Develop the art of crafting intelligent AI security policies that empower your workforce while protecting your organization from emerging AI-related risks. In this hands-on course, you'll design and implement comprehensive Falcon AI Detection and Response (AIDR) policies that automatically identify and prevent risky behaviors, from inadvertent PII exposure in AI chat interfaces to unauthorized shadow AI usage. Through real-world sandbox scenarios, you'll build sophisticated monitoring policies, configure smart detectors for sensitive data and malicious prompts, and create custom rules tailored to your organization's unique needs. Walk away with the expertise to architect security policies that strike the perfect balance between enabling productive AI adoption and safeguarding against data leakage, compliance violations, and AI-powered threats.

Course availability: Monday, Aug. 31 | 9:00 a.m. – 1:00 p.m.

Learn how to use CrowdStrike’s cloud security posture management (CSPM) module, CrowdStrike Falcon® Horizon, to secure your cloud environment configurations and remain in compliance with industry standards. Find out how CSPM can help you determine if your cloud assets are misconfigured, if you’re meeting your industry standards for security, and if any behaviors affecting your cloud assets are malicious. During this course, you’ll locate cloud accounts with vulnerabilities, find the steps to remediate, and learn where to communicate those findings.

Course availability: Thursday, Sep. 3 | 9:00 a.m. – 5:00 p.m.

View syllabus →

Learn how to use CrowdStrike Falcon® Cloud Security and “shift left” to protect containerized workloads and cloud-native applications. This course includes security best practices and tips for using Falcon Cloud Security to mitigate common threats to cloud workloads, how to proactively identify common threats, and how to mitigate risks at every stage of application development.

Course availability: Monday, Aug. 31 | 9:00 a.m. – 5:00 p.m.

View syllabus →

Designed for SOC analysts, SIEM analysts, threat hunters, and incident responders, this course teaches you how to use CrowdStrike Query Language (CQL) to investigate events with speed and precision. Learn event structure fundamentals, basic query syntax, query writing techniques, and strategies for optimizing query performance.

Course availability: Monday, Aug. 31 and/or Thursday, Sep. 3 | 9:00 a.m. – 5:00 p.m.

View syllabus →

Learn to configure the CrowdStrike Falcon platform for optimal endpoint protection and administrative efficiency. This comprehensive course equips cybersecurity administrators with essential skills for implementing robust Falcon platform configurations that effectively stop breaches. Participants will develop proficiency in sensor deployment strategies, advanced configuration settings, and performance optimization techniques through hands-on exercises. The curriculum emphasizes practical, real-world administrative scenarios, enabling graduates to immediately implement best practices for endpoint protection, monitor sensor health, and maintain comprehensive organizational security posture.

Course availability: Monday, Aug. 31 | 9:00  a.m. – 5:00 p.m.

View syllabus →

Learn to effectively analyze security incidents and conduct investigations using the CrowdStrike Falcon platform. This course provides hands-on experience to develop detection analysis and incident investigation skills. Participants will navigate Falcon's comprehensive feature set while learning to apply an analytical process for security incident response. The course combines practical exercises with technical instruction to build job-ready capabilities in incident response and security analysis.

Course availability: Monday, Aug. 31 | 9:00  a.m. – 5:00 p.m.

View syllabus →

Take your investigative capabilities to the next level with this intermediate-level course focused on proactive threat hunting using CrowdStrike Falcon® Insight XDR. Security professionals progress from understanding event data and reports to building queries, visualizing activity, performing data analysis, and executing end-to-end investigation workflows. The course emphasizes how analysts actually work: correlating events, pivoting across datasets, validating hypotheses, and understanding attacker behavior over time. Through instructor-led walkthroughs and hands-on exercises, participants learn to move from isolated alerts to structured, repeatable investigations.

Course availability: Monday, Aug. 31 and/or Thursday, Sep. 3 | 9:00 a.m. – 5:00 p.m.

View syllabus →

This hands-on course is intended for technical contributors performing remediation, host-level response to detections, or host investigations using CrowdStrike Falcon® Real Time Response (RTR). You’ll explore use cases and administrative considerations for Falcon RTR, while gaining practical experience remediating threats using RTR commands, custom scripts, and via the API using PS Falcon.

Course availability: Thursday, Sep. 3 | 9:00 a.m. – 5:00 p.m.

View syllabus →

Advance your CrowdStrike Falcon platform administration capabilities to support enterprise-scale deployments with automation, optimization, and advanced module operations. This course equips experienced Falcon administrators and security architects with skills for multi-CID environments, API-driven automation, and complex troubleshooting scenarios. Participants will learn governance frameworks for large-scale deployments, implement automation using PSFalcon and APIs, and configure advanced security modules including reconnaissance and forensics capabilities. Through hands-on exercises and a capstone scenario, attendees will apply integrated administration techniques across multiple customer identifiers while developing proficiency in workflow optimization and performance troubleshooting.

Course availability: Monday, Aug. 31 and/or Thursday, Sep. 3 | 9:00 a.m. – 5:00 p.m.

Learn how to configure, implement, and utilize CrowdStrike Falcon® Identity Protection’s (IDP) data feeds to secure your organization against credential-based attacks, including the basic tenets of identity-based attacks, Zero Trust, and identity protection. Learn how Falcon IDP can help you gain visibility into your overall security posture, implement policy rules to enforce targeted controls against users and groups in your domain, and how to threat hunting, analysis, and light investigation from identity-based detections.

Course availability: Monday, Aug. 31 and/or Thursday, Sep. 3 | 9:00 a.m. – 5:00 p.m.

View syllabus →

Learn how to implement and operationalize CrowdStrike Falcon® Exposure Management to proactively identify, assess, and reduce risk across your organization’s attack surface. This instructor-led course covers asset discovery, vulnerability assessment, and risk prioritization using ExPRT.AI. You’ll learn how to configure scanning and integrations, analyze attack paths, and apply vulnerability intelligence to real-world workflows. The course progresses from initial platform setup to advanced operational practices, including automation, reporting, and stakeholder communication. Through hands-on labs and real-world scenarios, you’ll gain practical experience configuring the platform, streamlining operations, and optimizing exposure management within your environment.

Course availability: Monday, Aug. 31 and/or Thursday, Sep. 3 | 9:00 a.m. – 5:00 p.m.

Get hands-on with CrowdStrike Falcon® Next-Gen SIEM in this course designed for system administrators, SIEM administrators, and security tools administrators. Configure role-based access and manage user/role permissions to establish secure administrative control and explore operational best practices, fleet management, and log collector configuration.

Course availability: Monday, Aug. 31 | 9:00 a.m. – 5:00 p.m.

View syllabus →

Designed for system administrators, security engineers, data custodians, and data managers, this course teaches you how to onboard and manage data sources in CrowdStrike Falcon® Next-Gen SIEM. Explore techniques for data source integration, connection management, and data normalization.Through hands-on exercises, you will onboard various data types using data connectors, implement proper data parsing using CrowdStrike Parsing Standard (CPS), and ensure reliable data flow. Learn critical aspects of managing the data pipeline, from initial connection setup to ongoing maintenance and troubleshooting.

Course availability: Monday, Aug. 31 | 9:00 a.m. – 5:00 p.m.

View syllabus →

Get hands-on with CrowdStrike Falcon® Next-Gen SIEM in this advanced course designed for security leads, analysts, hunters, and operations specialists. Learn to investigate third-party data, correlate events for deeper context, and leverage CrowdStrike Falcon® Fusion SOAR automations to streamline detection and response. Build skills in continuous monitoring, advanced threat detection, and proactive threat hunting — all through intuitive dashboards that increase precision and speed response.

Course availability: Monday, Aug. 31 and/or Thursday, Sep. 3 | 9:00 a.m. – 5:00 p.m.

View syllabus →

Build correlation rules, custom reports, and dashboards in CrowdStrike Falcon Next-Gen SIEM to enhance security operations and threat detection capabilities. This course covers the essential skills for creating sophisticated detection logic, designing interactive dashboards, and implementing automated workflows. Through hands-on exercises, participants will develop skills in correlation rule creation and tuning, advanced dashboard construction, report scheduling, and notification configuration. This course also includes practical experience with lookup file enrichment to optimize organizational security monitoring and response capabilities.

Course availability: Monday, Aug. 31 and/or Thursday, Sep. 3 | 9:00 a.m. – 5:00 p.m.

Learn to design and implement security orchestration workflows using Falcon Fusion SOAR to enhance incident response and security operations efficiency. This course provides practical skills to create workflow architectures incorporating triggers, conditions, and actions. Participants will explore intelligent triage workflows for alert classification and prioritization, develop multi-stage response orchestrations that coordinate actions across security systems, and learn automated remediation techniques for containment, eradication, and recovery processes. Through hands-on labs and real-world scenarios, students will gain experience with testing methodologies, debugging techniques, and observability practices essential for maintaining workflow reliability in enterprise security environments.

Course availability: Monday, Aug. 31 and/or Thursday, Sep. 3 | 9:00 a.m. – 5:00 p.m.