How to Use Custom Filters in Falcon Spotlight
Introduction
This article and video will provide an overview of how to quickly filter and report the real-time vulnerability data in Falcon Spotlight. With custom filters, organizations can create custom views to focus on specific assets, products, and vulnerabilities. Those filters can then be saved for future reference and used to create shareable, custom dashboards.
Video
Filtering Vulnerability Data
By default, the Spotlight dashboard displays a summary of all open vulnerabilities in the environment with a breakdown by severity.
That data can be filtered using the faceted search at the top of the page or a number of other attributes shown in the menu below.
Once the desired criteria are in place, users have the option to save that filter for repeat use. In the example below, the new saved filter will identify all open, critical vulnerabilities on hosts in the remote systems group. Filters can also be created from the “Custom Filters” app.
Using Saved Filters
Once filters are saved, they can be accessed from the pull down menu on the Spotlight dashboard or the Vulnerabilities app.
Upon selecting a saved filter, the criteria and results are immediately displayed. The “New Firefox vulnerabilities” filter reflects only vulnerabilities in the Firefox product that have been opened in the last thirty days.
With the custom filter in place, users still have the ability to use the menu bar to further filter the information. However, there is also the option to “group” the resulting vulnerabilities by host, product, product version and remediation. These options provide different views of the data to help prioritize patching efforts.
Creating Custom Dashboards
For each custom filter, there is also an option to create a custom dashboard. Clicking the icon will open a menu that allows for configurable remediation timelines by severity.
The resulting dashboard provides a visualization of the filter including a chart regarding remediation compliance. Using the “Settings” menu, each dashboard can be shared for the benefit of other team members, and the bookmark feature can be used for ease of use.
Closing
Falcon Spotlight provides custom filters and dashboards and to help companies quickly understand vulnerability data, identify risk and prioritize remediation.
More resources
- CrowdStrike 15-Day Free Trial
- Request a demo
- Guide to AV Replacement
- CrowdStrike Products
- CrowdStrike Cloud Security