So some new lookup tables I found! (New to me at least)

UserName to Email .. not sure where this has been all my life ... but searching the login/logon index was stupid slow ... :

https://falcon.crowdstrike.com/eam/en-us/app/eam2/search?q=search%20UserName%3D*%20%0A%7C%20head%2010%0A%7C%20stats%20count%20by%20UserName%0A%7C%20lookup%20userinfo.csv%20UserName%20UserName&display.page.search.mode=verbose&dispatch.sample_ratio=1&earliest=-15m&latest=now&display.page.search.tab=statistics&display.general.type=statistics&sid=1662573928.93

List of detect patterns kinda cool 2K+!!! we are DOOMED lol

https://falcon.crowdstrike.com/eam/en-us/app/eam2/search?q=%7C%20inputlookup%20detect_patterns.csv%20%0A%7C%20sort%20severity&display.page.search.mode=verbose&dispatch.sample_ratio=1&earliest=-15m&latest=now&display.page.search.tab=statistics&display.general.type=statistics&sid=1662573611.68

Usb Devices

https://falcon.crowdstrike.com/eam/en-us/app/eam2/search?q=%7C%20inputlookup%20DcUsbInterface.csv%20%0A%7C%20search%20InterfaceDescriptorName!%3D%22%20%22%0A%7C%20sort%20-InterfaceDescriptorNumEndpoints_decimal%0A&display.page.search.mode=verbose&dispatch.sample_ratio=1&earliest=-15m&latest=now&display.page.search.tab=statistics&display.general.type=statistics&sid=1662573525.62

Dupe AIDs (Broken installs .. 90+ yay! google CS_HIDE :

https://falcon.crowdstrike.com/investigate/events/en-us/app/eam2/search?q=%7C%20inputlookup%20duplicate_aid.csv%0A%7C%20stats%20count%20by%20SystemSerialNumber%0A%7C%20sort%20-count&sid=1662574059.98&display.page.search.mode=verbose&dispatch.sample_ratio=1&earliest=-15m&latest=now&display.page.search.tab=statistics&display.general.type=statistics


List:
aid_computername.csv
aid_location_tracking.csv
aid_master.csv
aid_master_v2.csv
aid_policy.csv
aid_volume_encryption.csv
appinfo.csv
AsepClass.csv
AsepValue.csv
audit_event_operation_names.csv
audit_event_service_names.csv
aws_ec2_images.csv
aws_ec2_instances.csv
aws_ec2_mac_ip_lookup.csv
aws_ec2_networkacl_entries.csv
aws_ec2_networkacls.csv
aws_ec2_networkinterface_privateips.csv
aws_ec2_networkinterfaces.csv
aws_ec2_securitygroup_rules.csv
aws_ec2_securitygroups.csv
aws_ec2_subnets.csv
aws_ec2_volumes.csv
aws_ec2_vpcs.csv
aws_iam_account_aliases.csv
bios_prevalence.csv
chassis.csv
cid_name.csv
Ensure IAM Policy for EC2 IAM Roles for Web tier is configured
cloud_instance_metadata.csv
cloud_instance_types.csv
cloud_providers.csv
cloud_regions.csv
common_processes.csv
cross_platform_recon_apps.csv
cs_kbcve.csv
cs_kbinfo.csv
cs_kbversion.csv
cs_nvd.csv
cspm_account_alias.csv
cspm_iom_api_export.csv
cspm_iom_config_assessment.csv
cspm_iom_resource_count.csv
cspm_iom_status.csv
cspm_iom_ui_data.csv
cspm_policy.csv
cspm_scan_history.csv
dc_filewritten_events.csv
DcPolicyMatchMethod.csv
DcUsbInterface.csv
DcUsbInterfaceDescriptor.csv
detect_patterns.csv
detection_name_cleaned.csv
duplicate_aid.csv
errorevent_lin.csv
firmware_hashes_by_vendor.csv
firmware_vulnerabilities.csv
forescout_apps.csv
geo_attr_countries.csv
geo_attr_countries.csv
geo_attr_us_states.csv
geo_attr_us_states.csv
group_info.csv
grouprid_wingroup.csv
high_risk_ports.csv
idp_network_types.csv
idp_protocol_types.csv
kbsupercedence.csv
logoninfo.csv
LogonType.csv
mac_osverinfo.csv
macprefix.csv
managedassets.csv
master_aws_ec2_images.csv
master_aws_ec2_instances.csv
master_aws_ec2_securitygroup_rules.csv
master_aws_ec2_securitygroups.csv
master_aws_ec2_subnets.csv
master_aws_ec2_volumes.csv
master_aws_ec2_vpcs.csv
master_aws_iam_account_aliases.csv
mitre_obj_tactic.csv
mitre_tactic_technique_crowdstrike_v6.csv
mitre_tactic_technique_crowdstrike_v8.csv
Policy and Procedures
not_recon_apps.csv
notmanaged.csv
notsupported.csv
oui.csv
patterndisposition.csv

Field Names:

AccountAlias	AccountID	AccountId	AccountType	Action	ActiveDirectoryAuthenticationMethod_decimal	ActualDriveLetter	AgentLoadFlags	AgentLocalTime	AgentTimeOffset	AgentVersion	AsepClass	AsepClassName	AsepValueName	AsepValueType	Attack Type	AttackTypes	AwsAccountAlias	AwsAccountId	AwsArchitecture	AwsAssignIpv6AddressOnCreation_decimal	AwsAssociationIpOwnerId	AwsAssociationPublicDnsName	AwsAssociationPublicIp	AwsAssociationsSubnetId	AwsAttachmentDeleteOnTermination_decimal	AwsAttachmentDevice	AwsAttachmentStatus	AwsAttachmentTime_decimal	AwsAvailabilityZone	AwsCidrBlock	AwsDefaultForAz_decimal	AwsDeleteOnTermination_decimal	AwsDescription	AwsDirection	AwsEbsOptimized_decimal	AwsEgress_decimal	AwsFromPort	AwsGroupId	AwsGroupName	AwsHypervisor	AwsIPv6Addresses	AwsIamInstanceProfileId	AwsIfStatus	AwsImageCreationDate_decimal	AwsImageId	AwsImageIsPublic_decimal	AwsImageName	AwsImageType	AwsInstanceId	AwsInstanceLifecycle	AwsInstanceState	AwsInstanceType	AwsIops	AwsIpProtocol	AwsIpv4CidrBlocks	AwsIpv4Ranges	AwsIpv6CidrBlock	AwsIpv6CidrBlocks	AwsIpv6Ranges	AwsIsDefault_decimal	AwsKernelId	AwsKmsKeyId	AwsLaunchTime_decimal	AwsMacAddress	AwsMapPublicIpOnLaunch_decimal	AwsNetworkAclId	AwsNetworkInterfaceId	AwsOwnerId	AwsOwnerIdm	AwsPlacementAffinity	AwsPlacementAvailabilityZone	AwsPlacementGroupName	AwsPlacementHostId	AwsPlacementTenancy	AwsPlatform	AwsPortRangeFrom	AwsPortRangeTo	AwsPrimaryCidrBlock	AwsPrimaryIP_decimal	AwsPrivateDnsName	AwsPrivateIPAddress	AwsProductCodes	AwsPublicDnsName	AwsPublicIpAddress	AwsReferencedSecurityGroups	AwsRegion	AwsReservationId	AwsResourceState	AwsRootDeviceName	AwsRootDeviceType	AwsRuleAction	AwsRuleNumber	AwsSecurityGroups	AwsSnapshotId	AwsSourceDestCheck_decimal	AwsSpotInstanceRequestId	AwsSubnetId	AwsTags	AwsToPort	AwsVirtualizationType	AwsVolumeEncrypted_decimal	AwsVolumeId	AwsVolumeSize	AwsVpcId	AzureCombinedAccountId	BUILD	BasePath	BiosManufacturer	BiosVersion	BuildNumber_decimal	CID	Category	ChassisType	ChassisType_decimal	Cities	City	CloudPlatform	CloudPlatform_decimal	CommandLine	CompanyName	ComputerName	ComputerType	ConfigBuild	ConfigIDBuild	Continent	Continents	Countries	Country	CreateTime_decimal	CreatedDate	CurrentLocalIP	DcPolicyFlags_decimal	DcPolicyMatchMethod_decimal	Description	DetectName	DeviceDescriptorSetHash	DeviceProtocol_decimal	DeviceType	DeviceUsbClass	DeviceUsbClass_decimal	DeviceUsbSubclass_decimal	DeviceUsbVersion_decimal	DeviceVendorId_decimal	DeviceVendorName	DiskParentDeviceInstanceId	Domain	Event Field Name	Failed	FalconGroupingTags	File	FileDescription	FileName	FileName1	FileVersion	Finding	FirstDiscoveredDate	FirstSeen	GatewayIP	GatewayMAC	GcpAllowedPorts	GcpComputeNetwork	GcpComputeNetworkId	GcpComputeNetworkName	GcpComputeSubnetwork	GcpDeniedPorts	GcpDescription	GcpDirection	GcpFirewallId	GcpFirewallRuleDescription	GcpFirewallRuleDestination	GcpFirewallRuleName	GcpFirewallRuleSource	GcpInstanceId	GcpInstanceName	GcpIpRange	GcpLaunchTime	GcpMachineType	GcpNetwork	GcpPeeredNetwork	GcpPlatform	GcpPriority	GcpPrivateIp	GcpProjectId	GcpProjectName	GcpPublicIp	GcpRegion	GcpRoutingMode	GcpSecurityGroup	GcpServiceAccounts	GcpSourceImage	GcpSourceImageId	GcpStatus	GcpSubnetwork	GcpTags	GcpZone	GroupRid_dec	HasAMDIBS	HasINVPCID	HexCode	Historical	HostHiddenStatus	HostInfoTime	IcmpCode_decimal	IcmpType_decimal	InstanceMetadataProvider_decimal	InterfaceAlias	InterfaceDescription	InterfaceDescriptorName	InterfaceDescriptorNumEndpoints_decimal	InternetAccessible	Last Seen	LastDiscoveredBy	LastLoggedOnHost	LastSeen	LocalAddressIP4	LocalAdminAccess	LogonInfo	LogonTime	LogonType	LogonType_decimal	MAC	MACPrefix	M_MitigationActive	M_MitigationUsingPcid	M_MitigationUsingUserGlobalPages	M_SystemIsUnpatched	MachineDomain	MajorVersion	MajorVersion_decimal	Manageable	Manufacturer	ManufacturerAddress	MeteredBilling	MinorVersion_decimal	Mobility	NeighborName	NetworkType	OS Version	OSVersionString	OSXVersion	OU	Objective	OperationName	PLATFORM	Passed	PasswordLastSet	PatternDispositionDescription	PatternDisposition_decimal	PatternId_decimal	Platform	PlatformSecuritySettings_decimal	PlatformSecurityStatus_decimal	PointerSize	PointerSize_decimal	PolicyID	PolicyMatchMethod	PolicyName	PolicyTag	Prefix	PreventionSetting	ProductName	ProductType	ProductType_decimal	ProductVersion	ProtocolType	Provider	RELEASE_DATE	RFMState_decimal	References	RegOperationName	RegOperationType	Remediation Available	ResourceAttributes	ResourceCreateTime	ResourceId	ResourceIdType	ResourceUrl	RuleGroupID	RuleGroupName	RuleGroupType	RuleID	SHA256HashData	SRID	SUPPORT_ENDS	S_HardwareSupportsIbrs	S_HardwareSupportsStibp	S_MitigationActive	S_MitigationDisabledByRegistry	S_MitigationNotSupportedByHardware	S_MitigationUsingIbrs	S_MitigationUsingStibp	S_SystemIsUnpatched	Scan ID	ScanSessionID	Scenario	SensorGroupingTag	SensorGroupingTags	Service	ServiceLabel	ServiceName	ServicePackMajor	Severity	SeverityLabel	SiteName	SourceEndpointNetworkType_decimal	StatusDescription	StatusValue	Status_code_decimal	Status_code_hex	Status_decimal	SubVersion	SystemManufacturer	SystemProductName	SystemSerialNumber	Tactic	Tags	Time	Timezone	Toggle	Total Scanned	UID_decimal	USBVersion	UpdatedDate	User	UserIsAdmin	UserLogonFlags_decimal	UserName	UserPrincipal	UserSid_readable	VERSION_FAMILY	Vendor	Version	VolumeIsEncrypted_decimal	VolumeType	Vulnerability Name	WinGroup	WinOSVersion	_time	access_complexity_v2	access_vector_v2	account	accountId	account_id	account_name	aid	aip	aipCount	alert_logic	api_command	assessments.additional_user_mode_data_enabled	assessments.analytics_and_improvements_mac	assessments.application_firewall_mac	assessments.auto_update_mac	assessments.automated_remediation	assessments.beta_build_disabled	assessments.bios_deep_visibility_mac	assessments.bios_standard_visibility_mac	assessments.branch_target_injection_mitigation	assessments.branch_target_injection_mitigation_hardware_support	assessments.branch_target_injection_mitigation_patch	assessments.branch_target_injection_mitigation_registry_allowed	assessments.credential_guard_running	assessments.crendential_dumping_hash_mac	assessments.crendential_dumping_kcpassword_mac	assessments.crowdstrike_full_disk_access	assessments.debug_mode_disabled	assessments.dma_guard_enabled	assessments.engine_full_visibility	assessments.ev_mode	assessments.execution_blocking_custom_blocking_enabled	assessments.execution_blocking_custom_blocking_enabled_lin	assessments.execution_blocking_custom_blocking_enabled_mac	assessments.execution_blocking_intel_threats_enabled	assessments.execution_blocking_intel_threats_enabled_mac	assessments.execution_blocking_suspicious_processes_enabled	assessments.execution_blocking_suspicious_processes_enabled_lin	assessments.execution_blocking_suspicious_processes_enabled_mac	assessments.execution_blocking_suspicious_registry_ops_enabled	assessments.execution_blocking_suspicious_scripts_enabled	assessments.exploit_mitigation_force_aslr_enabled	assessments.exploit_mitigation_force_dep_enabled	assessments.exploit_mitigation_heap_spray_allocation_enabled	assessments.exploit_mitigation_null_page_allocation_enabled	assessments.exploit_mitigation_seh_overwrite_protection_enabled	assessments.exploitation_behavior_application_exploitation_activity_enabled	assessments.exploitation_behavior_chopper_webshell_enabled	assessments.exploitation_behavior_code_injection_enabled	assessments.exploitation_behavior_driveby_download_enabled	assessments.exploitation_behavior_javascript_execution_rundll32_enabled	assessments.file_vault_enabled_mac	assessments.firmware_is_uefi	assessments.gatekeeper_mac	assessments.hardware_enhanced_exploit_detection	assessments.hsti_available	assessments.http_detections	assessments.hvci_enabled	assessments.hvci_strict_mode	assessments.in_full_functionality	assessments.internet_sharing_mac	assessments.interpreter_only	assessments.iommu_available	assessments.iommu_in_use	assessments.kmci_enabled	assessments.l1_terminal_fault_mitigation	assessments.lateral_movement_credential_access_credential_dumping_enabled	assessments.lateral_movement_credential_access_windows_logon_bypass_enabled	assessments.mac_os_version	assessments.mbec_available	assessments.ml_adware	assessments.ml_adware_detection_mac	assessments.ml_adware_prevention	assessments.ml_adware_prevention_mac	assessments.ml_cloud_antimalware	assessments.ml_cloud_antimalware_detection_lin	assessments.ml_cloud_antimalware_detection_mac	assessments.ml_cloud_antimalware_prevention	assessments.ml_cloud_antimalware_prevention_lin	assessments.ml_cloud_antimalware_prevention_mac	assessments.ml_sensor_adware_and_pup_detection_mac	assessments.ml_sensor_adware_and_pup_prevention_mac	assessments.ml_sensor_antimalware	assessments.ml_sensor_antimalware_detection_lin	assessments.ml_sensor_antimalware_detection_mac	assessments.ml_sensor_antimalware_prevention	assessments.ml_sensor_antimalware_prevention_lin	assessments.ml_sensor_antimalware_prevention_mac	assessments.password_required_mac	assessments.quarantine_and_security_registration	assessments.quarantine_mac	assessments.quarantine_on_write	assessments.ransomware_backup_deletion_enabled	assessments.ransomware_cryptowall_enabled	assessments.ransomware_file_encryption_enabled	assessments.ransomware_file_system_access_enabled	assessments.ransomware_locky_enabled	assessments.real_time_response_enabled	assessments.real_time_response_enabled_lin	assessments.real_time_response_enabled_mac	assessments.remote_login_mac	assessments.rogue_data_cache_load_mitigation	assessments.rogue_data_cache_load_mitigation_patch	assessments.script_based_execution_monitoring_enabled	assessments.script_based_execution_monitoring_lin	assessments.script_based_execution_monitoring_mac	assessments.script_enforcement	assessments.secure_boot_enabled	assessments.secure_kernel_running	assessments.secure_mor_available	assessments.sensor_tampering_protection	assessments.sip_enabled_mac	assessments.smm_protections	assessments.speculative_store_bypass_mitigation_available	assessments.speculative_store_bypass_mitigation_hardware_support	assessments.spotlight_enabled	assessments.stealth_mode_mac	assessments.suspicious_kernel_drivers	assessments.system_firmware_bios_enabled	assessments.system_full_disk_access_mac	assessments.test_signing_disabled	assessments.uefi_memory_protection	assessments.unauthorized_remote_access_chopper_mac	assessments.unauthorized_remote_access_empyre_mac	assessments.unauthorized_remote_access_xpcom_mac	assessments.volume_shadow_copy_audit	assessments.volume_shadow_copy_protect	assessments.vsm_available	assessments.windows_insider_program_disabled	assessments.windows_insider_program_not_running	assessments.windows_os_build	assignment_type	attack_complexity	attack_tool	attack_tool_command	attack_type	attack_types	attack_vector	authentication_v2	availabilityZone	availability_impact	availability_impact_v2	aws_account_id	aws_instance_id	aws_region	azure_tenant_id	base_score	base_severity	benchmark_short	category	change_description	cid	cid_alias	cis_benchmark_ids	cli_command	cloud_document	cloud_platform	cloud_platform_string	cloud_provider	cloud_service	cloud_service_friendly	cloud_service_string	cloud_service_subtype	cloudplatform	cluster	confidence	confidentiality_impact	confidentiality_impact_v2	config_id_stage	continent	count	country	cpe_22_uri	cpu_count	created_at	created_by	created_timestamp	custom_compliance_ids	cve	cve_description	cve_published_epoch	cve_vendor_advisory	deleted_at	description	detectionCount	device_control_applied	device_control_applied_date	device_control_assigned_date	device_control_policy_id	discovererCount	discoverer_aid	discoverer_devicetype	disposition	earliest_time	enabled	event-type	event_platform	event_simpleName	event_type	exploitability	exploitability_score	finding	firstTime	framework	framework_version	group_id	group_name	group_type	groups	hostname	i	id	imageId	impact_score	instanceId	instanceType	instance_type	integrity_impact	integrity_impact_v2	internal_only	is_usa	iso2	iso3	kb_description	kb_detail_url	kb_id	kb_search_url	kb_severity	kb_type	killchain_stage	label	lat	localipCount	location_names	lon	memory_size	mitre_attack_cloud_matrix	mitre_attack_cloud_subtype	mitre_attack_tactics_id	mitre_attack_tactics_name	mitre_attack_tactics_url	mitre_attack_techniques_id	mitre_attack_techniques_name	mitre_attack_techniques_url	modified_by	modified_timestamp	monthsincereset	multiCsvCheck	name	nist_benchmark_ids	objective	os_type	pattern_updated	pci_benchmark_ids	platform	platform_id	platform_name	policy_description	policy_id	policy_remediation	policy_severity	policy_severity_score	policy_statement	policy_type	port	prevention_applied	prevention_applied_date	prevention_assigned_date	prevention_policy_id	privateIp	privileges_required	prod_file_version	prod_short_name	product	product_type_desc	provider	provider_name	provider_region	recommendation_number	region	region_un	region_wb	release_id	remediation_level	report_confidence	report_date_time	requirement	requirements	resource_attributes	resource_count	resource_create_time	resource_id	resource_id_type	resource_url	scanDate	scan_id	scenario	scenarioFriendly	scope	score_v2	scores.modified_time	scores.os	scores.overall	scores.sensor	scores.version	section	section_name	sensor_update_applied	sensor_update_applied_date	sensor_update_assigned_date	sensor_update_policy_id	sensor_update_policy_type	service	settings	severity	severity_index	severity_string	show_in_ui	signal	size	soc2_benchmark_ids	state_code	state_fips	state_name	status	subnet	subregion	superceded_kbid	superceded_kbs	tactic	tacticAndTechniqueString	tags	technique	temporal_score	timestamp	title	uninstall_protection	updated_at	user_interaction	vector_string	version	weight	writtenFileType	xservice