Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

CrowdStrike Falcon Host Sample Event Message

Use this sample event message to verify a successful integration with JSA.

Note:

Due to formatting, paste the message format into a text editor and then remove any carriage return or line feed characters.

CrowdStrike Falcon Host sample message when you use the Syslog protocol

The following sample shows a detection summary event that was generated when a known malware accessed a document on the host. This event contains the details of the document and the time that the document was accessed.

Table 1: JSA field names and highlighted values in the event payloads

JSA field name

Highlighted values in the event payload

Event ID

Suspicious Activity

Category

CrowdStrike + FalconHost

Source IP

10.1.1.1

Source Port

49220

Destination IP

10.1.1.2

Destination Port

443

Event Time

2016-06-09 02:57:28

Username

test