CrowdStrike University’s Falcon 202 course, Investigating and Querying Event Data with Falcon EDR, is a one-day instructor-led program focused on proactive threat hunting using Falcon Insight XDR. It trains analysts in advanced querying with CrowdStrike Query Language (CQL), creating custom searches, and leveraging automated reports to uncover threats before incidents occur. Students practice using the Events Data Dictionary, query pipelines, and statistical analysis commands, while learning to build timelines, join process events, and detect attacker activity with Enhanced Attacker Execution Profiling. The course prepares SOC and threat analysts for CCFR and CCFH certifications.

Join for free to read