{ "name": "CrowdstrikeFalcon_getDeviceAlerts", "version": "1.0", "author": "Fabien Bloume, StrangeBee", "url": "https://github.com/TheHive-Project/Cortex-Analyzers", "license": "AGPL-V3", "baseConfig": "CrowdstrikeFalcon", "config": { "check_tlp": false, "max_tlp": 3, "service": "" }, "description": "Get Device alerts from Crowdstrike Falcon", "dataTypeList": [ "hostname" ], "command": "CrowdstrikeFalcon/CrowdstrikeFalcon_getDeviceAlerts.py", "configurationItems": [ { "name": "client_id", "description": "Crowdstrike client ID key", "type": "string", "multi": false, "required": true, "defaultValue": "" }, { "name": "client_secret", "description": "Crowdstrike client secret key", "type": "string", "multi": false, "required": true, "defaultValue": "" }, { "name": "base_url", "description": "Crowdstrike base URL. Also supports US-1, US-2, EU-1, US-GOV-1 values", "type": "string", "multi": false, "required": true, "defaultValue": "https://api.crowdstrike.com" }, { "name": "alert_fields", "description": "Fields to return for each invidividual alerts", "type": "string", "multi": true, "required": true, "defaultValue": [ "timestamp", "description", "status", "user_name", "severity", "severity_name", "scenario", "filename", "filepath", "confidence", "cmdline" ] }, { "name": "days_before", "description": "Only query alerts from the past X days.", "type": "number", "multi": false, "required": true, "defaultValue": 30 } ], "registration_required": true, "subscription_required": true, "free_subscription": false, "service_homepage": "https://www.crowdstrike.com", "service_logo": { "path": "assets/crowdstrike.png", "caption": "Crowdstrike logo" }, "screenshots": [ { "path": "assets/short-report-alerts.png", "caption": "Crowdstrike: Short report template" }, { "path": "assets/long-report-alerts.png", "caption": "Crowdstrike: Long report template" } ] }