How to Generate Your First Detection
The greatest minds in cybersecurity are at Fal.Con in Las Vegas, Sept. 18-21.
Register now to build skills at hands-on workshops and learn from skilled threat hunters.
In this document and video, you’ll see how to generate your first detection. You will also see how Falcon adds context to alerts, empowering the security admin to take appropriate corrective action.
Windows system with falcon sensor installed.
Generating a Test Alert
To generate an alert open cmd.exe clicking on the windows icon or hitting the windows button on your keyboard. Then type “cmd.”
In the Command Prompt window type
In the Command Prompt window, type the following commands:
“Sc query csagent”
You should see a that the Falcon Agent is installed and running
“choice /m crowdstrike_sample_detection”
The Falcon User Interface
In the Falcon UI a new alert appears in the Activity App.
This alert is rated as “Low” and also has a Falcon icon associated with it. This indicates that Falcon OverWatch has flagged this activity as suspicious. Had this not been a test detection, it would have been accompanied by an email from the OverWatch team with additional detail.
This additional detail is important to determine if a seemingly routine command is associated with everyday activity or part of a larger, malicious attack. Click on each node and watch the execution details pane on the right update to provide information on each executable in the process tree.
CrowdStrike Falcon® goes above and beyond to provide relevant information so that our customers have more information at their fingertips to quickly and effectively make important security decisions.
- CrowdStrike 15-Day Free Trial
- Request a demo
- Guide to AV Replacement
- CrowdStrike Products
- CrowdStrike Cloud Security