CrowdStrike University Training
Take your skills to the next level with expert-led training
Our curated selection of instructor-led CrowdStrike University Training courses empowers you to master CrowdStrike products, from fundamentals to advanced techniques, and enhance your on-the-job capabilities. The full course list offered at Fal.Con 2024 can be viewed below.
Please connect with your CrowdStrike account representative if you’re interested in taking a CrowdStrike University Training course post-Fal.Con.
Attended Fal.Con 2024? Attendees can earn Continuing Professional Education (CPE) credits towards their ISC2 certifications during CrowdStrike University courses at Fal.Con. Learn more here.
FALCON 200: Falcon Platform for Administrators
This course instructs new and beginning users on the technical fundamentals of the CrowdStrike Falcon® platform. This course is appropriate for those who use the Falcon platform daily and focuses on the installation, configuration, and management of the platform. It is intended for technical contributors who will be administering and using the Falcon platform. During this course, students will install sensors and configure prevention policies, users, and groups, and fine-tune detections.
FALCON 201: Falcon Platform for Responders
This course instructs learners on best practices for using CrowdStrike Falcon® Insight. This course provides the knowledge and skills necessary for incident responders or security analysts who use the Falcon platform to detect, investigate, and respond to incidents. During this course, learners will analyze real-world scenarios for detections and incidents using a standard analytical process.
FALCON 202: Investigating and Querying Event Data with Falcon EDR
This is an intermediate-level course for those who use CrowdStrike Falcon® Insight XDR to detect, investigate, and respond to incidents using proactive investigation techniques. During this course, learners will perform search queries, apply custom searches, use reports to assist with hunts, and create commands to investigate events and find attacker activity. This course provides an understanding of concepts and skills necessary for using Falcon Insight to detect, investigate, and respond to incidents with proactive investigation techniques.
FALCON 240: Investigating and Mitigating Threats with Real Time Response
This hands-on course is intended for technical contributors who will be performing remediation, host-level response to detections or host investigations with CrowdStrike Falcon® Real Time Response (RTR). The course explains use cases and administrative considerations for Falcon RTR and provides hands-on experience remediating threats using a variety of RTR commands, custom scripts and over the API using PS Falcon.
FALCON 302: Advanced Threat Hunting with Falcon
Utilizing CrowdStrike Falcon®, participants will learn to hunt for signs of an adversarial compromise. This course focuses on finding abnormal enterprise activity and searching for related data points, with the goals of finding all impacted hosts and — when possible — identifying the adversary. Students will learn advanced threat hunting techniques to use throughout the entire threat hunting cycle. Topics include initiating hunts, developing search techniques and reporting findings. The course delves into in-depth investigation of Falcon events, the application of common threat models and the use of structured analysis to bridge knowledge gaps.
CLOUD 223: Identifying and Remediating Risks in your Cloud Environment with CSPM
This course will teach you how to use CrowdStrike’s cloud security posture management (CSPM) module, CrowdStrike Falcon® Horizon, to secure your cloud environment configurations and remain in compliance with industry standards. Find out how CSPM can help you determine if any of your cloud assets are misconfigured, if you are meeting your industry standards for security and if any behaviors affecting your cloud assets are malicious. During this course, you will locate cloud accounts with vulnerabilities, find the steps to remediate them and learn where to communicate those findings.
CLOUD 271: Securing Cloud Workloads and Containers with Falcon Cloud Security
This course will teach you how to use CrowdStrike Falcon® Cloud Security and “shift left” to protect containerized workloads and cloud-native applications. The course includes security best practices and tips for using Falcon Cloud Security to mitigate common threats to cloud workloads and how to proactively identify common threats and mitigate risks at every stage of application development.
IDP 270: Protecting Workforce Identities with Falcon Identity Protection
This course will teach you how to configure, implement and utilize the data feeds from Falcon Identity Protection to secure your organization against credential-based attacks, including: Basic tenets of identity-based attacks, Zero Trust and identity protection; how Falcon IDP can help you gain visibility into your overall security posture; implementing policy rules to enforce targeted controls against users and groups in your domain; and performing threat hunting, analysis and light investigation from identity-based detections.
LOG 201: Preparing, Ingesting, and Parsing Log Data using Falcon LogScale
This CrowdStrike Falcon® LogScale™ course teaches you how to prepare and work with log data for effective analysis and response, improve search performance, create visualizations using LogScale Query Language, conduct statistical analysis, and create alerts and actions in LogScale.
LOG 202:Analyze Logs, Visualize Data, and Answer Business-Critical Questions using Falcon LogScale
In this immersive course, you’ll gain hands-on experience with Falcon LogScale for analyzing logs, visualizing data, and answering business-critical questions. Learn to design compelling widgets and dashboards, optimize their interactions, and strategically architect parameters for them using Falcon LogScale Query Language. If you’re a data analyst, IT administrator, or log management specialist, this course is for you.
SIEM 210: Onboarding Third-Party Data and Managing Falcon Next-Gen SIEM
Master CrowdStrike Falcon® Next-Gen SIEM with this targeted course for system administrators, security engineers, data custodians and data managers. Get hands-on experience in core Next-Gen SIEM functions, focusing on administration-specific tasks, and performing initial setup and configuration.
During the course, you’ll learn to integrate third-party data sources into the Falcon platform using the CrowdStrike Parsing Standard (CPS) and Falcon Data Connectors. Additionally, you’ll learn to monitor data ingestion volumes and ensure the health and performance of your connectors, enhancing your organization’s security posture and operational efficiency.
SIEM 211:Incident Response and Investigation with Falcon Next-Gen SIEM
Master CrowdStrike Falcon® Next-Gen SIEM with this targeted course for security leads, investigators, hunters, security analysts and security operations specialists. Get hands-on experience in investigating third-party data in Falcon Next-Gen SIEM, correlating events, utilizing CrowdStrike Falcon® Fusion SOAR automations leveraging Falcon Next-Gen SIEM capabilities, and monitoring and analyzing third-party data.
In this course, you will master the skills to actively investigate incidents and identify potential threats and vulnerabilities within an organization’s network. By utilizing Falcon Next-Gen SIEM, you’ll adopt a comprehensive approach to security monitoring, analyzing environmental data, and correlating events to provide additional context. This method will enable you to uncover hidden threats or indicators of compromise that traditional security controls might overlook. Furthermore, you’ll develop expertise in threat hunting, continuous monitoring, and advanced threat detection using Falcon Next-Gen SIEM tools, empowering you to safeguard your organization against evolving cyber threats.