crowdstrike/falcon-devices Dashboards

CrowdStrike Falcon Devices: Overview

The CrowdStrike Falcon Devices Overview dashboard provides real-time visibility into device status, security events, and system health metrics. This dashboard enables monitoring and analysis of device behavior across your environment.
CrowdStrike Falcon Devices: Policies

The CrowdStrike Falcon Devices Policies dashboard displays policy enforcement status and configuration details for protected devices. This dashboard tracks policy compliance and security settings across your device fleet.

CrowdStrike Falcon Devices: Overview

The CrowdStrike Falcon Devices Overview dashboard provides real-time visibility into device status, security events, and system health metrics. This dashboard enables monitoring and analysis of device behavior across your environment.

Example of a Falcon Devices Overview dashboard

Widget	Description	Type
Mac Devices	Displays connected Mac devices by device ID. Hide Query Show Query Explain Query logscale `?CID platform_name="Mac" \| count(field=device_id, distinct=True) \| count:= rename(_count) \| sort(count)`	`Gauge`
Total Hosts	Displays a list of total hosts by device ID. Hide Query Show Query Explain Query logscale `?CID device_id=* \| count(field=device_id, distinct=True, as="Device Count")`	`Gauge`
Mobile	Displays a list of mobile devices, their ID, and the total number of devices. Hide Query Show Query Explain Query logscale `?CID "product_type_desc" = Mobile \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Devices in Reduced Functionality Mode	Displays device IDs in reduced functionality mode. Hide Query Show Query Explain Query logscale `?CID reduced_functionality_mode=yes \| count(field=device_id, distinct=True, as="Device Count")`	`Gauge`
Workstations	Displays the number of workstations by device ID. Hide Query Show Query Explain Query logscale `?CID "product_type_desc" = Workstation \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Linux Devices	Displays Linux devices by device ID. Hide Query Show Query Explain Query logscale `?CID platform_name="Linux" \| count(field=device_id, distinct=True) \| count:= rename(_count) \| sort(count)`	`Gauge`
Servers	Displays a list of servers by device ID and states the number of devices. Hide Query Show Query Explain Query logscale `?CID "product_type_desc" = Server \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Device Count by Agent Version	Displays a chart of device counts by agent version. Hide Query Show Query Explain Query logscale `?CID \| groupBy("agent_version", function=count(field=device_id, distinct=True)) \| "Number of Devices" := rename(_count)`	`Bar Chart`
Devices with Uninstall Protection Disabled	Displays a list of devices with uninstall protection disabled by device ID. Hide Query Show Query Explain Query logscale `?CID device_policies.sensor_update.uninstall_protection=DISABLED \| count(field=device_id, distinct=True, as="Device Count")`	`Gauge`
Windows Devices	Displays the number of connected Windows devices by device ID. Hide Query Show Query Explain Query logscale `?CID platform_name="Windows" \| count(field=device_id, distinct=True) \| count:= rename(_count) \| sort(count)`	`Gauge`
End Search Time	Start time={{endTime}}	`Note`
Pod	Displays a count of pods using device ID data. Hide Query Show Query Explain Query logscale `?CID "product_type_desc" = Pod \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Domain Controllers	Displays a list of the number of domain controllers. Hide Query Show Query Explain Query logscale `?CID "product_type_desc" = "Domain Controller" \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
CrowdStrike Customer ID Being Searched	CID: {{parameterCID}}	`Note`
Start Search Time	Start time={{startTime}}	`Note`

CrowdStrike Falcon Devices: Policies

The CrowdStrike Falcon Devices Policies dashboard displays policy enforcement status and configuration details for protected devices. This dashboard tracks policy compliance and security settings across your device fleet.

Example of a Falcon Devices Policies dashboard

Widget	Description	Type
Start Search Time	Start time={{startTime}}	`Note`
Number of Device Control Policies	Displays the device control policies in a human-readable JSON format. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.device_control.policy_id", distinct=True)`	`Gauge`
Hosts without Device Control Policy Applied	Displays devices without a control policy applied by device ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.device_control.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Number of Real Time Response Policies	Displays the number of real time response policies for a given device. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.remote_response.policy_id", distinct=True)`	`Gauge`
Firewall Policy Applied	Displays a list of devices with a firewall policy applied, organized by device ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.firewall.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Firewall Policy Not Applied	Displays devices and their ID information whose firewall policy is not applied. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.firewall.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Hosts without Prevention Policies Applied	Displays a list of hosts by user ID that do not have prevention policies applied. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.prevention.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Hosts with Device Control Policy Applied	Displays hosts with their device control policy applied by device ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.device_control.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Number of Firewall Policies	Displays a list of firewall policies by policy ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.firewall.policy_id", distinct=True)`	`Gauge`
Hosts with Remote Response Policy Applied	Displays a list of hosts with remote response policies applied by device ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.remote_response.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Hosts without Remote Response Policy Applied	Displays hosts without their remote response policy applied using device ID data. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.remote_response.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Number of Prevention Policies	Displays the number of prevention policies present by policy ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.prevention.policy_id", distinct=True)`	`Gauge`
Number of Global Configuration Policies	Displays a list of global configuration policies by device. Hide Query Show Query Explain Query logscale `cid=?CID \| count(field="device_policies.global_config.policy_id", distinct=True)`	`Gauge`
Hosts without Sensor Update Policy Applied	Displays a list of hosts that do not have an updated sensor policy applied, identified by device ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.sensor_update.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Number of Sensor Update Policies	Displays the number of sensor update policies by ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.sensor_update.policy_id", distinct=True)`	`Gauge`
Hosts with Global Configuration Policy Applied	Displays a list of hosts with a global configuration policy applied by device ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.global_config.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Hosts without Global Configuration Policy Applied	Displays hosts without their global configuration policy applied by device ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.global_config.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Hosts with Sensor Update Policy Applied	Displays hosts with a sensor policy update applied by device ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.sensor_update.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Hosts with Prevention Policies Applied	Displays a list of hosts with prevention policies applied by device ID. Hide Query Show Query Explain Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.prevention.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
End Search Time	End Time={{endTime}}	`Note`
CrowdStrike Customer ID Being Searched	CID: {{parameterCID}}	`Note`

Versions of this Page

Package Marketplace

Package Reference

Dashboard Reference

Package Management

Other Integrations

Log Formats

crowdstrike/falcon-devices Dashboards

CrowdStrike Falcon Devices: Overview

CrowdStrike Falcon Devices: Policies

Enter search term