cs-staging-www.crowdstrike.com Open in urlscan Pro
2606:4700::6810:b576  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Back to Tech Center


HOW TO GENERATE YOUR FIRST DETECTION

February 1, 2022

Peter Ingebrigtsen Tech Center



INTRODUCTION

In this document and video, you’ll see how to generate your first detection.
 You will also see how Falcon adds context to alerts, empowering the security
admin to take appropriate corrective action.


VIDEO




PREREQUISITES

Windows system with falcon sensor installed.


GENERATING A TEST ALERT

To generate an alert open cmd.exe clicking on the windows icon or hitting the
windows button on your keyboard. Then type “cmd.”



In the Command Prompt window type

In the Command Prompt window, type the following commands:

“Sc query csagent”

You should see a that the Falcon Agent is installed and running

Next type:

“choice /m crowdstrike_sample_detection”

Type “Y”


THE FALCON USER INTERFACE

In the Falcon UI a new alert appears in the Activity App. 



This alert is rated as “Low” and also has a Falcon icon associated with it.
 This indicates that Falcon OverWatch has flagged this activity as suspicious.
 Had this not been a test detection, it would have been accompanied by an email
from the OverWatch team with additional detail.  

Click on the alert expands the detection for additional details




This additional detail is important to determine if a seemingly routine command
is associated with everyday activity or part of a larger, malicious attack.
 Click on each node and watch the execution details pane on the right update to
provide information on each executable in the process tree.


CONCLUSION

CrowdStrike Falcon goes above and beyond to provide relevant information so that
our customers have more information at their fingertips to quickly and
effectively make important security decisions.  


MORE RESOURCES

 * CrowdStrike 15-Day Free Trial
 * Request a demo
 * Guide to AV Replacement
 * CrowdStrike Products
 * CrowdStrike Cloud Security

 

 * Tweet
 * Share

RELATED CONTENT

HOW TO CREATE CUSTOM CLOUD SECURITY POSTURE POLICIES




HOW TO AUTOMATE WORKFLOWS WITH FALCON FUSION AND REAL TIME RESPONSE




HOW TO AUTOMATE WORKFLOWS WITH FALCON SPOTLIGHT



CONNECT WITH US

RELATED TECHNICAL DOCS

How to Create Custom Cloud Security Posture Policies

How to automate workflows with Falcon Fusion and Real Time Response

How to Automate Workflows with Falcon Spotlight

Using Falcon Spotlight for Vulnerability Management

How to Generate Your First Detection

How to Manage a Host Firewall with CrowdStrike

Back to Tech Center
CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit
Hunting pwnkit Local Privilege Escalation in Linux (CVE-2021-4034)


TRY CROWDSTRIKE FREE FOR 15 DAYS

GET STARTED WITH A FREE TRIAL

X


 * 
 * 
 * 
 * 

 * Copyright © 2022 CrowdStrike
 * Privacy
 * Request Info
 * Blog
 * Contact Us
 * 1.888.512.8906

Please share your location to continue.

Check our help guide for more info.


 X




$H2

$hl

X


ABOUT COOKIES ON THIS SITE

By clicking “Accept All Cookies”, you agree to the storing of cookies on your
device to enhance site navigation, analyze site usage, and assist in our
marketing efforts. Cookie Notice
Cookie Settings Reject All Accept All Cookies



COOKIE PREFERENCE CENTER




 * YOUR PRIVACY


 * STRICTLY NECESSARY COOKIES


 * FUNCTIONAL COOKIES


 * PERFORMANCE COOKIES


 * TARGETING COOKIES

YOUR PRIVACY

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer. 
More information.

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. This includes diagnostic functions such as identifying 404
errors and monitoring page load speed. They are usually only set in response to
actions made by you which amount to a request for services, such as setting your
privacy preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.

Cookies Details‎

FUNCTIONAL COOKIES

Functional Cookies


These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.

Cookies Details‎

PERFORMANCE COOKIES

Performance Cookies


These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collet is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.

Cookies Details‎

TARGETING COOKIES

Targeting Cookies


These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.

Cookies Details‎
Back Button


COOKIE LIST

Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

Clear
checkbox label label
Apply Cancel
Confirm My Choices
Allow All