top of page
trainifytrainings.jpg

CROWDSTRIKE FALCON PLATFORM FOR RESPONDER

Students who complete this course should be able to:
• Use the key features of the Falcon Platform applications
• Analyze detections and ascertain true or false positive findings
• Apply a standard analytic process to detection triage
• Describe the data available in the Insight app
• Use the Insight app to continue analysis beyond a detection
• Perform limited discovery of additional events beyond a detection

Course Highlights

Hands on Training

Certified & Experienced Trainers

Request for Flexible Timings

Certificate of Completion

CROWDSTRIKE FALCON PLATFORM FOR RESPONDER
Courses

Course Description

The Instructor-led course instructs intermediate responders in the best use of the Falcon Platform for incident triage. The course is appropriate for those who use the Falcon Platform on a day to day basis, focused on triaging and responding to alerts. It includes practical labs for students to develop hands-on skills.

About

Target Audience

This hands-on course is intended for technical contributors who use Falcon Insight to detect, investigate and respond to incidents.
Positions might include Security Analyst, SOC Analyst, Security Engineer, IT Security Operations Manager, Security Administrator, Endpoint Security Administrator, Channel Sales Engineers

Course Pre-Requisite

• Be familiar with the Microsoft Windows environment
• Have an intermediate knowledge of cyber security incident investigation and incident lifecycle.
• Perform basic operations on a personal computer

Course Outline

Detection Analysis
• Detections App
• Filtering
• Detection Types
• Prevention Types

Analytical Process
• Understand the detection
• Review process tree to understand origin
• Understand process(es) involved
• Examine what's normal for this system
• Examine what’s normal for this customer
• Peer review

Analyst Workflows
• Assigning a detection
• Updating detection status
• Commenting
• Network Contain

Student Exercise
• Use the analytical process to review a basic detection

EVENT DISCOVERY
Investigate App Overview
• What is Event Data
• ProcessData
• Context Data
• Key Event Types

Event Actions/workflows
Student Exercise
• Working with Event Data and Event Actions

Student Exercise
• Social Engineering Detections/Ransomware Detections
• Performing a hash search
Student Exercise
• PowerShell related detection
• PowerShell Hunting Reports
Student Exercise
• False Positives
• Encoded PowerShell commands

REPORTING
Detections
• Executive Summary Dashboard
• Detection Activity Dashboard
• Detection Resolution Dashboard
• Detection Activity Report

Exporting Process Data
• Process Table
• Process Activity
• PNG

Student Exercise
• Credential Theft
• NGAV Detections

PROACTIVE INVESTIGATIONS/HUNTING 101
• Bulk IP Search
• Bulk Domain Search
• Student Exercise
• IP and Domain Searching

FINAL EXERCISE
• Students work on their own to investigate a complex phishing attack
• Additional scenarios as time allows

Training Modes

ON DEMAND TRAINING

  • Learn on Your Own Time

  • 1-to-1 learning

  • Customized Solutions

ENROLL NOW

ONLINE TRAINING

  • Flexibility, Convenience

  • Time Saving

  • More Effective Learning

  • Cost Savings

ENROLL NOW

CORPORATE TRAINING

  • Anytime, Anywhere
    Across The Globe

  • Hire A Trainer

  • At Your Own Pace

  • Customized Corporate Training

CONTACT US

Testimonials

WHAT PEOPLE SAY

“I found the expert excellent and could resolve all my query and designed the course in an engaging format”

Pratibha Naidu

Form
bottom of page