Get Host Zero Trust Assessment Scores
This query outputs a table with hosts including their zero trust scores
EDRmonitoring
FDR intermediatepor CrowdStrike (cql-hub.com) 1 min read
Query
event_type=ZeroTrustHostAssessment
| groupBy([aid], function=([selectFromMax(field="@timestamp", include=[scores.os, scores.sensor, scores.overall])]))
| join(query={#data_source_name=aidmaster }, field=[aid], include=[ComputerName, event_platform])Explicación
Importado desde cql-hub.com. Agrega explicación de pipes aquí.
Variables a ajustar
Revisa y ajusta los valores según tu entorno.