DASHBOARD Flashcards
What does the Endpoint Security module do?
-Provides info about incidents, detection & prevention activities found by Falcon sensors
**Detections are triggered from prevention policies
What does the Cloud Security module do?
Registers cloud accounts and sets cloud policies
What does Identity Protection module do?
-Monitors network traffic to build user behavioral profiles and identifies unusual behavior
-Enables frictionless Zero Trust Security w/ real-time threat prevention and IT policy enforcement
*Falcon identity threat detection or falcon identity threat protection subscription needed
What does the spotlight module do?
-Identifies vulnerabilities on Windows and Linux hosts
Helps the team proactively patch vulnerable hosts, reducing team falcons attack surface and lowering risk profile
*Falcon insight add on
What does the discover module do?
-Provides deep visibility into the apps used in your environment
Information helps you determine:
-whether or not approved apps are being used
-which device may not have a sensor installed on them
-which users have administrator access
*falcon insight add-on
What does the FileVantage module do?
-Helps with industry compliance
*May need to modify host groups to create file integrity policies
What does the Threat Intelligence module do?
-provides reports, feeds, alerts, and data to subscribers of CS intelligence products (Falcon X)
*Falcon prevent add on
What does the investigate module do?
-gives access to several reports and queries. Allows a deeper dive into event data that is captured by the sensor
What does the dashboards & reports module do?
-gives a graphical view into data sets that matter most
What does the Host setup and management module do?
-set up and manages the orgs defenses w/ host groups, sensor, and response policies, user, and user permissions
What does the crowdstrike store module do?
-A marketplace that allows you to try out new apps in your environment
What does the audit logs module do?
-audits various activites within the falcon console
Which icon allows you to choose a “Stay signed in” option to stay logged into the activity dashboard until the borrower is restarted?
-Settings
What does the Support and resources module do?
-P rovides access to all CS product documentation and a variety of tools
This module can be used as an auditing tool to find gaps in defenses that may need new policies..
Endpoint Security module
This module can be used to install patches for vulnerabilities on your hosts with the appropriate roles
spotlight module
This module can be used to learn how policies need to be modified by finding assets that are unmanaged or unsupported
discover module
This module can set up prevention policies that automatically submit files to falcon X
threat intelligence
This module can be used to conduct proactive hunting and as an auditing tool
investigate module
Use this module to setup sensors, create workflows using falcon fusion, and manage installation tokens
Host setup and management module
This module can use the executive summary dashboard to find sensors that have become inactive
dashboards & reports module
Use this module to review logs, audit activity, and fine tune prevention policy settings
audit logs module
As a falcon admin role, you can use this module to create, view, edit API clients and keys and can access the sensor unintaller
Support and resources module
You need to create new users, host groups and prevention policies to protect your environment. Which 2 sections will you use to complete these tasks?
-endpoint security X
-Host setup and managementX
