Identity Database Mapping¶
The following table describes how this add-on maps to the Identity Database.
reference Format an asset or identity in Splunk ES
| ES Identity lookup field | CrowdStrike Identity TA Fields | Example value | Multi-value allowed |
|---|---|---|---|
| identity | accounts{}.samAccountName + accounts{}.upn | zach@zachthesplunker.com|zachthesplunker | true |
| first | primaryDisplayName | zach | false |
emailAddresses{} | zach@ztsplunker.com | false | |
| priority | see Configure Priority | medium | false |
| bunit | accounts{}.department | finance | true |
| category | see Category field reference | see Category field reference | true |
Last update: June 9, 2023