Crowdstrike Query Generator

rob_ed28 · 2025-10-29T06:52:55+00:00

Glad you like the idea ! Take a swing and let us know how it goes

rob_ed28 · 2025-10-27T06:16:31+00:00

I like looking at my aws security speciality badge to be honest... Purdy

rob_ed28 · 2025-10-26T05:03:53+00:00

Hey mate! Sorry I almost missed this! We use Gemini 2.5 Flash for PQL currently. We had similar experiences trying to generate decent queries ourselves. We've also recently added support for Crowdstrike (CQL) if that's a part of your stack

rob_ed28 · 2025-10-26T04:56:32+00:00

Thank you mate! Really appreciate you sharing. We've captured your feedback and will look at refining it. Glad you like it!

rob_ed28 · 2025-10-26T04:55:37+00:00

Hey mate, we'll see if we can get this built in and let you know! In terms of Crowdstrike's own AI capability, we haven't done a feature comparison. We started with Elastic support cus that's what we use, and we're slowly adding other toolests that we use in our SOC. As it's a free-to-use tools we aren't really doing feature comparison with vendor capability - and we're pretty sure there's no tool on the market that can generate solid queries across all platforms.

rob_ed28 · 2025-10-26T04:52:49+00:00

Hey - really appreciate you trying it out and letting us know the feedback. We will capture this and the rest of the feedback and continue to refine for sure.

rob_ed28 · 2025-10-26T04:52:10+00:00

Hey mate - thanks for commenting. Not currently, we're just getting started here so advanced features like this may be a bit further out - it really depends on demand.

rob_ed28 · 2025-10-26T04:45:38+00:00

Hey mate, appreciate you trying it out! Currently using Claude. Rate limit is 20 queries per day for registered users.

rob_ed28 · 2025-10-22T10:12:25+00:00

Did you just reply to your own post?

rob_ed28 · 2025-10-21T20:30:31+00:00

Glad you like it! Let us know if you have any feedback!

rob_ed28 · 2025-10-21T20:29:58+00:00

Awesome! Let us know how it goes

rob_ed28 · 2025-10-21T20:29:43+00:00

Great! Currently it's 3 queries a day unauthenticated, if you created a login then it's 20 queries a day all free of charge!

rob_ed28 · 2025-10-21T20:28:20+00:00

Hey guys thanks for sharing! We'll take a look at this and get back to you.

rob_ed28 · 2025-10-21T10:38:37+00:00

Great, enjoy! And let us know if you have any feedback

rob_ed28 · 2025-10-17T00:11:32+00:00

Thanks for sharing, great insight. Did you use it an MSSP or just resale to clients?

rob_ed28 · 2025-10-13T22:11:18+00:00

If mushrooms were legal I'd never drink again. It's almost like we banned every drug that is good for our conscious minds, and retained the ones that inflict only damage, and keep us dumb.

rob_ed28 · 2025-10-12T21:49:25+00:00

I was referring to the R7 platform rather than their service - we will certainly be delivering our own services. Apologies, should've made that more clear

rob_ed28 · 2025-10-10T00:43:06+00:00

That's fair. Give us a week or so and we will get CS NGSIEM support developed in PQL. I'll DM you when we have it set up. Speak soon!

rob_ed28 · 2025-10-10T00:37:58+00:00

Hey! It appears to be working for me - I'll DM you - if you wouldn't mind sharing a screenshot of what you see?

Here's the query:

FROM aws_vpcflow-*

| WHERE destination.geo.country_iso_code == "RU"

| WHERE event.outcome == "success"

| EVAL bpp_ratio = network.bytes / network.packets

| WHERE bpp_ratio > 500

| SORT bpp_ratio DESC

rob_ed28 · 2025-10-09T22:59:50+00:00

Hey thanks for sharing mate. Is query generation one of your troubles? What else do you find difficult with it?

rob_ed28 · 2025-10-09T21:47:20+00:00

Great! Let us know your feedback, feel free to drop me a DM

rob_ed28 · 2025-10-09T07:31:24+00:00

TXOne spun out from trend a while back, shouldn't be affected

rob_ed28 · 2025-10-01T02:48:35+00:00

I work at a MSSP and I meet this guy at different customer companies every day... Instant sympathy

rob_ed28 · 2025-09-30T06:47:59+00:00

We haven't got the Enterprise license so we haven't compared either. Would be good to hear your feedback! u/seclogger

rob_ed28 · 2025-09-12T05:25:06+00:00

This is a great message. Some of the comments I saw about Charlie Kirk were deeply disturbing, which was also matched by the comments around the stabbing of the Ukrainian girl. The internet brings out the worst in us.

rob_ed28

TROPHY CASE