This Humio Package gives content to Humio that can aid and assist in formatting and parsing of data coming from CrowdStrike's Falcon platform with FDR.
The utiities are based on the data ingested are coming from the FDR parser bundled with the Humio package crowdstrike/fdr
.
For ingesting the data this project assumes the use of fdr2humio project.
Documentation for understanding FDR and the events given, please refer to the documentation within the Falcon Platform.
This repository is still under development. Content, guidance, documentation etc. will be added on an ongoing basis.
All documentation for this project can be found within the wiki.
This is a sample repo started from posting on a post from Cool Query Friday at r/crowdstrike.
Please feel free tro contribute at any time by doing a PR.