Falcon Platform for Administrators - FHT 200

This course instructs new and beginning users on the technical fundamentals of CrowdStrike Falcon.

The course is appropriate for those who use Falcon on a day-to-day basis and focuses on the installation, configuration and day-to-day management of the products.

It is intended for technical contributors who will be administrating and using the Falcon console.

Duration: 1 day

• Have a basic knowledge of cybersecurity incident investigation and the incident lifecycle
• Be familiar with the Microsoft Windows environment

• Navigate through the Falcon console
• Identify all applications within the Falcon console
• Understand what specific tasks can be accomplished within the various applications
• Locate and download the latest OS-specific Falcon Sensor
• Install and configure the Falcon console

USER MANAGEMENT

• Determine roles required for access to features
• Create a new user, delete a user and edit a user, etc.

SENSOR DEPLOYMENT

• Analyze the pre-installation OS/Networking requirements prior to installing the Falcon sensor
• Analyze the default policies and apply best practices in order to prepare workloads for the Falcon sensor
• Apply appropriate settings to successfully install a Falcon sensor on Windows, Linux and macOS
• Uninstall a sensor
• Troubleshoot a sensor

HOST MANAGEMENT

• Filter and search the Falcon console to find and manage hosts

GROUP CREATION

• Determine the appropriate group assignment for endpoints and understand how this impacts the application of policies

PREVENTION POLICIES

• Determine the appropriate prevention policy settings for endpoints and explain how this impacts security posture

CUSTOM IOA RULES

• Create custom IOA rules to monitor behavior that is not fundamentally malicious

SENSOR UPDATE POLICIES

• Determine the appropriate sensor update policy settings and related general settings in order to control the update process

QUARANTINE FILES

• Apply options required to manage quarantine files

IOC MANAGEMENT

• Assess IOC settings required for customized security posturing and to manage false positives

CONTAINMENT POLICIES

• Configure an allowlist appropriate IP addresses, while the network is under containment, based on security workflow requirements

EXCLUSIONS

• Monitor business requirement in order to allow trusted activity, and resolve false positives and performance issues

FIREWALL POLICIES

• Describe how to create a firewall policy
• Describe how to configure rule groups, configure traffic rules and apply rule groups to firewall policies

SENSOR REPORTS

• Explain the different types of sensor reports and what each report provides

USB POLICIES

• Apply a USB device policy to restrict or allow access to USB devices

REAL TIME RESPONSE POLICIES

• Apply roles and policy settings, and track and review RTR audit logs in order to manage user activity

NOTIFICATION WORKFLOW

• Configure custom alerts to notify individuals about policies, detections and incidents