-
Notifications
You must be signed in to change notification settings - Fork 21
Home
nlabadie-crwd edited this page Feb 26, 2024
·
31 revisions
Welcome to the LogScale and FLTR community wiki!
- LogScale Query Primer: a comprehensive guide on using the LogScale query language.
- LogScale Query Building Blocks: this is a list of common questions we've seen in the field. If you've ever wondered how to accomplish X to get to Y, this is likely the place to start.
- FLTR Setup and Configuration: this walks you through the initial setup and configuration of Falcon Long Term Repository, aka FLTR.
- FLTR Hunting and Investigations: ever wondered how to hunt through Falcon telemetry data, aka FDR? Start here.
- Event Forwarding Playground: this is a end-to-end setup of a self-contained, single node cluster, to test the Event Forwarding functionality of a Self-Hosted LogScale deployment. NOTE: You will need a development, trial, or PoC license.
- Falcon LogScale Package Standards: this document describes our first package standards. This version of the standard is considered a minimum viable product that we can move forward with. Other revisions will follow in time.
- Build a Kubernetes Cluster and LogScale Deployment: this is a lab exercise where you'll build a Kubernetes cluster, deploy LogScale, and optionally enable TLS. Please not that it requires a valid LogScale license.
- LogScale Cluster Deployment in Azure AKS: This document is a guide to provision a self-hosted LogScale cluster on Azure Cloud using Azure AKS kubernetes, with Azure object store for event repositories. There is also a semi-automated version of this here.