Reports

Question 1

Filter by:

• API Client ID
• User IP
• API action
• Company
• Time Range

Answer 1

API Audit Trail Report

Question 2

• Time
• API Action
• Activity Details
• UserIP
• City
• -Country
• API Client ID
• Company

Answer 2

API Audit Trail Report

Question 3

Activity by Analyst
Top Users Granting Access
New User Report --> admin audit trail
Audit Details 
-time
-analyst
-service
-action
-activity details
-computer name
-user IP
-city
-country
-company

Answer 3

Falcon UI Audit Trail

Question 4

Alert Templates

Scheduled Alerts

Answer 4

Custom Alerts

Question 5

Configure:

• Email Recipients
• Email Subject
• Severity
• Email body
• Preview in email?

Answer 5

Custom Alerts

Question 6

Country
Map
Users based on geolocation
Time (UTC)
Hostname
ProcessID
LocalIP/Local Port
Destination IP/Remote Port

Answer 6

Geo Location Activity

Unique Host Connecting to Countries Map

Question 7

ML Slider - Cloud anti-malware, sensor anti-malware, adware & PUP
# of blocks last 7 days
# blocked, if set to...

Answer 7

Machine Learning Monitoring Report

Question 8

exe running from recycle bin
cmd & ASEP activity from network capable process
exe running from temp. directory
files written to removable media
firewall set rules
powershell hunt
scheduled tasks registered

Answer 8

hunting reports

Question 9

Visibility = logon
Hunt = events that happened

Answer 9

Visibility vs Hunting Reports

Question 10

Logon Type (terminal, network)
Min, Max Hosts
Incl. Users
Excl. Users
Incl. Hosts
Excl. Hosts

Answer 10

Remote Access Graph

Question 11

Username
Hostname
Logon Type
Count
Trend
Latest Event

Answer 11

Logon Activity Report (Remote or Network Logon Activities)

Question 12

Logon Activities
Remote Access Graph
Remote or Network Logon Activities
Geo Location Activity

Answer 12

Visibility Reports

Question 13

Filters:

• Company
• Time Range
• Timezone

PolicyID
Policy Name
Policy Description
Policy Type
Assignment Rule
Policy Platform
Policy Setting Changes
Action
Time (UTC)
UserId
Member Changes (#)
User IP
View

Answer 13

Prevention Policy Audit Trail

Question 14

Filters:

• AID
• Company
• Time Range
• Timezone

Sensor heartbeat
Prevention Settings on Host
Hostname
AID
List of enabled settings
Date settings enabled

Answer 14

Prevention Policy Debug

Question 15

OS Version
Device Type
Machine Domain
Site Name
Agent Version
Active Sensors - Map
Active Sensors by Country (Country, Count)
Host list info (hostname, mac, etc)

Answer 15

Sensor Report

Question 16

Top 10 Sensor Update Policies
Top 10 Prevention Policies
Top 10 Device Control Policies

Answer 16

Sensor Policy Daily Report

Question 17

Filters -

• Company
• Time range

includes all machines with sensors that have not communicated w/CS cloud within a specified time.

Answer 17

Inactive Sensors

Question 18

search for a host to see if it has a FH sensor installed

Answer 18

Sensor Coverage Lookup