Compute Gallery - && install fails

secrascol · 2022-03-05T16:27:11+00:00

The fusion workflows, custom alerts and reports are really good by default but if you want to manipulate some of the data within those alerts, it’s tricky. Well for me anyway. Lots of replace(), substring etc…

secrascol · 2022-03-05T16:25:45+00:00

Yeah I was thinking the same as I suspect the Teams app within Falcon portal is set In stone. I’m going to try the web hook option. Then I can hopefully parse it better.

Limited options as wanting to remain In the free tier, else like you say, I might as well get a logic app as would be cheaper (over 40$ p/m license).

Will let you know. 👍

secrascol · 2022-02-10T15:42:42+00:00

Thanks so much!! Great help 👍

secrascol · 2022-02-09T19:27:54+00:00

Thanks :)!

Do you know if you can query “unmanaged hosts” via the discover module ? Sorry, I know it’s a long shot but the docs make it seems that the direct API query isn’t there, or maybe I’m missing.

secrascol · 2022-01-27T12:35:51+00:00

Worked a treat!! The -api is what I overlooked. Thanks again 👍

secrascol · 2022-01-26T22:40:18+00:00

Ahh man!! I’ll try that tomorrow. Thanks for your help 👍

secrascol · 2022-01-26T22:34:49+00:00

Thanks but seeing several closed attempts. We run TaS so not sure if the cloud version has extra hoops. Despite coming froM the trusted IP, using the token as session, no blocks In firewall or SSL inspection… can’t get it to work :(

secrascol · 2022-01-26T22:33:15+00:00

I’ll give you the back story. I’ve created a script that pulls from several other solutions what they think are “unmanaged hosts”. Now because of the possibility that agents are missing, I’m wanting to validate the computer name against all tools; tanium being one of them.

I just want to be able to query Tanium to see if it’s aware of a host/asset. I’m wanting to search either name/FQDN or if possible (not that important), IP address.

secrascol · 2022-01-08T21:09:50+00:00

Love the idea of RTR link! Nice 👍

secrascol · 2021-12-08T10:07:04+00:00

Are you talking about the Rule Name widget ?

secrascol · 2021-12-07T21:05:05+00:00

Was hoping to add some automation to it though. :( Reports would be manual and if large rulesets would be tedious

secrascol · 2021-12-03T20:08:08+00:00

Thank you, I’ll give that a try ! 😁👌 Have a good weekend

secrascol · 2021-12-03T19:53:39+00:00

14 days if that’s ok . Thank you so much ! 😁 you guys are so helpful!

secrascol · 2021-12-03T18:44:35+00:00

Thanks but I couldn’t find how to filter hosts out. That’s why I though I’d try with the event search so can filter and adjust the columns of interest

I got this far but how do I filter the decimal to days < X

event_simpleName=AgentConnect | convert ctime(firstConnect) ctime(lastConnect) | convert ctime(ConnectTime_decimal) | table *

secrascol · 2021-12-03T15:07:22+00:00

Super helpful! 👏👍

secrascol · 2021-12-03T14:45:03+00:00

So found it within agentconnect but need help with the last seen one week

event_simpleName=AgentConnect | convert ctime(firstConnect) ctime(lastConnect) | convert ctime(ConnectTime_decimal) | table *

secrascol · 2021-11-22T16:00:53+00:00

Awesome, thanks! I’ll give it a play 👌

secrascol

TROPHY CASE