CrowdStrike Certified Falcon Administrators effectively manage the Falcon platform based on the risk profile of your business, including:

• Effective user management

• Deploying and managing the Falcon sensor

• Configuring deployment and prevention policies based on business risk

• Configuring allowlists, blocklists, and file-path exclusions

• Conducting administrative reporting

CrowdStrike Certified Falcon Responders investigate, analyze and respond quickly to cyber incidents and active threats, including:

• Initial triage of detections in the Falcon console

• Managing filtering, grouping and assignment of detections

• Performing investigation tasks

• Conducting basic proactive hunting for atomic indicators across enterprise event data

CrowdStrike Certified Falcon Hunters investigate threats and security incidents by analyzing digital evidence, including:

• Understanding all aspects of detection investigation

• Navigating the Falcon console to perform queries and time-lining using Splunk event searching

• Conducting search queries using Splunk Search Processing Language (SPL)