▲ 6 r/crowdstrike
Creating CS Detections from Queries.
We normally create scheduled searches that emails us if there is a detected event. But we were wondering if it's possible to turn it into a detection instead of sending an email?
This would also make it easier for us to ingest it in Splunk if we can convert a query into a real time detection.
Any advise is appreciated on this one.
u/CyberHaki — 2 days ago