crowdstrike/spotlight Dashboards

CrowdStrike Falcon Spotlight: Overview

The Falcon Spotlight Overview dashboard provides comprehensive visibility into vulnerability trends and metrics through interconnected visualizations. This dashboard enables security teams to monitor vulnerability status, track remediation progress, and identify critical exposure points across the environment.
CrowdStrike Falcon Spotlight: Severity Details

The Falcon Spotlight Severity Details dashboard presents in-depth vulnerability analysis through detailed severity-based visualizations. This dashboard enables security teams to investigate vulnerability distributions, examine aging patterns, and prioritize remediation efforts based on severity levels.

CrowdStrike Falcon Spotlight: Overview

The Falcon Spotlight Overview dashboard provides comprehensive visibility into vulnerability trends and metrics through interconnected visualizations. This dashboard enables security teams to monitor vulnerability status, track remediation progress, and identify critical exposure points across the environment.

Example of the Spotlight Overview dashboard

Widget	Description	Type
Total Status: Open	Displays the total number of open status vulnerabilities. Hide Query Show Query Explain Query logscale `?CID status=open \| count()`	`Gauge`
Start Search Time	Start time={{startTime}}	`Note`
Total Status: Closed	Displays the total number of vulnerability events with a closed status. Hide Query Show Query Explain Query logscale `status=closed \| count()`	`Gauge`
Top Vulnerable Hosts	Displays the top 10 hosts with open vulnerabilities. Hide Query Show Query Explain Query logscale `status=open \| eval("Hostname" = host_info.hostname) \| top(field="Hostname",limit=10, as="Number of Vulerabilities")`	`Table`
CVE Severity Reported Over Time	Displays a chart of CVE severity reported over time. Hide Query Show Query Explain Query logscale `timeChart(cve.severity)`	`Time Chart`
Top CVE IDs	Shows the top 10 CVE IDs by the number of open vulnerabilities by host. Hide Query Show Query Explain Query logscale `status = open \| eval("CVE ID" = cve.id) \| top(field="CVE ID",limit=10, as="IMPACTED HOSTS")`	`Table`
End Search Time	End Time={{endTime}}	`Note`
CrowdStrike Customer ID Being Searched	CID: {{parameters[CID]}}	`Note`

CrowdStrike Falcon Spotlight: Severity Details

The Falcon Spotlight Severity Details dashboard presents in-depth vulnerability analysis through detailed severity-based visualizations. This dashboard enables security teams to investigate vulnerability distributions, examine aging patterns, and prioritize remediation efforts based on severity levels.

Example of the Spotlight Severity Details dashboard

Widget	Description	Type
High Severity	Displays events with a high severity rating. Hide Query Show Query Explain Query logscale `?CID cve.severity=HIGH \| count()`	`Gauge`
Total Critical Severity	Total number of Critical Vulnerabilities Hide Query Show Query Explain Query logscale `?CID cve.severity=CRITICAL \| count()`	`Gauge`
Active Low Severity Vulnerabilities	Displays the total count of open vulnerabilities with a low severity Hide Query Show Query Explain Query logscale `?CID status=open \| cve.severity=LOW \| count()`	`Gauge`
Top 10 Hosts: Active Low Severity	Shows the top 10 hosts with active low severity vulnerabilities. Hide Query Show Query Explain Query logscale `?CID status=open cve.severity=LOW \| eval("Hostname" = host_info.hostname) \| top(field="Hostname",limit=10, as="Number of Vulerabilities")`	`Table`
Low Severity	Shows the count of low severity CVE vulnerabilities within the given time frame. Hide Query Show Query Explain Query logscale `?CID cve.severity=LOW \| count()`	`Gauge`
Top 10 Hosts: Active Medium Severity	Displays the top 10 hosts with active medium severity vulnerabilities. Hide Query Show Query Explain Query logscale `?CID status=open cve.severity=MEDIUM \| eval("Hostname" = host_info.hostname) \| top(field="Hostname",limit=10, as="Number of Vulerabilities")`	`Table`
Top 10 Hosts: Active High Severity	Displays the top 10 active hosts with high severity vulnerabilities. Hide Query Show Query Explain Query logscale `?CID status=open cve.severity=HIGH \| eval("Hostname" = host_info.hostname) \| top(field="Hostname",limit=10, as="Number of Vulerabilities")`	`Table`
Active Medium Severity Vulnerabilities	Displays the current number of open medium rated vulnerabilities. Hide Query Show Query Explain Query logscale `?CID status=open \| cve.severity=MEDIUM \| count()`	`Gauge`
Stop Search Time	End time={{endTime}}	`Note`
Active High Severity Vulnerabilities	Displays the number of open high severity vulnerabilities. Hide Query Show Query Explain Query logscale `?CID \| status=open cve.severity=HIGH\| count()`	`Gauge`
Top 10 Hosts: Active Critical Severity	Displays the top 10 hosts with active critical severity vulnerabilities Hide Query Show Query Explain Query logscale `?CID status=open cve.severity=CRITICAL \| eval("Hostname" = host_info.hostname) \| top(field="Hostname",limit=10, as="Number of Vulerabilities")`	`Table`
Active Critical Severity Vulnerabilities	Displays the number of open critical severity vulnerabilities. Hide Query Show Query Explain Query logscale `?CID status=open cve.severity=CRITICAL \| count()`	`Gauge`
Total Medium Severity	Displays a list of all medium severity events. Hide Query Show Query Explain Query logscale `?CID cve.severity=MEDIUM \| count()`	`Gauge`
CrowdStrike Customer ID Being Searched	CID: {{parameters[CID]}}	`Note`
Start Search Time	Start time={{startTime}}	`Note`

Versions of this Page

Package Marketplace

Package Reference

Dashboard Reference

Package Management

Other Integrations

Log Formats

crowdstrike/spotlight Dashboards

CrowdStrike Falcon Spotlight: Overview

CrowdStrike Falcon Spotlight: Severity Details

Enter search term