CrowdStrike Developer Center https://developer.crowdstrike.com/ Recent content on CrowdStrike Developer Center Hugo en-us Wed, 30 Apr 2025 12:00:00 -0700 CrowdStrike Parsing Standard (CPS) https://developer.crowdstrike.com/docs/ng-siem/cps-standard/ Mon, 01 Jan 0001 00:00:00 +0000 https://developer.crowdstrike.com/docs/ng-siem/cps-standard/ <p>The standard is based on Elastic Common Schema (ECS), with all deviations and clarifications noted below.</p> <h2 id="changelog"> Changelog <a class="anchor" href="#changelog" aria-hidden="true">#</a> </h2><h3 id="110"> 1.1.0 <a class="anchor" href="#110" aria-hidden="true">#</a> </h3><ul> <li>Compared to the previous standard from the Package Standards document, the Parsing Standard is changed in the following ways: <ul> <li>Adds rule of keeping original <code>Vendor.</code> field when normalizing to ECS</li> <li>Adds <code>event.severity</code> mapping rules</li> <li>Updates the rules and explanation for parser versioning</li> <li>Adds rule of using array:append with event.category and event.type</li> <li>Adds rule to lowercase all *.email field values</li> <li>Adds rule that <code>event.kind := &quot;alert&quot;</code> should only be set when <code>event.category</code>, <code>event.type</code>, and <code>event.severity</code> fields are present and set</li> </ul> </li> </ul> <h3 id="100"> 1.0.0 <a class="anchor" href="#100" aria-hidden="true">#</a> </h3><ul> <li>The Parsing Standard was previously embedded in the old Package Standards document. That document still exists to document our approach to packages as a whole, but the parsing standard has been extracted so it can be referenced outside of packages. Going forward, the PaSta acronym refers to the parsing standard only.</li> <li>Compared to the previous standard from the Package Standards document, the Parsing Standard is changed in the following ways: <ul> <li>Adds new fields to tag</li> <li>Removes the <code>Product</code> field, replaced by guidelines for <code>event.module</code> and <code>event.dataset</code></li> <li>Removes the <code>event.code</code> field (to be reinstated later)</li> <li>Removes the <code>related</code> fields</li> <li>Normalises values for a range of new fields</li> </ul> </li> </ul> <h2 id="version-110"> Version 1.1.0 <a class="anchor" href="#version-110" aria-hidden="true">#</a> </h2><p>We use the latest 9.x version of ECS (which is the current major version at the time of writing). We are free to upgrade to minor and patch revisions without updating this standard, but going to a new major version requires a new revision of the standard.</p> Parser Template https://developer.crowdstrike.com/docs/ng-siem/parser-template/ Mon, 01 Jan 0001 00:00:00 +0000 https://developer.crowdstrike.com/docs/ng-siem/parser-template/ <p>Below is a template you can use to start writing your own parser for Next-Gen SIEM. See <a href="#completed-parsers">completed parsers</a> for other examples.</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l">template</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">tests</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">$schema</span><span class="p">:</span><span class="w"> </span><span class="l">https://schemas.humio.com/parser/v0.3.0</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">script</span><span class="p">:</span><span class="w"> </span><span class="p">|</span><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> // #region PREPARSE </span></span></span><span class="line"><span class="cl"><span class="sd"> /************************************************************ </span></span></span><span class="line"><span class="cl"><span class="sd"> ****** Parse timestamp and log headers </span></span></span><span class="line"><span class="cl"><span class="sd"> ****** Extract message field for parsing </span></span></span><span class="line"><span class="cl"><span class="sd"> ****** Parse structured data </span></span></span><span class="line"><span class="cl"><span class="sd"> ************************************************************/ </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> // #endregion </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> // #region METADATA </span></span></span><span class="line"><span class="cl"><span class="sd"> /************************************************************ </span></span></span><span class="line"><span class="cl"><span class="sd"> ****** Static Metadata Definitions </span></span></span><span class="line"><span class="cl"><span class="sd"> ************************************************************/ </span></span></span><span class="line"><span class="cl"><span class="sd"> | ecs.version := &#34;9.0.0&#34; </span></span></span><span class="line"><span class="cl"><span class="sd"> | Cps.version := &#34;1.1.0&#34; </span></span></span><span class="line"><span class="cl"><span class="sd"> | Parser.version := &#34;1.0.0&#34; </span></span></span><span class="line"><span class="cl"><span class="sd"> | Vendor := &#34;&#34; </span></span></span><span class="line"><span class="cl"><span class="sd"> | event.module := &#34;&#34; </span></span></span><span class="line"><span class="cl"><span class="sd"> | event.dataset := &#34;&#34; </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> // #endregion </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> // #region NORMALIZATION </span></span></span><span class="line"><span class="cl"><span class="sd"> /************************************************************ </span></span></span><span class="line"><span class="cl"><span class="sd"> ****** Parse unstructured data (i.e. message field) </span></span></span><span class="line"><span class="cl"><span class="sd"> ****** Normalize fields to data model </span></span></span><span class="line"><span class="cl"><span class="sd"> ************************************************************/ </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> // #endregion </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> // #region POST-NORMALIZATION </span></span></span><span class="line"><span class="cl"><span class="sd"> /************************************************************ </span></span></span><span class="line"><span class="cl"><span class="sd"> ****** Post Normalization </span></span></span><span class="line"><span class="cl"><span class="sd"> ****** Custom parser logic needed after normalization </span></span></span><span class="line"><span class="cl"><span class="sd"> ************************************************************/ </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> </span></span></span><span class="line"><span class="cl"><span class="sd"> // #endregion</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">tagFields</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="l">Cps.version</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="l">Vendor</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="l">ecs.version</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="l">event.dataset</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="l">event.kind</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="l">event.module</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="l">event.outcome</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span>- <span class="l">observer.type</span><span class="w"> </span></span></span></code></pre></div><h2 id="completed-parsers"> Completed Parsers <a class="anchor" href="#completed-parsers" aria-hidden="true">#</a> </h2><p>Click on the links below to download completed parsers.</p> Community https://developer.crowdstrike.com/community/ Mon, 01 Jan 0001 00:00:00 +0000 https://developer.crowdstrike.com/community/ <div><a id="td-block-0" class="td-offset-anchor"></a></div> <section class="row td-box td-box--dark td-box--height-auto"> <div class="col"> <div class="row"> <div class="col-lg-4 mb-5 mb-lg-0 text-center"> <div class="mb-4 h1"> <i class="fas fa-brands fa-reddit"></i> </div> <h4 class="h3">CrowdStrike Subreddit</h4> <div class="mb-0"> <p>Questions regarding CrowdStrike and discussion related directly to CrowdStrike products and services, integration partners, and security articles.</p> </div> <p><a href="https://www.reddit.com/r/crowdstrike/">r/crowdstrike</a></p> </div> <div class="col-lg-4 mb-5 mb-lg-0 text-center"> <div class="mb-4 h1"> <i class="fas fa-regular fa-comments"></i> </div> <h4 class="h3">The CrowdStrike Community</h4> <div class="mb-0"> <p>A place to connect with other CrowdStrike users, discuss best practices, and solve problems faster.</p> </div> <p><a href="https://community.crowdstrike.com">community.crowdstrike.com</a></p> </div> <div class="col-lg-4 mb-5 mb-lg-0 text-center"> <div class="mb-4 h1"> <i class="fas fa-brands fa-github-alt"></i> </div> <h4 class="h3">GitHub Discussions</h4> <div class="mb-0"> <p><a href="https://github.com/CrowdStrike/falconpy/discussions">FalconPy</a><br/> <a href="https://github.com/CrowdStrike/psfalcon/discussions">PSFalcon</a></p> </div> </div> </div> </div> </section> Get Started with Falcon Fusion SOAR https://developer.crowdstrike.com/blog/get-started-with-falcon-fusion-soar/ Mon, 02 Dec 2024 17:00:00 +0000 https://developer.crowdstrike.com/blog/get-started-with-falcon-fusion-soar/ <p>The Oxford dictionary defines soar as to &ldquo;fly or rise high in the air&rdquo;. While this pairs nicely with Falcon, SOAR is an acronym, not a word, when it comes to cybersecurity. In a cybersecurity context, SOAR stands for Security Orchestration, Automation, and Response, which is a group of technologies that enable organizations to automatically respond to certain security events.</p> <p>Falcon Fusion SOAR is an orchestration engine that allows you to create scheduled or on-demand workflows to automate processes across the Falcon platform. First-party actions provided by CrowdStrike include device queries, sending email, creating Jira tickets, writing to logs, and many others.</p> Get Started with Falcon Foundry https://developer.crowdstrike.com/blog/get-started-with-falcon-foundry/ Wed, 30 Oct 2024 15:30:00 +0000 https://developer.crowdstrike.com/blog/get-started-with-falcon-foundry/ <p>Developers and professionals who work within the cybersecurity industry are constantly looking to create more dynamic and impactful integrations between CrowdStrike&rsquo;s Falcon platform and other security and IT tools. In order to help better facilitate that, CrowdStrike has introduced Falcon Foundry.</p> <p>The Falcon platform has numerous modules with analytic and response features to hunt and defend against today&rsquo;s adversaries. Now you can develop custom solutions to extend the power of the Falcon platform to your specific needs by leveraging Falcon Foundry. Falcon Foundry, cybersecurity&rsquo;s first low-code application platform, gives you the ability to build apps, extensions, and API integrations to leverage additional organizational detail within the Falcon console. You can also increase awareness and expand visibility using Falcon Next-Gen SIEM to ingest additional third-party data sources.</p> CrowdStrike SDKs https://developer.crowdstrike.com/docs/sdks/ Mon, 01 Jan 0001 00:00:00 +0000 https://developer.crowdstrike.com/docs/sdks/ <p>The CrowdStrike SDKs provide an open source solution for interacting with all CrowdStrike API endpoints using your preferred language.</p> <!-- https://getbootstrap.com/docs/5.3/components/card/ --> <style> .card-header { height: 70px; } .card-img-top { width: 50px; max-height: 100%; float: left; margin-right: 10px; } .card-text { margin: 0 } </style> <div class="row row-cols-1 row-cols-md-3 g-4"> <div class="col"> <div class="card"> <div class="card-header"> <img src="https://developer.crowdstrike.com/images/javascript-logo.png" class="card-img-top" alt="FalconJS"/> <h5 class="card-title"><a href="https://github.com/crowdstrike/falconjs" target="_blank">FalconJS</a><br/>(JavaScript)</h5> </div> <div class="card-body"> <p class="card-text"> <ul class="list-group list-group-flush"> <li class="list-group-item"><a href="https://github.com/CrowdStrike/falconjs/tree/main/examples" target="_blank">Samples</a></li> <li class="list-group-item"><a href="https://github.com/crowdstrike/falconjs/issues" target="_blank">Support</a></li> </ul> </p> </div> </div> </div> <div class="col"> <div class="card"> <div class="card-header"> <img src="https://developer.crowdstrike.com/images/python-logo.png" class="card-img-top" alt="FalconPy"> <h5 class="card-title"><a href="https://github.com/crowdstrike/falconpy" class="sdk-link">FalconPy</a><br/>(Python)</h5> </div> <div class="card-body"> <p class="card-text"> <ul class="list-group list-group-flush"> <li class="list-group-item"><a href="https://falconpy.io" target="_blank">Documentation</a></li> <li class="list-group-item"><a href="https://github.com/CrowdStrike/falconpy/discussions" target="_blank">Forum</a></li> <li class="list-group-item"><a href="https://github.com/CrowdStrike/falconpy/tree/main/samples" target="_blank">Samples</a></li> <li class="list-group-item"><a href="https://github.com/crowdstrike/falconpy/issues" target="_blank">Support</a></li> </ul> </p> </div> </div> </div> <div class="col"> <div class="card"> <div class="card-header"> <img src="https://developer.crowdstrike.com/images/golang-logo.png" class="card-img-top"> <h5 class="card-title"><a href="https://github.com/crowdstrike/gofalcon" class="sdk-link" target="_blank">goFalcon</a><br/>(Golang)</h5> </div> <div class="card-body"> <p class="card-text"> <ul class="list-group list-group-flush"> <li class="list-group-item"><a href="https://pkg.go.dev/github.com/crowdstrike/gofalcon" target="_blank">Documentation</a></li> <li class="list-group-item"><a href="https://github.com/CrowdStrike/gofalcon/tree/main/examples" target="_blank">Samples</a></li> <li class="list-group-item"><a href="https://github.com/crowdstrike/gofalcon/issues" target="_blank">Support</a></li> </ul> </p> </div> </div> </div> <div class="col"> <div class="card"> <div class="card-header"> <img src="https://developer.crowdstrike.com/images/powershell-logo.png" class="card-img-top"> <h5 class="card-title"> <a href="https://github.com/crowdstrike/psfalcon">PSFalcon</a><br/>(PowerShell) </h5> </div> <div class="card-body"> <p class="card-text"> <ul class="list-group list-group-flush"> <li class="list-group-item"><a href="https://github.com/CrowdStrike/psfalcon/wiki" target="_blank">Documentation</a></li> <li class="list-group-item"><a href="https://github.com/CrowdStrike/psfalcon/discussions" target="_blank">Forum</a></li> <li class="list-group-item"><a href="https://github.com/CrowdStrike/psfalcon/wiki/Code-Examples" target="_blank">Samples</a></li> <li class="list-group-item"><a href="https://github.com/crowdstrike/psfalcon/issues" target="_blank">Support</a></li> </ul> </p> </div> </div> </div> <div class="col"> <div class="card"> <div class="card-header"> <img src="https://developer.crowdstrike.com/images/rust-logo.png" class="card-img-top" alt="Rusty Falcon"> <h5 class="card-title"> <a href="https://github.com/crowdstrike/rusty-falcon" class="sdk-link">Rusty Falcon</a><br/>(Rust) </h5> </div> <div class="card-body"> <p class="card-text"> <ul class="list-group list-group-flush"> <li class="list-group-item"><a href="https://docs.rs/rusty_falcon/latest/rusty_falcon/" target="_blank">Documentation</a></li> <li class="list-group-item"><a href="https://github.com/CrowdStrike/rusty-falcon/tree/main/examples" target="_blank">Samples</a></li> <li class="list-group-item"><a href="https://github.com/crowdstrike/rusty-falcon/issues" target="_blank">Support</a></li> </ul> </p> </div> </div> </div> <div class="col"> <div class="card"> <div class="card-header"> <img src="https://developer.crowdstrike.com/images/ruby-logo.png" class="card-img-top" alt="Crimson Falcon"> <h5 class="card-title"> <a href="https://github.com/CrowdStrike/crimson-falcon" class="sdk-link">Crimson Falcon</a><br/>(Ruby) </h5> </div> <div class="card-body"> <p class="card-text"> <ul class="list-group list-group-flush"> <li class="list-group-item"><a href="https://github.com/CrowdStrike/crimson-falcon/blob/main/README.md#crimson-falcon-api-docs" target="_blank">Documentation</a></li> <li class="list-group-item"><a href="https://github.com/CrowdStrike/crimson-falcon/tree/main/samples" target="_blank">Samples</a></li> <li class="list-group-item"><a href="https://github.com/CrowdStrike/crimson-falcon/issues" target="_blank">Support</a></li> </ul> </p> </div> </div> </div> </div> event.module guidelines https://developer.crowdstrike.com/docs/ng-siem/event-modules/ Mon, 01 Jan 0001 00:00:00 +0000 https://developer.crowdstrike.com/docs/ng-siem/event-modules/ <p>If you are creating a package with a vendor and module that has already been used in other packages, make sure to reuse the same name as they have in here. If you create a package for a new module, add the module name here.</p> <p>When choosing a new module name, use something that is concise and clear, without hyphens in the names.</p> <h2 id="module-names-per-vendor"> Module names per vendor <a class="anchor" href="#module-names-per-vendor" aria-hidden="true">#</a> </h2><table> <thead> <tr> <th style="text-align: left">Vendor</th> <th style="text-align: left"><code>#event.module</code></th> <th style="text-align: left">Product Full Name</th> </tr> </thead> <tbody> <tr> <td style="text-align: left">1password</td> <td style="text-align: left">devicetrust</td> <td style="text-align: left">1Password Device Trust</td> </tr> <tr> <td style="text-align: left">1password</td> <td style="text-align: left">passwordmanager</td> <td style="text-align: left">1Password Password Manager</td> </tr> <tr> <td style="text-align: left">a10</td> <td style="text-align: left">thunder</td> <td style="text-align: left">A10 Thunder Application Delivery Controller</td> </tr> <tr> <td style="text-align: left">abnormal</td> <td style="text-align: left">email-security</td> <td style="text-align: left">Abnormal Email Security</td> </tr> <tr> <td style="text-align: left">airlockdigital</td> <td style="text-align: left">airlock</td> <td style="text-align: left">Airlock Application Control</td> </tr> <tr> <td style="text-align: left">akamai</td> <td style="text-align: left">api</td> <td style="text-align: left">Akamai API Gateway</td> </tr> <tr> <td style="text-align: left">akamai</td> <td style="text-align: left">asec</td> <td style="text-align: left">Akamai Security Events</td> </tr> <tr> <td style="text-align: left">akamai</td> <td style="text-align: left">cdn</td> <td style="text-align: left">Akamai Content Delivery Network</td> </tr> <tr> <td style="text-align: left">akamai</td> <td style="text-align: left">eaa</td> <td style="text-align: left">Akamai Enterprise Application Access</td> </tr> <tr> <td style="text-align: left">akamai</td> <td style="text-align: left">guardicore</td> <td style="text-align: left">Akamai Guardicore Centra</td> </tr> <tr> <td style="text-align: left">apache</td> <td style="text-align: left">httpserver</td> <td style="text-align: left">Apache HTTP Server</td> </tr> <tr> <td style="text-align: left">apache</td> <td style="text-align: left">tomcat</td> <td style="text-align: left">Apache Tomcat</td> </tr> <tr> <td style="text-align: left">appomni</td> <td style="text-align: left">threatdetection</td> <td style="text-align: left">AppOmni Threat Detection</td> </tr> <tr> <td style="text-align: left">arista</td> <td style="text-align: left">ndr</td> <td style="text-align: left">Arista NDR Platform</td> </tr> <tr> <td style="text-align: left">armis</td> <td style="text-align: left">centrixiot</td> <td style="text-align: left">Armis Centrix IoT Security</td> </tr> <tr> <td style="text-align: left">aruba</td> <td style="text-align: left">clearpass</td> <td style="text-align: left">Aruba ClearPass</td> </tr> <tr> <td style="text-align: left">aruba</td> <td style="text-align: left">orchestrator</td> <td style="text-align: left">Aruba Orchestrator</td> </tr> <tr> <td style="text-align: left">asimily</td> <td style="text-align: left">iomt</td> <td style="text-align: left">Asimily IoMT Security Platform</td> </tr> <tr> <td style="text-align: left">atlassian</td> <td style="text-align: left">jira</td> <td style="text-align: left">Atlassian Jira</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">aws-generic</td> <td style="text-align: left">Amazon Web Services Generic</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">cloudtrail</td> <td style="text-align: left">AWS CloudTrail</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">cloudwatch</td> <td style="text-align: left">AWS CloudWatch</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">config</td> <td style="text-align: left">AWS Config</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">fsx</td> <td style="text-align: left">Amazon FSx</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">guardduty</td> <td style="text-align: left">AWS GuardDuty</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">network-firewall</td> <td style="text-align: left">AWS Network Firewall</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">rds</td> <td style="text-align: left">Amazon Relational Database Service</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">route53</td> <td style="text-align: left">Amazon Route 53</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">s3access</td> <td style="text-align: left">Amazon S3 Server Access</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">security-hub</td> <td style="text-align: left">AWS Security Hub</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">securitylake</td> <td style="text-align: left">AWS Security Lake</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">vpcflow</td> <td style="text-align: left">Amazon VPC Flow Logs</td> </tr> <tr> <td style="text-align: left">aws</td> <td style="text-align: left">waf</td> <td style="text-align: left">AWS Web Application Firewall</td> </tr> <tr> <td style="text-align: left">barracuda</td> <td style="text-align: left">cgf</td> <td style="text-align: left">Barracuda CloudGen Firewall</td> </tr> <tr> <td style="text-align: left">barracuda</td> <td style="text-align: left">emailgatewaydefense</td> <td style="text-align: left">Barracuda Email Gateway Defense</td> </tr> <tr> <td style="text-align: left">beyondtrust</td> <td style="text-align: left">beyondinsight</td> <td style="text-align: left">BeyondTrust BeyondInsight</td> </tr> <tr> <td style="text-align: left">box</td> <td style="text-align: left">enterprise</td> <td style="text-align: left">Box Enterprise</td> </tr> <tr> <td style="text-align: left">broadcom</td> <td style="text-align: left">bluecoat</td> <td style="text-align: left">Broadcom Blue Coat Proxy</td> </tr> <tr> <td style="text-align: left">broadcom</td> <td style="text-align: left">fos</td> <td style="text-align: left">Broadcom Fabric Operating System</td> </tr> <tr> <td style="text-align: left">broadcom</td> <td style="text-align: left">proxysg</td> <td style="text-align: left">Broadcom ProxySG</td> </tr> <tr> <td style="text-align: left">broadcom</td> <td style="text-align: left">symantec-endpointprotection</td> <td style="text-align: left">Broadcom Symantec Endpoint Protection</td> </tr> <tr> <td style="text-align: left">cato</td> <td style="text-align: left">sase</td> <td style="text-align: left">Cato SASE Cloud</td> </tr> <tr> <td style="text-align: left">cetu</td> <td style="text-align: left">pipelines</td> <td style="text-align: left">CeTu Pipelines</td> </tr> <tr> <td style="text-align: left">checkpoint</td> <td style="text-align: left">harmonyemailcollaboration</td> <td style="text-align: left">Check Point Harmony Email &amp; Collaboration</td> </tr> <tr> <td style="text-align: left">checkpoint</td> <td style="text-align: left">ngfw</td> <td style="text-align: left">Check Point Next Generation Firewall</td> </tr> <tr> <td style="text-align: left">cisco</td> <td style="text-align: left">asa</td> <td style="text-align: left">Cisco Adaptive Security Appliance</td> </tr> <tr> <td style="text-align: left">cisco</td> <td style="text-align: left">duo</td> <td style="text-align: left">Cisco Duo Security</td> </tr> <tr> <td style="text-align: left">cisco</td> <td style="text-align: left">firepower</td> <td style="text-align: left">Cisco Firepower</td> </tr> <tr> <td style="text-align: left">cisco</td> <td style="text-align: left">ios</td> <td style="text-align: left">Cisco IOS</td> </tr> <tr> <td style="text-align: left">cisco</td> <td style="text-align: left">ise</td> <td style="text-align: left">Cisco Identity Services Engine</td> </tr> <tr> <td style="text-align: left">cisco</td> <td style="text-align: left">meraki</td> <td style="text-align: left">Cisco Meraki</td> </tr> <tr> <td style="text-align: left">cisco</td> <td style="text-align: left">prime</td> <td style="text-align: left">Cisco Prime</td> </tr> <tr> <td style="text-align: left">cisco</td> <td style="text-align: left">secure-network-analytics</td> <td style="text-align: left">Cisco Secure Network Analytics</td> </tr> <tr> <td style="text-align: left">cisco</td> <td style="text-align: left">seg</td> <td style="text-align: left">Cisco Secure Email Gateway</td> </tr> <tr> <td style="text-align: left">cisco</td> <td style="text-align: left">threatgrid</td> <td style="text-align: left">Cisco Threat Grid</td> </tr> <tr> <td style="text-align: left">cisco</td> <td style="text-align: left">umbrella</td> <td style="text-align: left">Cisco Umbrella</td> </tr> <tr> <td style="text-align: left">citrix</td> <td style="text-align: left">adc</td> <td style="text-align: left">Citrix Application Delivery Controller</td> </tr> <tr> <td style="text-align: left">claroty</td> <td style="text-align: left">ctd</td> <td style="text-align: left">Claroty Continuous Threat Detection</td> </tr> <tr> <td style="text-align: left">cloudflare</td> <td style="text-align: left">waf</td> <td style="text-align: left">Cloudflare Web Application Firewall</td> </tr> <tr> <td style="text-align: left">cloudflare</td> <td style="text-align: left">zerotrust</td> <td style="text-align: left">Cloudflare Zero Trust</td> </tr> <tr> <td style="text-align: left">cofense</td> <td style="text-align: left">triage</td> <td style="text-align: left">Cofense Triage</td> </tr> <tr> <td style="text-align: left">contrastsecurity</td> <td style="text-align: left">adr</td> <td style="text-align: left">Contrast Security Application Defense and Response</td> </tr> <tr> <td style="text-align: left">corelight</td> <td style="text-align: left">ids</td> <td style="text-align: left">Corelight Network Detection and Response</td> </tr> <tr> <td style="text-align: left">corelight</td> <td style="text-align: left">investigator</td> <td style="text-align: left">Corelight Investigator</td> </tr> <tr> <td style="text-align: left">corelight</td> <td style="text-align: left">ndr</td> <td style="text-align: left">Corelight Network Detection and Response</td> </tr> <tr> <td style="text-align: left">crowdstrike</td> <td style="text-align: left">falcon</td> <td style="text-align: left">CrowdStrike Falcon</td> </tr> <tr> <td style="text-align: left">crowdstrike</td> <td style="text-align: left">saas-security</td> <td style="text-align: left">CrowdStrike SaaS Security</td> </tr> <tr> <td style="text-align: left">cyberark</td> <td style="text-align: left">vault</td> <td style="text-align: left">CyberArk Privileged Access Security</td> </tr> <tr> <td style="text-align: left">cynerio</td> <td style="text-align: left">healthcarendr</td> <td style="text-align: left">Cynerio Healthcare Network Detection and Response</td> </tr> <tr> <td style="text-align: left">darktrace</td> <td style="text-align: left">detect</td> <td style="text-align: left">Darktrace Enterprise Immune System</td> </tr> <tr> <td style="text-align: left">delinea</td> <td style="text-align: left">secretserver</td> <td style="text-align: left">Delinea Secret Server</td> </tr> <tr> <td style="text-align: left">dell</td> <td style="text-align: left">isilon</td> <td style="text-align: left">Dell PowerScale OneFS</td> </tr> <tr> <td style="text-align: left">dell</td> <td style="text-align: left">powerprotect</td> <td style="text-align: left">Dell PowerProtect Data Manager</td> </tr> <tr> <td style="text-align: left">dope-security</td> <td style="text-align: left">dope-swg</td> <td style="text-align: left">Dope Security Secure Web Gateway</td> </tr> <tr> <td style="text-align: left">dragos</td> <td style="text-align: left">platform</td> <td style="text-align: left">Dragos Platform</td> </tr> <tr> <td style="text-align: left">druva</td> <td style="text-align: left">realize</td> <td style="text-align: left">Druva Data Resiliency Cloud</td> </tr> <tr> <td style="text-align: left">enzoic</td> <td style="text-align: left">e4ad</td> <td style="text-align: left">Enzoic for Active Directory</td> </tr> <tr> <td style="text-align: left">epicsecurity</td> <td style="text-align: left">epic</td> <td style="text-align: left">Epic Electronic Health Records</td> </tr> <tr> <td style="text-align: left">extrahop</td> <td style="text-align: left">revealx-360</td> <td style="text-align: left">ExtraHop Reveal(x) 360</td> </tr> <tr> <td style="text-align: left">f5networks</td> <td style="text-align: left">bigip</td> <td style="text-align: left">F5 BIG-IP</td> </tr> <tr> <td style="text-align: left">f5networks</td> <td style="text-align: left">nginx</td> <td style="text-align: left">F5 NGINX</td> </tr> <tr> <td style="text-align: left">fidelis</td> <td style="text-align: left">audit</td> <td style="text-align: left">Fidelis Audit</td> </tr> <tr> <td style="text-align: left">fidelis</td> <td style="text-align: left">fidelis</td> <td style="text-align: left">Fidelis Network</td> </tr> <tr> <td style="text-align: left">forcepoint</td> <td style="text-align: left">dlp</td> <td style="text-align: left">Forcepoint Data Loss Prevention</td> </tr> <tr> <td style="text-align: left">forcepoint</td> <td style="text-align: left">ngfw</td> <td style="text-align: left">Forcepoint Next Generation Firewall</td> </tr> <tr> <td style="text-align: left">forgerock</td> <td style="text-align: left">identity</td> <td style="text-align: left">ForgeRock Identity Platform</td> </tr> <tr> <td style="text-align: left">fortinet</td> <td style="text-align: left">fortigate</td> <td style="text-align: left">Fortinet FortiGate</td> </tr> <tr> <td style="text-align: left">fortinet</td> <td style="text-align: left">fortimail</td> <td style="text-align: left">Fortinet FortiMail</td> </tr> <tr> <td style="text-align: left">fortinet</td> <td style="text-align: left">fortindr</td> <td style="text-align: left">Fortinet FortiNDR</td> </tr> <tr> <td style="text-align: left">gigamon</td> <td style="text-align: left">ami</td> <td style="text-align: left">Gigamon Application Metadata Intelligence</td> </tr> <tr> <td style="text-align: left">google</td> <td style="text-align: left">chromeenterprise</td> <td style="text-align: left">Google Chrome Enterprise</td> </tr> <tr> <td style="text-align: left">google</td> <td style="text-align: left">cloud</td> <td style="text-align: left">Google Cloud Identity</td> </tr> <tr> <td style="text-align: left">google</td> <td style="text-align: left">gcp</td> <td style="text-align: left">Google Cloud Platform</td> </tr> <tr> <td style="text-align: left">google</td> <td style="text-align: left">workspace</td> <td style="text-align: left">Google Workspace</td> </tr> <tr> <td style="text-align: left">gytpol</td> <td style="text-align: left">misconfigurations</td> <td style="text-align: left">GYTPOL Misconfigurations</td> </tr> <tr> <td style="text-align: left">haproxy</td> <td style="text-align: left">haproxy</td> <td style="text-align: left">HAProxy Load Balancer</td> </tr> <tr> <td style="text-align: left">hashicorp</td> <td style="text-align: left">vault</td> <td style="text-align: left">HashiCorp Vault</td> </tr> <tr> <td style="text-align: left">imperva</td> <td style="text-align: left">cloudwaf</td> <td style="text-align: left">Imperva Cloud Web Application Firewall</td> </tr> <tr> <td style="text-align: left">infoblox</td> <td style="text-align: left">nios</td> <td style="text-align: left">Infoblox Network Identity Operating System</td> </tr> <tr> <td style="text-align: left">ironscales</td> <td style="text-align: left">esp</td> <td style="text-align: left">IRONSCALES Email Security Platform</td> </tr> <tr> <td style="text-align: left">island</td> <td style="text-align: left">island</td> <td style="text-align: left">Island Enterprise Browser</td> </tr> <tr> <td style="text-align: left">juniper</td> <td style="text-align: left">srx</td> <td style="text-align: left">Juniper SRX Series</td> </tr> <tr> <td style="text-align: left">keepersecurity</td> <td style="text-align: left">enterprise</td> <td style="text-align: left">Keeper Enterprise Password Management</td> </tr> <tr> <td style="text-align: left">linux</td> <td style="text-align: left">auditd</td> <td style="text-align: left">Linux Audit Daemon</td> </tr> <tr> <td style="text-align: left">linux</td> <td style="text-align: left">linux</td> <td style="text-align: left">Linux Operating System</td> </tr> <tr> <td style="text-align: left">linux</td> <td style="text-align: left">syslog</td> <td style="text-align: left">Linux System Logging</td> </tr> <tr> <td style="text-align: left">logbinder</td> <td style="text-align: left">sharepoint</td> <td style="text-align: left">LogBinder SharePoint</td> </tr> <tr> <td style="text-align: left">lookout</td> <td style="text-align: left">mobile</td> <td style="text-align: left">Lookout Mobile Endpoint Security</td> </tr> <tr> <td style="text-align: left">menlo</td> <td style="text-align: left">msip</td> <td style="text-align: left">Menlo Security Isolation Platform</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">ad</td> <td style="text-align: left">Microsoft Active Directory</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">azure</td> <td style="text-align: left">Microsoft Azure</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">azure-devops</td> <td style="text-align: left">Microsoft Azure DevOps</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">defender</td> <td style="text-align: left">Microsoft Defender</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">defender-identity</td> <td style="text-align: left">Microsoft Defender for Identity</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">edge</td> <td style="text-align: left">Microsoft Edge</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">entraid</td> <td style="text-align: left">Microsoft Entra ID</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">exchange</td> <td style="text-align: left">Microsoft Exchange</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">github</td> <td style="text-align: left">Microsoft GitHub Enterprise</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">iis</td> <td style="text-align: left">Microsoft Internet Information Services</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">intune</td> <td style="text-align: left">Microsoft Intune</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">m365</td> <td style="text-align: left">Microsoft 365</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">messagetrace</td> <td style="text-align: left">Microsoft Message Trace</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">sentinel</td> <td style="text-align: left">Microsoft Sentinel</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">sql</td> <td style="text-align: left">Microsoft SQL Server</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">windows</td> <td style="text-align: left">Microsoft Windows</td> </tr> <tr> <td style="text-align: left">microsoft</td> <td style="text-align: left">windows-defender-365</td> <td style="text-align: left">Microsoft Defender for Office 365</td> </tr> <tr> <td style="text-align: left">mimecast</td> <td style="text-align: left">emailsecurity</td> <td style="text-align: left">Mimecast Email Security</td> </tr> <tr> <td style="text-align: left">nasuni</td> <td style="text-align: left">edge</td> <td style="text-align: left">Nasuni Edge Appliance</td> </tr> <tr> <td style="text-align: left">nasuni</td> <td style="text-align: left">managementconsole</td> <td style="text-align: left">Nasuni Management Console</td> </tr> <tr> <td style="text-align: left">netgate</td> <td style="text-align: left">pfsense</td> <td style="text-align: left">Netgate pfSense</td> </tr> <tr> <td style="text-align: left">netskope</td> <td style="text-align: left">sse</td> <td style="text-align: left">Netskope Security Service Edge</td> </tr> <tr> <td style="text-align: left">netskope</td> <td style="text-align: left">transaction</td> <td style="text-align: left">Netskope Transaction Logs</td> </tr> <tr> <td style="text-align: left">nozomi</td> <td style="text-align: left">ids</td> <td style="text-align: left">Nozomi Networks Guardian</td> </tr> <tr> <td style="text-align: left">nozomi</td> <td style="text-align: left">nozomi</td> <td style="text-align: left">Nozomi Networks Platform</td> </tr> <tr> <td style="text-align: left">nutanix</td> <td style="text-align: left">datalens</td> <td style="text-align: left">Nutanix Data Lens</td> </tr> <tr> <td style="text-align: left">obsidiansecurity</td> <td style="text-align: left">securitydata</td> <td style="text-align: left">Obsidian Security Platform</td> </tr> <tr> <td style="text-align: left">okta</td> <td style="text-align: left">sso</td> <td style="text-align: left">Okta Single Sign-On</td> </tr> <tr> <td style="text-align: left">oneidentity</td> <td style="text-align: left">onelogin</td> <td style="text-align: left">OneLogin Identity Platform</td> </tr> <tr> <td style="text-align: left">ordr</td> <td style="text-align: left">ordrai</td> <td style="text-align: left">Ordr Systems Control Engine</td> </tr> <tr> <td style="text-align: left">paloalto</td> <td style="text-align: left">dlp</td> <td style="text-align: left">Palo Alto Networks Enterprise DLP</td> </tr> <tr> <td style="text-align: left">paloalto</td> <td style="text-align: left">ngfw</td> <td style="text-align: left">Palo Alto Networks Next-Generation Firewall</td> </tr> <tr> <td style="text-align: left">paloalto</td> <td style="text-align: left">prisma</td> <td style="text-align: left">Palo Alto Networks Prisma Access</td> </tr> <tr> <td style="text-align: left">paloalto</td> <td style="text-align: left">prismasdwan</td> <td style="text-align: left">Palo Alto Networks Prisma SD-WAN</td> </tr> <tr> <td style="text-align: left">paloalto</td> <td style="text-align: left">saas-security</td> <td style="text-align: left">Palo Alto Networks SaaS Security</td> </tr> <tr> <td style="text-align: left">pingidentity</td> <td style="text-align: left">pingone</td> <td style="text-align: left">PingOne Platform</td> </tr> <tr> <td style="text-align: left">proofpoint</td> <td style="text-align: left">casb</td> <td style="text-align: left">Proofpoint Cloud App Security Broker</td> </tr> <tr> <td style="text-align: left">proofpoint</td> <td style="text-align: left">emailprotection</td> <td style="text-align: left">Proofpoint Email Protection</td> </tr> <tr> <td style="text-align: left">proofpoint</td> <td style="text-align: left">seg</td> <td style="text-align: left">Proofpoint Email Security Gateway</td> </tr> <tr> <td style="text-align: left">proofpoint</td> <td style="text-align: left">tap</td> <td style="text-align: left">Proofpoint Targeted Attack Protection</td> </tr> <tr> <td style="text-align: left">pulse</td> <td style="text-align: left">secure</td> <td style="text-align: left">Pulse Secure VPN</td> </tr> <tr> <td style="text-align: left">purestorage</td> <td style="text-align: left">flasharray</td> <td style="text-align: left">Pure Storage FlashArray</td> </tr> <tr> <td style="text-align: left">purestorage</td> <td style="text-align: left">flashblade</td> <td style="text-align: left">Pure Storage FlashBlade</td> </tr> <tr> <td style="text-align: left">qualys</td> <td style="text-align: left">vm</td> <td style="text-align: left">Qualys Vulnerability Management</td> </tr> <tr> <td style="text-align: left">radware</td> <td style="text-align: left">alteon</td> <td style="text-align: left">Radware Alteon Application Delivery Controller</td> </tr> <tr> <td style="text-align: left">radware</td> <td style="text-align: left">waf</td> <td style="text-align: left">Radware Cloud Web Application Firewall</td> </tr> <tr> <td style="text-align: left">raynet</td> <td style="text-align: left">raynetone</td> <td style="text-align: left">RayNet One Platform</td> </tr> <tr> <td style="text-align: left">redhat</td> <td style="text-align: left">jboss</td> <td style="text-align: left">Red Hat JBoss Enterprise Application Platform</td> </tr> <tr> <td style="text-align: left">rubrik</td> <td style="text-align: left">securitycloud</td> <td style="text-align: left">Rubrik Security Cloud</td> </tr> <tr> <td style="text-align: left">sailpoint</td> <td style="text-align: left">identitynow</td> <td style="text-align: left">SailPoint IdentityNow</td> </tr> <tr> <td style="text-align: left">salesforce</td> <td style="text-align: left">salesforce</td> <td style="text-align: left">Salesforce Platform</td> </tr> <tr> <td style="text-align: left">saltsecurity</td> <td style="text-align: left">apisecurity</td> <td style="text-align: left">Salt Security API Protection Platform</td> </tr> <tr> <td style="text-align: left">seraphic</td> <td style="text-align: left">seraphicsecurity</td> <td style="text-align: left">Seraphic Security Platform</td> </tr> <tr> <td style="text-align: left">servicenow</td> <td style="text-align: left">servicenow</td> <td style="text-align: left">ServiceNow Platform</td> </tr> <tr> <td style="text-align: left">silverfort</td> <td style="text-align: left">itdr</td> <td style="text-align: left">Silverfort Identity Threat Detection and Response</td> </tr> <tr> <td style="text-align: left">skyhigh</td> <td style="text-align: left">sse</td> <td style="text-align: left">Skyhigh Security Service Edge</td> </tr> <tr> <td style="text-align: left">softerra</td> <td style="text-align: left">adaxes</td> <td style="text-align: left">Softerra Adaxes</td> </tr> <tr> <td style="text-align: left">sonicwall</td> <td style="text-align: left">sonicos</td> <td style="text-align: left">SonicWall SonicOS</td> </tr> <tr> <td style="text-align: left">sophos</td> <td style="text-align: left">sfos</td> <td style="text-align: left">Sophos Firewall Operating System</td> </tr> <tr> <td style="text-align: left">squid</td> <td style="text-align: left">proxy</td> <td style="text-align: left">Squid Proxy Server</td> </tr> <tr> <td style="text-align: left">superna</td> <td style="text-align: left">securityedition</td> <td style="text-align: left">Superna Eyeglass Data Security Edition</td> </tr> <tr> <td style="text-align: left">tausight</td> <td style="text-align: left">ephi</td> <td style="text-align: left">Tausight ePHI Security Platform</td> </tr> <tr> <td style="text-align: left">trellix</td> <td style="text-align: left">fireeyenx</td> <td style="text-align: left">Trellix Network Security</td> </tr> <tr> <td style="text-align: left">trendmicro</td> <td style="text-align: left">visionone</td> <td style="text-align: left">Trend Micro Vision One</td> </tr> <tr> <td style="text-align: left">tufin</td> <td style="text-align: left">securetrack</td> <td style="text-align: left">Tufin SecureTrack</td> </tr> <tr> <td style="text-align: left">varonis</td> <td style="text-align: left">varonis</td> <td style="text-align: left">Varonis Data Security Platform</td> </tr> <tr> <td style="text-align: left">vectra</td> <td style="text-align: left">brain</td> <td style="text-align: left">Vectra Cognito Detect</td> </tr> <tr> <td style="text-align: left">vectra</td> <td style="text-align: left">respond-ux</td> <td style="text-align: left">Vectra Respond User Experience</td> </tr> <tr> <td style="text-align: left">veeam</td> <td style="text-align: left">vbr</td> <td style="text-align: left">Veeam Backup &amp; Replication</td> </tr> <tr> <td style="text-align: left">vercara</td> <td style="text-align: left">ultradns</td> <td style="text-align: left">Vercara UltraDNS</td> </tr> <tr> <td style="text-align: left">veriti</td> <td style="text-align: left">insight</td> <td style="text-align: left">Veriti Security Posture Management</td> </tr> <tr> <td style="text-align: left">versa</td> <td style="text-align: left">sase</td> <td style="text-align: left">Versa SASE</td> </tr> <tr> <td style="text-align: left">versa</td> <td style="text-align: left">vos</td> <td style="text-align: left">Versa Operating System</td> </tr> <tr> <td style="text-align: left">viavi</td> <td style="text-align: left">observerapex</td> <td style="text-align: left">VIAVI Observer Apex</td> </tr> <tr> <td style="text-align: left">vmware</td> <td style="text-align: left">airwatch</td> <td style="text-align: left">VMware Workspace ONE UEM</td> </tr> <tr> <td style="text-align: left">vmware</td> <td style="text-align: left">esxi</td> <td style="text-align: left">VMware ESXi</td> </tr> <tr> <td style="text-align: left">vmware</td> <td style="text-align: left">vcenter</td> <td style="text-align: left">VMware vCenter Server</td> </tr> <tr> <td style="text-align: left">watchguard</td> <td style="text-align: left">firebox</td> <td style="text-align: left">WatchGuard Firebox</td> </tr> <tr> <td style="text-align: left">workday</td> <td style="text-align: left">workday</td> <td style="text-align: left">Workday Platform</td> </tr> <tr> <td style="text-align: left">zimperium</td> <td style="text-align: left">mtd</td> <td style="text-align: left">Zimperium Mobile Threat Defense</td> </tr> <tr> <td style="text-align: left">zoom</td> <td style="text-align: left">qss</td> <td style="text-align: left">Zoom Quality of Service Subscription</td> </tr> <tr> <td style="text-align: left">zoom</td> <td style="text-align: left">zoom</td> <td style="text-align: left">Zoom Communications Platform</td> </tr> <tr> <td style="text-align: left">zscaler</td> <td style="text-align: left">deception</td> <td style="text-align: left">Zscaler Deception</td> </tr> <tr> <td style="text-align: left">zscaler</td> <td style="text-align: left">zia</td> <td style="text-align: left">Zscaler Internet Access</td> </tr> <tr> <td style="text-align: left">zscaler</td> <td style="text-align: left">zpa</td> <td style="text-align: left">Zscaler Private Access</td> </tr> </tbody> </table> Foundry Samples https://developer.crowdstrike.com/docs/samples/ Mon, 01 Jan 0001 00:00:00 +0000 https://developer.crowdstrike.com/docs/samples/ <p>Start with our <strong>Foundry Quickstart</strong> to get up and running quickly, explore our <strong>Featured Foundry Samples</strong> to see what&rsquo;s possible, then dive into the full collection of <strong>Foundry Samples on GitHub</strong> to find exactly what you need for your use case.</p> <h2 id="foundry-quickstart"> Foundry Quickstart <a class="anchor" href="#foundry-quickstart" aria-hidden="true">#</a> </h2><p>Ready to build your first Foundry app? Start with our step-by-step tutorial that walks you through the complete development workflow - from CLI setup to app deployment.</p> OpenAPI Docs https://developer.crowdstrike.com/docs/openapi/ Mon, 01 Jan 0001 00:00:00 +0000 https://developer.crowdstrike.com/docs/openapi/ <div class="alert alert-info" role="alert"> <h4 class="alert-heading">Note</h4> You must be logged into the Falcon console in order to access the OpenAPI specification and docs. </div> <table> <thead> <tr> <th>Cloud environment</th> <th>API reference info link</th> </tr> </thead> <tbody> <tr> <td>US-1</td> <td><a href="https://assets.falcon.crowdstrike.com/support/api/swagger.html">https://assets.falcon.crowdstrike.com/support/api/swagger.html</a></td> </tr> <tr> <td>US-2</td> <td><a href="https://assets.falcon.us-2.crowdstrike.com/support/api/swagger-us2.html">https://assets.falcon.us-2.crowdstrike.com/support/api/swagger-us2.html</a></td> </tr> <tr> <td>EU-1</td> <td><a href="https://assets.falcon.eu-1.crowdstrike.com/support/api/swagger-eu.html">https://assets.falcon.eu-1.crowdstrike.com/support/api/swagger-eu.html</a></td> </tr> <tr> <td>US-GOV-1</td> <td><a href="https://assets.falcon.laggar.gcw.crowdstrike.com/support/api/swagger-eagle.html">https://assets.falcon.laggar.gcw.crowdstrike.com/support/api/swagger-eagle.html</a></td> </tr> <tr> <td>US-GOV-2</td> <td><a href="https://assets.falcon.us-gov-2.crowdstrike.mil/support/api/swagger.html">https://assets.falcon.us-gov-2.crowdstrike.mil/support/api/swagger.html</a></td> </tr> </tbody> </table> <h2 id="falcon-documentation"> Falcon Documentation <a class="anchor" href="#falcon-documentation" aria-hidden="true">#</a> </h2><p>Explore Falcon&rsquo;s documentation and learn about its modules you can use to help fight the adversaries!</p> <p><i class="fa-solid fa-lock"></i> <a href="https://falcon.crowdstrike.com/documentation/">Falcon Documentation</a></p> Vendor Guidelines https://developer.crowdstrike.com/docs/ng-siem/vendors/ Mon, 01 Jan 0001 00:00:00 +0000 https://developer.crowdstrike.com/docs/ng-siem/vendors/ <p>If you are creating a package with a vendor that has already been used in other packages, make sure to use the same name as they have in here. If you create a package for a new vendor, add the vendor name here.</p> <p>When choosing a new name, use something that is concise and clear, and use full words instead of abbreviations. E.g. choose &ldquo;apple&rdquo; instead of &ldquo;Apple Inc.&rdquo; and &ldquo;aws&rdquo; over &ldquo;amazon&rdquo;. Remember that the vendor name should most likely also be used for the scope of your package, so it must abide by the rules those use:</p>