Lookups for the Splunk Add-on for CrowdStrike¶
The Splunk Add-on for CrowdStrike FDR contains the following CSV lookup files.
These CSV lookups represent mappings defined in CrowdStrike’s
documentation that provide information as human readable strings for
certain event field values. For these fields, the Splunk Add-on for
CrowdStrike FDR generates additional fields at search time by adding
_meaning to the original field name. The new fields contain the
interpretation of the value.
The lookup files map numerical values to human readable strings, based
on CrowdStrike’s specification. The lookup files are located in
$SPLUNK_HOME/etc/apps/Splunk_TA_CrowdStrike_FDR/lookups.
| Filename |
|---|
| crowdstrike_StandbyBucket.csv |
| crowdstrike_AndroidModuleState.csv |
| crowdstrike_HttpVisibilityState.csv |
| crowdstrike_UpdateFlag.csv |
| crowdstrike_FirmwareAnalysisErrorSource.csv |
| crowdstrike_HttpInternalSource.csv |
| crowdstrike_BuildType.csv |
| crowdstrike_ConnectType.csv |
| crowdstrike_HttpVisibilityStatusReason.csv |
| crowdstrike_PreviousMemoryRegionProtection.csv |
| crowdstrike_RuleAction.csv |
| crowdstrike_FileWrittenFlags.csv |
| crowdstrike_PciAttachmentState.csv |
| crowdstrike_Status.csv |
| crowdstrike_ErrorStatus.csv |
| crowdstrike_ParentAuthenticationId.csv |
| crowdstrike_LightningLatencyState.csv |
| crowdstrike_CloudErrorCode.csv |
| crowdstrike_TargetAndroidComponentType.csv |
| crowdstrike_AsepValueType.csv |
| crowdstrike_DcPolicyBlockTechnique.csv |
| crowdstrike_DriverLoadFlags.csv |
| crowdstrike_TemplateDisposition.csv |
| crowdstrike_ConnectionExchange.csv |
| crowdstrike_CloudPlatform.csv |
| crowdstrike_NetworkProfile.csv |
| crowdstrike_RegConfigValueType.csv |
| crowdstrike_ConnectionProtocol.csv |
| crowdstrike_DcPolicyAction.csv |
| crowdstrike_PowerPluggedType.csv |
| crowdstrike_CrashLoadedModulesVersion.csv |
| crowdstrike_DnsResponseType.csv |
| crowdstrike_ProvisionState.csv |
| crowdstrike_ConnectionCipher.csv |
| crowdstrike_ContainerizationErrorCode.csv |
| crowdstrike_AppProvider.csv |
| crowdstrike_RFMState.csv |
| crowdstrike_CallStackModuleNamesVersion.csv |
| crowdstrike_ControlStatus.csv |
| crowdstrike_CrashThreadCallStackVersion.csv |
| crowdstrike_MeasurementType.csv |
| crowdstrike_ProcessCreateFlags.csv |
| crowdstrike_StackHashVersion.csv |
| crowdstrike_ErrorSource.csv |
| crowdstrike_UmppaInjectionType.csv |
| crowdstrike_LocationStatus.csv |
| crowdstrike_PosixFileType.csv |
| crowdstrike_ModuleLoadMechanism.csv |
| crowdstrike_ScriptingLanguageId.csv |
| crowdstrike_UserLogoffType.csv |
| crowdstrike_HostProcessType.csv |
| crowdstrike_CurrentFunctionalityLevel.csv |
| crowdstrike_ScreenshotType.csv |
| crowdstrike_SHA256HashData.csv |
| crowdstrike_ExclusionSource.csv |
| crowdstrike_RegCreateDisposition.csv |
| crowdstrike_VnodeType.csv |
| crowdstrike_FontLoadOperation.csv |
| crowdstrike_ServiceErrorControl.csv |
| crowdstrike_NetworkContainmentState.csv |
| crowdstrike_AsepClass.csv |
| crowdstrike_UACPromptType.csv |
| crowdstrike_SafetyNetFailureType.csv |
| crowdstrike_LogonType.csv |
| crowdstrike_InstanceMetadataProvider.csv |
| crowdstrike_ChannelId.csv |
| crowdstrike_HookedObjectType.csv |
| crowdstrike_MemoryDescriptionFlags.csv |
| crowdstrike_AmsiRegistrationState.csv |
| crowdstrike_Malicious.csv |
| crowdstrike_OciContainerEngineType.csv |
| crowdstrike_ScriptContentSource.csv |
| crowdstrike_LfoUploadExtendedStatus.csv |
| crowdstrike_UACCredentialCaptureActionType.csv |
| crowdstrike_AppPathFlag.csv |
| crowdstrike_FirewallAction.csv |
| crowdstrike_AccountStatus.csv |
| crowdstrike_FileSystemOperationType.csv |
| crowdstrike_ExecutionPivot.csv |
| crowdstrike_ExclusionType.csv |
| crowdstrike_DcPolicyMatchMethod.csv |
| crowdstrike_HookedPointerType.csv |
| crowdstrike_RegClassification.csv |
| crowdstrike_SELinuxEnforcementPolicy.csv |
| crowdstrike_VolumeFileSystemType.csv |
| crowdstrike_ConnectionHash.csv |
| crowdstrike_SEHValidationFailureFlags.csv |
| crowdstrike_UmppcEntryReason.csv |
| crowdstrike_MachOSubType.csv |
| crowdstrike_FalconServiceState.csv |
| crowdstrike_QuarantinedFileState.csv |
| crowdstrike_DeactivationErrorCode.csv |
| crowdstrike_MemoryRegionProtection.csv |
| crowdstrike_FirewallProfile.csv |
| crowdstrike_CreateProcessType.csv |
| crowdstrike_EtwChannelType.csv |
| crowdstrike_PayloadClassificationFlags.csv |
| crowdstrike_ModifiedRegisters.csv |
| crowdstrike_QueryStatus.csv |
| crowdstrike_ExceptionInformation0.csv |
| crowdstrike_ReasonOfFunctionalityLevel.csv |
| crowdstrike_SyntheticPR2Flags.csv |
| crowdstrike_UACElevationReason.csv |
| crowdstrike_RegOperationType.csv |
| crowdstrike_LinkedAuthenticationId.csv |
| crowdstrike_ConnectionDirection.csv |
| crowdstrike_ServiceStart.csv |
| crowdstrike_HIDDescriptorCountryCode.csv |
| crowdstrike_EndpointDescriptorAttributes.csv |
| crowdstrike_SignatureErrorState.csv |
| crowdstrike_FirmwareType.csv |
| crowdstrike_RequestType.csv |
| crowdstrike_BluetoothStatus.csv |
| crowdstrike_AndroidModuleId.csv |
| crowdstrike_LfoUploadCloudStatus.csv |
| crowdstrike_BatteryStatus.csv |
| crowdstrike_PtAnalysisTrigger.csv |
| crowdstrike_UserSid.csv |
| crowdstrike_CpuVendor.csv |
| crowdstrike_ServiceType.csv |
| crowdstrike_RegType.csv |
| crowdstrike_BootTimeFunctionalityLevel.csv |
| crowdstrike_InjectedThreadFlag.csv |
| crowdstrike_SystemTableIndex.csv |
| crowdstrike_Protocol.csv |
| crowdstrike_IntegrityLevel.csv |
| crowdstrike_ExceptionCode.csv |
| crowdstrike_ShowWindowFlags.csv |
| crowdstrike_PayloadClassification.csv |
| crowdstrike_ClientId.csv |
| crowdstrike_HookId.csv |
| crowdstrike_FileSubType.csv |
| crowdstrike_AmsiStatusCode.csv |
| crowdstrike_FsOperationClassification.csv |
| crowdstrike_BillingType.csv |
| crowdstrike_CSAStatus.csv |
| crowdstrike_NetworkExtensionType.csv |
| crowdstrike_IoControlCode.csv |
| crowdstrike_AndroidManifestFragmentType.csv |
| crowdstrike_UACMSIAction.csv |
| crowdstrike_WhitelistingSource.csv |
| crowdstrike_ScriptControlErrorCode.csv |
| crowdstrike_TokenObjectCheckType.csv |
| crowdstrike_RegConfigClass.csv |
| crowdstrike_InterfaceGuid.csv |
| crowdstrike_AppType.csv |
| crowdstrike_HttpMethod.csv |
| crowdstrike_PtCompatibilityFlags.csv |
| crowdstrike_PupAdwareConfidence.csv |
| crowdstrike_FileKnownStatus.csv |
| crowdstrike_SuppressType.csv |
| crowdstrike_HarmfulAppCategory.csv |
| crowdstrike_BlockingClassId.csv |
| crowdstrike_FileEventType.csv |
| crowdstrike_SuspectStackFlag.csv |
| crowdstrike_AuthenticationId.csv |
| crowdstrike_WellKnownTargetFunction.csv |
| crowdstrike_TokenType.csv |
| crowdstrike_ImageSubsystem.csv |
| crowdstrike_ImpersonationLevel.csv |
| crowdstrike_UserModeHookSource.csv |
| crowdstrike_PatternHandlingErrorType.csv |
| crowdstrike_FalconServiceComponent.csv |
| crowdstrike_RegTamperType.csv |
| crowdstrike_AccessoryConnectionType.csv |
| crowdstrike_AllocationType.csv |
| crowdstrike_DeviceConnectionStatus.csv |
| crowdstrike_VnodeModificationType.csv |
| crowdstrike_ThreadExecutionControlType.csv |
| crowdstrike_ServiceServiceSidType.csv |