Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/crowdstrike/foundry-tutorial-threat-hunting

Create a threat hunting dashboard and set it as your app's home page. Schedule an email to regularly provide the security team with a list of hosts exhibiting suspicious DNS activity.

https://github.com/crowdstrike/foundry-tutorial-threat-hunting

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (10.6%) to scientific vocabulary

Keywords

dashboards falcon-foundry workflow-templates
Last synced: 9 months ago · JSON representation

Repository

Create a threat hunting dashboard and set it as your app's home page. Schedule an email to regularly provide the security team with a list of hosts exhibiting suspicious DNS activity.

Basic Info
Statistics
  • Stars: 1
  • Watchers: 4
  • Forks: 0
  • Open Issues: 1
  • Releases: 0
Topics
dashboards falcon-foundry workflow-templates
Created about 1 year ago · Last pushed about 1 year ago
Metadata Files
Readme License Code of conduct Security

README.md

CrowdStrike CrowdStrike

CrowdStrike Subreddit

Threat Hunting tutorial Foundry app

[!IMPORTANT]
To view this tutorial and import the app, you need access to the Falcon console.

This code is the result of doing the Falcon Foundry Create a Threat Hunting Dashboard and Scheduled Report tutorial.

Prerequisites

  • Falcon Insight XDR or Falcon Prevent (one app)
  • Falcon Next-Gen SIEM or Falcon Foundry (1+ apps depending on entitlement)

Getting Started

  1. Download this repository as a zip file.
  2. Log in to the Falcon console and go to Foundry > App manager.
  3. Click Import app and select the zip file you downloaded.
  4. Click Import.

[!TIP] * If you get an error that the name already exists, change the name to something unique to your CID when importing the app. * The Suspicious_DNS_Activity_Email.yml workflow has multi_instance enabled which allows multiple instances of a workflow for the same CID. This configuration is not included in this repo's tutorial.

Links

This example uses the following CrowdStrike products:

Help

Please post any questions as issues in this repo, ask for help in our CrowdStrike subreddit, or post your question to our Foundry Developer Community.

Support

The foundry-tutorial-threat-hunting repo is the resulting code from doing the Foundry Create a Threat Hunting Dashboard and Scheduled Report tutorial. While not a formal CrowdStrike product, foundry-tutorial-threat-hunting is maintained by CrowdStrike and supported in partnership with the open source developer community.

License

MIT, see LICENSE.

Owner

  • Name: CrowdStrike
  • Login: CrowdStrike
  • Kind: organization
  • Email: github@crowdstrike.com
  • Location: United States of America

GitHub Events

Total
  • Watch event: 2
  • Delete event: 1
  • Push event: 2
  • Public event: 1
  • Pull request review comment event: 1
  • Pull request review event: 2
  • Pull request event: 3
  • Create event: 2
Last Year
  • Watch event: 2
  • Delete event: 1
  • Push event: 2
  • Public event: 1
  • Pull request review comment event: 1
  • Pull request review event: 2
  • Pull request event: 3
  • Create event: 2

Committers

Last synced: 12 months ago

All Time
  • Total Commits: 6
  • Total Committers: 2
  • Avg Commits per committer: 3.0
  • Development Distribution Score (DDS): 0.167
Past Year
  • Commits: 6
  • Committers: 2
  • Avg Commits per committer: 3.0
  • Development Distribution Score (DDS): 0.167
Top Committers
Name Email Commits
Matt Raible m****e@c****m 5
Shalabh Sharma s****a@c****m 1
Committer Domains (Top 20 + Academic)
crowdstrike.com: 2

Issues and Pull Requests

Last synced: 12 months ago

All Time
  • Total issues: 1
  • Total pull requests: 5
  • Average time to close issues: 27 days
  • Average time to close pull requests: 2 days
  • Total issue authors: 1
  • Total pull request authors: 2
  • Average comments per issue: 0.0
  • Average comments per pull request: 0.0
  • Merged pull requests: 4
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 1
  • Pull requests: 5
  • Average time to close issues: 27 days
  • Average time to close pull requests: 2 days
  • Issue authors: 1
  • Pull request authors: 2
  • Average comments per issue: 0.0
  • Average comments per pull request: 0.0
  • Merged pull requests: 4
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
  • mraible (1)
Pull Request Authors
  • mraible (6)
  • ssharma12-cs (1)
Top Labels
Issue Labels
Pull Request Labels