Applies to: CrowdStrike Falcon Antivirus
CrowdStrike Falcon's next-gen antivirus protects against all types of attacks from commodity malware to sophisticated attacks with one solution — even when offline.
EventTracker helps to monitor events from CrowdStrike Falcon. Its dashboard, alerts, and reports will help you to find detailed information on all events. Alerts determine and stop the attack and suspicious activities in real-time, and dashboards help to analyse all the security-related events in a single console. Using the knowledge pack for 'CrowdStrike Falcon' you will be able to understand the overall security posture of your environment. Using the EventTracker's report we can review all detection updates by CrowdStrike Falcon. EventTracker enhances investigation by performing CrowdStrike Falcon’s events and information flow data in both real-time and on a historical basis.
You will find suspicious user activities such as user authentication without 2FA, authentication activity by blacklisted geolocations, total authenticated users, usernames, emails, and IP addresses, user logged in using 2FA, etc.
Also, we have provided the different dashboards for threat detection which will help you to hunt the malicious activities in your business environment, where you can analyse group detections, blocked detections, and analyse detection trends by type. Panels also display a detailed analysis of detected malware and help quickly identify hosts with the most detected malware, quarantined files, and malicious software and activities. Using the saved searches, you can investigate malicious behaviour across the endpoints for detailed information.
Using the EventTracker’s alerts component we can create & tune alerts/alarms for critical events like- detection summary event, file quarantined will allow analysts to focus more on remediation and response efforts. Using EventTracker’s reports we can audit sensitive data to see who did what, when, where, and how, to satisfy audits for multiple industry regulatory requirements.
Alerts
Reports
The configuration details are consistent with EventTracker version 9.2 and later, and CrowdStrike Falcon.
To configure CrowdStrike Falcon to send logs to EventTracker, refer the How to Guide.
For more information please refer the Integration guide.