Skip to content

Category

Default category field mapping

Mapped Field Crowdstrike Event Field Example value
cs_agent_version falcon_device.agent_version 6.40.15406.0
cs_bios_mf falcon_device.bios_manufacturer hp
cs_bios_version falcon_device.bios_version s73_ver_01.08.00
cs_dv_control_applied falcon_device.device_policies.device_control.applied true
cs_dv_firewall_applied falcon_device.device_policies.firewall.applied true
cs_dv_globalconfig_applied falcon_device.device_policies.global_config.applied true
cs_dv_sensorupdate_applied falcon_device.device_policies.sensor_update.applied true
cs_uninstallprotection falcon_device.device_policies.sensor_update.uninstall_protection enabled
cs_os_major_version falcon_device.major_version 10
cs_os_platform falcon_device.platform_name windows
cs_os_name falcon_device.os_version windows_10
cs_dv_type falcon_device.product_type_desc workstation
cs_dv_status falcon_device.status normal
cs_sys_mf falcon_device.system_manufacturer hp
cs_sys_name falcon_device.system_product_name hp_elitebook_850_g7_notebook_pc
cs_external_ip falcon_device.external_ip 0.0.0.0
cs_tags falcon_device.tags{} n/a
cs_first_seen falcon_device.first_seen 02/14/22 09:52:05 MST
cs_last_seen falcon_device.first_seen 08/24/22 13:25:24 MDT
splunk_last_update n/a 08/26/22 18:54:42 MDT

Full example of category value

cs_agent_version:6.40.15406.0
cs_bios_mf:hp
cs_bios_version:s73_ver_01.08.00
cs_dv_control_applied:true
cs_dv_firewall_applied:true
cs_dv_globalconfig_applied:true
cs_dv_sensorupdate_applied:true
cs_dv_status:normal
cs_dv_type:workstation
cs_external_ip:0.0.0.0
cs_os_major_version:10
cs_os_name:windows_10
cs_os_platform:windows
cs_sys_mf:hp
cs_sys_name:hp_elitebook_850_g7_notebook_pc
cs_uninstallprotection:enabled
cs_first_seen:02/14/22 09:52:05 MST
cs_last_seen:08/24/22 13:25:24 MDT
splunk_last_updated:08/26/22 18:54:42 MDT

Last update: February 18, 2023