SIEM 211: Incident Response and Investigation in Falcon Next-Gen SIEM
SIEM 211: Incident Response and Investigation in Falcon Next-Gen SIEM is a comprehensive one-day course designed for security professionals focused on incident investigation and response. Through hands-on labs, participants will learn to investigate third-party data, correlate security events, and identify potential threats and indicators of compromise (IOCs) using CrowdStrike Falcon® Next-Gen SIEM capabilities. The course emphasizes continuous security monitoring and analysis while teaching participants to leverage automated responses through CrowdStrike Falcon® Fusion SOAR for enhanced threat detection and incident management.
Course Highlights:
- Advanced event searching and visualization using CrowdStrike Query Language (CQL)
- Development and management of correlation rules for threat detection
- Implementation and troubleshooting of Falcon Fusion SOAR workflows
- Creation of collaborative dashboards for continuous security monitoring
- Comprehensive event correlation and IOC analysis techniques
