CrowdStrike

CrowdStrike Destination Plugin

CrowdStrike is a cloud-based endpoint security platform that provides threat detection, response, and prevention capabilities. The CrowdStrike Logs Destination Plugin in Calyptia Core allows you to easily send endpoint security logs and telemetry data generated by your CrowdStrike platform to your Calyptia Core pipeline. With this plugin, you can configure your pipeline to collect and analyze endpoint security logs and telemetry data from your CrowdStrike environment in real-time. This allows you to identify and respond to security threats quickly and efficiently, helping to keep your systems and data secure.

Configuration Parameters

The following are configuration Parameters for CrowStrike Destination Plugin.

Key	Description
Host	IP address or hostname of the Log Scale Server
Port	Port
Headers	Add the Humio Ingest Token after the Bearer

Key

Description

Host

IP address or hostname of the Log Scale Server

Port

Headers

Add the Humio Ingest Token after the Bearer

The following are Advanced configuration Parameters for CrowStrike Destination Plugin.

Key	Description
URI	Specify an optional HTTP URI for the target web server, e.g: /something
Format	Specify the data format to be used in the HTTP request body, by default it uses json_lines. Other supported formats are json and json_stream.
Compress	Set payload compression mechanism.
HTTP Proxy	Specify an HTTP Proxy. The expected format of this value is http://host:port.
JSON Date Format	Specify the format of the date, supported formats: double, iso8601 (e.g: 2018-05-30T09:39:52.000681Z), java_sql_timestamp (e.g: 2018-05-30 09:39:52.000681, useful for AWS Athena), and epoch.
JSON Date Key	Specify the name of the date field in output
Body Key	Specify the key which contains the body
Header Tag	Set a HTTP header which value is the tag of the record
Header Key	Specify the key which contains the headers

Key

Description

URI

Specify an optional HTTP URI for the target web server, e.g: /something

Format

Specify the data format to be used in the HTTP request body, by default it uses json_lines. Other supported formats are json and json_stream.

Compress

Set payload compression mechanism.

HTTP Proxy

Specify an HTTP Proxy. The expected format of this value is http://host:port.

JSON Date Format

Specify the format of the date, supported formats: double, iso8601 (e.g: 2018-05-30T09:39:52.000681Z), java_sql_timestamp (e.g: 2018-05-30 09:39:52.000681, useful for AWS Athena), and epoch.

JSON Date Key

Specify the name of the date field in output

Body Key

Specify the key which contains the body

Header Tag

Set a HTTP header which value is the tag of the record

Header Key

Specify the key which contains the headers

The following are Security and TLS configuration Parameters for CrowStrike Destination Plugin.

Key	Description
TLS	Enable or Disable TLS/SSL support
TLS Certificate Validation	Turn TLS/SSL certificate validation on / off, TLS must be on for this setting to be enabled.
TLS Debug Level	Set TLS debug verbosity level. It accepts the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), and 4 Verbose
CA Certificate File Path	Absolute path to CA certificate file
Certificate File Path	Absolute path to Certificate file
Private key File Path	Absolute path to private Key file
Private Key Path Password	Optional password for tls.key_file file
TLS SNI Hostname Extension	Hostname to be used for TLS SNI Extension

Key

Description

TLS

Enable or Disable TLS/SSL support

TLS Certificate Validation

Turn TLS/SSL certificate validation on / off, TLS must be on for this setting to be enabled.

TLS Debug Level

Set TLS debug verbosity level. It accepts the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), and 4 Verbose

CA Certificate File Path

Absolute path to CA certificate file

Certificate File Path

Absolute path to Certificate file

Private key File Path

Absolute path to private Key file

Private Key Path Password

Optional password for tls.key_file file

TLS SNI Hostname Extension

Hostname to be used for TLS SNI Extension

The following are Advanced Networking configuration Parameters for CrowStrike Destination Plugin.

Key	Description
DNS Mode	Select the primary DNS connection type (TCP or UDP)
DNS Resolver	Select the primary DNS connection type (TCP or UDP)
Prefer IPv4	Prioritize IPv4 DNS results when trying to establish a connection
Keepalive	Enable or disable Keepalive support
Keepalive Idle Timeout	Set maximum time allowed for an idle Keepalive connection
Max Connect Timeout	Set maximum time allowed to establish a connection, this time includes the TLS handshake
Max Connect Timeout Log Error	On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message
Max Keepalive Recycle	Set maximum number of times a keepalive connection can be used before it is retired.
Source Address	Specify network address to bind for data traffic

Key

Description

DNS Mode

Select the primary DNS connection type (TCP or UDP)

DNS Resolver

Select the primary DNS connection type (TCP or UDP)

Prefer IPv4

Prioritize IPv4 DNS results when trying to establish a connection

Keepalive

Enable or disable Keepalive support

Keepalive Idle Timeout

Set maximum time allowed for an idle Keepalive connection

Max Connect Timeout

Set maximum time allowed to establish a connection, this time includes the TLS handshake

Max Connect Timeout Log Error

On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message

Max Keepalive Recycle

Set maximum number of times a keepalive connection can be used before it is retired.

Source Address

Specify network address to bind for data traffic

PreviousSlack NextAmazon S3

Last updated 10 months ago