Back to Tech Center

How to Navigate Falcon Discover

April 16, 2021

CrowdStrike Tech Center

Introduction

Falcon Discover enables IT hygiene by providing organizations with robust visibility over the computers, applications and accounts being used in their environment. That visibility helps prepare companies against attacks, improve the overall security posture and prevent breaches. 

Video

Navigating Falcon Discover

Because the Falcon Platform is cloud based, Falcon Discover can return searches within seconds without impacting the user or the network. With 90 days of historical data, Falcon Discover has the ability to report both historical and current information in near real-time.

The Discover menu options are available from the main Falcon menu.

Discover menu

The main dashboard provides a high level overview with clickable charts to drill down into the supporting details.

Discover dashboard

Application Visibility

Falcon Discover offers two main dashboards specific to applications. The Application Usage dashboard reveals a detailed list of applications that have recently run in the environment including details such as vendor, application, version, and file name. The data can be filtered on attributes like vendor and file name to identify potential issues around version control and licensing. There are also options to search used applications based on a specific user or host.

Discover application usage

From the top menu, there is also an option to report on all installed applications. Filtering this list by operating system yields a more focused view of the application information.

discover installed applications

Asset Inventory

Falcon Discover enables security teams to differentiate assets in the environment and take appropriate steps to improve overall security. The Asset Inventory dashboard includes a breakdown of active devices by OS and type with additional charts to illustrate management status and hardware model. Statistics on unmanaged devices and unsupported devices can be used to target agent deployment or track down out of service devices, end of life operating systems and unauthorized usage of devices outside the corporate standards.

discover asset inventory

Account Monitoring

Falcon Discover also provides visibility into the user accounts being leveraged. The Account Monitoring dashboard reflects an overview of the number of domain and local accounts in the environment.  It also illustrates when the account passwords were last reset – helping to identify and address areas of concern around password management.

discover account monitoring

Additional Insights

Beyond applications, assets and accounts, Falcon Discover provides insights into many other important device metrics including these two examples.

The Drive Encryption dashboard reports on the status of each host’s built in OS encryption broken down by form factor.

discover drive encryption

Also, the System Resources dashboard includes information about the processors, cores, and memory for managed systems. Like other dashboards, filters are available to focus based on attributes like operating system, organization unit and domain.

discover system resources

Conclusion

Falcon Discover enables IT hygiene by providing organizations with robust visibility over the computers, applications and accounts being used throughout the environment. With CrowdStrike, organizations can identify issues and address areas of weakness to minimize risk and stop breaches.

More resources

 

Related Content

TRY CROWDSTRIKE FREE FOR 15 DAYS

GET STARTED WITH A FREE TRIAL