trainocate-advanced-technology-courses-b

ATC-FHT200 - Falcon Platform For Administrators

Duration: 1.0 day

This course instructs new and beginning users on the technical fundamentals of  CrowdStrike Falcon. The course is appropriate for those who use Falcon on a day-to-day basis and focuses on the installation, configuration and day-to-day management of the products. It is intended for technical contributors who will be administrating and using the Falcon console.

Students who complete this course should be able to:

  • Navigate through the Falcon console
  • Identify all applications within the Falcon console
  • Understand what specific tasks can be accomplished within the various applications
  • Locate and download the latest OS-specific Falcon Sensor
  • Install and configure the Falcon console

USER MANAGEMENT

  • Determine roles required for access to features
  • Create a new user, delete a user and edit a user, etc.

SENSOR DEPLOYMENT

  • Analyze the pre-installation OS/Networking requirements prior to installing the Falcon sensor
  • Analyze the default policies and apply best practices in order to prepare workloads for the Falcon sensor
  • Apply appropriate settings to successfully install a Falcon sensor on Windows, Linux and macOS
  • Uninstall a sensor
  • Troubleshoot a sensor

HOST MANAGEMENT

  • Filter and search the Falcon console to find and manage hosts

GROUP CREATION

  • Determine the appropriate group assignment for endpoints and understand how this impacts the application of policies

PREVENTION POLICIES

  • Determine the appropriate prevention policy settings for endpoints and explain how this impacts security posture

 CUSTOM IOA RULES

  • Create custom IOA rules to monitor behavior that is not fundamentally malicious.

 SENSOR UPDATE POLICIES

  • Determine the appropriate sensor update policy settings and related general settings in order to control the update process

 QUARANTINE FILES

  • Apply options required to manage quarantine files

 IOC MANAGEMENT

  • Assess IOC settings required for customized security posturing and to manage false positives

CONTAINMENT POLICIES

  • Configure an allow list appropriate IP addresses, while the network is under containment, based on security workflow requirements

EXCLUSIONS

  • Monitor business requirements in order to allow trusted activity and resolve false positives and performance issues.

FIREWALL POLICIES

  • Describe how to create a firewall policy
  • Describe how to configure rule groups, configure traffic rules, and apply rule groups to firewall policies.

SENSOR REPORTS

  • Explain the different types of sensors reports and what each report provides. 

USB POLICIES

  • Apply a USB device policy to restrict or allow access to USB devices.

REAL TIME RESPONSE POLICIES

  • Apply roles and policy settings, and track and review RTR audit logs in order to manage user activity.

NOTIFICATION WORKFLOW

  • Configure custom alerts to notify individuals about policies, detections, and incidents.

To obtain the maximum benefit from this class, you should meet the following requirements:

  • Perform basic operations on a personal computer
  • Have a basic knowledge of cybersecurity incident investigation and the incident lifecycle
  • Be familiar with the Microsoft Windows environment
  • Comprehend course curriculum presented in English




Enquire Now
 
 
 
 
V1Kmg1
By clicking "Submit", I agree to the Terms Of Use and Privacy Policy