Exposure Management – Investigating Misconfigured Assets

Investigation Misconfigured Assets




In this guide, you’ll learn how Falcon Exposure Management tackles the issue of misconfigured assets through configuration assessments. 

Investigating Misconfigured Asset with FEM


Falcon Exposure Management by CrowdStrike proactively pinpoints misconfigured assets, a crucial factor in tightening an organization’s security framework. The platform emphasizes swift identification and rectification of configuration flaws through thorough assessments, enabling a fortified cybersecurity defense and risk mitigation. 


Configuration Assessment Dashboard


Investigating misconfigured assets begins with the Assessment dashboard which delivers a consolidated snapshot of Asset Coverage, Assessment results, SLA compliance and more – highlights the urgency of any needed remediation. 

Misconfigured Assets


Scroll down to the “Asset with the most failed assessments” tile and select an asset. 

Asset Details


The asset details page consolidates details from across your Falcon subscriptions about assets in your environment. If you have active discovery and third-party integrations set up, that data appears here, too. 


There are 3 core configuration details are offered including the sensor status, os version, and cloud registration. 


In this example, the sensor is considered operational, however, it’s out of date deeming it misconfigured. 

Assessment Filtering


Beneath your asset details resides a list of the individual assessments that this asset has been measured against. 


To highlight the most urgent, select the severity filter and choose Critical.

Assessment Review


Within the list, identify an assessment and click the actions button on the right. Then select “Open evaluations evidence page


Result Component Details (Evidence Page)


The Result component details page lists all the performed tests on a specific asset. 


The first table shows the results and details of the overall assessment, which can contain multiple tests. 


  • Assessment status column shows the overall status of the assessment on that asset. 
  • Assessment check indicates if all the checks for an assessment need to pass for the overall assessment to pass.


The second table contains details about the individual tests performed on the asset. 


  • Test status column shows if the asset passed or failed the test
  • Title column displays the assessment that was performed on the asset. 
  • Type column indicates which item was checked.

Here, the password history length must be greater than or equal to 24. 


With the current password history length being set to “0” a failed assessment is reported helping to close the investigation. 




Falcon Exposure Management streamlines the detection and management of misconfigured assets. You are equipped to  swiftly uncover and address vulnerabilities, keeping your organization’s digital infrastructure robust and well-protected. 

Related Content