ATC-FHT200 - Falcon Platform For Administrators
This course instructs new and beginning users on the technical fundamentals of CrowdStrike Falcon. The course is appropriate for those who use Falcon on a day-to-day basis and focuses on the installation, configuration and day-to-day management of the products. It is intended for technical contributors who will be administrating and using the Falcon console.
Students who complete this course should be able to:
- Navigate through the Falcon console
- Identify all applications within the Falcon console
- Understand what specific tasks can be accomplished within the various applications
- Locate and download the latest OS-specific Falcon Sensor
- Install and configure the Falcon console
USER MANAGEMENT
- Determine roles required for access to features
- Create a new user, delete a user and edit a user, etc.
SENSOR DEPLOYMENT
- Analyze the pre-installation OS/Networking requirements prior to installing the Falcon sensor
- Analyze the default policies and apply best practices in order to prepare workloads for the Falcon sensor
- Apply appropriate settings to successfully install a Falcon sensor on Windows, Linux and macOS
- Uninstall a sensor
- Troubleshoot a sensor
HOST MANAGEMENT
- Filter and search the Falcon console to find and manage hosts
GROUP CREATION
- Determine the appropriate group assignment for endpoints and understand how this impacts the application of policies
PREVENTION POLICIES
- Determine the appropriate prevention policy settings for endpoints and explain how this impacts security posture
CUSTOM IOA RULES
- Create custom IOA rules to monitor behavior that is not fundamentally malicious.
SENSOR UPDATE POLICIES
- Determine the appropriate sensor update policy settings and related general settings in order to control the update process
QUARANTINE FILES
- Apply options required to manage quarantine files
IOC MANAGEMENT
- Assess IOC settings required for customized security posturing and to manage false positives
CONTAINMENT POLICIES
- Configure an allow list appropriate IP addresses, while the network is under containment, based on security workflow requirements
EXCLUSIONS
- Monitor business requirements in order to allow trusted activity and resolve false positives and performance issues.
FIREWALL POLICIES
- Describe how to create a firewall policy
- Describe how to configure rule groups, configure traffic rules, and apply rule groups to firewall policies.
SENSOR REPORTS
- Explain the different types of sensors reports and what each report provides.
USB POLICIES
- Apply a USB device policy to restrict or allow access to USB devices.
REAL TIME RESPONSE POLICIES
- Apply roles and policy settings, and track and review RTR audit logs in order to manage user activity.
NOTIFICATION WORKFLOW
- Configure custom alerts to notify individuals about policies, detections, and incidents.
To obtain the maximum benefit from this class, you should meet the following requirements:
- Perform basic operations on a personal computer
- Have a basic knowledge of cybersecurity incident investigation and the incident lifecycle
- Be familiar with the Microsoft Windows environment
- Comprehend course curriculum presented in English