CrowdStrike University’s Falcon 201 course, Falcon Platform for Responders, is a one-day instructor-led program for incident responders and analysts using Falcon Insight XDR. It teaches a standardized analytical process for investigating detections, distinguishing true from false positives, conducting targeted event discovery, and executing incident response workflows. Learners practice building process and host timelines, analyzing IOA-based detections, handling noise with filtering and exclusions, and reporting findings. The course also covers proactive investigations of IOCs and incident analysis involving lateral movement, preparing students for CCFR and CCFH certification exams.

Join for free to read