CSU Infographic: Falcon Incident Responder Learning Path

Follow the Learning Path to become a CCFR Certified Incident Responder

CrowdStrike Certified Falcon Responders investigate, analyze and respond to incidents, including:

  • Conducting initial triage of detections in the Falcon console
  • Managing filtering, grouping, assignment, commenting and status changes of detections
  • Performing basic investigation tasks such as host search, host timeline, process timeline, user search and other click-driven workflows
  • Conducting basic proactive hunting for atomic indicators such as domain names, IP addresses and hash values across enterprise event data


  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Visit the Tech Center