LogScale
Last reviewed: about 1 year ago
When Email Security detects a phishing email, the metadata of the detection can be sent directly to Falcon LogScale. For this tutorial, you will need a working Falcon LogScale account. You will also need to create a new Ingest Token in your LogScale account. Ingest Tokens identify repositories and are used to configure data ingestion to your repository. Refer to Falcon LogScale documentation ↗ for more information.
After creating your Ingest Token:
- Log in to the Email Security dashboard ↗.
- Go to Settings (the gear icon).
- Go to Email Configuration > Domains & Routing > Alert Webhooks.
- Select New Webhook.
- In App Type, select SIEM.
- Choose Crowdstrike from the dropdown, and paste your Ingest Token into the Auth Code section.
- In Target, paste the URL
https://cloud.community.humio.com/api/v1/ingest/hec/raw
. - Select Publish Webhook.