<Point 1> Be aware of on-site operational trade-offs

For critical infrastructure and mission-critical servers, automatic isolation and blocking settings pose a risk of disrupting business operations.
It's important not to be too on the safe side and to balance preventing accidental isolation with speedy recovery!
Since there may be frequent instances of incorrect isolation in the early stages of implementation, it is important to verbalize operational tips and internal coordination procedures!

<Point 2> When responding to alerts, prioritize quality over quantity and clarify your criteria

The most practical way to use CrowdStrike alerts is to check not only the severity but also the "content and behavior."
Medium also has important detections, so there are cases where you have no choice but to look at the whole thing.
Optimize your operations by using policies, exclusion settings, grouping, and more to suit your site!

<Point 3> "Education and knowledge sharing" is the shortcut to labor saving

It is essential to train analysts and SOC staff, and to systematize and document their know-how! We have reaffirmed the importance of establishing a flow for distinguishing between ML and IOA detections, as well as operational training.

<Point 4> Expectations for improved operational efficiency through AI and automation

New AI services such as Charlotte AI and operational efficiency improvements through API integration (FalconPy, RTR, etc.) are attracting attention.
There are high expectations for the introduction of AI SOC and automation to address issues such as limitations on human resources and night-time response.

What is Falcomi?

Falcomi is a community exclusively for companies that have introduced CrowdStrike Falcon. Macnica was created as a place where users can use Falcon more efficiently and effectively through the exchange of information and sharing of operational know-how that is unique to users.

<Characteristics of Falcomi>

• You can feel free to ask any questions you have.
  For example, users can solve everyday questions such as "How do other companies do this setting?" or "What should I do when this kind of alert appears?"
• Plenty of community-only events
  We regularly plan study sessions and seminars for community members, such as the Meetup held this time, and "FalconTech," where participants learn how to use Falcon in a CTF format.
• There is also a wealth of content for beginners, such as how to set up the system immediately after installation.
  After installing Falcon, we have prepared videos and documents to resolve any initial configuration questions you may have, allowing you to get off to a hassle-free start.

＜Next event announcement!＞

The event is scheduled to continue in FY2026. We will let you know as soon as the application site opens, so please make sure to save your spot!

• June: Falcomi Meetup Vol.3
  Please see this article for details on Vol.1.
• October: FalconTech
  Check out this article for last year's event.

The greatest appeal of Falcomi is that it allows user companies to exchange real-world operational knowledge and tips with each other. You'll find colleagues you can immediately consult with about any questions you have, and opportunities for in-depth learning at events. If you're interested in using Falcon more or learning about other companies' cases, why not join Falcomi?

*Limited to CrowdStrike user companies and companies purchasing through Macnica.
*If you are not sure whether you purchased from Macnica, please apply first (^^)/