MISC

Question 1

What is the Falcon Sensor

Answer 1

A lightweight agent you install on each device – when a device has a Falcon sensor installed, we call that device a “host”.

Question 2

What does a Falcon Sensor do?

Answer 2

Each sensor detects and prevents malicious activity on a host, according to policies that you’ll configure later.

Question 3

Whats are the differences between IOA vs IOC?

Answer 3

IOA involves multiple actions over time. IOA = real time, procative

IOC digital evidence that a cyber incident has occurred.

**Intelligence is gathered by security teams in response to speculations of a network breach or during scheduled security audits.

Question 4

What are the differences between EDR vs NGAV?

Answer 4

EDR is detecting after an incident has occurred (IOC/IOA).

NGAV tries to prevent an action from compromising the endpoint.

**AV systems that solely rely on IOC or signature based methods don’t get the job done. Endpoint Detection systems that rely on IOA (Indicators of Attack) are good, as they alert to suspicious activities before a compromise can occur.

Question 5

Can a host that is not part of a group, get a policy?

Answer 5

A host that is NOT in a group CANNOT get assigned a policy

Question 6

How many prevention policies can be created at a time?

Answer 6

Can have 100 custom prevention policies

Question 7

How many hosts can be issued tags at a time?

Answer 7

Can add tags to up to 1000 hosts at a time

Question 8

How many hosts can be added to a static host group at a time?

Answer 8

Can add up to 1,000 hosts to a static host group at a time

Question 9

How to access the Sensor Policy Daily Report

Answer 9

Investigate > Sensors > Sensor Policy Daily Report

**Shows update policies/all policies
**Updated Daily

Question 10

What does Sensor ML do?

Answer 10

Sensor ML – Identifies/analyzes unknown exe (hosts offline or online)

Question 11

What does Cloud ML do?

Answer 11

Cloud ML – Real time malware detection/prevention (Hosts online)

Question 12

How to see which hosts are in RFM?

Answer 12

Executive Summary > Sensors > Sensor Health (see all hosts in RFM)

**Can also go to Investigate (sensor heartbeat events), if value is 2, sensor is in RFM. If value is 0, sensor is not in RFM

Question 13

Define an asset?

Answer 13

Asset: Any hardware or virtual machine – a laptop or server

Question 14

Define confidence?

Answer 14

Confidence: Likelihood that an unmanaged or unsupported asset is a corporate asset rather than an asset that does not belong to you but is simply nearby (smartphone)

Question 15

How to disable detections?

Answer 15

Host Management > Host > Disable

Question 16

How to check which sensor version is loaded onto a host?

Answer 16

Shows up under host management/sensor health

Question 17

Define a managed asset?

Answer 17

Asset that has Falcon sensor installed, also called a host

Question 18

Define a unmanaged asset?

Answer 18

Asset that CAN have Falcon sensor installed, but does not

Question 19

Define an unsupported asset?

Answer 19

Unsupported Asset: Asset that can’t have a Falcon sensor installed, like a printer

Question 20

what are the steps to Onboard a customer with the Falcon Console

Answer 20

1. Setup Users
2. Implementation Planning and configuration requirements
3. Configure SSO
   **Optional
4. Configure Alerts
5. Create Phase 1 Prevention Policies
6. Create Sensor Update Policies
7. Configure MDM Profiles
   **Used to deploy Mac Sensors
   **optional
8. Configure OAuth2 for API’s
   **Optional
9. Install Sensors
10. Setup Host Groups
11. Assign Policies to Host Groups
12. Monitor and Triage Detections
13. Advance Prevention Policies
14. Access Support

Question 21

Premium support content in the support portal is only available to which customers?

Answer 21

-Express
-Essential
-Elite

Question 22

What can you find in the support portal?

Answer 22

-Tech based alerts based on your cloud URL

-Product-based release notes

-Chat
-Upcoming events and webinars

-Service level agreement

Question 23

How to access the support portal?

Answer 23

-Falcon menu>support and resources