The ITSI Content Pack for CrowdStrike-Falcon from Kinney Group is specifically designed to monitor system health related to the CrowdStrike Falcon platform. It leverages Splunk ITSI to provide in-depth analysis and visualization of detections, incidents, indicators, and authentications for CrowdStrike Falcon, ensuring critical systems are operating optimally. This content pack is an essential tool for IT professionals looking to enhance the reliability and performance of their security infrastructure.
- Comprehensive Performance Monitoring: Offers detailed insights into the health and performance of the CrowdStrike Falcon system, including detections, incidents, indicators, and authentications.
- Critical System Status Tracking: Monitors the real-time operational status of CrowdStrike Falcon components, helping IT professionals swiftly identify and address potential issues.
- Enhanced Security Efficiency: Facilitates better decision-making on security measures and system adjustments by analyzing performance trends and detecting inefficiencies across the infrastructure.
This ITSI Content Pack is open source and available for community collaboration and enhancement on GitHub.
For more information about Kinney Group's Splunk Products, visit our website.
The ITSI Content Pack for CrowdStrike-Falcon contains service definitions and KPIs ready to import to ITSI. The KPI Thresholds and importance values are set to defaults so that they can be tuned manually for your use case. After configuration, this content pack provides a comprehensive view of the health and performance of the CrowdStrike Falcon system.
Kinney Group ITSI Content Pack Blog
For more information about Kinney Group's Splunk Products, visit our website.
CrowdStrike Falcon monitoring encompasses several specialized services, each targeting specific aspects of system performance:
- System Health
- Description: Monitors the overall health and performance of the CrowdStrike Falcon system.
- Detections
- Description: Monitors detections which may indicate a security threat.
- Incidents
- Description: Monitors incident scores, which are calculated based on patterns in detections found over time.
- Indicators
- Description: Monitors indicator security events.
- Authentication
- Description: Monitors authentication events in the CrowdStrike Falcon system.
Services are interconnected; for instance, System Health is dependent on the health of Detections, Incidents, Indicators, and Authentication to provide a comprehensive view of system health.
Some services form a hierarchy, such as System Health depending on the status of Detections, Incidents, Indicators, and Authentication, illustrating a layered approach to performance monitoring where base metrics support broader performance indicators.
Kinney Group ITSI Content Pack Blog
To provide feedback, visit our Github and Readme for our content packs.
For more information about Kinney Group's Splunk Products, visit our website.
| Version | Date | Description |
|---|---|---|
| 0.0.1 | 06/06/2024 | Initial Preview Release |