Skip to main content
Sumo Logic

CrowdStrike Falcon Host Dashboards (Falcon Platform)

Run the CrowdStrike - Overview Dashboard in Live Mode for visibility into your CrowdStrike system.

CrowdStrike - Overview

Run the CrowdStrike - Overview Dashboard in Live Mode for visibility into your CrowdStrike system.

Events Outlier. Displays the standard deviation outliers by events distribution over time in an outlier chart on a timeline for the last hours. The number of events should be within the 3 standard deviation range.

Events Forecast. Shows the number of events historically as well as the projection of 10 minutes into the future in a line chart on a timeline for the last hour. If it is trending higher in the future than anticipated, take action to remediate the overflow of events.

Authentication Services. Provides the number of successful and failed authentications and the type of authentication the operation was requested by in a column chart for the last hour.

Detection Summary by Severity. Displays percentage of severity levels 1, 2, 3, and 4 in a pie chart for the last hour.

Detection Summary by Type. Shows the percentage of events by type in a pie chart for the last hour. For example, AV or network access, etc.

Top 50 Severity with Falcon Links. Provides a table chart of the top 50 events including the Falcon links and severity level for the last hour. Click the link to drill down into your CrowdStrike console for more information.

Severity Definition. This text Panel displays the CrowdStrike definition of severity: 1 = Informational, 2 = Low, 3 = Medium, and 4 = High.

Detection Type by Severity. Displays events by severity level in a stacked column chart for the last hour.  

Severity by Detection Type. Shows severity by detection type in a stacked column chart for the last hour.

CrowdStrike - AV Scan Result

The CrowdStrike - AV Scan Result Dashboard includes filters that you can use in Interactive Mode for visibility into your CrowdStrike system.

Severity Over Time. Displays the event distribution trend in a stacked column chart on a timeline for every 5 minutes for the last hour.  

Events Outlier. Displays the standard deviation outliers by events distribution over time on a timeline for the last hour. The number of events should be within the 3 standard deviation range.

Events Forecast. Shows the number of events historically as well as the projection of 10 minutes into the future in a predict line chart on a timeline. If it is trending higher in the future than anticipated, take action to remediate the overflow of events.

Engine by Severity. Provides a detailed view of the severity by engine in a stacked column chart for the last hour.

Host Domain by Severity. Shows the domains contributing to each severity level in a stacked column chart for the last hour.

Engine by Severity. Displays the number of events detected by each AV engine in a column chart for the last hour. The total number per engine is broken down by severity.

Top 50 Hosts by Severity. Displays the hosts with the highest number of severe events in a column chart for the last hour. The sorting order is by severity and host. The higher severity events are displayed at the top of the list.

Top 50 Usernames by Severity. Shows the user name with the highest and largest amount of severe events in a column chart for the last hour. The sorting is by severity and user name.

Top 50 Files by Severity. Provides the files with highest number of severe events in a column chart for the last hour. The sorting is severity by file name.

CrowdStrike - Authentication Service

The CrowdStrike - Authentication Service Dashboard is designed for Live Mode to provide visibility into your CrowdStrike system.

Authentication Over Time. Displays the authentication event distribution trend in a column chart on a timeline over every 5 minutes of time slices for the last three hours.

Authentication Outlier. Shows the standard deviation outliers by authentication events distribution over time on a timeline for the last three hours. The number of events should be within the 3 standard deviation range.

Failed Authentications. Provides failed authentications in a table chart including the time, user name, and the source IP for the last three hours.

Authentication Forecast. Displays the number of authentication events historically as well as the projection of 10 minutes into the future in a predict line chart on a timeline for the last three hours. If it is trending higher in the future than anticipated, take action to remediate the overflow of events.

CrowdStrike - Detection Summary

The CrowdStrike - Detection Summary Dashboard includes filters that you can use in Interactive Mode for visibility into your CrowdStrike system.

Severity Over Time. Displays the event distribution trend in a stacked column chart on a timeline for the last hour.  

Events Outlier. Shows the standard deviation outliers by events distribution over time in an outlier chart on a timeline for the last hour. The number of events should be within the 3 standard deviation range.

Events Forecast. Provides the number of historical events as well as the projection of 10 minutes into the future in a predict line chart on a timeline for the last hour. If it is trending higher in the future than anticipated, take action to remediate the overflow of events.

Host Domain by Severity. Displays the domain contribution level to each severity level in a stacked column chart for the last hour.

Top 50 Usernames by Severity. Shows the user name with the highest severity level and highest number of severe events in a column chart for the last hour. The sorting is by severity and user name.

Top 50 Messages by Severity. Provides a table chart on the highest number of severe events that includes details on messages, the severity and count. The sorting order is severity by message.

Top 50 Hosts by Severity. Provides the hosts with higher number of severe events in a column chart for the last hour. The sorting order is by severity and host. The higher severity events are displayed at top of the list.

Top 50 Files by Severity. Displays the files with highest number of severe events in a column chart for the last hour. The sorting is severity by file name.

CrowdStrike - DNS Request

The CrowdStrike DNS Request Dashboard includes filters that you can use in Interactive Mode for visibility into your CrowdStrike system.

Severity Over Time. Displays the event distribution trend in a stacked column chart on a timeline for the last hour.  

Events Outlier. Shows standard deviation outliers by events distribution over time in an outlier chart on a timeline for the last hour. The number of events should be within the 3 standard deviation range.

Events Forecast. Provides the number of events historically as well as the projection of 10 minutes into the future in a predict line chart on a timeline for the last hour. If it is trending higher in the future than anticipated, take action to remediate the overflow of events.

Host Domain by Severity. Displays the domains that contribute to each severity level in a stacked column chart for the last hour.

Top 50 Files by Severity. Shows the files with the highest number of severe events in a column chart for the last hour. The sorting is severity by file name.

Top 50 Hosts by Severity. Provides the hosts with higher number of severe events in a column chart for the last hour. The sorting order is by severity and host. The higher severity events are displayed at the top of the list.

Top 50 Usernames by Severity. Displays the user name with the highest severity and highest number of severe events in a column chart for the last hour. The sorting is by severity and user name.

CrowdStrike - Document Access

The CrowdStrike - Document Access Dashboard includes filters that you can use in Interactive Mode for visibility into your CrowdStrike system.

Severity Over Time. Displays the event distribution trend of severity over time in a stacked column chart on a timeline for the last hour.  

Events Outlier. Shows the standard deviation outliers by events distribution over time in an outlier chart on a timeline for the last hour. The number of events should be within the 3 standard deviation range.

Events Forecast. Provides the number of events historically as well as the projection of 10 minutes into the future in a predict line chart on a timeline for the last hour. If it is trending higher in the future than anticipated, take action to remediate the overflow of events.

Host Domain by Severity. Shows the domains contributing to each severity level in a stacked column chart on a timeline for the last hour.

Top 50 Documents Accessed by Severity. Displays accessed documents with the highest number of severe events in a column chart for the last hour. The sorting is severity by document accessed.

Top 50 Hosts by Severity. Shows the hosts with the highest number of severe events. The sorting order is by severity and host. The higher severity events are displayed at the top of the list.

Top 50 Usernames by Severity. Provides the user name with the highest severity and highest number of severe events in a column chart for the last hour. The sorting is by severity and user name.

Top 50 Files by Severity. Displays the files with highest number of severe events in a column chart for the last hour. The sorting is severity by file name.

CrowdStrike - Executable Written

The CrowdStrike - Executable Written Dashboard includes filters that you can use in Interactive Mode for visibility into your CrowdStrike system.

Severity Over Time. Displays the event distribution trend of severity over time in a stacked column chart on a timeline for the last hour.  

Events Outlier. Shows the standard deviation outliers by events distribution over time in an outlier chart on a timeline for the last hour. The number of events should be within the 3 standard deviation range.

Events Forecast. Provides the number of events historically as well as the projection of 10 minutes into the future in a predict line chart on a timeline for the last hour. If it is trending higher in the future than anticipated, take action to remediate the overflow of events.

Host Domain by Severity. Displays the domains contributing to each severity level in a stacked column chart for the last hour.

Top 50 Written Files by Severity. Shows the written files with the highest number of severe events in a column chart for the last hour. The sorting is severity by written file.

Top 50 Hosts by Severity. Provides the hosts with the highest number of severe events. The sorting order is by severity and host. The higher severity events are displayed at the top of the list.

Top 50 Usernames by Severity. Displays the user names with the highest severity level and the highest number of severe events in a column chart for the last hour. The sorting is by severity and user name.

Top 50 Files by Severity. Shows the files with the highest number of severe events in a column chart for the last hour. The sorting is severity by file name.

 

CrowdStrike - Network Access

The CrowdStrike - Network Access Dashboard includes filters that you can use in Interactive Mode for visibility into your CrowdStrike system.

Severity Over Time. Displays the event distribution trend of severity over time in a stacked column chart on a timeline for the last hour.  

Events Outlier. Shows the standard deviation outliers by events distribution over time in an outlier chart on a timeline for the last hour. The number of events should be within the 3 standard deviation range.

Events Forecast. Provides the number of events historically as well as the projection of 10 minutes into the future in a predict line chart on a timeline for the last hour. If it is trending higher in the future than anticipated, take action to remediate the overflow of events.

Host Domain by Severity. Displays the domains contributing to each severity level in a stacked column chart on a timeline for the last hour.

Top 50 Destination IPs by Severity. Shows the destination IP with the highest number of severe events in a column chart for the last hour. The sorting is severity by destination IP.

Top 50 Hosts by Severity. Provides the hosts with the highest number of severe events in a column chart for the last hour. The sorting order is by severity and host. The higher severity events are displayed at the top of the list.

Top 50 Usernames by Severity. Displays the user name with the highest severity and highest number of severe events. The sorting is by severity and user name.

Top 50 Files by Severity. Shows the files with the highest number of severe events in a column chart for the last hour. The sorting is severity by file name.