Falcon OverWatch: Proactive Managed Threat Hunting

Falcon OverWatchTM is a human threat detection engine that operates as an extension of your team, hunting relentlessly to see and stop the most sophisticated hidden threats
Download 2021 Threat Hunting Report


Why Choose Falcon OverWatch

  • See and Stop Hidden Advanced Attacks

    See and Stop Hidden Advanced Attacks

    The OverWatch team hunts relentlessly to see and stop the stealthiest, most sophisticated threats: the 1% of 1% of threats that blend in silently and lead to a breach if they remain undetected.

  • Maximum Effectiveness and Efficiency

    Maximum Effectiveness and Efficiency

    OverWatch delivers the best results by amplifying analysts’ skills and instincts with the most advanced technology. This elite team of experts uses cloud-scale data, custom tools and up-to-the-minute threat intelligence to hunt with unprecedented speed and scale.

  • A Seamless Extension of Your Team

    A Seamless Extension of Your Team

    As a core component of the Falcon platform, OverWatch delivers results for organizations of all sizes, operating as a seamless extension of your team — minimizing overhead, complexity and cost.


SEARCH Proprietary Threat Hunting Methodology

falcon overwatch threat hunting search methodology

The SEARCH Methodology

OverWatch analysts leverage their proprietary SEARCH methodology to shine a light into the darkest corners — leaving adversaries with nowhere to hide.

Insights from the 2021 OverWatch Report



  • Cloud-scale data. Scalable and effective threat hunting requires access to vast amounts of data and the ability to mine that data in real time for signs of intrusions. CrowdStrike’s rich telemetry creates the foundation for OverWatch threat hunting.
  • Trillions of events per week. CrowdStrike’s lightweight Falcon sensor delivers continuous telemetry covering hundreds of event types from millions of endpoints. All of this is collected and catalogued by the Falcon platform, providing comprehensive visibility into activity across the CrowdStrike install base.

Learn More About CrowdStrike Threat Graph



  • Context. The proprietary CrowdStrike Threat Graph® contextualizes events and reveals relationships between data points in real time.
  • Threat Intelligence. CrowdStrike threat intelligence provides up-to-the-minute intel on the tradecraft of more than 140 adversary groups, as well as intimate working knowledge of the tactics, techniques and procedures (TTPs) in use in the wild.
  • Proprietary Tools. All of this is underpinned by OverWatch’s proprietary tools and processes, which ensure every hunt is optimized for maximum efficiency.

Learn More About CrowdStrike Threat Intelligence

threat hunting experts watching falcon dashboard


  • Human analysis. Threat hunting involves taking enriched data and applying complex statistical methods, examining outliers, and frequency analysis. It involves using intuition and experience to form and test hypotheses about where and how a determined attacker might conceal their operations.
  • 200+ years of combined diverse expertise. OverWatch employs elite experts from a wide range of backgrounds, including government, law enforcement, commercial enterprise, the intelligence community and defense.
  • Continuous vigilance 24/7/365. When a sophisticated intrusion occurs, time is critical. Your adversaries do not sleep and are not restricted by time zones or geography — neither should your threat hunting team.

Read blogs from the Experts at OverWatch



  • Connect the dots. Before you can take action against an adversary, you first need to fully understand the threat. As soon as a hands-on-keyboard intrusion is discovered, OverWatch begins to comprehensively reconstruct the attack.
  • Ask the right questions. Experience helps OverWatch quickly zero in on how the intruder gained access and how far the intrusion has spread.
  • Get answers in seconds. CrowdStrike’s proprietary Threat Graph provides OverWatch analysts with the answers to these questions in near real time.
Falcon Overwatch


  • One team, one fight. CrowdStrike pioneered the idea of creating a seamless union between the technology, our experts and your team, closing the gap between detection and response.
  • Frictionless communication. OverWatch operates as a native component of the Falcon platform and a force multiplier for your team, delivering timely threat information within your single cloud-native console.
  • Actionable insights. You get results, including alerts with deep context and targeted recommendations for response, beginning day one, without any new infrastructure, communications channels or processes.

Insights from the 2021 OverWatch Threat Hunting Report

falcon overwatch threat hunting process graphic


  • Continuous improvement. Threat hunting is not a one-time activity; it’s a process that demands continuous improvement and sharpening of your tools in order to deal with evolving adversary TTPs.
  • Always sharp. OverWatch’s continuous, proactive operation delivers results every minute of every day. Each threat they handle enables OverWatch hunters to continuously fine tune their skills and processes, ensuring they are always sharp, effective and ready for the next new threat.

Technical Center

For technical information on Falcon OverWatch, please visit the CrowdStrike Tech Center.

  • Technical Center
  • Technical Center
  • Technical Center
How OverWatch Hunts for Threats in Your Environment

Product Validation

Customers Trust CrowdStrike


Third-Party Validation

Since 2016, CrowdStrike has demonstrated a strong commitment to continuous industry collaboration, scrutiny, and testing. Time and time again, CrowdStrike has been independently certified to replace legacy solutions.

  • Forrester Total Economic Impact

    Falcon OverWatch helps organizations reduce risks and improve efficiencies, resulting in 316% ROI.

    Read the Report

  • SANS Review of OverWatch

    SANS experts review how Falcon OverWatch responds in real time to sophisticated threats including credential theft, lateral movement and defense evasion.

    Read the Report

Visit our third-party evaluations page to see how CrowdStrike performed against the industry’s most rigorous tests and trials.

Falcon OverWatch Offerings

Choose the one that meets your requirements:

  • OverWatch Standard

    OverWatch Standard

    See and stop hidden advanced attacks and reduce dwell time with 24 x 7 proactive human threat hunting.

    See Below

  • OverWatch Elite

    OverWatch Elite

    Falcon OverWatch Elite expands the basic OverWatch offering by adding an assigned OverWatch threat analyst to consult on root causes, assist with analysis, perform weekly health checks and provide proactive configuration recommendations and customized quarterly briefings.

    Learn More

OverWatch Standard
OverWatch Elite
Cross-disciplinary human experts tooltip checkcheck
Continuous vigilance tooltip checkcheck
Cloud-scale telemetry tooltip checkcheck
Intelligence-driven tooltip checkcheck
Seamless integration with the Falcon platform tooltip checkcheck
Alerts augmented with context tooltip checkcheck
Email notifications tooltip checkcheck
Assigned threat analyst tooltip check
Personalized onboarding tooltip check
Hunting and investigation coaching tooltip check
Recurring environmental checkups tooltip check
Proactive Tuning Guidance tooltip check
Tailored threat reports and briefings tooltip check
Response advice, advanced investigation and context support tooltip check
Proactive, closed-loop communications tooltip check

See How CrowdStrike Stacks Up Against the Competition

crowdstrike vs the competition icon

Get Answers to Commonly Asked Questions

Falcon OverWatch FAQ

Purchase Falcon OverWatch as a Part of a Bundle

CrowdStrike Falcon bundles are specifically tailored to meet a wide range of endpoint security needs.

Explore the Bundles