How to Navigate Falcon Discover

Introduction
Falcon Discover enables IT hygiene by providing organizations with robust visibility over the computers, applications and accounts being used in their environment. That visibility helps prepare companies against attacks, improve the overall security posture and prevent breaches.
Video
Navigating Falcon Discover
Because the Falcon Platform is cloud based, Falcon Discover can return searches within seconds without impacting the user or the network. With 90 days of historical data, Falcon Discover has the ability to report both historical and current information in near real-time.
The Discover menu options are available from the main Falcon menu.
The main dashboard provides a high level overview with clickable charts to drill down into the supporting details.
Application Visibility
Falcon Discover offers two main dashboards specific to applications. The Application Usage dashboard reveals a detailed list of applications that have recently run in the environment including details such as vendor, application, version, and file name. The data can be filtered on attributes like vendor and file name to identify potential issues around version control and licensing. There are also options to search used applications based on a specific user or host.
From the top menu, there is also an option to report on all installed applications. Filtering this list by operating system yields a more focused view of the application information.
Asset Inventory
Falcon Discover enables security teams to differentiate assets in the environment and take appropriate steps to improve overall security. The Asset Inventory dashboard includes a breakdown of active devices by OS and type with additional charts to illustrate management status and hardware model. Statistics on unmanaged devices and unsupported devices can be used to target agent deployment or track down out of service devices, end of life operating systems and unauthorized usage of devices outside the corporate standards.
Account Monitoring
Falcon Discover also provides visibility into the user accounts being leveraged. The Account Monitoring dashboard reflects an overview of the number of domain and local accounts in the environment. It also illustrates when the account passwords were last reset – helping to identify and address areas of concern around password management.
Additional Insights
Beyond applications, assets and accounts, Falcon Discover provides insights into many other important device metrics including these two examples.
The Drive Encryption dashboard reports on the status of each host’s built in OS encryption broken down by form factor.
Also, the System Resources dashboard includes information about the processors, cores, and memory for managed systems. Like other dashboards, filters are available to focus based on attributes like operating system, organization unit and domain.
Conclusion
Falcon Discover enables IT hygiene by providing organizations with robust visibility over the computers, applications and accounts being used throughout the environment. With CrowdStrike, organizations can identify issues and address areas of weakness to minimize risk and stop breaches.
More resources
- CrowdStrike 15-Day Free Trial
- Request a demo
- Guide to AV Replacement
- CrowdStrike Products
- CrowdStrike Cloud Security
