GB
/
GBP
Image
Filter Events

Falcon Platform for Responders - FHT 201

WGAC-CRO-FHT201

Crowdstrike Training Courses Certification

Schedule

See all Courses

Description

This course instructs intermediate responders in the best use of CrowdStrike Falcon for incident triage. The course is appropriate for those who use the Falcon platform on a day-to-day basis to detect, investigate and respond to incidents. Positions might include security analyst, SOC analyst, security engineer, IT security operations manager, security administrator, endpoint security administrator or channel sales engineer. 

Duration: 1-day program

To obtain the maximum benefit from this class, you should meet the following requirements:

  • Completion of the 100-level courses in CrowdStrike University
  • Comprehend course curriculum presented in English
  • Perform basic operations on a personal computer
  • Have intermediate knowledge of cyber security incident investigation and lifecycle
  • Be familiar with Microsoft Windows environment

Students who complete this course should be able to:

  • Use the key features of the Falcon platform applications
  • Analyze detections and ascertain true or false positive findings
  • Apply a standard analytic process to detection triage
  • Describe the data available in the Insight application
  • Use Insight to continue analysis beyond a detection
  • Perform limited discovery of additional events beyond a detection

INTRODUCTION

  • Who we are
  • Who you are
  • Administrative items
  • Course overview/agenda

DETECTION ANALYSIS

  • Detections application
  • MITRE ATT&CK framework
  • Analytical process
  • Analyst workflows
  • Student exercise
  • Practicing the detection workflow

EVENT DISCOVERY

  • Investigate application overview

EVENT ACTIONS/WORKFLOWS

  • Student exercises
  • Pivoting workflows
  • Credential theft

REAL WORLD ANALYSIS

  • Student exercises
  • Social engineering & ransomware detections
  • Performing a hash search

HANDLING NOISE/FALSE POSITIVES

  • Student exercises
  • False positives
  • Encoded PowerShell commands

REPORTING

  • Detections
  • Exporting process data
  • Student exercises
  • Reports and dashboards
  • Lateral movement

PROACTIVE INVESTIGATIONS/HUNTING 101

  • Bulk IP Search
  • Bulk Domain Search
  • Student exercise
  • Analyzing third-party intelligence

FINAL EXERCISES

  • Students practice investigating a reverse shell detection
  • Additional scenarios as time allows
We use cookies to understand how you use our site and to improve your experience. To learn more, click here. Read our revised Privacy Policy and Terms and Conditions.