crowdstrike/falcon-devices Dashboards | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

crowdstrike/falcon-devices Dashboards

CrowdStrike Falcon Devices: Overview

Widget	Description	Type
Mac Devices	Hide Query Show Query logscale `?CID platform_name="Mac" \| count(field=device_id, distinct=True) \| count:= rename(_count) \| sort(count)`	`Gauge`
Total Hosts	Hide Query Show Query logscale `?CID device_id=* \| count(field=device_id, distinct=True, as="Device Count")`	`Gauge`
Mobile	Hide Query Show Query logscale `?CID "product_type_desc" = Mobile \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Devices in Reduced Functionality Mode	Hide Query Show Query logscale `?CID reduced_functionality_mode=yes \| count(field=device_id, distinct=True, as="Device Count")`	`Gauge`
Workstations	Hide Query Show Query logscale `?CID "product_type_desc" = Workstation \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Linux Devices	Hide Query Show Query logscale `?CID platform_name="Linux" \| count(field=device_id, distinct=True) \| count:= rename(_count) \| sort(count)`	`Gauge`
Servers	Hide Query Show Query logscale `?CID "product_type_desc" = Server \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Device Count by Agent Version	Hide Query Show Query logscale `?CID \| groupBy("agent_version", function=count(field=device_id, distinct=True)) \| "Number of Devices" := rename(_count)`	`Bar Chart`
Devices with Uninstall Protection Disabled	Hide Query Show Query logscale `?CID device_policies.sensor_update.uninstall_protection=DISABLED \| count(field=device_id, distinct=True, as="Device Count")`	`Gauge`
Windows Devices	Hide Query Show Query logscale `?CID platform_name="Windows" \| count(field=device_id, distinct=True) \| count:= rename(_count) \| sort(count)`	`Gauge`
End Search Time	Start time={{endTime}}	`Note`
Pod	Hide Query Show Query logscale `?CID "product_type_desc" = Pod \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Domain Controllers	Displays a list of the number of domain controllers. Hide Query Show Query logscale `?CID "product_type_desc" = "Domain Controller" \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
CrowdStrike Customer ID Being Searched	CID: {{parameterCID}}	`Note`
Start Search Time	Start time={{startTime}}	`Note`

CrowdStrike Falcon Devices: Policies

Widget	Description	Type
Start Search Time	Start time={{startTime}}	`Note`
Number of Device Control Policies	Displays the device control policies in a human-readable JSON format. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.device_control.policy_id", distinct=True)`	`Gauge`
Hosts without Device Control Policy Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.device_control.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Number of Real Time Response Policies	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.remote_response.policy_id", distinct=True)`	`Gauge`
Firewall Policy Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.firewall.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Firewall Policy Not Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.firewall.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Hosts without Prevention Policies Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.prevention.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Hosts with Device Control Policy Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.device_control.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Number of Firewall Policies	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.firewall.policy_id", distinct=True)`	`Gauge`
Hosts with Remote Response Policy Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.remote_response.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Hosts without Remote Response Policy Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.remote_response.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Number of Prevention Policies	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.prevention.policy_id", distinct=True)`	`Gauge`
Number of Global Configuration Policies	Displays a list of global configuration policies by device. Hide Query Show Query logscale `cid=?CID \| count(field="device_policies.global_config.policy_id", distinct=True)`	`Gauge`
Hosts without Sensor Update Policy Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.sensor_update.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Number of Sensor Update Policies	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.sensor_update.policy_id", distinct=True)`	`Gauge`
Hosts with Global Configuration Policy Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.global_config.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Hosts without Global Configuration Policy Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.global_config.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Hosts with Sensor Update Policy Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.sensor_update.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Hosts with Prevention Policies Applied	Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.prevention.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
End Search Time	End Time={{endTime}}	`Note`
CrowdStrike Customer ID Being Searched	CID: {{parameterCID}}	`Note`

Enter search term