Creating Intelligence with Falcon - CST 330
WGAC-CRO-CST330
Schedule
Description
To obtain the maximum benefit from this class, you should meet the following requirements:
- Comprehend course curriculum presented in English
- Completion of FHT 100 & FHT 101 course material in CrowdStrike University (or experience using CrowdStrike® Falcon)
- Perform basic operations on a personal computer
- Be familiar with Microsoft Windows environment
Students who complete this course should be able to:
- Retrieve intelligence reporting and data from various Falcon applications
- Relate basic intelligence processes and concepts to technical data
- Justify proposed security changes to an environment based on own intelligence analysis
- Support your organization's overall security posture by contributing customized, highlevel cyber threat reporting
INTRODUCTION
- Who we are
- Who you are
- Administrative items
- Course overview/agenda
CROWDSTRIKE FALCON
- Falcon applications
- Falcon intelligence
Review of each Falcon Intel module
- Student exercise
Discover detection in Insight and follow links to associated intelligence reporting
INTELLIGENCE 101
- Concepts of intelligence
Contrasting information from intelligence
Intel as a process, product and organization
Introduction to tactical, operational and strategic intelligence
Goals of an intelligence program
Various types of intelligence
- Characteristics of effective intelligence
Attributes of effective intelligence
Intelligence frameworks
Creating a flexible framework
High-order intel program capabilities
- The intelligence process
The intelligence cycle & proces
Key considerations of an intel framework
- Intelligence consumers
Various levels of consumers
Consumer level-appropriate reporting
- Intelligence reach
External collaboration
Intel sharing platforms
CrowdStrike® intelligence
INTEL REQUIREMENTS
- Requirements process
- Framing the intel problem
- Introduction to structured argumentation
- Forming a requirement hierarchy
- Student exercise
Group exercise to create standing and ad-hoc requirements
INTEL COLLECTION
- Selecting sources of information
- Collection aggregation and storage
- Legalities of collection
- Timing of collection
- Student exercise
Group exercise to identify and gather sources of information
INTEL ANALYSIS
- Concept of exactness
- Types of analysis
- The analytic process
- Analytic views and models
- Traits of a good analyst
- Student exercise
Individual and group tasks to analyze collected information
INTEL PRODUCTION
- Echelons of reporting
- Proper report formatting
- The reporting framework
- Challenges of production
- Student exercise
Individual and group tasks to report on collected and analyzed information/intelligence
FRAMEWORK VALIDATION
- Intelligence framework concepts
- Intelligence validation
- Framework validation
- Student exercise
Group discussion and validation of student-built intel framework
FALCON SPOTLIGHT & FALCON X
- Introduction to Falcon Spotlight and Falcon X
To obtain the maximum benefit from this class, you should meet the following requirements:
- Comprehend course curriculum presented in English
- Completion of FHT 100 & FHT 101 course material in CrowdStrike University (or experience using CrowdStrike® Falcon)
- Perform basic operations on a personal computer
- Be familiar with Microsoft Windows environment