CrowdStrike Falcon (EDR) Investigation
Unlock your potential as a top SOC Analyst with our intensive 7-unit live bootcamp on CrowdStrike Falcon® Insight.
Master the skills to navigate the Falcon console, analyze and triage detections, dive deep into data analysis, and integrate the MITRE ATT&CK® framework into your workflow.
Gain hands-on experience handling real-world incidents, including triaging IOCs and responding to complex threats. By the end of this bootcamp, you'll be fully prepared to ace your next interview and demonstrate your expertise in advanced incident response and reporting—setting you apart as a standout candidate in any SOC team.
Roadmap
Unit 1: Introduction to Falcon Insight for Incident Responders
Overview of CrowdStrike Falcon® Platform and its Role in Incident Response
Introduction to Falcon Insight and its Core Features
Navigating the Falcon Console: Key Components and Layout
Understanding Detections, Alerts, and Incidents in Falcon Insight
Hands-on: Basic Console Navigation and Familiarization with Falcon Insight
Unit 2: Detection Analysis and Triage
Understanding the Detection Lifecycle in Falcon Insight
Analyzing Detections to Identify True vs. False Positives
Applying a Standard Analytical Process to Detection Triage
Hands-on: Practical Exercises on Detection Analysis and Triage
Best Practices for Prioritizing and Escalating Detections
Unit 3: Deep Dive into Falcon Data Analysis
Exploring Falcon Insight Data Beyond Detections
Utilizing Historical Data and Metadata for In-Depth Analysis
Techniques for Event Discovery and Cross-Correlation of Data
Hands-on: Analyzing Real-World Scenarios Using Falcon Data
Leveraging Falcon’s Tools for Comprehensive Incident Investigation
Unit 4: MITRE ATT&CK® Framework Integration
Introduction to the MITRE ATT&CK® Framework
Mapping Falcon Insight Detections to MITRE ATT&CK® Techniques
Enhancing Detection and Response with MITRE ATT&CK® Context
Hands-on: Using MITRE ATT&CK® to Assess and Respond to Incidents
Applying MITRE ATT&CK® Knowledge in Falcon’s Analytical Process
Unit 5: Handling Non-Falcon Indicators of Compromise (IOCs)
Triage and Analysis of Non-Falcon IOCs within Falcon Insight
Conducting IP Search, Hash Executions Search, and Bulk Domain Search
Assessing the Relevance and Impact of External IOCs
Hands-on: Practical IOC Triage and Search Techniques
Best Practices for Integrating Non-Falcon IOCs into Incident Response
Unit 6: Incident Analysis and Response
Understanding the Differences Between Incidents and Detections in Falcon
Analyzing Falcon Incidents Involving Lateral Movement
Advanced Techniques for Incident Correlation and Response
Hands-on: Investigating and Responding to Complex Incidents
Documenting and Reporting Incident Findings in Falcon Insight
Unit 7: Advanced Reporting and Certification Preparation
Creating Detailed Incident Reports from Falcon Insight Data
Presenting Findings and Recommendations to Stakeholders
Mock Scenarios: End-to-End Incident Response Exercises
Review of Key Concepts and Best Practices for the Falcon Platform
Certification Test & Bootcamp Completion Ceremony