Back to Tech Center

How to Use Scheduled Reports with Falcon Spotlight

July 2, 2021

CrowdStrike Tech Center

Introduction

Falcon Spotlight, CrowdStrike’s vulnerability management module, leverages the existing agent to provide real time vulnerability assessment of managed hosts. That vulnerability data is available in the CrowdStrike UI, but can also be exported or shared with the appropriate teams via reports.

Video

Falcon Spotlight Dashboard

The main dashboard presents a count of open vulnerabilities by severity, and this view can be filtered by a number of attributes. The save filter function is available on this page as well as the vulnerabilities page to enable quick, repeat access to filtered data in the UI.

spotlight reports dashboard

The dashboard also includes charts for recommended remediations and remediations by severity. The statistics on the dashboard are clickable and lead to the supporting vulnerability details.

spotlight reports dashboard charts

Creating Scheduled Reports

In this example, filtering for open, high severity remediations related to Firefox reveals a single remediation that should be applied to 31 hosts in order to resolve over thirteen hundred vulnerabilities with available exploits. In addition to the save filter function, the option to “Create scheduled report” automates regular communication of Falcon Spotlight data outside of the user interface.

spotlight reports vulnerabilities2

The report is automatically configured based on the current search parameters with the opportunity to add additional filters. For example, using “Exploit status” helps to highlight vulnerabilities with a real potential to present a security risk. 

spotlight reports filters

Once the filters are defined, each report can be given a name and description. The format preference can be selected before specifying who should have access to the report.

spotlight report details

The next menu provides choices around how often the report should be generated. The end date can be set as well as the frequency, day and time. 

spotlight reports frequency

Finally, Spotlight has the ability to generate email, Slack or PagerDuty notifications each time the report is generated. After selecting the notification preference, there are prompts to select the recipients.

spotlight report notifications

Upon saving the newly created report, the list of all scheduled reports is shown with menu options to run or edit the report, change the schedule or delete the report.  From this view, users also have the ability to create additional scheduled reports.

spotlight reports scheduled

Accessing Scheduled Reports

As scheduled reports are generated, notifications will include a download link that can only be accessed by the selected recipients to ensure security of the shared information.

Spotlight reports link

To access the reports from the user interface, open the Spotlight “Reports” option from the main Falcon menu. The page presents a list of current reports with options to download or delete the reports.

Spotlight scheduled reports

Closing

Using the existing agent, Falcon Spotlight provides real time vulnerability reporting through the same easy to use CrowdStrike user interface. With schedule reports, that information can be distributed to the proper teams on a regular basis to ensure vulnerabilities are properly prioritized and remediated.

More resources

 

Related Content

TRY CROWDSTRIKE FREE FOR 15 DAYS

GET STARTED WITH A FREE TRIAL