How to Use Custom Filters in Falcon Spotlight

Introduction

This article and video will provide an overview of how to quickly filter and report the real-time vulnerability data in Falcon Spotlight. With custom filters, organizations can create custom views to focus on specific assets, products, and vulnerabilities. Those filters can then be saved for future reference and used to create shareable, custom dashboards.

Video

Filtering Vulnerability Data

By default, the Spotlight dashboard displays a summary of all open vulnerabilities in the environment with a breakdown by severity.

Spotlight dashboard

That data can be filtered using the faceted search at the top of the page or a number of other attributes shown in the menu below.

spotlight filter menu

Once the desired criteria are in place, users have the option to save that filter for repeat use. In the example below, the new saved filter will identify all open, critical vulnerabilities on hosts in the remote systems group. Filters can also be created from the “Custom Filters” app.

spotlight save filter

Using Saved Filters

Once filters are saved, they can be accessed from the pull down menu on the Spotlight dashboard or the Vulnerabilities app.

spotlight custom filter menu

Upon selecting a saved filter, the criteria and results are immediately displayed. The “New Firefox vulnerabilities” filter reflects only vulnerabilities in the Firefox product that have been opened in the last thirty days.

spotlight firefox filter

With the custom filter in place, users still have the ability to use the menu bar to further filter the information. However, there is also the option to “group” the resulting vulnerabilities by host, product, product version and remediation. These options provide different views of the data to help prioritize patching efforts.

spotlight group menu

Creating Custom Dashboards

For each custom filter, there is also an option to create a custom dashboard. Clicking the icon will open a menu that allows for configurable remediation timelines by severity.

custom dashboard icon

The resulting dashboard provides a visualization of the filter including a chart regarding remediation compliance. Using the “Settings” menu, each dashboard can be shared for the benefit of other team members, and the bookmark feature can be used for ease of use.

custom dashboard

Closing

Falcon Spotlight provides custom filters and dashboards and to help companies quickly understand vulnerability data, identify risk and prioritize remediation.

More resources

 

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial