Some useful CrowdStrike Logscale queries for hunting malicious activity.
ExternalApiType=Event_DetectionSummaryEvent | /DocumentsAccessed/ | split(DocumentsAccessed) | groupBy( field=[ComputerName, DetectId, DetectName, DetectDescription], function=[ collect(fields=[DocumentsAccessed.FileName, DocumentsAccessed.FilePath, DocumentsAccessed.Timestamp]) ] )