Incident Response in Falcon Next-Gen SIEM
Learn to leverage the power of CrowdStrike Falcon® Next-Gen SIEM. This course is designed for security analysts and incident responders. Elevate your detection and incident workflows utilizing the full power of the expanded data and correlations offered through CrowdStrike Falcon Next-Gen SIEM. During this course, you’ll explore data correlation between Falcon and third-party sources, utilize expanded data sets and Next-Gen SIEM capabilities to elevate your analysis workflows, and explore Falcon Fusion SOAR automations leveraging Next-Gen SIEM capabilities. You will also learn to identify and address connector, parser, and ingest concerns from an analyst’s perspective.
Learn how to:
- Monitor multiple types of detections from a unified view to understand what is happening in your environment.
- Manage detections that originate from integrated third-party security products alongside CrowdStrike-generated detections.
- Accelerate triage and investigation by creating an incident from selected detections.
- Build your own correlation rules from scratch or apply rule templates that CrowdStrike provides.
- Create workflows to precisely define the actions you want Falcon to perform in response to incidents, detections, and more.
