CrowdStrike
CrowdStrike Destination Plugin
CrowdStrike is a cloud-based endpoint security platform that provides threat detection, response, and prevention capabilities. The CrowdStrike Logs Destination Plugin in Calyptia Core allows you to easily send endpoint security logs and telemetry data generated by your CrowdStrike platform to your Calyptia Core pipeline. With this plugin, you can configure your pipeline to collect and analyze endpoint security logs and telemetry data from your CrowdStrike environment in real-time. This allows you to identify and respond to security threats quickly and efficiently, helping to keep your systems and data secure.
The following are configuration Parameters for CrowStrike Destination Plugin.
Key | Description |
---|---|
Host | IP address or hostname of the Log Scale Server |
Port | Port |
Headers | Add the Humio Ingest Token after the Bearer |
The following are Advanced configuration Parameters for CrowStrike Destination Plugin.
Key | Description |
---|---|
URI | Specify an optional HTTP URI for the target web server, e.g: /something |
Format | Specify the data format to be used in the HTTP request body, by default it uses json_lines. Other supported formats are json and json_stream. |
Compress | Set payload compression mechanism. |
HTTP Proxy | Specify an HTTP Proxy. The expected format of this value is http://host:port. |
JSON Date Format | Specify the format of the date, supported formats: double, iso8601 (e.g: 2018-05-30T09:39:52.000681Z), java_sql_timestamp (e.g: 2018-05-30 09:39:52.000681, useful for AWS Athena), and epoch. |
JSON Date Key | Specify the name of the date field in output |
Body Key | Specify the key which contains the body |
Header Tag | Set a HTTP header which value is the tag of the record |
Header Key | Specify the key which contains the headers |
The following are Security and TLS configuration Parameters for CrowStrike Destination Plugin.
Key | Description |
---|---|
TLS | Enable or Disable TLS/SSL support |
TLS Certificate Validation | Turn TLS/SSL certificate validation on / off, TLS must be on for this setting to be enabled. |
TLS Debug Level | Set TLS debug verbosity level. It accepts the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), and 4 Verbose |
CA Certificate File Path | Absolute path to CA certificate file |
Certificate File Path | Absolute path to Certificate file |
Private key File Path | Absolute path to private Key file |
Private Key Path Password | Optional password for tls.key_file file |
TLS SNI Hostname Extension | Hostname to be used for TLS SNI Extension |
The following are Advanced Networking configuration Parameters for CrowStrike Destination Plugin.
Key | Description |
---|---|
DNS Mode | Select the primary DNS connection type (TCP or UDP) |
DNS Resolver | Select the primary DNS connection type (TCP or UDP) |
Prefer IPv4 | Prioritize IPv4 DNS results when trying to establish a connection |
Keepalive | Enable or disable Keepalive support |
Keepalive Idle Timeout | Set maximum time allowed for an idle Keepalive connection |
Max Connect Timeout | Set maximum time allowed to establish a connection, this time includes the TLS handshake |
Max Connect Timeout Log Error | On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message |
Max Keepalive Recycle | Set maximum number of times a keepalive connection can be used before it is retired. |
Source Address | Specify network address to bind for data traffic |
Last modified 2mo ago