MAC SAMPLE DETECTION & TESTING
To help you get started, we have pre-populated your Falcon trial with three simulated sample detections. These let you explore how detections appear in the Falcon interface without having to run an actual attack.
1. Viewing Detections
The Falcon interface Detections view shows recent detections in your environment.
Three simulated detections are included in your trial. They are labeled Sample-Detect-1, Sample-Detect-2, and Sample-Detect-3, with the username Trial
Learn more by clicking on any of the three detections. When you do so, an Execution Details panel appears on the right and an expanded view of all processes involved in the detection shows in the main window.
In Execution Details, you can learn about the specific detection. Falcon also provides information about tactics, techniques, and objectives used in each detection. You can also see what prevention actions Falcon took, plus get details about the commands, executables, and files involved.
By default, Execution Details displays information about the final process in the detection.
2. Process Views
Falcon provides three process views to help you visualize a detection. Click the Full detection details icon in any detection row to expose the View as drop-down menu in the Detections page’s upper right corner.
Select View as Process Tree, View as Process Table, or View as Process
After you have reviewed the sample detection, you can optionally change its status. Click on “New” to update it:
A dialogue window will open. Change the status to “Ignored” and click “Update”.