Skip to content
LogoLogScale DocumentationFull Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support
help

Versions of this Page

    • Integrations
      • Akamai Technologies, Inc.
        • akamai/asec
          • Package akamai/asec Release Notes
          • Parsers and Generated Fields
      • Amazon Web Services (AWS)
        • aws/s3-server-access
          • Package aws/s3-server-access Release Notes
          • Parsers and Generated Fields
        • aws/cloudtrail
          • Package aws/cloudtrail Release Notes
          • Parsers and Generated Fields
        • aws/vpcflow
          • Package aws/vpcflow Release Notes
          • Parsers and Generated Fields
        • aws/fsx
          • Package aws/fsx Release Notes
          • Parsers and Generated Fields
        • aws/guardduty
          • Package aws/guardduty Release Notes
          • Parsers and Generated Fields
        • aws/waf
          • Package aws/waf Release Notes
          • Parsers and Generated Fields
      • Apache
        • apache/http-server
          • Package apache/http-server Release Notes
          • Parsers and Generated Fields
          • Apache HTTP Server Configuration
          • Installing the Package in LogScale
          • Configure Ingest for Apache HTTP Server
          • Verify Data is Arriving in LogScale
          • Extending Parsers for Custom Logs
          • apache/http-server Dashboards
        • apache/kafka-metricbeat
          • apache/kafka-metricbeat Dashboards
      • AppOmni, Inc
        • appomni/appomni
          • Parsers and Generated Fields
      • Apple Inc.
        • apple/unifiedlog
          • Parsers and Generated Fields
      • Armis, Inc.
        • armis/centrix-iot
          • Parsers and Generated Fields
      • Asimily
        • asimily/iomt
          • Package asimily/iomt Release Notes
          • Parsers and Generated Fields
      • Broadcom Inc.
        • broadcom/proxysg
          • Package broadcom/proxysg Release Notes
          • Parsers and Generated Fields
      • Check Point Software Technologies Ltd.
        • checkpoint/ngfw
          • Package checkpoint/ngfw Release Notes
          • Parsers and Generated Fields
      • Cisco Systems, Inc.
        • cisco/duo
          • Package cisco/duo Release Notes
          • Parsers and Generated Fields
        • cisco/umbrella
          • Package cisco/umbrella Release Notes
          • Parsers and Generated Fields
        • cisco/meraki
          • Package cisco/meraki Release Notes
          • Parsers and Generated Fields
        • cisco/asa
          • Package cisco/asa Release Notes
          • cisco/asa Dashboards
        • cisco/firepower
          • Parsers and Generated Fields
        • cisco/ise
          • Package cisco/ise Release Notes
          • Parsers and Generated Fields
        • cisco/ios
          • Package cisco/ios Release Notes
          • Parsers and Generated Fields
      • Citrix Systems, Inc.
        • citrix/netscaler
          • Package citrix/netscaler Release Notes
          • Parsers and Generated Fields
      • Claroty Ltd.
        • claroty/ctd
          • Package claroty/ctd Release Notes
          • Parsers and Generated Fields
      • Cloudflare, Inc.
        • cloudflare/area1emailsecurity
          • Installing the Package
          • Configuring Ingest for Cloudflare Area 1 Logs
          • Verify Data is Arriving in LogScale
          • cloudflare/area1emailsecurity Dashboards
        • cloudflare/zerotrust
          • Package cloudflare/zerotrust Release Notes
          • Parsers and Generated Fields
      • Corelight
        • corelight/threathuntingguide
          • Parsers and Generated Fields
          • Using Corelight Packages
          • Sample Queries
          • Zeek (Bro) Network Security Monitor
      • CrowdStrike Holdings, Inc.
        • crowdstrike/siem-connector
          • crowdstrike/siem-connector Dashboards
        • crowdstrike/fdr
          • Parsers and Generated Fields
          • crowdstrike/fdr Dashboards
        • crowdstrike/fltr-tutorial
          • Package crowdstrike/fltr-tutorial Release Notes
          • crowdstrike/fltr-tutorial Dashboards
        • crowdstrike/intel-indicators
          • crowdstrike/intel-indicators Dashboards
        • crowdstrike/falcon-devices
          • crowdstrike/falcon-devices Dashboards
        • crowdstrike/logscale-slack
        • crowdstrike/ioc
          • Package crowdstrike/ioc Release Notes
          • crowdstrike/ioc Dashboards
        • crowdstrike/logscale-splunk-on-call
        • crowdstrike/fltr-core
          • Package crowdstrike/fltr-core Release Notes
          • crowdstrike/fltr-core Dashboards
        • crowdstrike/fltr-firewall-adversaries
          • crowdstrike/fltr-firewall-adversaries Dashboards
        • crowdstrike/fltr-lolbins
          • Package crowdstrike/fltr-lolbins Release Notes
        • crowdstrike/logscale-pagerduty
        • crowdstrike/logscale-opsgenie
        • crowdstrike/fltr-identityprotection
          • Package crowdstrike/fltr-identityprotection Release Notes
          • crowdstrike/fltr-identityprotection Dashboards
        • crowdstrike/spotlight
          • Package crowdstrike/spotlight Release Notes
          • crowdstrike/spotlight Dashboards
      • CyberArk
        • cyberark/pam
          • cyberark/pam Dashboards
        • cyberark/vault
          • cyberark/vault Dashboards
      • Darktrace Limited
        • darktrace/detect
          • Package darktrace/detect Release Notes
          • Parsers and Generated Fields
      • Dell, Inc.
        • dell/isilon
          • Package dell/isilon Release Notes
          • Parsers and Generated Fields
      • Docker
        • docker/metrics
          • docker/metrics Dashboards
      • Dragos
      • ExtraHop Networks, Inc.
        • extrahop/revealx
          • extrahop/revealx Dashboards
      • F5, Inc.
        • f5networks/big-ip-apm
          • Package f5networks/big-ip-apm Release Notes
          • Parsers and Generated Fields
        • f5networks/bigip
          • Package f5networks/bigip Release Notes
          • Parsers and Generated Fields
      • Forcepoint LLC
        • forcepoint/dlp
          • Package forcepoint/dlp Release Notes
          • Parsers and Generated Fields
      • Fortinet Inc.
        • fortinet/fortimail
          • Package fortinet/fortimail Release Notes
          • Parsers and Generated Fields
        • fortinet/fortigate
          • Package fortinet/fortigate Release Notes
          • Parsers and Generated Fields
      • Github
        • github/events
          • github/events Dashboards
      • Google
        • google/chronicle-ioc
          • Parsers and Generated Fields
          • google/chronicle-ioc Dashboards
        • google/gcp-audit
          • google/gcp-audit Dashboards
        • google/chronicle-alerts
          • Parsers and Generated Fields
          • google/chronicle-alerts Dashboards
        • google/chrome-enterprise-security-events
          • Package google/chrome-enterprise-security-events Release Notes
          • Parsers and Generated Fields
          • google/chrome-enterprise-security-events Dashboards
      • HAProxy Technologies LLC
        • haproxy/haproxy
          • Package haproxy/haproxy Release Notes
          • Parsers and Generated Fields
      • HPE Aruba Networking
        • aruba/clearpass
          • Package aruba/clearpass Release Notes
          • Parsers and Generated Fields
      • Humio
        • humio/insights
          • Package humio/insights Release Notes
          • Parsers and Generated Fields
          • humio/insights Dashboards
        • humio/vector-metrics
          • humio/vector-metrics Dashboards
        • humio/activity
          • humio/activity Dashboards
      • Imperva, Inc.
        • imperva/cloud-waf
          • Package imperva/cloud-waf Release Notes
          • Parsers and Generated Fields
          • imperva/cloud-waf Dashboards
      • Infoblox
        • infoblox/nios
          • Package infoblox/nios Release Notes
          • Parsers and Generated Fields
      • Island Technology, Inc
        • island/island
          • Package island/island Release Notes
          • Parsers and Generated Fields
          • island/island Dashboards
      • Juniper Networks, Inc.
        • juniper/srx
          • Package juniper/srx Release Notes
          • Parsers and Generated Fields
      • Linux
        • linux/system-logs
          • Package linux/system-logs Release Notes
          • linux/system-logs Dashboards
      • Medigate
      • Microsoft Corporation
        • microsoft/microsoft365
          • Package microsoft/microsoft365 Release Notes
          • Parsers and Generated Fields
          • microsoft/microsoft365 Dashboards
        • microsoft/dhcp-server
          • Package microsoft/dhcp-server Release Notes
          • Parsers and Generated Fields
        • microsoft/iis
          • Parsers and Generated Fields
          • Microsoft IIS Server Configuration
          • Installing the Package in LogScale
          • Configure Ingest for Microsoft IIS Server
          • Verify Data is Arriving in LogScale
          • Extending Parsers for Custom Logs
          • microsoft/iis Dashboards
        • microsoft/windows-dns-debug
          • Package microsoft/windows-dns-debug Release Notes
          • Parsers and Generated Fields
        • microsoft/dhcp-client
          • Package microsoft/dhcp-client Release Notes
          • Parsers and Generated Fields
        • microsoft/sysmon
          • Package microsoft/sysmon Release Notes
          • Parsers and Generated Fields
      • Mimecast Services Ltd.
        • mimecast/email-security
          • mimecast/email-security Dashboards
      • Netgate
        • netgate/pfsense
          • Package netgate/pfsense Release Notes
          • Parsers and Generated Fields
      • Netskope, Inc.
        • netskope/casb
          • Package netskope/casb Release Notes
          • netskope/casb Dashboards
      • Nginx
        • nginx/nginx
          • Package nginx/nginx Release Notes
          • Parsers and Generated Fields
          • NGINX Server Configuration
          • Installing the Package in LogScale
          • Configure Ingest for Nginx Server logs
          • Verify Data is Arriving in LogScale
          • Extending Parsers for Custom Access Logs
          • nginx/nginx Dashboards
      • Nozomi Networks Inc
        • nozomi/ids
          • Package nozomi/ids Release Notes
          • Parsers and Generated Fields
      • Obsidian Security, Inc.
        • obsidiansecurity/actionnotification
          • Parsers and Generated Fields
          • obsidiansecurity/actionnotification Dashboards
      • Okta, Inc.
        • okta/sso
          • Package okta/sso Release Notes
          • Parsers and Generated Fields
      • One Identity LLC
        • oneidentity/onelogin
          • Parsers and Generated Fields
      • Ordr Inc
        • ordr/ordr
          • Parsers and Generated Fields
          • ordr/ordr Dashboards
      • Palo Alto Networks, Inc.
        • paloalto/firewall
          • Package paloalto/firewall Release Notes
          • Parsers and Generated Fields
        • palo-alto/prisma-sd-wan
          • Package palo-alto/prisma-sd-wan Release Notes
          • Parsers and Generated Fields
      • Ping Identity Corporation
        • pingidentity/pingone
          • Package pingidentity/pingone Release Notes
          • Parsers and Generated Fields
          • Install the Package in LogScale
          • Configure Ingest for PingOne Service
          • Verify Data is Arriving in LogScale
          • pingidentity/pingone Dashboards
      • Proofpoint, Inc.
        • proofpoint/tap-siem-api
          • Package proofpoint/tap-siem-api Release Notes
          • Parsers and Generated Fields
      • Radware, Inc.
        • radware/alteon
          • Parsers and Generated Fields
      • RedHat, Inc.
        • redhat/ansible
          • Package redhat/ansible Release Notes
          • Parsers and Generated Fields
          • redhat/ansible Dashboards
      • Robust Intelligence
      • Rubrik, Inc.
        • rubrik/security-cloud
          • Package rubrik/security-cloud Release Notes
          • Parsers and Generated Fields
          • rubrik/security-cloud Dashboards
      • Ruby
        • ruby/logger
          • Parsers and Generated Fields
          • ruby/logger Dashboards
      • ServiceNow
        • servicenow/servicenow
          • Installing the Package in LogScale
          • servicenow/servicenow Dashboards
      • Talon
        • talon/talon-cyber-security
          • Parsers and Generated Fields
          • Configure the integration from the Talon Management Console
          • Verify Data is Arriving in LogScale
          • talon/talon-cyber-security Dashboards
      • Tausight Inc.
        • tausight/ephi-risk-posture
          • Package tausight/ephi-risk-posture Release Notes
          • Parsers and Generated Fields
      • Trellix
        • trellix/fireeye-nx
          • Package trellix/fireeye-nx Release Notes
          • Parsers and Generated Fields
      • Vectra
        • vectra/detections
          • vectra/detections Dashboards
      • Zoom Video Communications, Inc.
        • zoom/qss
          • Package zoom/qss Release Notes
          • Parsers and Generated Fields
      • Zscaler, Inc.
        • zscaler/deception
          • Package zscaler/deception Release Notes
          • Parsers and Generated Fields
        • zscaler/internet-access
          • Package zscaler/internet-access Release Notes
          • Parsers and Generated Fields
          • Example Queries
          • zscaler/internet-access Dashboards
        • zscaler/private-access
          • Package zscaler/private-access Release Notes
          • Parsers and Generated Fields
    • Packages
      • Install & Update Packages
      • Package Marketplace
      • Create a Package
      • Package File Formats
      • Referencing Package Assets
      • Developer Guidelines
        • Improve & Create Packages
        • Data Ingest Guidelines
        • Asset Guidelines
          • Parsers Best Practices
          • LogScale Query Language Best Practices
          • Dashboard Best Practices
          • Dashboard Widgets
          • Alerts and Saved Searches Best Practices
          • Naming and Informational Notes
        • Package Content Guide
        • Submission Guidelines
      • Insights Package
        • Insights Overview Dashboard
        • Insights Ingest Dashboard
        • Insights Hosts Dashboard
        • Bucket Storage Dashboard
        • Kafka Dashboard
        • Insights Search Dashboard
        • Request-Response
        • Insights Segments & Datasources Dashboard
        • Insights Errors Dashboard
    • Other Integrations
      • Tines Alerts
      • XSOAR Security Management
      • Prometheus
      • Kubernetes Log Format
      • Grafana
      • Cribl CrowdStream
        • Simple or Complex Routing?
        • Navigate Between User Interfaces
        • Configure a Source
        • Configure a Destination
        • Connect: Passthru, Pipeline, or Pack
        • Commit/Deploy Config Changes
        • Moving Ahead with CrowdStream
    • Log Formats
      • NetFlow Log Format
      • Heroku Log Format
      • Linux
        • Linux System Logs
      • Azure Service Fabric Log Format
      • Docker Log Format
      • Kafka Connect Log Format
Falcon LogScale Documentation
/ Integrations
/ Packages
/ Developer Guidelines for Packages

Asset Guidelines

Now you have your logs being sent to LogScale the next step is to create the assets which will be included in the package.

  • Parsers Best Practices

  • LogScale Query Language Best Practices

  • Dashboard Best Practices

  • Dashboard Widgets

  • Alerts and Saved Searches Best Practices

  • Naming and Informational Notes

Support
  • Twitter
  • Facebook
  • LinkedIn
  • Youtube

© 2024 CrowdStrike All other marks contained herein are the property of their respective owners.

Children of this Page

Parsers Best Practices
LogScale Query Language Best Practices
Dashboard Best Practices
Dashboard Widgets
Alerts and Saved Searches Best Practices
Naming and Informational Notes

Enter search term