SIEM 220: Building Detection Rules and Dashboards in Falcon Next-Gen SIEM is a comprehensive instructor-led course teaching security practitioners how to build, test, tune, and deploy detection rules, custom dashboards, and reports in CrowdStrike Falcon® Next-Gen SIEM.
Learners will work through the full detection and data cycle, identifying detection needs and leveraging CQL to write custom detection rules. Students will build, validate, and tune detections from the ground up, visualize their findings through tailored dashboards and reports, and learn how to manage those detections and dashboards over time to keep pace in a rapidly evolving threat landscape.
Course Highlights:
- Evaluate detection rules for logic, scope, and alignment to organizational needs
- Build detection rules using CQL, utilizing both rule templates and custom query logic
- Use MITRE ATT&CK as a reference framework to inform and validate detection logic
- Test, tune, and deploy rules matched to their environments' needs
- Design custom dashboards tailored to specific business needs and use cases
- Configure custom reports
- Manage detection rule lifecycles and tune them for optimal threat visibility
