Covers access control, role creation, and API key management in the Falcon console. 

• Determine roles required for feature access 

• Create and assign user roles based on permissions 

• Manage API keys 

Focuses on managing and monitoring hosts within the Falcon platform. 

• Use filters in the Host Management page 

• Disable detections for a host and understand the impact 

• Understand Reduced Functionality Mode (RFM) and identify affected hosts 

• Locate inactive sensors and retention timelines 

• Generate and review host-specific reports 

Covers endpoint grouping strategies and their impact on policy application. 

• Assign endpoints to appropriate groups 

• Apply best practices for managing host groups 

Teaches how to configure prevention and update policies, and manage user activity logs. 

• Configure prevention policy settings to enhance security posture 

• Set sensor update policies 

• Apply roles and review Falcon RTR audit logs 

• Understand and configure containment policies 

• Exclude IPs/subnets from containment based on workflow needs 

• Manage quarantined files 

Covers creation and customization of detection rules and managing false positives. 

• Create custom IOA rules for behavioral monitoring 

• Adjust rules based on business requirements and false positive resolution 

• Configure IOC settings for custom security posturing 

• Apply CID-wide configurations within General Settings 

Explores reporting features and audit log utilization. 

• Identify sensor report types and their use cases 

• Understand available audit logs and how to use them 

Covers setting up automated workflows within Falcon to streamline response. 

• Configure automated workflows based on specific triggers