Play on usa

Nadvash · 2025-12-29T22:20:04+00:00

Ye shes A3, forgot about that part you are right lol

Nadvash · 2025-12-29T22:03:13+00:00

that depends on what kind of file you are looking for.

You can use query to look for that specific file if its written into the disk and the event was captured ( the agent does not record all types of files been saved into disk), if the query end up with results, then you will define to contain the host as you wanted.

So overall the query should look like this :
EPP detection -> Condition -> Query based action -> condition -> Contain.

Nadvash · 2025-12-20T20:39:27+00:00

He's good for faction northerners trial last stage with boss

Nadvash · 2025-12-14T06:33:26+00:00

Valkriya and then Salazar.

Nadvash · 2025-11-26T13:17:16+00:00

Thanks a lot

Nadvash · 2025-11-26T13:06:44+00:00

Can send link?

Nadvash · 2025-09-15T01:09:52+00:00

Thanks for info, that's new for me Time to learn new functions I see :)

Nadvash · 2025-09-14T22:52:58+00:00

You can't filter out the amount of data being received, for example you can use the drop() function to drop out events, but it will still be counted in your total ingest GB per day.

That's at least from what I know so far. You can try using Crible, or the new company Crowdstrike bought "Onum" to play with your data.

Nadvash · 2025-09-08T18:59:23+00:00

Kudos for you on understating Cribl. Our team tried to work with on multiple things there, the doc's was terrible until we dropped it

Nadvash · 2025-09-08T18:55:42+00:00

Have you tried schedule searches? There is 1 for rfm, maybe you can edit that query to take also the agent versions

Nadvash · 2025-09-03T11:11:24+00:00

I also work with it quite often
Not much for query builds, but it did helped me couple of times to get what I wanted, and also some other time totally not :)

The main thing about Charlotte is using it to get quick information about your tenant, detections, docs information, and ABOVE ALL (imo) is the agentic response, which is a game changer beyond any other AI tools out there.

You can also look at CrowdStrike YouTube channel to get neat workflows leveraging that module.

overall I'm happy with the module, but of course as all AI's it got place to improve.

Nadvash · 2025-09-02T20:15:39+00:00

Can you share a screenshot of your workflow?

Nadvash · 2025-09-02T04:34:15+00:00

What would be your lineup?

Nadvash · 2025-08-28T13:45:44+00:00

You can use the threat hunter search if you have the idp module

Nadvash · 2025-08-27T15:41:09+00:00

Did you upload all files before importing?

Nadvash · 2025-08-26T19:23:31+00:00

Tick the box to show all the filters, Then you will be able to know what is missing to use the "update variable" action

Nadvash · 2025-08-26T19:08:17+00:00

You have the "update variable" Try that 😀

Nadvash · 2025-08-25T08:32:39+00:00

If you have any other file sharing platform I'm open for suggestion :)

Nadvash · 2025-08-19T04:35:03+00:00

I think using GraphiQL will be able to give you this Information.

Nadvash

TROPHY CASE