FALCON 202: Investigating and Querying Event Data With Falcon EDR
FALCON 202: Investigating and Querying Event Data with Falcon EDR is an intermediate-level course focused on advanced threat hunting and investigation techniques using CrowdStrike Falcon® Insight XDR. Through hands-on exercises, participants will learn to master search methodologies, including real-time, retrospective, and retroactive pursuit strategies. The course combines automated tools, custom query development, and data analysis techniques to enable security professionals to proactively identify and investigate potential threats before they become incidents.
Course Highlights:
- Development of custom queries using SPL and the Events Data Dictionary
- Statistical analysis techniques for identifying normal versus suspicious activity
- Implementation of automated query tools for single and bulk item searches
- Utilization of built-in hunting reports and visibility tools
- Advanced event correlation using process relationships and associated event types
