Falcon Sensor for Windows 7.29.20108 Release Announcement [Released October 16, 2025]

• Main New Features
  • Improved memory dump function
    When a Falcon sensor detects suspicious activity, it can now automatically capture a process memory dump and securely send it to the cloud for rapid analysis before attacker traces are lost. This is faster than traditional Real Time Response (RTR) memory dumps and can be enabled by administrator policy.
  • Falcon Data Protection Extensions
    Confidence levels for content pattern matching give you greater visibility and control over the classification process. You can set a minimum confidence threshold in your policy, reducing false positives and increasing coverage.
  • Falcon Device Control Enhancements
    Added visibility and control of internal SD card readers (separate release notes to come when generally available).
  • Adding Microsoft Installer Events
    When repairing or patching, an "MsiTransactionExecuted" event is sent and reported to the cloud with MsiTransactionType=3.
  • Integrated display of label information
    When both Microsoft Information Protection (MIP) and Google Workspace labels are associated with a file, we report on both, providing comprehensive visibility.
  • Expanded multilingual support
    Spanish, German, Italian, Korean, Portuguese, and Traditional Chinese are now supported, in addition to the existing French and Japanese, and are displayed according to the UI language setting.
• Main fixes
  • Improved accuracy of resource utilization events
    Fixed an issue where the AverageCpuUsage field value was inaccurate.
  • Fixed false reporting of Firefox extensions
    Fixed an issue where the extension was incorrectly reported when both the Windows App and Non-App versions were installed.
  • Implementing workarounds for upgrade failures
    In response to the issue where upgrading from 7.26 or earlier to 7.27 would fail with error code 3, we have applied the Windows Restart Manager settings to the MSI package to improve the reliability of upgrading to 7.29 or later.
  • Fixed an issue where registry-related exclusion settings were not reflected.
    Eliminated a race condition that occurred when switching to the standard configuration.
  • Support for Kerberos PAC validation protocol
    Compatible with the latest Microsoft update (KB5037754).
  • Fixed a file access failure issue during on-demand scan
    Fixed the issue where file access failed in some applications.
  • Fixed incorrect generation of MotwWritten event
    Fixed an issue where events were generated in inappropriate circumstances.
  • Fixed incorrect recognition of Amazon NVMe EBS volumes
    Fixed an issue where the device was treated as a physical removable media.
  • Improved parsing of text containing special characters
    Characters that appear to be whitespace but have different encodings can now be parsed correctly.
  • Improved browser extension compatibility
    We have resolved the issue of multiple versions being installed simultaneously due to externally created registry keys, and have achieved proper version management by utilizing the ExtensionSettings key of Chromium-based browsers.
• For more information, please see our support site article.

Falcon Sensor for Windows 7.16.18637, 7.24.19608, 7.25.19707, 7.26.19813, 7.27.19909, 7.28.20008 Hotfix Release [Released October 9, 2025]

• Main New Features
  • Important Notice Regarding End of Support
    Falcon Sensor for Windows 7.16 will end support for Windows 7 SP1, Windows Embedded POSReady 7, and Windows Server 2008 R2. If you are using these operating systems, you should consider your future update plans.
  • Change the sensor update policy
    ● 7.28.20008 → Auto-Latest
    ● 7.27.19909 → Auto-N-1
    ● 7.26.19813 → Auto-N-2
  • Older versions (7.28.20006, 7.27.19907, etc.) will be removed from downloads and policies.
• Main fixes
  • 7.16, 7.24-7.28 Hotfixes Fixed an issue where arbitrary files could be quarantined during an on-demand sensor scan. This affected all previous supported versions.
  • 7.26 to 7.28 Hotfixes Fixed an issue where the system would stop responding when upgrading or downgrading sensors in environments with Windows 11 24H2 or earlier and Windows Server 2025 or earlier. This applies to versions 7.26.19809 and later.
• For more information, please see our support site article.

Falcon Sensor for Linux 7.30.18306 Release [Released October 8, 2025]

• Main New Features
  • Kernel Mode Force option removed
    If a Linux sensor can run in User Mode, the option to force Kernel Mode is no longer available, affecting how existing Kernel Mode settings are handled (does not apply to DaemonSet deployments).
  • Added visualization function for environment variables
    A new policy setting, "Environment Variable Visibility," has been added to provide visibility into environment variable usage on Linux hosts running in User Mode (separate release notes will be released when the feature is released).
  • Podman support enhancements
    Added Podman support for OCIContainer events in User Mode (Podman v3.4.4 and later).
  • DaemonSet container base image update
    Updated to Red Hat Universal Base Image (UBI) 9.6-1754467928 Micro.
  • Added integrity check for vulnerability scan instruction files
    Added integrity checks to Exposure Management vulnerability scan instructions files, enhancing security in addition to the sensor's anti-tamper protection.
  • Added support for new OS
    ● SUSE Linux Enterprise Server (SLES) 15 SP7 (AArch64, User Mode)
    ● Oracle Linux 9 UEK 8 (AArch64, User Mode)
    ● Oracle Linux 10 UEK 8 (AArch64, User Mode)
    *Both versions are backported to previous versions.
• Main fixes
  • Improved retransmission of UserIdentity events
    Improved to resend user information for long-running processes every three days to prevent it from exceeding the cloud retention period.
  • Eliminating delays with memory visualization
    Fixed delays when loading very large shared objects in Kernel Mode (for 7.24 - 7.29).
  • Resolving containerd-related segmentation faults
    Fixed an issue that occurred when querying a containerd engine that is not running or is not using the standard socket path (applicable to 7.26 to 7.29).
  • Resolved startup failure issue under cgroup memory restrictions
    Fixed an issue where BPF ring buffer size calculation ignored cgroup memory limits (target: 7.24 to 7.29).
  • Resolved memory management conflicts on RHEL9/10
    Fixed an issue where a segmentation fault occurred (for versions 7.24 to 7.29).
  • Falcon for IT related fixes
    ● Fixed an issue where osquery and script execution failed on Ubuntu 24.04.
    ● Fixed an inconsistency in the osquery version display (displayed as 5.10 but actually 5.16) (applicable to 7.28-7.29).
• Known Issues
  • Duplicate container events
    In certain container cgroup configurations, duplicate OciContainerStarted and OciContainerStopped events may occur for the same container (target: 7.30).
• For more information, please see our support site article.

Falcon Sensor for Mac 7.30.20202 Release Announcement [Released October 7, 2025]

• Main New Features
  • Exposure Management Enhancements
    Integrity checks have been added to vulnerability scan instruction files to further improve security.
  • Adding a new event
    Added an event "AsifFileWritten" that notifies you when an Apple Sparse Image Format file is written to disk on macOS Tahoe.
  • DNS resolution improvements
    The fault tolerance of DNS resolution has been improved, enabling more stable communication.
• Main fixes
  • Fix osquery version display
    The osquery version used by Falcon for IT was incorrectly listed as "5.10" and is now correctly listed as "5.16." This issue occurred in sensor versions 7.28 and 7.29.
• For more information, please see our support site article.

Platform-wide

• 60-Day Notice | US-2, EU-1 | CrowdStrike Falcon Console IP Address Change Notice
  • overview
    ● Starting January 5, 2026, the IP addresses used to access CrowdStrike Falcon Console in the US-2 and EU-1 clouds will be updated.
    ● Customers who have IP-based firewall rules in place for access to CrowdStrike Falcon Console must add the new IP addresses by the deadline.
  • New IP Address:
    ● US-2: 54.149.36.213, 35.166.30.213, 50.112.149.230
    ● EU-1: 35.157.198.104, 63.179.203.249, 63.179.114.102
  • Action required
    ● Check your network settings: Check your current network security settings that control access to CrowdStrike Falcon Console.
    ● Update Firewall Rules: Add the new IP address to your firewall rules.
  • For more information, please see our support site article.
• Announcing the release of V2 of the Case Management API notification group endpoint, which supports Microsoft Teams. Note: The V1 endpoint has been deprecated and will be discontinued in the future.
  • overview
    ● V2 endpoint release
    The Notification Groups endpoint of the Case Management API has been updated to V2, adding support for Microsoft Teams. Notification groups are a configurable feature for sending case escalation notifications to teams.
    - In V2, channel-specific parameters are now organized into the params object, providing a clearer and more extensible structure, which will prevent breaking changes when adding new channels in the future.
    - V1 will be deprecated from October 28, 2025, and will be fully phased out on May 1, 2026. After deprecation, a 301 MOVED PERMANENTLY response will be returned.
  • Action required
    ● If you are using V1, you must migrate to V2 by May 1, 2026. To migrate, you must:
    - Change the endpoint URL from /v1 to /v2
    - Update the channels structure with POST and PATCH requests (add params object)
    - Changed response processing to support params
    - If you are adding a Microsoft Teams channel, set the type ms_teams and the required ID.
    -Added ms_teams to FQL filters
    - SDK users: CrowdStrike SDKs (Golang, PowerShell, Python, Rust, TypeScript/JavaScript) are planned to support V2. Please use the latest version.
    - Non-API users: If you are not using the notification group endpoint of the Case Management API, no action is required.
  • For more information, please see our support site article.
• Falcon Fusion | Rapid Response content for the "Category value" of the Content Update release will be consolidated into one
  • overview
    ● In the Falcon Fusion SOAR "Content updates" trigger, the previously separate category values Rapid response - behavioral IOAs and Rapid response - allowlisting & blocklisting have been merged into a single category value called Rapid response.
    ● As previously announced in a Tech Alert, the notification regarding Rapid Response Behavioral IOAs has been discontinued.
    If you have existing workflows using the old category names, they will appear as before, but will functionally use the new Rapid response category values.
  • For more information, please see our support site article.
• End of support for Windows 10 v1507 and Windows 11 v22H2 (October 14, 2025)
  • overview
    ● CrowdStrike will end support for Windows 10 v1507 and Windows 11 v22H2 on April 12, 2026.
    ● The end of support date from the OS vendor is October 14, 2025.
    ● Regarding support for the Falcon sensor, Windows sensor version 7.29 will be the last supported release.
    ● Hosts using Windows 10 v1507 and Windows 11 v22H2 must be locked to version 7.29 in the sensor update policy.
    To ensure long-term support, we recommend upgrading to the following operating systems:
    - Windows 11 (if hardware requirements are met)
    - Windows 10 v22H2 (2022 Update, Build 19045, Microsoft ESU Program eligible)
    - Windows 10 v21H2 (November 2021 Update, Build 19044, LTSC release)
    - If you are using Windows 11 v22H2, we recommend upgrading to **Windows 11 v24H2 (2024 Update, Build 26100, LTSC)**.
  • Action required
    ● Hosts using Windows 10 v1507 and Windows 11 v22H2 must upgrade to a supported OS by April 12, 2026.
    ● If upgrading is difficult, please fix Windows Sensor version 7.29 in your sensor update policy.
    ● Please check the Falcon Sensor for Windows deployment guide or support portal for a list of supported operating systems.
  • For more information, please see our support site article.
• Falcon Sensor for Windows now supports Windows 11 version 25H2
  • overview
    ● Falcon Sensor for Windows supports Windows 11 version 25H2 from version 7.28 onwards.
    ● Microsoft released **Windows 11 Version 25H2 (Build 26200.6584)** on Tuesday, September 30, 2025.
  • Action required
    ● If your Windows host is running Sensor version 7.28 or later, no further action is required.
    ● If your Windows host is running Sensor version 7.27 or earlier and you want to upgrade to Windows 11 version 25H2, first upgrade your Sensor to 7.28 or later.
  • For more information, please see our support site article.

NG-SIEM

• NG-SIEM Incidents Discontinuation Notice
  • overview
    ● After November 7, 2025, CrowdScore Incidents will no longer generate NG-SIEM Incidents and will be deprecated on March 9, 2026 and will no longer be available.
    ● This means that all processes and workflows that utilize NG-SIEM Incidents will cease to function after March 9, 2026.
    ● NG-SIEM Incidents will be replaced with more advanced case management capabilities. New features include:
    - Falcon Fusion SOAR integration: automated case creation and management
    - Notification group management: Alert notification to appropriate personnel
    - SLA management: setting and adhering to response deadlines
    - Case templates: Standardized case creation for efficiency
    - Future additions: Automatic case creation will be possible by generating detections from correlation rules and adding them to cases.
  • Action required
    ● Please disable any workflows or integrations that utilize NG-SIEM Incidents before the deprecation date.
    Take advantage of new case management capabilities and switch operations using APIs and templates.
    For detailed API endpoints and usage instructions, please see CrowdStrike's case management documentation.
  • For more information, please see our support site article.

Charlotte AI

• Charlotte AI Free Use and Opt-Out
  • overview
    ● Customers with eligible subscriptions will receive the Charlotte AI Analyst role and 50 monthly credits free of charge.
    ● The Charlotte AI Analyst role is the only permission for using Charlotte AI and can be granted by a Falcon Administrator.
    ● Data processing occurs only when credits are used, and available features include Charlotte AI Chat, Agent Workflows, command line explanations, investigation capabilities, IT asset query generation, and cloud security search.
    ● You can check whether data has been processed by Charlotte AI in the audit log.
  • Action required
    ● As soon as CrowdStrike Holdings、Inc. provides information on how to start using the service and how to use it, we will provide the information on Macnica support site.
  • For more information, please see our support site article.

Falcon Cloud Security

• Falcon Cloud Security | Google Cloud's current registration method is being deprecated
  • overview
    ● CrowdStrike plans to introduce new Google Cloud integration capabilities in January 2026.
    The new integration adds real-time visibility and detection capabilities, a new authentication method using short-term credentials, and an improved registration experience.
    Additionally, new features include the option to exclude Cloud projects created with Google Apps Script from being added to Falcon Cloud Security.
    Once the new integration is released, new registrations or changes to existing registrations will no longer be possible using the current Google Cloud registration method.
    Existing registered Google Cloud accounts will continue to work with their current functionality, but will not be able to directly upgrade to the new registration experience.
    ● In the future, support for the current registration will also end, and advance notice will be given in a separate Tech Alert at least six months in advance.
  • Action required
    No immediate action is required at this time.
    To take advantage of the new integration features, we recommend that you plan to unsubscribe and re-subscribe to your Google Cloud account once the new subscription experience is available.
  • For more information, please see our support site article.
• Falcon Cloud Security | Response to the end of Python 3.9 support for Azure Function Apps
  • overview
    ● Microsoft will end support for Python 3.9 in Azure Function Apps on October 31, 2025.
    This change affects legacy configurations using Falcon Cloud Security with RTV&D (Real Time Visibility and Detection, formerly known as IOAs).
    This applies to customers who registered their Azure tenant using the legacy registration flow before July 23, 2025.
    The current legacy configuration uses Azure Function Apps to send logs to the CrowdStrike platform and runs on Python 3.9.
    The recommended action is to switch to the new Azure registration method, which does not use Function Apps and can reduce operational costs by over 70%.
    If you wish to maintain your existing configuration, CrowdStrike provides a Bash script that can update your Python runtime to 3.11.
  • Action required
    ● There are two ways to deal with this:
    - Option 1: Re-register using the new Azure registration method (recommended)
    Delete the tenant in CrowdStrike Falcon Console and delete the legacy resources with a Bash script.
    Wait an hour, then re-register using Bicep or Terraform.
    - With the new configuration, all future new features will be delivered exclusively this way.
    This method is not currently available to GovCloud customers.
    - Option 2: Update existing Function Apps to Python 3.11
    Use the Bash script provided by CrowdStrike and run it in Azure Cloud Shell or locally (Azure CLI required).
    Requirement: Contributor or Owner role on a subscription that has RTV&D infrastructure.
    After running the script, it may take up to 10 minutes for the changes to be reflected in the Azure portal.
    - Logs are saved in the ./logs directory, where you can check detailed errors and execution results.
  • For more information, please see our support site article.
• 60-Day Notice | Falcon Kubernetes Admission Controller Unified Installer Image
  • overview
    ● Falcon Kubernetes Admission Controller version 7.33 and later introduces integrated container images that do not require specifying region information.
    ● This allows deployment to multiple regions with a single sensor image.
    ● The image tag format has been simplified and region-related strings have been removed.
    The new image format is here: registry.crowdstrike.com/falcon-kac/release/falcon-kac:
    ● The clouds covered are all CrowdStrike clouds.
  • Action required
    ● Before upgrading to Falcon Kubernetes Admission Controller version 7.33, please update, verify, and test your deployment scripts.
    ● You need to ensure that the script correctly retrieves the new image name (with the region part removed).
    If you do not update, you may encounter the following errors:
    -Image not found
    -Unknown image
    - invalid image reference
    ● Be especially careful if your CI/CD pipeline pulls images from a CrowdStrike registry.
  • For more information, please see our support site article.
• 60-day notice | Falcon Container sensor for Linux unified installer image
  • overview
    ● Starting with Falcon Container sensor for Linux version 7.33, we are introducing a "unified container image" that does not require specifying region information.
    ● This allows for multi-region deployment with a single sensor image.
    ● The image name is changed from falcon-sensor to falcon-container.
    ● The image tag now has a simpler format, with region information removed.
    ● The new image formats are:
    - registry.crowdstrike.com/falcon-container/release/falcon-container:<image-tag>
  • Action required
    Before upgrading to version 7.33, update your deployment scripts to support the new naming and tagging format for unified images.
    Verify and test the updated script to ensure it correctly retrieves images.
    If you do not update, you may encounter the following errors:
    -Image not found
    -Unknown image
    - invalid image reference
  • For more information, please see our support site article.
• Regarding the issue where duplicate nodes were temporarily displayed in the Kubernetes Inventory View
  • overview
    ● Starting October 2, 2025, we have implemented improvements to node identification to ensure accurate reporting across multiple clusters.
    With this improvement, customers who deploy the Falcon Kubernetes Admission Controller (KAC) in their on-premises environments will temporarily see duplicate nodes in their Kubernetes and container inventories.
    ● The improvement is to associate IP address information with host names, preventing data loss when the same node name is used in multiple clusters.
    ● The improved behavior is that the new node will appear with an updated identifier, and the original node will be hidden after 24 hours and permanently deleted after 7 days.
    ● There is no impact on node functionality or monitoring.
    ● This issue is due to planned improvements and no action is required by the customer.
  • For more information, please see our support site article.

Threat information

• Falcon's response to espionage attacks against F5
  • overview
    ● On October 15, 2025, F5 announced a security incident caused by an advanced threat actor. CrowdStrike is working with F5 and related organizations to implement defensive measures based on the attacker's tactics, techniques, and procedures (TTPs).
    ● This incident demonstrates the importance of comprehensive visibility and detection capabilities across all attack surfaces, including network devices and cloud environments.
    F5 has issued patches for known vulnerabilities and encourages customers to apply them promptly. While CrowdStrike has not seen evidence of widespread exploitation of F5 equipment, it is important to reassess your network and infrastructure security controls.
    ● Falcon sensors are now compatible with F5 BIG-IP, and by supporting Linux-based TMOS, threat detection is now possible directly on BIG-IP devices.
  • Action required
    Apply the latest patches released by F5 and keep your edge network devices, VMware ESXi hosts, and vCenter Server up to date.
    ● Restrict access to the management and control plane to a dedicated management network.
    ● Enable logs from third-party products and forward them to Falcon NG-SIEM.
    ● We encourage you to join the Early Access Program to deploy Falcon sensors on F5 BIG-IP devices, enabling deep visibility and threat detection at the OS layer.
    ● Leverage Falcon Cloud Security to detect malicious activity in your cloud control plane and runtime environments.
    ● Configure Falcon Insight and Prevent appropriately to prevent lateral movement within your network.
    ● Enable F5-related rule templates (e.g., SSH login detection, suspicious Bash execution via management API, etc.) to detect threat actor behavior early.
    ● Update Falcon's detection content to address specific attack techniques, such as BRICKSTORM and new Golang-based implants (Junction, GuestConduit).
  • For more information, please see our support site article.
• Beware of Oracle E-Business Suite (EBS) Zero-Day Extortion Campaign
  • overview
    ● CrowdStrike has identified an attack campaign exploiting a zero-day vulnerability (CVE-2025-61882) targeting Oracle E-Business Suite (EBS).
    ● This vulnerability can be exploited remotely without authentication and does not require a username or password over a network.
    ● If the attack is successful, remote code execution may be possible, which could result in data leakage.
    ● The affected products are Oracle E-Business Suite versions 12.2.3 to 12.2.14.
    ● In order to apply this fix, the October 2023 Critical Patch Update is a prerequisite.
  • Action required
    ● Please promptly apply the security alert update programs provided by Oracle.
    ● We recommend that you always use supported versions and apply security alerts and critical patch updates without delay.
    For more information on patching, see the Oracle support document (Doc ID: 3106344.1).
    ● For CrowdStrike detection coverage and additional information, please see the related article.
  • For more information, please see our support site article.

Endpoint Security & Falcon UI

• Falcon Sensor for Linux: Environment Variable Visibility feature added
  • Added "Environment Variable Visibility" setting to enable detailed monitoring of environment variable changes on Linux hosts.
  • It is available in User mode for Falcon Sensor for Linux 7.30 and later, and contributes to improving the accuracy of detecting MITRE attack methods.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/51505057786265
• Falcon Access MFA/2FA: FIDO Authentication Support Now Available
  • CrowdStrike Falcon Console now supports FIDO2 authentication, which can be used in conjunction with TOTP.
  • Support for FIDO2 certified devices such as Yubikey and Touch ID enhances convenience and security.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/51878602899865

Mobile

There were no major updates.

Next-Gen SIEM & LogScale

• Falcon Next-Gen SIEM Recently Released Features, Fixes, and Known Issues [Updated October 2025]
  • Main new features
    Case Management updates now allow you to view templates and notification groups in a multi-CID environment.
    ● LogScale has been enhanced with new string manipulation functions (text:substring, positionOf, length) and a timezoneField added to parseTimestamp.
    ● Integration with ServiceNow is now possible, allowing bidirectional synchronization of Next-Gen SIEM cases and ServiceNow tickets.
    ● Behavioral Rules have been added, allowing you to search for similar events using CQL's correlate() to detect suspicious activity.
    ● The new Fusion SOAR app has been added.
    New data connectors and parsers have been added.
    ● Correlation rule templates have been added and updated.
  • Major fixes
    ● Automatic lead reliability has been improved, reducing false positives.
    ● LogScale graphing now supports multiple color palettes.
    ● The behavior of the correlate() function has been improved to ensure that the selection of the oldest event is consistent.
  • Deprecated Features
    ● LogScale will deprecate free text search after the first aggregation function in a query (v1.189 and later).
    ● eventIntenals(), eventFieldCount(), and eventSize() are deprecated (v1.189 and later).
    ● asn() and ipLocation() now display an error instead of a warning when an external dependency error occurs (v1.195 and later).
    ● The rdns() function will be removed in v1.249, and reverseDns() will be used instead.
    ● MITRE ATT&CK data will be changed via the Alerts API, etc., and is scheduled to be discontinued on January 20, 2026.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/51978180577817

Falcon Shield

There were no major updates.

Identity Protection (ITD/ITP, FPA)

• Falcon Identity Protection 5.100.82278 Release [Released October 27, 2025]
  • Main new features
    ● Improved accuracy of suspicious web-based activity (ML) detection.
    ● The Identity Protection API Explorer is now available at "Identity Protection > Explore > APIs".
    ● Suspicious LDAP Search (accounts) detection has been enhanced to also detect the use of the ldeep reconnaissance tool.
  • Major fixes
    Fixed the compromised password scanning process to accommodate concurrent scan requests, which may result in an increased risk score.
    Fixed an issue where the timeline page of an entity added to the watchlist by a policy rule would not load.
    ● Fixed the processing of GPOs with Everyone permissions. This fix may cause previously hidden risks to appear, or incorrect risks to disappear.
    ● Improved security assessment loading times for domains with large numbers of entities.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/52366113325465
• Falcon Identity Protection 5.99.81120 Release [Released October 8, 2025]
  • Main new features
    ● The Entity Timeline has been enhanced to show detailed information about classification changes, whether they were manual by the user or automatic by the system.
    ● In CA template permissions, Active Directory special groups are displayed in addition to standard user groups.
    ● Added the owningEntities field to GraphQL user account queries to support users who own Azure service principals.
  • Major fixes
    * Fixed an issue where the source IP address was missing from the Password Brute Force (Web-based) detection description.
    ● Fixed an issue where app registrations were incorrectly classified as "External registered applications" in the Entra connector.
    ● Fixed an issue where Active Directory group membership was displayed incorrectly.
    * Fixed an issue where user-based exclusions were not applied to Suspicious Domain Replication detection.
    ● Fixed an issue where SSO authentication failures for on-premises users were incorrectly linked to Password Brute Force (Active Directory).
  • https://support.mnc.macnica.co.jp/hc/ja/articles/51294276494873

Cloud Security

• Falcon Cloud Security Recently Released Features, Fixes, and Known Issues [October 2025 Update]
  • This article provides an overview of the features, fixes, and known issues in the October release of Falcon Cloud Security.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/51776643821721
• Falcon Cloud Security Recently Released Features, Fixes, and Known Issues [September 2025 Update]
  • This article provides an overview of the features, fixes, and known issues in the September release of Falcon Cloud Security.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/50420470432025

Exposure Management & IT Automation

• Falcon Spotlight/Surface | Release of new UI "Knowledge base"
  • A new knowledge base of vulnerabilities has been added, allowing you to investigate risks that may not even exist in your environment.
  • You can efficiently check vulnerability information using the filter and sort functions, and new information is added within 24 hours of publication.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/51740975805081

Falcon Data Protection

There were no major updates.

Others (Charlotte AI, Falcon Intelligence, Falcon Complete)

• Falcon Complete Adds Automatic Third-Party Integration Response Workflows
  • Falcon Complete automatically creates a Fusion SOAR workflow based on the installed CrowdStrike SOAR app.
  • This allows for faster triage and response times with third-party integrations.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/51693523853721
• Create Fusion SOAR workflows using Charlotte AI
  • Charlotte AI allows you to automatically generate Fusion SOAR workflows using natural language commands.
  • It enables rapid automation and workflow creation without specialized knowledge.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/51815824551193

Regular CrowdStrike Falcon Console Updates

• CrowdStrike Falcon Console Regular Updates [As of the week of October 27, 2025]
  • Next-Gen SIEM Case Management now allows you to import, export, and clone case templates.
  • New endpoints have been added to the Case Management API to support importing and exporting templates.
  • Case lifecycle escalation notifications are now available via Microsoft Teams.
  • The Notification Groups API has been updated to v2, with Teams support and improved channel organization.
  • The Counter Adversary Operations menu has been reorganized and now organized by related functionality.
  • It provides a new, consolidated view of threat intelligence to speed investigation and response.
  • A new experience is now available for GOV-1 and GOV-2 for Falcon Adversary Intelligence and Premium subscribers.
  • Malware family profiles are now available for US-GOV-2.
  • Falcon Data Protection settings can now be managed via API on Windows and macOS (policies, classifications, labels, etc.).
  • Falcon for IT now allows you to create scheduled reports on task execution that can be delivered via email, Slack, or Teams.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/52198405927961
• CrowdStrike Falcon Console Regular Updates [As of the week of October 20, 2025]
  • Attack Path Analysis now includes a "Reopened" status and filter to view re-enabled attack paths
  • New columns have been added to the Asset Management Application Scheduled Report, including AD Domain, OS Version, and IP History, and the columns are now ordered alphabetically after the first three columns.
  • Fusion SOAR now supports the OAuth 2.0 authorization code method when creating HTTP request-based actions, with retry and timeout settings added.
  • Long-running or stalled workflows can now be canceled
  • Improved AI risk scoring, allowing for score adjustments based on relevance to known attackers
  • Vulnerability reports now display AI-enhanced descriptions, with the original description column also available
  • https://support.mnc.macnica.co.jp/hc/ja/articles/51894878149273
• CrowdStrike Falcon Console Regular Updates [As of the week of October 6, 2025]
  • Next-Gen SIEM case management has been enhanced to enable visibility of child CID case templates, SLAs, and notification groups from the parent CID in Falcon Flight Control and multi-CID environments.
  • CrowdStrike US-GOV-2 Cloud now allows you to capture, store, and download forensic evidence related to data breach events, encrypted and securely stored on your host.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/51567076589849
• CrowdStrike Falcon Console Regular Updates [As of the week of September 29, 2025]
  • The Laroux Malware Cleanup Tool, which can detect and remove malicious macro content from the Laroux malware (Slacker variant) that infects Microsoft Office files, is now available for Windows hosts.
  • In Counter Adversary Operations, a new "Hunting guides" feature is now available for US-GOV-2, allowing you to leverage pre-built hunting queries to speed up threat hunts.
  • A new vulnerability management API endpoint (GET /spotlight/combined/installed-patches/v1) has been added, allowing you to retrieve the installation status of Windows patches (active/pending reboot) and details of individual patches.
  • Falcon for IT now allows you to specify hosts when running a task using either static targeting (select up to 200 hosts) or dynamic targeting (generate automatic conditions based on selected hosts), enabling flexible remediation.
  • https://support.mnc.macnica.co.jp/hc/ja/articles/51172746880537

Please check our support site as necessary for maintenance and failure information.

• Service/system related alerts
• Maintenance Information