FALCON 202: Investigating and Querying Event Data With Falcon EDR
This class is an intermediate-level course for those who use CrowdStrike Falcon® Insight XDR to detect, investigate and respond to incidents using proactive investigation techniques. During this course, learners will perform search queries, apply custom searches, use reports to assist with hunts and create commands to investigate events and find attacker activity. Participants who take this class, will learn how to:
- Perform proactive search queries in the Falcon platform using the automated queries and reports
- Recall basic CrowdStrike Query Language (CQL) syntax
- Discover new events using custom queries