OB SLIDE PRESENTATION QUESTIONS Flashcards
Can we modify the Playbook for Detection Responses?
(customer that doesn’t care about Warranty so asks to make everything custom)
?
Why may Time to Live vary?
?
What is OverWatch?
CrowdStrikes Threat Hunting Team. Provides 24/7 support to stop hidden and advanced attacks.
RFM covered by Warranty?
If i have some in Cautious would that mean my entire account has no warranty
yes,
Deployment help?
deployment is on your and your teams play, however if you run into trouble then we can create a support ticket
What is System Assignment
?
How long should I be in Cautious policy?
the less amount as time as possible is recommended
How long does FC take to go live?
1 week
How can I provide you my current exclusion list from Symantec?
What happens when my email gets compromised?
Will keep calling until someone answers for Critical escalations?
Yes. Everyone that will be contacted will be in order of precedence by the Appendix B document.
SA will monitor the RFM?
?
What’s a “Incident” ?
swat team vs detectives. we prevent incidents in real time and not going back to historically analyze any items and
Call for Only “Critical Detection? For every Critical Detection”?
?
Phone call for every Critical Detection?
?
What if I have Falcon Mobile, what user permission do I need?
?
CoinMinner for PUP??
?
Couple weeks notice for Pen testing notice…????
if thats the case Falcon will continue to run as normal and if you would like to make any modifications let us know to action or not action.
I was told that we can keep our current AV?
caution them from running side by side could cause performance issues or take action over the other and cause operational issues. However it is recommended to not run your current AV be side by side with Falcon Complete
Active - no prod servers????
?
Postures - Cautious for New customers with AVs?
Its good to maintain to avoid triggering the AV until full Falcon Complete has been integrated on your hosts.
Response SLA - ?
?