top of page

CrowdStrike Falcon (EDR) Investigation

Unlock your potential as a top SOC Analyst with our intensive 7-unit live bootcamp on CrowdStrike Falcon® Insight.

Master the skills to navigate the Falcon console, analyze and triage detections, dive deep into data analysis, and integrate the MITRE ATT&CK® framework into your workflow.

Gain hands-on experience handling real-world incidents, including triaging IOCs and responding to complex threats. By the end of this bootcamp, you'll be fully prepared to ace your next interview and demonstrate your expertise in advanced incident response and reporting—setting you apart as a standout candidate in any SOC team.






Roadmap


Unit 1: Introduction to Falcon Insight for Incident Responders

  • Overview of CrowdStrike Falcon® Platform and its Role in Incident Response

  • Introduction to Falcon Insight and its Core Features

  • Navigating the Falcon Console: Key Components and Layout

  • Understanding Detections, Alerts, and Incidents in Falcon Insight

  • Hands-on: Basic Console Navigation and Familiarization with Falcon Insight


Unit 2: Detection Analysis and Triage

  • Understanding the Detection Lifecycle in Falcon Insight

  • Analyzing Detections to Identify True vs. False Positives

  • Applying a Standard Analytical Process to Detection Triage

  • Hands-on: Practical Exercises on Detection Analysis and Triage

  • Best Practices for Prioritizing and Escalating Detections


Unit 3: Deep Dive into Falcon Data Analysis

  • Exploring Falcon Insight Data Beyond Detections

  • Utilizing Historical Data and Metadata for In-Depth Analysis

  • Techniques for Event Discovery and Cross-Correlation of Data

  • Hands-on: Analyzing Real-World Scenarios Using Falcon Data

  • Leveraging Falcon’s Tools for Comprehensive Incident Investigation


Unit 4: MITRE ATT&CK® Framework Integration

  • Introduction to the MITRE ATT&CK® Framework

  • Mapping Falcon Insight Detections to MITRE ATT&CK® Techniques

  • Enhancing Detection and Response with MITRE ATT&CK® Context

  • Hands-on: Using MITRE ATT&CK® to Assess and Respond to Incidents

  • Applying MITRE ATT&CK® Knowledge in Falcon’s Analytical Process


Unit 5: Handling Non-Falcon Indicators of Compromise (IOCs)

  • Triage and Analysis of Non-Falcon IOCs within Falcon Insight

  • Conducting IP Search, Hash Executions Search, and Bulk Domain Search

  • Assessing the Relevance and Impact of External IOCs

  • Hands-on: Practical IOC Triage and Search Techniques

  • Best Practices for Integrating Non-Falcon IOCs into Incident Response


Unit 6: Incident Analysis and Response

  • Understanding the Differences Between Incidents and Detections in Falcon

  • Analyzing Falcon Incidents Involving Lateral Movement

  • Advanced Techniques for Incident Correlation and Response

  • Hands-on: Investigating and Responding to Complex Incidents

  • Documenting and Reporting Incident Findings in Falcon Insight


Unit 7: Advanced Reporting and Certification Preparation

  • Creating Detailed Incident Reports from Falcon Insight Data

  • Presenting Findings and Recommendations to Stakeholders

  • Mock Scenarios: End-to-End Incident Response Exercises

  • Review of Key Concepts and Best Practices for the Falcon Platform

  • Certification Test & Bootcamp Completion Ceremony

3-Weeks Live Bootcamp/SOC Shift Training

Start Date:

Monday, February 3, 2025

End Date:

February 17, 2025

Time:

6:30-9:30 PM ET

100% Money-Back Guarantee!

Program Tuition:

$600

bottom of page