CrowdStrike Parsing Standard Release Notes

The following changes have been identified between releases of the Crowdstrike Parsing Standard.

1.0.0

The Parsing Standard was previously embedded in the old Package Standards document. That document still exists to document our approach to packages as a whole, but the parsing standard has been extracted so it can be referenced outside of packages. Going forward, the PaSta acronym refers to the parsing standard only.

Compared to the previous standard from the Package Standards document, the Parsing Standard is changed in the following ways:

Adds new fields to tag
Removes the Product field, replaced by guidelines for event.module and event.dataset
Removes the event.code field (to be reinstated later)
Removes the related fields
Normalises values for a range of new fields

CrowdStrike Parsing Standard (CPS) 1.0

Variations to the ECS

Vendor Guidelines

event.module Guidelines

CPS Release Notes

CrowdStrike Parsing Standard Release Notes

1.0.0

Enter search term