CrowdStrike Falcon Next-Gen SIEM Bootcamp (Training)

In this video, you’ll learn how to set up and secure your Next-Gen SIEM environment by understanding NG-SIEM roles, managing users and permissions, creating custom roles, and safely onboarding external users using best-practice access controls.

In this video we’ll walk through the different onboarding methods available for different types of data sources. This video first explains first party and third party data in CrowdStrike's context and explains different methods to bring data into the Next-Gen SIEM platform. At last we have also covered, how you can plan onboarding data for your organization.

This video explains how to configure prebuilt data connectors in the Next-Gen SIEM. These connectors allow you to bring third-party data into the platform with minimal effort. In this video, we'll walk through steps for configuring each: Pull & Push based data connections.

Learn how to deploy and configure Falcon LogScale Collector to ingest logs from endpoints and use fleet management to deploy and manage LogScale collector at large scale.

Explore how CrowdStream enables scalable, real-time data ingestion and routing into Falcon Next-Gen SIEM. CrowdStream is a cloud-hosted version of Cribl Stream, that gives you flexibility to route, filter, transform, and enrich logs before they reach the Falcon platform. This video demonstrates how you can build a data pipeline in CrowdStream.

There are a lots of native integrations and tolls to onboard data into Next-Gen SIEM platform, however in case when native integrations are not present for some custom or unpopular data sources, it becomes important to create a way for it. In this video, we’re going to learn how you can onboard data into Falcon Next-Gen SIEM using custom scripts, designed for sources that don’t have prebuilt connectors.

You can use the python script template to get started and create a custom script to fetch, transform and onboard data into Falcon NG-SIEM. PFA, the ngsiemscript.py in Source Code section.

Once the data pipeline is built successfully, it is important to monitor ingestion health, identify common issues, and troubleshoot data gaps or delays effectively. In this video, we will learn how to deal with ingestion issues that you might face during data onboarding.

Find the Data Health Monitor dashboard file in downloadable materials, which you can import in your environment to monitor and troubleshoot ingestion issues.

Understand why parsers are critical in Next-Gen SIEM and learn how to convert raw log data into structured, searchable fields by building a basic parser from scratch.

Learn how to build CPS-compliant parsers to standardize data, improve detection accuracy, and ensure your logs work seamlessly with dashboards, rules, and analytics across Falcon Next-Gen SIEM.

Learn the fundamentals of CrowdStrike Query Language (CQL) and understand how Advanced Event Search enables fast, precise investigation and threat hunting across massive volumes of security data.

Master advanced CQL commands and techniques to perform complex correlations, aggregations, and joins that power high-impact detections, dashboards, and real-world SOC investigations.

Learn how to build and manage dashboards that transform raw SIEM data into clear, actionable visual insights for SOC analysts, security leaders, and stakeholders.

Discover how to use parameters and interactions to create dynamic dashboards that enable faster investigation, drill-down analysis, and real-time decision-making.

Learn how detection rules are designed, configured, and tuned in Next-Gen SIEM to identify real threats while minimizing false positives.

Understand how detections are generated, triaged, and managed, and learn best practices for maintaining an efficient and effective detection lifecycle.

Explore the differences between rules and scheduled searches to understand when to use each for detections, monitoring, and analytical use cases.

Discover how detection coverage improves security visibility by mapping detections to tactics and techniques, helping identify gaps and strengthen your overall detection strategy.

Learn how automated leads help prioritize high-risk activity, reduce alert fatigue, and accelerate analyst response by adding context and intelligence to detections.

Understand how case management streamlines investigations by centralizing alerts, evidence, and collaboration, enabling SOC teams to track, manage, and resolve incidents efficiently.

For modern SOC operations, automation workflows are very important. Fusion SOAR module provides this automation in Falcon platform. Fusion SOAR helps reduce manual effort while improving response speed and consistency. In this video, we'll learn what Fusion SOAR workflows are, creating one from a playbook, and sending search results to email.

Learn how to automatically trigger workflows from detections to enable faster triage, enrichment, and response without analyst intervention.

Lookups are extremely helpful when you want to maintain lists such as suspicious IPs, high-risk hosts, or anything that needs to be referenced across rules, dashboards, or future workflows. In this video, we’re going to explore another useful automation capability inside Fusion SOAR — creating lookup files directly from a workflow.

Learn how to integrate third-party security and IT tools into Fusion SOAR workflows to build end-to-end automated response and orchestration across your security stack.

In situations where the NGSIEM platform doesn't natively provide the required functionality, developers can build their custom security solutions using Falcon Foundry. Learn the fundamentals of Falcon Foundry, including its architecture and setup, and understand how Foundry enables you to extend Falcon with custom, production-grade security applications.

Discover how to design and build a custom Foundry app by combining API integrations, UI page, App logic, and workflows to deliver reusable, real-world security use cases.

PFA, foundryUI package that you can use to test the custom GitHub dashboard.