Our website uses cookies to enhance your browsing experience.


CrowdStrike Falcon Discover FAQ

Want to see the CrowdStrike Falcon platform in action? Start with a free trial of next-gen antivirus:

What does Falcon Discover do?

Falcon Discover™ provides the awareness to identify who and what is on your network. With it, you can address potential blind spots in your security architecture to defend against attacks. This is accomplished with Discover’s three key capabilities:

  • Application Inventory and Management: See what applications and which versions are running in your environment, and be able to pinpoint suspicious applications that pose a threat to your organization.
  • Asset Inventory: See all the devices on your network, including whether or not they are protected by the CrowdStrike Falcon® platform. Drill down into which assets are managed, unmanaged, or unsupported by the Falcon agent to identify blind spots in your security architecture.
  • Account Monitoring: Have visibility into all the users active in your network, their admin privileges, logon history, and password update information.

Is Falcon Discover part of the Falcon Platform?

Yes, Falcon Discover is CrowdStrike’s IT hygiene solution, and as part of the Falcon platform, it’s enabled via the same lightweight agent as the rest of CrowdStrike’s platform. It can be purchased with CrowdStrike Falcon’s endpoint protection solution, Falcon Insight. Falcon Discover provides the awareness your organization needs to identify and address gaps in your security.

What is IT hygiene and how is it related to cyber security?

Cyber hygiene or IT hygiene refers to the practice of maintaining and improving the health of systems within an organization. Computers, servers, hardware, software can all be included within an IT hygiene framework. Having visibility is key to good hygiene. By seeing everything in your data environment, you ensure that your security encompasses every endpoint, allowing you to prevent against malicious users and applications taking advantage of your network.

See Why IT Hygiene Matters

Why is IT Hygiene important?

With organizations scaling their data systems at an unprecedented rate, managing evolving and heterogeneous environments can be challenging — especially when IT teams lack visibility into who and what is active on the network. Having visibility across your environment is the first step in eliminating the blind spots that can lead to breaches and data loss.

Learn more.

What makes Falcon Discover unique from other IT hygiene solutions?

CrowdStrike is the first company to uniquely combine next-generation antivirus (NGAV), endpoint detection and response (EDR), 24/7 managed threat hunting, threat intelligence, and with Falcon Discover, IT hygiene. As part of the CrowdStrike Falcon platform, Falcon Discover provides immediate visibility of all assets, applications, and accounts, real-time and historical insight, as well as unprecedented speed and coverage. Moreover, it provides the bridge between IT and security teams looking to understand the “who, what, and where” of their environment. IT administrators can ensure compliance for user applications and account usage, while security teams can address gaps in security and investigate suspicious users and applications.

Learn More

How do I access Falcon Discover?

As part of the CrowdStrike platform, Falcon Discover is accessed as an application via the Falcon management console. If you are a current Falcon platform customer you may try Falcon Discover for free through the CrowdStrike Store.

What problems does Falcon Discover help solve for my organization?

CrowdStrike believes that a proactive, hygiene-first approach to security is needed in order to stay ahead of today’s sophisticated adversaries. Understanding the devices, applications, and users on your network is an important first step in managing your organization’s security.

Learn more

Does Falcon Discover require an additional agent?

No, all Falcon endpoint protection modules, including Falcon Discover, are delivered via the single Falcon agent, and can be enabled without requiring additional components to be deployed. Falcon Discover is accessed in the Falcon management console along with all other CrowdStrike applications.

More about the Falcon agent

What key benefits does Falcon Discover enable for organizations?

Falcon Discover provides three key benefits to organizations looking to improve their security posture with IT hygiene.

Unlimited Visibility: Monitor everything from one convenient, powerful dashboard, and quickly dive in to explore applications, accounts and assets using real-time and historical data.

Immediate Data to Repel Attacks: Get contextual information for all of your systems instantly, utilizing dashboards, graphs, charts and search functionality to drill down into supporting data. Searches for assets, application usage, and user logon information is correlated against data in the CrowdStrike cloud in real time. Results are correlated with devices that are online, offline or not connected to the corporate network.

Zero Impact on Performance: Falcon Discover is enabled via the same lightweight agent as the Falcon platform, deploying and scaling instantly to meet the needs of your organization. Using this agent, you can enable the entire Falcon endpoint protection solution without having to “bolt on” additional agents or products. Simply deploy the Falcon agent and start cleaning up your environment in minutes.

Is Falcon Discover offered as a standalone service?

Not without Falcon Insight. However, customers can, at any time, add additional solutions from the Falcon platform to upgrade their endpoint protection suite. Adding additional solutions requires no additional agents, reboots or system downtime, and can be accomplished in minutes.

How long does Falcon Discover retain the data it’s gathering?

Retention times for each area are as follows:

  • Application Inventory and Usage Tracking — Track what applications have been used, including known suspicious applications with 90 days of historical visibility.
  • Account Monitoring and Logon History — See who has logged on to your network, the hosts used and users’ actions over the past 90 days.
  • Asset Inventory — Identify new and unmanaged assets on your network with up to 72 hours of historical visibility.

For more details read the Falcon Discover data sheet.

For more details read the Falcon Discover data sheet.

How is Falcon Discover priced?

Falcon is licensed on a subscription basis per endpoint. For more information please contact us.