Category¶

Default category field mapping¶

Mapped Field	Crowdstrike Event Field	Example value
cs_agent_version	`falcon_device.agent_version`	6.40.15406.0
cs_bios_mf	`falcon_device.bios_manufacturer`	hp
cs_bios_version	`falcon_device.bios_version`	s73_ver_01.08.00
cs_dv_control_applied	`falcon_device.device_policies.device_control.applied`	true
cs_dv_firewall_applied	`falcon_device.device_policies.firewall.applied`	true
cs_dv_globalconfig_applied	`falcon_device.device_policies.global_config.applied`	true
cs_dv_sensorupdate_applied	`falcon_device.device_policies.sensor_update.applied`	true
cs_uninstallprotection	`falcon_device.device_policies.sensor_update.uninstall_protection`	enabled
cs_os_major_version	`falcon_device.major_version`	10
cs_os_platform	`falcon_device.platform_name`	windows
cs_os_name	`falcon_device.os_version`	windows_10
cs_dv_type	`falcon_device.product_type_desc`	workstation
cs_dv_status	`falcon_device.status`	normal
cs_sys_mf	`falcon_device.system_manufacturer`	hp
cs_sys_name	`falcon_device.system_product_name`	hp_elitebook_850_g7_notebook_pc
cs_external_ip	`falcon_device.external_ip`	0.0.0.0
cs_tags	`falcon_device.tags{}`	n/a
cs_first_seen	`falcon_device.first_seen`	02/14/22 09:52:05 MST
cs_last_seen	`falcon_device.first_seen`	08/24/22 13:25:24 MDT
splunk_last_update	n/a	08/26/22 18:54:42 MDT

Full example of category value¶

cs_agent_version:6.40.15406.0
cs_bios_mf:hp
cs_bios_version:s73_ver_01.08.00
cs_dv_control_applied:true
cs_dv_firewall_applied:true
cs_dv_globalconfig_applied:true
cs_dv_sensorupdate_applied:true
cs_dv_status:normal
cs_dv_type:workstation
cs_external_ip:0.0.0.0
cs_os_major_version:10
cs_os_name:windows_10
cs_os_platform:windows
cs_sys_mf:hp
cs_sys_name:hp_elitebook_850_g7_notebook_pc
cs_uninstallprotection:enabled
cs_first_seen:02/14/22 09:52:05 MST
cs_last_seen:08/24/22 13:25:24 MDT
splunk_last_updated:08/26/22 18:54:42 MDT

Last update: February 18, 2023