CrowdStrike Certified Falcon Administrators effectively manage the Falcon platform based on the risk profile of your business, including:

  • Effective user management

  • Deploying and managing the Falcon sensor

  • Configuring deployment and prevention policies based on business risk

  • Configuring allowlists, blocklists, and file-path exclusions

  • Conducting administrative reporting

CrowdStrike Certified Falcon Responders investigate, analyze and respond quickly to cyber incidents and active threats, including:

  • Initial triage of detections in the Falcon console

  • Managing filtering, grouping and assignment of detections

  • Performing investigation tasks

  • Conducting basic proactive hunting for atomic indicators across enterprise event data

CrowdStrike Certified Falcon Hunters investigate threats and security incidents by analyzing digital evidence, including:

  • Understanding all aspects of detection investigation

  • Navigating the Falcon console to perform queries and time-lining using Splunk event searching

  • Conducting search queries using Splunk Search Processing Language (SPL)