(1) Easy-to-understand GUI and search screen

Behavior logs collected from terminals can be viewed from the management console, and all collected logs can be viewed regardless of detection. In addition to arbitrarily searching from search sentences, dashboards focusing on specific searches such as hosts, hashes, IP addresses, etc. are also provided as presets, enabling easy investigation.

(2) When a problem is detected, quickly and safely isolate it remotely

It is possible to remotely isolate terminals and operate with the Real-Time-Response function.

Terminals can be isolated from the network and commands can be executed remotely from the management console regardless of platform (Windows, Mac, Linux).

Even when the device is isolated, it is possible to communicate with the CrowdStrike cloud, so operations such as sample acquisition/deletion can be performed remotely in a safe manner. In addition, simultaneous isolation of terminals related to the same incident and automatic isolation based on conditions can be realized.

(3) Quickly block infringement by lateral movement

One of the features of Falcon Insight is that even if lateral movement occurs and an incident occurs across multiple terminals, it can be visualized on a single screen, making it easier to investigate the extent of impact. increase.

• LongTermRepository:
  Logs that record the behavior of terminals with CrowdStrike agents can be stored for a longer span than can be viewed in Insight. While the logs that can be viewed with Insight can be contracted for up to 90 days, LongTermRepository allows log storage for one year.
• Log Scale:
  Allows you to keep logs of third-party products. With the increase in log volume due to the management of many security products,
  Since a large amount of logs can be stored at a low cost, it is possible to store logs for the purpose of a data lake.
  *Purchase of LongTermRepository is required to store CrowdStrike logs.