Skip to content
This repository was archived by the owner on Apr 10, 2024. It is now read-only.

joshhighet/csfalcon

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.github
.github
 
 
assets
assets
 
 
docs
docs
 
 
fql
fql
 
 
.gitignore
.gitignore
 
 
CNAME
CNAME
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
_navbar.md
_navbar.md
 
 
_sidebar.md
_sidebar.md
 
 
index.html
index.html
 
 

Repository files navigation

SPL/FQL Threat Hunting Reference Guide

A number of searches in Falcon Query Language (FQL), intended for use when hunting within Crowdstrike Falcon's Threat Graph - served by docsify

These searches may not represent all data available within your tenant and searches should be reviewed before they're operationalised.

Searches may create strange values for time fields due to Splunk transforms - this can be resolved with convert ctime(timestamp/1000)

⚠️ You'll need to login to Crowdstrike before using any of the direct-search buttons.

CrowdStrike Community Work

spaceinvaders.mp4

csfalcon.thetadev.services

About

crowdstrike hunting, tips & triccs 🦅 🖥 😶‍🌫️

csfalcon.thetadev.services

Resources

Readme

Security policy

Security policy
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 100.0%