Splunk® Supported Add-ons

Splunk Add-on for CrowdStrike FDR

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Lookups for the Splunk Add-on for CrowdStrike

The Splunk Add-on for CrowdStrike FDR contains the following CSV lookup files.

These CSV lookups represent mappings defined in CrowdStrike's documentation that provide information as human readable strings for certain event field values. For these fields, the Splunk Add-on for CrowdStrike FDR generates additional fields at search time by adding _meaning to the original field name. The new fields contain the interpretation of the value.

The lookup files map numerical values to human readable strings, based on CrowdStrike's specification. The lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_CrowdStrike_FDR/lookups.

Filename
crowdstrike_StandbyBucket.csv
crowdstrike_AndroidModuleState.csv
crowdstrike_HttpVisibilityState.csv
crowdstrike_UpdateFlag.csv
crowdstrike_FirmwareAnalysisErrorSource.csv
crowdstrike_HttpInternalSource.csv
crowdstrike_BuildType.csv
crowdstrike_ConnectType.csv
crowdstrike_HttpVisibilityStatusReason.csv
crowdstrike_PreviousMemoryRegionProtection.csv
crowdstrike_RuleAction.csv
crowdstrike_FileWrittenFlags.csv
crowdstrike_PciAttachmentState.csv
crowdstrike_Status.csv
crowdstrike_ErrorStatus.csv
crowdstrike_ParentAuthenticationId.csv
crowdstrike_LightningLatencyState.csv
crowdstrike_CloudErrorCode.csv
crowdstrike_TargetAndroidComponentType.csv
crowdstrike_AsepValueType.csv
crowdstrike_DcPolicyBlockTechnique.csv
crowdstrike_DriverLoadFlags.csv
crowdstrike_TemplateDisposition.csv
crowdstrike_ConnectionExchange.csv
crowdstrike_CloudPlatform.csv
crowdstrike_NetworkProfile.csv
crowdstrike_RegConfigValueType.csv
crowdstrike_ConnectionProtocol.csv
crowdstrike_DcPolicyAction.csv
crowdstrike_PowerPluggedType.csv
crowdstrike_CrashLoadedModulesVersion.csv
crowdstrike_DnsResponseType.csv
crowdstrike_ProvisionState.csv
crowdstrike_ConnectionCipher.csv
crowdstrike_ContainerizationErrorCode.csv
crowdstrike_AppProvider.csv
crowdstrike_RFMState.csv
crowdstrike_CallStackModuleNamesVersion.csv
crowdstrike_ControlStatus.csv
crowdstrike_CrashThreadCallStackVersion.csv
crowdstrike_MeasurementType.csv
crowdstrike_ProcessCreateFlags.csv
crowdstrike_StackHashVersion.csv
crowdstrike_ErrorSource.csv
crowdstrike_UmppaInjectionType.csv
crowdstrike_LocationStatus.csv
crowdstrike_PosixFileType.csv
crowdstrike_ModuleLoadMechanism.csv
crowdstrike_ScriptingLanguageId.csv
crowdstrike_UserLogoffType.csv
crowdstrike_HostProcessType.csv
crowdstrike_CurrentFunctionalityLevel.csv
crowdstrike_ScreenshotType.csv
crowdstrike_SHA256HashData.csv
crowdstrike_ExclusionSource.csv
crowdstrike_RegCreateDisposition.csv
crowdstrike_VnodeType.csv
crowdstrike_FontLoadOperation.csv
crowdstrike_ServiceErrorControl.csv
crowdstrike_NetworkContainmentState.csv
crowdstrike_AsepClass.csv
crowdstrike_UACPromptType.csv
crowdstrike_SafetyNetFailureType.csv
crowdstrike_LogonType.csv
crowdstrike_InstanceMetadataProvider.csv
crowdstrike_ChannelId.csv
crowdstrike_HookedObjectType.csv
crowdstrike_MemoryDescriptionFlags.csv
crowdstrike_AmsiRegistrationState.csv
crowdstrike_Malicious.csv
crowdstrike_OciContainerEngineType.csv
crowdstrike_ScriptContentSource.csv
crowdstrike_LfoUploadExtendedStatus.csv
crowdstrike_UACCredentialCaptureActionType.csv
crowdstrike_AppPathFlag.csv
crowdstrike_FirewallAction.csv
crowdstrike_AccountStatus.csv
crowdstrike_FileSystemOperationType.csv
crowdstrike_ExecutionPivot.csv
crowdstrike_ExclusionType.csv
crowdstrike_DcPolicyMatchMethod.csv
crowdstrike_HookedPointerType.csv
crowdstrike_RegClassification.csv
crowdstrike_SELinuxEnforcementPolicy.csv
crowdstrike_VolumeFileSystemType.csv
crowdstrike_ConnectionHash.csv
crowdstrike_SEHValidationFailureFlags.csv
crowdstrike_UmppcEntryReason.csv
crowdstrike_MachOSubType.csv
crowdstrike_FalconServiceState.csv
crowdstrike_QuarantinedFileState.csv
crowdstrike_DeactivationErrorCode.csv
crowdstrike_MemoryRegionProtection.csv
crowdstrike_FirewallProfile.csv
crowdstrike_CreateProcessType.csv
crowdstrike_EtwChannelType.csv
crowdstrike_PayloadClassificationFlags.csv
crowdstrike_ModifiedRegisters.csv
crowdstrike_QueryStatus.csv
crowdstrike_ExceptionInformation0.csv
crowdstrike_ReasonOfFunctionalityLevel.csv
crowdstrike_SyntheticPR2Flags.csv
crowdstrike_UACElevationReason.csv
crowdstrike_RegOperationType.csv
crowdstrike_LinkedAuthenticationId.csv
crowdstrike_ConnectionDirection.csv
crowdstrike_ServiceStart.csv
crowdstrike_HIDDescriptorCountryCode.csv
crowdstrike_EndpointDescriptorAttributes.csv
crowdstrike_SignatureErrorState.csv
crowdstrike_FirmwareType.csv
crowdstrike_RequestType.csv
crowdstrike_BluetoothStatus.csv
crowdstrike_AndroidModuleId.csv
crowdstrike_LfoUploadCloudStatus.csv
crowdstrike_BatteryStatus.csv
crowdstrike_PtAnalysisTrigger.csv
crowdstrike_UserSid.csv
crowdstrike_CpuVendor.csv
crowdstrike_ServiceType.csv
crowdstrike_RegType.csv
crowdstrike_BootTimeFunctionalityLevel.csv
crowdstrike_InjectedThreadFlag.csv
crowdstrike_SystemTableIndex.csv
crowdstrike_Protocol.csv
crowdstrike_IntegrityLevel.csv
crowdstrike_ExceptionCode.csv
crowdstrike_ShowWindowFlags.csv
crowdstrike_PayloadClassification.csv
crowdstrike_ClientId.csv
crowdstrike_HookId.csv
crowdstrike_FileSubType.csv
crowdstrike_AmsiStatusCode.csv
crowdstrike_FsOperationClassification.csv
crowdstrike_BillingType.csv
crowdstrike_CSAStatus.csv
crowdstrike_NetworkExtensionType.csv
crowdstrike_IoControlCode.csv
crowdstrike_AndroidManifestFragmentType.csv
crowdstrike_UACMSIAction.csv
crowdstrike_WhitelistingSource.csv
crowdstrike_ScriptControlErrorCode.csv
crowdstrike_TokenObjectCheckType.csv
crowdstrike_RegConfigClass.csv
crowdstrike_InterfaceGuid.csv
crowdstrike_AppType.csv
crowdstrike_HttpMethod.csv
crowdstrike_PtCompatibilityFlags.csv
crowdstrike_PupAdwareConfidence.csv
crowdstrike_FileKnownStatus.csv
crowdstrike_SuppressType.csv
crowdstrike_HarmfulAppCategory.csv
crowdstrike_BlockingClassId.csv
crowdstrike_FileEventType.csv
crowdstrike_SuspectStackFlag.csv
crowdstrike_AuthenticationId.csv
crowdstrike_WellKnownTargetFunction.csv
crowdstrike_TokenType.csv
crowdstrike_ImageSubsystem.csv
crowdstrike_ImpersonationLevel.csv
crowdstrike_UserModeHookSource.csv
crowdstrike_PatternHandlingErrorType.csv
crowdstrike_FalconServiceComponent.csv
crowdstrike_RegTamperType.csv
crowdstrike_AccessoryConnectionType.csv
crowdstrike_AllocationType.csv
crowdstrike_DeviceConnectionStatus.csv
crowdstrike_VnodeModificationType.csv
crowdstrike_ThreadExecutionControlType.csv
crowdstrike_ServiceServiceSidType.csv
Last modified on 21 March, 2023
PREVIOUS
Source types for the Splunk Add-on for Crowdstrike 		  NEXT
Scripted bitmask lookups for the Splunk Add-on for Crowdstrike

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters