A number of searches in Falcon Query Language (FQL), intended for use when hunting within Crowdstrike Falcon's Threat Graph - served by docsify
These searches may not represent all data available within your tenant and searches should be reviewed before they're operationalised.
Searches may create strange values for time fields due to Splunk transforms - this can be resolved with convert ctime(timestamp/1000)
β οΈ You'll need to login to Crowdstrike before using any of the direct-search buttons.
CrowdStrike Community Work
- Reddit Community
- Crowdstrike Splunk Threat Hunting Searches - rmccurdy
- CrowdStrike Falcon Queries - pe3zx