Data Load - Resources

In the FPL, data selection is done via the search command, for normal log (event) data, and the load command, for special ‘resources’ data. The data selection is applied before all other FPL commands.

This following section will focus on the load command. See the preceeding sections on “Events”, for more information on how to use the search command.

The ‘load’ command

The load command uses the following syntax:

Example:

  load <parameter>

Search ‘resource’ parameter

The ‘resource’ parameter allows the user to use data from one of the available ‘resources’ table in Fluency.

Example:

  load resource <resourceName>

The following values are supported for resourceName:

• ADUser - Windows AD users (LDAP integration)

• falconAgent - Crowdstrike Falcon agents (API integration)
• sentinelOneAgent - SentinelOne agents

• FEHxDevice - FireEye Endpoint Security (HX) devices

• awsIAMUser - AWS IAM users
• awsS3Bucket - AWS S3 buckets
• awsEc2Instance - AWS EC2 instances

• awsEbsVolume - AWS EBS volumes

• nessusPlugin - Vulnerabilities detected by Nessus Professional scanner

Note: the load command does not have / need time or query selections

Please visit the relevant sub-section(s) for detailed information on a specific resource.

Page last updated: 2022 Sep 14

Table of contents

• ADUser
• falconAgent
• sentinelOneAgent
• FEHxDevice
• awsIAMUser
• awsS3Bucket
• awsEc2Instance
• awsEbsVolume
• nessusPlugin