▲ 5 r/crowdstrike
QUERY - Blocked Process or archive
Hey guys, i was trying to write a query on Advanced Event Search, to list the blocked procees or archives by crowdstrike on a determinated host. The sintax is writed correctly? can u guys help me?
ComputerName = "XXXXXXX"
| event_platform = "Windows"
| event_simpleName = "DetectionSummaryEvent"
| table([@timestamp, ComputerName, UserName, FileName, FilePath, DetectName, SeverityName, SHA256])
| sort(@timestamp, order=desc)
u/EnvironmentalDirt924 — 7 days ago