search

ZachChristensen28 / TA-crowdstrike-identities

The CrowdStrike Falcon Identity Protection Add-on for Splunk Add-on allows ingestion of the CrowdStrike identity data into Splunk enabling the data to be used with other Splunk Apps, such as Enterprise Security.
https://splunk-ta-crowdstrike.ztsplunker.com/
Other
0 stars 0 forks source link

learned parameter=false #29

Closed gFazzari closed 4 months ago

gFazzari commented 7 months ago

Bug description

Hi Zach!

I don't know if this is a bug or a feature.. In your GraphQL query you set "learned=false" and this limits a lot your results based on Crowdstrike learning status. Is there a motivation behind this choice? Thanks in advance.

Related links

TA-crowdstrike-identities Version

1.0.0

Splunk Version

9.0.1

ZachChristensen28 commented 7 months ago

Thanks for pointing this out. This is a legacy artifact from the falconpy scripts. This would probably be best to be removed.