GB
/
GBP
Image
Filter Events

Invesigating and Mitigating Threats with Real Time Response - FHT 240

WGAC-CRO-FHT240

Crowdstrike Training Courses Certification

Schedule

See all Courses

Description

This hands-on course is intended for technical contributors who will be performing remediation, host-level response to detections or host investigations with Real Time Response. This course explains how to use Real Time Response query information from hosts, put and run files and scripts, and perform administrative functions related to roles and permissions.

To obtain the maximum benefit from this class, you should meet the following requirements:

  • Comprehend course curriculum presented in English Complete all FHT 100-level course material
  • Complete the FHT 201 course or be familiar with CrowdStrike® Falcon and detection analysis
  • Have an intermediate knowledge of cybersecurity incident investigation and the incident lifecycle
  • Be familiar with the CrowdStrike® Falcon Overwatch™ best practices (FHT 201 course)
  • Be familiar with the Microsoft Windows environment

Students who complete this course should be able to:

  • Perform the administrative tasks required to use Real Time Response Work with processes, memory and files on a host
  • Work with Windows event logs and the Windows registry
  • Obtain network and system information
  • Perform script-related tasks

WELCOME

  • Who we are
  • Who you are
  • Administrative items Course overview/agenda

INTRODUCTION TO RTR

  • About Real Time Response
  • Requirements
  • Policies and roles
  • Documentation
  • Connecting to the host

GENERAL RTR USAGE

  • Administrative commands
  • Host navigation with RTR

RETRIEVING ARTIFACTS

  • Manipulating files
  • Viewing and editing the registry
  • Viewing Windows event logs
  • Obtaining network information
  • Working with processes
  • Dumping memory (full and process)

CUSTOM SCRIPTS

  • Writing custom scripts
  • Running custom scripts
  • Response Scripts & Files in the Configuration app
  • Introduction to PowerShell and ZSH scripting

SESSION LOGS

  • Audit logs
  • Custom scripts logs
  • Put file logs
We use cookies to understand how you use our site and to improve your experience. To learn more, click here. Read our revised Privacy Policy and Terms and Conditions.