Our website uses cookies to enhance your browsing experience.


CrowdStrike Falcon X™ FAQ

Want to see the CrowdStrike Falcon platform in action? Start with a free trial of next-gen antivirus:

What is CrowdStrike® Falcon X™?

Built on the CrowdStrike Falcon® platform, CrowdStrike Falcon X™ brings endpoint protection to the next level by combining malware sandboxing, malware search and threat intelligence into an integrated solution that performs comprehensive threat analysis within seconds instead of hours or days. The output of this analysis is a unique combination of customized indicators of compromise (IOCs) and threat intelligence designed to help defend against threats your organization faces both now and in the future. Falcon X is the only solution that produces IOCs for both the threat that was actually encountered in your organization and all of its known variants, immediately sharing them with other security tools such as firewalls, gateways and security orchestration tools via API. CrowdStrike Falcon X provides integrated threat intelligence alongside its security alerts to accelerate incident research, streamline the investigative process and drive better security responses.

How does CrowdStrike Falcon X help security teams?

Falcon X elevates your ability to perform better analysis when a threat is detected and quickly correlate it with strategic and tactical intelligence, cutting down investigation time from hours and even days to seconds. Through this automation, Falcon X helps smaller teams achieve a level of protection that would normally be out of reach and helps larger teams make each of their analysts more effective. Falcon X provides security teams with comprehensive threat intelligence to inform effective, prioritized responses, making remediation efforts more strategic and efficient.

What is customized intelligence?

The most relevant threats to your organization are those detected in your environment.  Customized intelligence is threat intelligence generated directly from a real threat you have encountered, not a third-party feed of threats encountered by others. Falcon X automatically produces IOCs tailored to your organization that can immediately be shared with other security tools via API, thereby streamlining and automating the protection workflow. Cyber threat intelligence related to the encountered attack is displayed alongside the alert, making it quick and easy for analysts to understand the threat and take action.

What data does CrowdStrike Falcon X require from a customer’s environment?

All files quarantined by CrowdStrike Falcon Prevent™ are automatically investigated by Falcon X.  Falcon Prevent automatically extracts quarantined files, based on user settings, and securely delivers the PE files (such as .EXEs, .DLLs, etc) to the customer account in the Falcon platform.  Falcon X then automatically performs analysis on the extracted files and generates customized intelligence. This automation results in breakthrough efficiency gains for security operations teams and ensures no threats are missed.

Do I need CrowdStrike EPP modules to use Falcon X?

No. While CrowdStrike EPP modules are recommended and proven to stop breaches, they are not a requirement. Falcon X features are available via the CrowdStrike portal and via API.

Are files submitted to Falcon X kept private?

Yes, files submitted to Falcon X remain private. When you license Falcon X, CrowdStrike creates a secure account for your organization. All submitted files and associated reports are stored and maintained in this protected environment.

What malware investigation process steps does Falcon X automate?

All files quarantined by CrowdStrike Falcon EPP are automatically investigated by Falcon X. This automation drives breakthrough efficiency gains for security operations teams and ensures no threats are missed.  Each is rigorously investigated using the following techniques:

  • Malware Analysis — Falcon X enables in-depth analysis of unknown and zero-day exploits that extends far beyond traditional approaches. Falcon X employs a unique combination of static, dynamic and fine-grained memory analysis to quickly identify the evasive threats other solutions may miss.
  • Malware Search — This connects the dots between the malware found on your endpoints and related campaigns, malware families or threat actors. Falcon X searches the industry's largest malware search engine for related samples. Within seconds it expands the analysis to include all files and variants, leading to a deeper understanding of the attack and an expanded set of IOCs to defend against future attacks.
  • Threat Intelligence — Actor attribution exposes the motivation and the tools, techniques and procedures (TTPs) of the attacker. Practical guidance is provided to prescribe proactive steps against future attacks and stop actors in their tracks.
  • Can I integrate Falcon X with my own security products, such as a firewall or SIEM?

    It is easy to integrate into security tools such as firewalls, gateways, security orchestration tools and SIEMs, using Falcon X APIs and pre-built integrations.

    How many files and what types of files can I process with Falcon X?

    Falcon X processes an unlimited number of PE files (such as .EXEs, .DLLs, etc.) quarantined by Falcon Prevent. In addition, Falcon X users can also submit additional files and file types.  Depending your Falcon license, you can process up to an 500 additional files per month.

    The additional files types supported include: Office (.doc, .docx, .ppt, .pps, .pptx, .ppsx, .xls, .xlsx, .rtf, .pub), PDF, APK, executable JAR, Windows Script Component (.sct), Windows Shortcut (.lnk), Windows Help (.chm), HTML Application (.hta), Windows Script File (*.wsf), JavaScript (.js), Visual Basic (*.vbs, *.vbe), Shockwave Flash (.swf), PowerShell (.ps1, .psd1, .psm1), Scalable Vector Graphics (.svg), Python (.py) and Perl (.pl) scripts, Linux ELF executables, MIME RFC 822 (*.eml) and Outlook *.msg files.