2022 Falcon OverWatch Threat Hunting Report

Intrusions intensify, complexity escalates

2022 continues to demonstrate that proactive human-led threat hunting is no longer an option but a necessity to detect and disrupt advanced attacks and keep evolving adversaries at bay.

In this exclusive report, the CrowdStrike® Falcon OverWatch™ threat hunting team provides a look into the adversary tradecraft and tooling they observed from July 1, 2021 to June 30, 2022. The report also includes actionable tips for organizations and threat hunters to get ahead and stay ahead of today’s stealthiest, most sophisticated cyber threats.

Key findings include:

  • Adversaries have moved beyond malware
  • Breakout time has accelerated, now down to 1 hour and 24 minutes
  • Top attacked industries vary dramatically by eCrime and targeted intrusions
  • Adversaries move aggressively to design and deploy cloud-based attacks
  • Five patents highlight how to hunt and combat advanced threats through continuous innovation


  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Visit the Tech Center