diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index e152342..1d8ec42 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: ['3.x'] + python-version: ['3.11'] steps: - uses: actions/checkout@v4 diff --git a/docs/aws/manual/README.md b/docs/aws/manual/README.md index 4f974d1..992a515 100644 --- a/docs/aws/manual/README.md +++ b/docs/aws/manual/README.md @@ -149,10 +149,14 @@ You can either use the `config/config.ini` file or you can use environment varia [main] backends = AWS + [events] + severity_threshold = 3 + [falcon] cloud_region = client_id = client_secret = + application_id = [aws] region = @@ -164,9 +168,11 @@ You can either use the `config/config.ini` file or you can use environment varia ```bash export FIG_BACKENDS=AWS + export EVENTS_SEVERITY_THRESHOLD=3 export FALCON_CLOUD_REGION= export FALCON_CLIENT_ID= export FALCON_CLIENT_SECRET= + export FALCON_APPLICATION_ID= export AWS_REGION= ``` @@ -197,3 +203,22 @@ As events are processed by the FIG, they will be sent to Security Hub. You can v 1. Navigate to the [Security Hub](https://console.aws.amazon.com/securityhub/home) page 1. Click the **Findings** tab 1. Add a filter for **Product name** and enter **CrowdStrike Falcon** + +--- + +## Troubleshooting + +To get additional logging verbosity, you can set the logging level to `DEBUG` by modifying either the `config.ini` or setting an environment variable. + +**Modify the `config.ini`:** + +```ini +[logging] +level = DEBUG +``` + +**Alternatively, set the environment variable:** + +```bash +export LOG_LEVEL=DEBUG +```