CrowdStrike 2025 Global Threat Report: Adversaries have adapted. Have you? Download

CSU Infographic: Falcon Incident Responder Learning Path


Follow the Learning Path to become a CCFR Certified Incident Responder

CrowdStrike Certified Falcon Responders investigate, analyze and respond to incidents, including:

  • Conducting initial triage of detections in the Falcon console
  • Managing filtering, grouping, assignment, commenting and status changes of detections
  • Performing basic investigation tasks such as host search, host timeline, process timeline, user search and other click-driven workflows
  • Conducting basic proactive hunting for atomic indicators such as domain names, IP addresses and hash values across enterprise event data