CrowdStrike University’s SIEM 211 course trains security analysts, investigators, and SOC teams to use Falcon Next-Gen SIEM for incident response and investigation. This one-day, instructor-led program provides hands-on labs covering incident analysis, event correlation, threat hunting, and continuous monitoring. Students learn advanced querying with CrowdStrike Query Language, building and managing correlation rules, and leveraging Incident Workbench for deeper investigations. The course also teaches automation through Falcon Fusion SOAR workflows and creating custom dashboards for ongoing monitoring. Prerequisites include familiarity with incident response and prior SIEM or Falcon training.

Join for free to read