crowdstrike/spotlight Dashboards | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

crowdstrike/spotlight Dashboards

CrowdStrike Falcon Spotlight: Overview

Widget	Description	Type
Total Status: Open	Displays the total number of open status vulnerabilities. Hide Query Show Query logscale `?CID status=open \| count()`	`Gauge`
Start Search Time	Start time={{startTime}}	`Note`
Total Status: Closed	Displays the total number of vulnerability events with a closed status. Hide Query Show Query logscale `status=closed \| count()`	`Gauge`
Top Vulnerable Hosts	Displays the top 10 hosts with open vulnerabilities. Hide Query Show Query logscale `status=open \| eval("Hostname" = host_info.hostname) \| top(field="Hostname",limit=10, as="Number of Vulerabilities")`	`Table`
CVE Severity Reported Over Time	Displays a chart of CVE severity reported over time. Hide Query Show Query logscale `timeChart(cve.severity)`	`Time Chart`
Top CVE IDs	Shows the top 10 CVE IDs by the number of open vulnerabilities by host. Hide Query Show Query logscale `status = open \| eval("CVE ID" = cve.id) \| top(field="CVE ID",limit=10, as="IMPACTED HOSTS")`	`Table`
End Search Time	End Time={{endTime}}	`Note`
CrowdStrike Customer ID Being Searched	CID: {{parameters[CID]}}	`Note`

CrowdStrike Falcon Spotlight: Severity Details

Widget	Description	Type
High Severity	Displays events with a high severity rating. Hide Query Show Query logscale `?CID cve.severity=HIGH \| count()`	`Gauge`
Total Critical Severity	Total number of Critical Vulnerabilities Hide Query Show Query logscale `?CID cve.severity=CRITICAL \| count()`	`Gauge`
Active Low Severity Vulnerabilities	Displays the total count of open vulnerabilities with a low severity Hide Query Show Query logscale `?CID status=open \| cve.severity=LOW \| count()`	`Gauge`
Top 10 Hosts: Active Low Severity	Shows the top 10 hosts with active low severity vulnerabilities. Hide Query Show Query logscale `?CID status=open cve.severity=LOW \| eval("Hostname" = host_info.hostname) \| top(field="Hostname",limit=10, as="Number of Vulerabilities")`	`Table`
Low Severity	Shows the count of low severity CVE vulnerabilities within the given time frame. Hide Query Show Query logscale `?CID cve.severity=LOW \| count()`	`Gauge`
Top 10 Hosts: Active Medium Severity	Displays the top 10 hosts with active medium severity vulnerabilities. Hide Query Show Query logscale `?CID status=open cve.severity=MEDIUM \| eval("Hostname" = host_info.hostname) \| top(field="Hostname",limit=10, as="Number of Vulerabilities")`	`Table`
Top 10 Hosts: Active High Severity	Displays the top 10 active hosts with high severity vulnerabilities. Hide Query Show Query logscale `?CID status=open cve.severity=HIGH \| eval("Hostname" = host_info.hostname) \| top(field="Hostname",limit=10, as="Number of Vulerabilities")`	`Table`
Active Medium Severity Vulnerabilities	Displays the current number of open medium rated vulnerabilities. Hide Query Show Query logscale `?CID status=open \| cve.severity=MEDIUM \| count()`	`Gauge`
Stop Search Time	End time={{endTime}}	`Note`
Active High Severity Vulnerabilities	Displays the number of open high severity vulnerabilities. Hide Query Show Query logscale `?CID \| status=open cve.severity=HIGH\| count()`	`Gauge`
Top 10 Hosts: Active Critical Severity	Displays the top 10 hosts with active critical severity vulnerabilities Hide Query Show Query logscale `?CID status=open cve.severity=CRITICAL \| eval("Hostname" = host_info.hostname) \| top(field="Hostname",limit=10, as="Number of Vulerabilities")`	`Table`
Active Critical Severity Vulnerabilities	Displays the number of open critical severity vulnerabilities. Hide Query Show Query logscale `?CID status=open cve.severity=CRITICAL \| count()`	`Gauge`
Total Medium Severity	Displays a list of all medium severity events. Hide Query Show Query logscale `?CID cve.severity=MEDIUM \| count()`	`Gauge`
CrowdStrike Customer ID Being Searched	CID: {{parameters[CID]}}	`Note`
Start Search Time	Start time={{startTime}}	`Note`

Enter search term