FALCON 201: Falcon Platform for Responders
FALCON 201: Falcon Platform for Responders is an intensive one-day course that equips security analysts and incident responders with advanced skills for using CrowdStrike Falcon® Insight XDR. Through hands-on exercises with real-world scenarios, participants will learn a standardized analytical process for investigating and responding to security incidents. The course focuses on detection analysis, event discovery, and incident investigation tools, enabling security teams to effectively analyze and respond to potential threats using Falcon Insight XDR's comprehensive feature set.
Course Highlights:
- Systematic approach to detection analysis using process relationships and Full Detection Details
- Investigation techniques using Event Search, Process Explorer, and timeline analysis
- Management of detection noise through filtering, policies, and exclusion rules
- Analysis of indicator of compromise (IOC)-based detections and masquerading scenarios
- Practical experience with incident investigation and lateral movement detection
