Document toolboxDocument toolbox

Threats in CrowdStrike

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
1 min read

The Threats tab contains data on alerts triggered in Crowdstrike, providing detailed information on events CrowdStrike considers EDR threats. This gives a further notion of the overall EDR health. You can use the insights for further analysis and action.

  • Detection by severity:

    • low

    • critical

    • medium

    • high

  • Detection by:

    • tactic

    • technique

    • severity

    • objective

    • detection name

    • operation

    • user

    • severity

    • summary

    • based on command line execution

    • SHA and MDS detections

    • Computer

  • Trading IOCs

  • Blocked detections

  • File-based detections

Â