CrowdStrike Logscale UDI Connector

stix_shifter_modules/crowdstrike_logscale/configuration/config.json

@@ -0,0 +1,36 @@
+{
+    "connection": {
+        "type": {
+            "displayName": "CrowdStrike Falcon LogScale",
+            "group": "crowdstrike"
+        },
+        "host": {
+            "type": "text",
+            "regex": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9_:/\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9_:/\\-]*[A-Za-z0-9])$"
+        },
+        "help": {
+            "type": "link",
+            "default": "data-sources.html"
+        },
+        "repository": {
+            "type": "text"
+        },
+        "options": {
+            "api_page_size": {
+                "default": 2000,
+                "min": 1000,
+                "max": 10000,
+                "type": "number",
+                "optional": true
+            }
+        }
+    },
+    "configuration": {
+        "auth": {
+            "type" : "fields",
+            "api_token": {
+                "type": "password"
+            }
+        }
+    }
+}

stix_shifter_modules/crowdstrike_logscale/configuration/lang_en.json

@@ -0,0 +1,30 @@
+{
+    "connection": {
+        "host": {
+            "label": "Management IP address or hostname",
+            "description": "Specify the IP address or hostname of the data source"
+        },
+        "help": {
+            "label": "Need additional help?",
+            "description": "More details on the data source setting can be found in the specified link"
+        },
+        "repository": {
+            "label": "Repository",
+            "description": "A container storing log events collected from various data source."
+        },
+        "options": {
+            "api_page_size": {
+                "label": "API Page Size",
+                "description": "Number of records per API call. Default value is above or equal to 2000"
+            }
+        }
+    },
+    "configuration": {
+        "auth": {
+            "api_token": {
+                "label": "Repository API token",
+                "description": "The API token of a Repository to access the repository related API's"
+            }
+        }
+    }
+}

stix_shifter_modules/crowdstrike_logscale/entry_point.py

@@ -0,0 +1,13 @@
+from stix_shifter_utils.utils.base_entry_point import BaseEntryPoint
+
+
+class EntryPoint(BaseEntryPoint):
+
+    # python main.py translate crowdstrike_logscale query '{}' "[ipv4-addr:value = '127.0.0.1']"
+
+    def __init__(self, connection={}, configuration={}, options={}):
+        super().__init__(connection, configuration, options)
+        self.set_async(True)
+        if connection:
+            self.setup_transmission_simple(connection, configuration)
+        self.setup_translation_simple(dialect_default='crowdstrikeedr')

stix_shifter_modules/crowdstrike_logscale/stix_translation/json/config_map.json

@@ -0,0 +1,13 @@
+{
+  "crowdstrikeedr":
+  {
+    "integer_fields": [
+      "behaviors[*].severity",
+      "behaviors[*].confidence",
+      "behaviors[*].pattern_disposition",
+      "behaviors[*].rule_instance_version"
+    ]
+  }
+}
+
+