EXPLORE DETECTIONS
Falcon Sensor Heartbeat Timechart
This query plots a timechart showing the frequency of Falcon sensor heartbeat events across the environment.
Falcon Sensor Support Status
This query lists all active falcon sensors including their release date and support end date.
Falcon Sensor Support Status
This query lists all active falcon sensors including their release date and support end date.
Falcon Sensor Version Drift Monitoring (Linux)
Compares CrowdStrike Falcon sensor major/minor versions (x.xx) over time for each host. The query detects version changes, classifies them as upgrades or downgrades, and outputs the timestamp of the change along with the previous and current version values.
Falcon Sensor Version Drift Monitoring (Linux)
Compares CrowdStrike Falcon sensor major/minor versions (x.xx) over time for each host. The query detects version changes, classifies them as upgrades or downgrades, and outputs the timestamp of the change along with the previous and current version values.
Falcon Sensor Version Drift Monitoring (MacOS)
Compares CrowdStrike Falcon sensor major/minor versions (x.xx) over time for each host. The query detects version changes, classifies them as upgrades or downgrades, and outputs the timestamp of the change along with the previous and current version values.
Falcon Sensor Version Drift Monitoring (MacOS)
Compares CrowdStrike Falcon sensor major/minor versions (x.xx) over time for each host. The query detects version changes, classifies them as upgrades or downgrades, and outputs the timestamp of the change along with the previous and current version values.
Falcon Sensor Version Drift Monitoring (Windows)
Compares CrowdStrike Falcon sensor major/minor versions (x.xx) over time for each host. The query detects version changes, classifies them as upgrades or downgrades, and outputs the timestamp of the change along with the previous and current version values.
Falcon Sensor Version Drift Monitoring (Windows)
Compares CrowdStrike Falcon sensor major/minor versions (x.xx) over time for each host. The query detects version changes, classifies them as upgrades or downgrades, and outputs the timestamp of the change along with the previous and current version values.
File Write Events with Human-Readable File Sizes
The query lists file write events and converts the file size into readable units (KB, MB, GB, or TB), displaying timestamps, host details, filenames, and both raw and formatted file sizes. Reference: [GitHub CrowdStrike/logscale-community](https://github.com/CrowdStrike/logscale-community-content/blob/main/Queries-Only/Helpful-CQL-Queries/Case%20to%20convert%20Size%20to%20appropriate%20unit%20of%20measure.md)
File Write Events with Human-Readable File Sizes
The query lists file write events and converts the file size into readable units (KB, MB, GB, or TB), displaying timestamps, host details, filenames, and both raw and formatted file sizes. Reference: [GitHub CrowdStrike/logscale-community](https://github.com/CrowdStrike/logscale-community-content/blob/main/Queries-Only/Helpful-CQL-Queries/Case%20to%20convert%20Size%20to%20appropriate%20unit%20of%20measure.md)
Files Written to Removable Media
This query tracks files written to removable media (USB drives, external drives) across all platforms, aggregating the total data volume and file count per computer. It's useful for detecting potential data exfiltration attempts or monitoring removable media usage for compliance.
Files Written to Removable Media
This query tracks files written to removable media (USB drives, external drives) across all platforms, aggregating the total data volume and file count per computer. It's useful for detecting potential data exfiltration attempts or monitoring removable media usage for compliance.