crowdstrike/fltr-tutorial

VendorCrowdStrike Holdings, Inc.Parsers
AuthorCrowdStrikeDashboards
Version0.6.0Alerts
Minimum LogScale Version1.77.0Actions
  Scheduled Searches

This package includes a dashboard-based tutorial for using Falcon Long Term Repository (FLTR). It includes a lead-through of the following tutorial elements:

  • UI basics

  • Event tags

  • Field names

  • Comments

  • Timestamps

  • Assignment

  • Regular expressions

  • Case statements

  • Functions

  • Formatting query input

  • The groupBy() function

  • Parameters

  • Visualizations

  • Widget formatting

  • The match() function

  • Field extraction

  • Query building

  • Hyperlinks

  • Query examples