Action for Crowdstrike Falcon LogScale #
-
Send Data to Logscale. Sends a custom set of Lucidum data to Crowdstrike Falcon LogScale.
Prerequisites #
Before you can execute actions on LogScale devices, you must first configure an API connection to LogScale. To do this, see the instructions for creating a LogScale connector in Lucidum: CrowdStrike Falcon LogScale.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
LogScale Configuration #
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
-
URL. The URL of the LogScale console, for example, https://lucidum.ingest.logscale.us-2.crowdstrike.com.
-
API Token. An Token Key associated with a user account that has read and write access to LogScale devices. From the LogScale console Settings page, select the API tab to access your API keys. Then generate and copy an API key.
-
Max # of Records per Payload. The maximum number of records to send to LogScale in each action. The default value is “100”.
Create or Edit an Action #
You can create the following types of Actions for LogScale:
-
Send Data to LogScale. Sends a custom set of Lucidum data to LogScale.
To create an action for LogScale:
-
In the Create a New Action page, in the General step, enter:
-
Action Type. Select Send Data to LogScale.
-
Configuration Name. Select an action configuration from the pulldown options.
-
Action Name. Identifier for the action. This name will appear in the Lucidum Action Center.
-
Description. Description of the action.
-
-
Click the Next (>) icon.
-
In the Filters page, click Configure Filters.
-
The Build a Query page appears.