mimecast/email-security
          • mimecast/email-security Dashboards
      • Netgate
        • netgate/pfsense
          • Package netgate/pfsense Release Notes
          • Parsers and Generated Fields
      • Netskope, Inc.
        • netskope/casb
          • Package netskope/casb Release Notes
          • netskope/casb Dashboards
      • Nginx
        • nginx/nginx
          • Package nginx/nginx Release Notes
          • Parsers and Generated Fields
          • NGINX Server Configuration
          • Installing the Package in LogScale
          • Configure Ingest for Nginx Server logs
          • Verify Data is Arriving in LogScale
          • Extending Parsers for Custom Access Logs
          • nginx/nginx Dashboards
      • Nozomi Networks Inc
        • nozomi/ids
          • Package nozomi/ids Release Notes
          • Parsers and Generated Fields
      • Obsidian Security, Inc.
        • obsidiansecurity/actionnotification
          • Parsers and Generated Fields
          • obsidiansecurity/actionnotification Dashboards
      • Okta, Inc.
        • okta/sso
          • Package okta/sso Release Notes
          • Parsers and Generated Fields
      • One Identity LLC
        • oneidentity/onelogin
          • Parsers and Generated Fields
      • Ordr Inc
        • ordr/ordr
          • Parsers and Generated Fields
          • ordr/ordr Dashboards
      • Palo Alto Networks, Inc.
        • palo-alto/prisma-sd-wan
          • Package palo-alto/prisma-sd-wan Release Notes
          • Parsers and Generated Fields
        • paloalto/firewall
          • Package paloalto/firewall Release Notes
          • Parsers and Generated Fields
      • Ping Identity Corporation
        • pingidentity/pingone
          • Package pingidentity/pingone Release Notes
          • Parsers and Generated Fields
          • Install the Package in LogScale
          • Configure Ingest for PingOne Service
          • Verify Data is Arriving in LogScale
          • pingidentity/pingone Dashboards
      • Proofpoint, Inc.
        • proofpoint/tap-siem-api
          • Package proofpoint/tap-siem-api Release Notes
          • Parsers and Generated Fields
      • Radware, Inc.
        • radware/alteon
          • Parsers and Generated Fields
      • RedHat, Inc.
        • redhat/ansible
          • Package redhat/ansible Release Notes
          • Parsers and Generated Fields
          • redhat/ansible Dashboards
      • Robust Intelligence
      • Rubrik, Inc.
        • rubrik/security-cloud
          • Package rubrik/security-cloud Release Notes
          • Parsers and Generated Fields
          • rubrik/security-cloud Dashboards
      • Ruby
        • ruby/logger
          • Parsers and Generated Fields
          • ruby/logger Dashboards
      • ServiceNow
        • servicenow/servicenow
          • Installing the Package in LogScale
          • servicenow/servicenow Dashboards
      • Talon
        • talon/talon-cyber-security
          • Parsers and Generated Fields
          • Configure the integration from the Talon Management Console
          • Verify Data is Arriving in LogScale
          • talon/talon-cyber-security Dashboards
      • Tausight Inc.
        • tausight/ephi-risk-posture
          • Package tausight/ephi-risk-posture Release Notes
          • Parsers and Generated Fields
      • Trellix
        • trellix/fireeye-nx
          • Package trellix/fireeye-nx Release Notes
          • Parsers and Generated Fields
      • Vectra
        • vectra/detections
          • vectra/detections Dashboards
      • Zoom Video Communications, Inc.
        • zoom/qss
          • Package zoom/qss Release Notes
          • Parsers and Generated Fields
      • Zscaler, Inc.
        • zscaler/deception
          • Package zscaler/deception Release Notes
          • Parsers and Generated Fields
        • zscaler/private-access
          • Package zscaler/private-access Release Notes
          • Parsers and Generated Fields
        • zscaler/internet-access
          • Package zscaler/internet-access Release Notes
          • Parsers and Generated Fields
          • Example Queries
          • zscaler/internet-access Dashboards
    • Packages
      • Install & Update Packages
      • Package Marketplace
      • Create a Package
      • Package File Formats
      • Referencing Package Assets
      • Developer Guidelines
        • Improve & Create Packages
        • Data Ingest Guidelines
        • Asset Guidelines
          • Parsers Best Practices
          • LogScale Query Language Best Practices
          • Dashboard Best Practices
          • Dashboard Widgets
          • Alerts and Saved Searches Best Practices
          • Naming and Informational Notes
        • Package Content Guide
        • Submission Guidelines
      • Insights Package
        • Insights Overview Dashboard
        • Insights Ingest Dashboard
        • Insights Hosts Dashboard
        • Bucket Storage Dashboard
        • Kafka Dashboard
        • Insights Search Dashboard
        • Request-Response
        • Insights Segments & Datasources Dashboard
        • Insights Errors Dashboard
    • Other Integrations
      • Tines Alerts
      • XSOAR Security Management
      • Prometheus
      • Kubernetes Log Format
      • Grafana
      • Cribl CrowdStream
        • Simple or Complex Routing?
        • Navigate Between User Interfaces
        • Configure a Source
        • Configure a Destination
        • Connect: Passthru, Pipeline, or Pack
        • Commit/Deploy Config Changes
        • Moving Ahead with CrowdStream
    • Log Formats
      • NetFlow Log Format
      • Heroku Log Format
      • Linux
        • Linux System Logs
      • Azure Service Fabric Log Format
      • Docker Log Format
      • Kafka Connect Log Format
Falcon LogScale Documentation
/ Integrations

Corelight

VendorCorelight

Available packages:

  • corelight/threathuntingguide

    Corelight Network Sensors

Support
  • Twitter
  • Facebook
  • LinkedIn
  • Youtube

© 2024 CrowdStrike All other marks contained herein are the property of their respective owners.

Children of this Page

corelight/threathuntingguide
Parsers and Generated Fields
Using Corelight Packages
Sample Queries
Zeek (Bro) Network Security Monitor

Enter search term