CrowdStrike Core FLTR Package

This package contains a robust set of content for use with Falcon Long Term Repository (FLTR).

Important

This package should be installed in a view linked to your FLTR repo. It is not necessary or recommended to install this directly into the FLTR repo. The FLTR repo should already have the additional crowdstrike/fdr package installed, which contains the parser necessary for this data.

If both packages are mistakenly installed in the FLTR repo, go to Alerts → Scheduled Searches → FDR aidmaster Scheduled Search and uncheck Enable scheduled search followed by Save Scheduled Search. Otherwise both packages will be attempting to generate the same file. You only need the FLTR aidmaster Generation scheduled search running.

Support

This package is supported by CrowdStrike. For any assistance with installing or using the package please contact us via the support portal, or by email at logscalesupport@crowdstrike.com.

Integrations

Integrations

Packages

LogScale APIs 1.118.0-1.137.0

APIs

API Authentication

Cluster Management API

Health Check API

Ingest API

Lookup API

Redact Events API

Search API

Software Libraries

LogScale Third-Party Log Shippers

Third-Party Log Shippers