The attached bundle is meant to be used as a companion to your CrowdStrike Falcon deployment. The bundle sends data from your un-managed systems. These systems are typically new devices just brought up on the network, legacy systems, IoT and ICS/SCADA systems. This will write ExFlow data to your Humio Webhook.
Before you deploy:
You will need to create an ODS Target named “Humio” (Case Sensitive)
NOTE: If you are using the new free Community Edition (16Gb/Day and 7 Day Retention) that host is currently cloud.community.humio.com.
Also, make sure you check the “multiple connections” checkbox.
Device Group for Linux systems W/O Falcon Sensor (Will Say Humio Unmanged)
Device Group for Windows Systems W/O Falcon Sensor (Will Say Humio Unmanged)
Triggers for Linux/Windows and New Device ( < 24 hours) systems.
Make sure the triggers are assigned to the appropriate device groups.
Linux trigger to Linux Unmanged
Windows trigger to Windows Unmanaged
New Device Trigger to New Device < 24 Hours
Edit the humioHook variable in each trigger (line 5) with the webhook matching your Humio Instance.
HumioRxUnmangedBundle.json (8.9 KB)
Once you have deployed the bundle, check back at your dashboard and it should look similar to the dashboard below: (you will need the trace appliance for the ‘PCAP’ column to work)