crowdstrike/falcon-devices Dashboards | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

crowdstrike/falcon-devices Dashboards

CrowdStrike Falcon Devices: Overview

Widget	Description	Type
Mac Devices	Displays connected Mac devices by device ID. Hide Query Show Query logscale `?CID platform_name="Mac" \| count(field=device_id, distinct=True) \| count:= rename(_count) \| sort(count)`	`Gauge`
Total Hosts	Displays a list of total hosts by device ID. Hide Query Show Query logscale `?CID device_id=* \| count(field=device_id, distinct=True, as="Device Count")`	`Gauge`
Mobile	Displays a list of mobile devices, their ID, and the total number of devices. Hide Query Show Query logscale `?CID "product_type_desc" = Mobile \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Devices in Reduced Functionality Mode	Displays device IDs in reduced functionality mode. Hide Query Show Query logscale `?CID reduced_functionality_mode=yes \| count(field=device_id, distinct=True, as="Device Count")`	`Gauge`
Workstations	Displays the number of workstations by device ID. Hide Query Show Query logscale `?CID "product_type_desc" = Workstation \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Linux Devices	Displays Linux devices by device ID. Hide Query Show Query logscale `?CID platform_name="Linux" \| count(field=device_id, distinct=True) \| count:= rename(_count) \| sort(count)`	`Gauge`
Servers	Displays a list of servers by device ID and states the number of devices. Hide Query Show Query logscale `?CID "product_type_desc" = Server \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Device Count by Agent Version	Displays a chart of device counts by agent version. Hide Query Show Query logscale `?CID \| groupBy("agent_version", function=count(field=device_id, distinct=True)) \| "Number of Devices" := rename(_count)`	`Bar Chart`
Devices with Uninstall Protection Disabled	Displays a list of devices with uninstall protection disabled by device ID. Hide Query Show Query logscale `?CID device_policies.sensor_update.uninstall_protection=DISABLED \| count(field=device_id, distinct=True, as="Device Count")`	`Gauge`
Windows Devices	Displays the number of connected Windows devices by device ID. Hide Query Show Query logscale `?CID platform_name="Windows" \| count(field=device_id, distinct=True) \| count:= rename(_count) \| sort(count)`	`Gauge`
End Search Time	Start time={{endTime}}	`Note`
Pod	Displays a count of pods using device ID data. Hide Query Show Query logscale `?CID "product_type_desc" = Pod \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
Domain Controllers	Displays a list of the number of domain controllers. Hide Query Show Query logscale `?CID "product_type_desc" = "Domain Controller" \| count(field=device_id, distinct=True) \| "Number of Devices" := rename(_count)`	`Gauge`
CrowdStrike Customer ID Being Searched	CID: {{parameterCID}}	`Note`
Start Search Time	Start time={{startTime}}	`Note`

CrowdStrike Falcon Devices: Policies

Widget	Description	Type
Start Search Time	Start time={{startTime}}	`Note`
Number of Device Control Policies	Displays the device control policies in a human-readable JSON format. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.device_control.policy_id", distinct=True)`	`Gauge`
Hosts without Device Control Policy Applied	Displays devices without a control policy applied by device ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.device_control.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Number of Real Time Response Policies	Displays the number of real time response policies for a given device. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.remote_response.policy_id", distinct=True)`	`Gauge`
Firewall Policy Applied	Displays a list of devices with a firewall policy applied, organized by device ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.firewall.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Firewall Policy Not Applied	Displays devices and their ID information whose firewall policy is not applied. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.firewall.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Hosts without Prevention Policies Applied	Displays a list of hosts by user ID that do not have prevention policies applied. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.prevention.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Hosts with Device Control Policy Applied	Displays hosts with their device control policy applied by device ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.device_control.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Number of Firewall Policies	Displays a list of firewall policies by policy ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.firewall.policy_id", distinct=True)`	`Gauge`
Hosts with Remote Response Policy Applied	Displays a list of hosts with remote response policies applied by device ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.remote_response.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Hosts without Remote Response Policy Applied	Displays hosts without their remote response policy applied using device ID data. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.remote_response.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Number of Prevention Policies	Displays the number of prevention policies present by policy ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.prevention.policy_id", distinct=True)`	`Gauge`
Number of Global Configuration Policies	Displays a list of global configuration policies by device. Hide Query Show Query logscale `cid=?CID \| count(field="device_policies.global_config.policy_id", distinct=True)`	`Gauge`
Hosts without Sensor Update Policy Applied	Displays a list of hosts that do not have an updated sensor policy applied, identified by device ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.sensor_update.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Number of Sensor Update Policies	Displays the number of sensor update policies by ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| count(field="device_policies.sensor_update.policy_id", distinct=True)`	`Gauge`
Hosts with Global Configuration Policy Applied	Displays a list of hosts with a global configuration policy applied by device ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.global_config.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Hosts without Global Configuration Policy Applied	Displays hosts without their global configuration policy applied by device ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.global_config.applied=false \| count(field="device_id", distinct=True)`	`Gauge`
Hosts with Sensor Update Policy Applied	Displays hosts with a sensor policy update applied by device ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.sensor_update.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
Hosts with Prevention Policies Applied	Displays a list of hosts with prevention policies applied by device ID. Hide Query Show Query logscale `json:prettyPrint() \| cid=?CID \| device_policies.prevention.applied=true \| count(field="device_id", distinct=True)`	`Gauge`
End Search Time	End Time={{endTime}}	`Note`
CrowdStrike Customer ID Being Searched	CID: {{parameterCID}}	`Note`

Enter search term