search

ZachChristensen28 / TA-crowdstrike-identities

The CrowdStrike Falcon Identity Protection Add-on for Splunk Add-on allows ingestion of the CrowdStrike identity data into Splunk enabling the data to be used with other Splunk Apps, such as Enterprise Security.
https://splunk-ta-crowdstrike.ztsplunker.com/
Other
0 stars 0 forks source link

Pull only updated identities #2

Open ZachChristensen28 opened 1 year ago

ZachChristensen28 commented 1 year ago

Description

This add-on currently pulls every identity on each run interval. It would be nice to only pull in updated identities after the initial pull.

Related links

n/a

ZachChristensen28 commented 1 year ago

Two potential fields can be used:

  1. lastUpdateEndTime
  2. lastUpdateStartTime