CrowdStrikeStreamingPreProcessing
This Script is part of the CrowdStrike Falcon Streaming Pack.#
Adds an entry to duplicate (older) incidents, notifying that a duplicate incident was ignored. Use this script as the pre-processing script for CrowdStrike Streaming. This will not duplicate incidents (detection events) that have the same host.
Permissions#
This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations
Script Data#
| Name | Description |
|---|---|
| Script Type | python |
| Tags | preProcessing, crowdStrike, crowdStrikeStreaming |
Inputs#
There are no inputs for this script.
Outputs#
There are no outputs for this script.