Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Subscribe
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
CrowdStrike: Zero to Falcon Admin
Bestseller
Rating: 4.5 out of 5(3,524 ratings)
14,104 students
Created byHailie Shaw
Last updated 12/2025
English

What you'll learn

  • Gain mastery of the Falcon platform: Learn how to navigate and use the various features of the CrowdStrike Falcon platform related to administrative duties.
  • Learn the core principles of endpoint protection, including deployment, host management, troubleshooting, and response.
  • Learn best practices for security operations: Gain an understanding of industry-standard security practices and how to apply them to your organization.
  • Cybersecurity Engineering Concepts for Configuring an EDR Console

Course content

1 section18 lectures4h 4m total length

  • Introduction to the Course1:36

    Join Hailey Shaw as she introduces the CrowdStrike zero to admin course, outlining EDR fundamentals, installation, troubleshooting, sensor updates, host management, and prevention policies with color-coded console, CLI, and notes.

  • Module 1 What is CrowdStrike/EDR7:43

    Discover what CrowdStrike is and what EDR (end point detection and response) means, including signature, behavioral, and heuristic detections, with real-time monitoring and automated responses.

  • Module 1 Demo: Overview of the Console12:00

    Navigate the CrowdStrike console and review the activity dashboard and cloud score. Learn to manage hosts, detections, policies, and dashboards, with guidance from built-in documentation.

  • Module 2 Users and Roles13:05

    Explore how to manage CrowdStrike users and roles, assign permissions, and provision Falcon admin access while guarding against overprivileged accounts. Study RTR roles and domain-based onboarding controls.

  • Module 2 Demo: Users and Roles7:54

    Demonstrate managing users and roles in CrowdStrike. Update user profiles, set UTC time zones, assign roles with safeguards against overprovisioning, and configure real-time response permissions and notifications.

  • Module 3 Installation24:50

    Explore manual and automatic CrowdStrike sensor installations, register sensors with your console using your customer ID, and deploy across Windows, Linux, and Mac with best practices.

  • Module 3 Demo: Installing Sensors7:09

    Configure host setup to install CrowdStrike sensors using installation tokens, with token rotation and audit logs. Download Windows, Mac, and Linux sensors and verify the agent runs.

  • Module 4 Troubleshooting10:53

    Apply a practical troubleshooting checklist from module four for CrowdStrike Falcon admin, starting with simple OS, permissions, and installer checks, then address reduced functionality mode via the sensor dashboard.

  • Module 5 Uninstalling & Sensor updates15:22

    Learn to uninstall CrowdStrike sensors and manage updates using group policies, maintenance tokens, and bulk maintenance mode with version controls (n-1, n-2) and throttling.

  • Module 5 Demo: Sensor Update Policies20:14

    Explore managing sensor update policies across host groups by OS, set precedence, create latest policies, assign Linux/Windows/Mac hosts, and install or uninstall via CLI with maintenance tokens.

  • Module 6 Host management20:15

    Explore dynamic and static host groups in CrowdStrike, learn to build multi-criteria filters (OS, AD, host IDs), understand policy precedence and tagging for scalable endpoint management.

  • Module 6 Demo: Host Groups11:29

    Create dynamic host groups by operating system in CrowdStrike, apply assignment filters to Windows, Mac, and Linux, and monitor group policies and dashboards for host management.

  • Module 7 Prevention Policies20:11

    Learn to create and assign prevention policies within CrowdStrike, organize hosts into groups, and tune detection versus prevention across phase one to phase three for scalable security.

  • Module 7 Demo: Prevention Settings12:30

    Learn to configure and assign CrowdStrike prevention policies across Windows, Mac, and Linux by managing host groups, adjusting policy precedence, and enabling sensor visibility and next-gen antivirus settings.

  • Module 8 Custom IOAs23:40

    Create and manage custom ioas to detect indicators of attack or compromise using regex and glob syntax, assign to prevention policies, and test before production.

  • Module 8 Demo: Creating Custom IOAs17:59

    Create and enable custom IOA rule groups for Windows, Mac, and Linux, then add process creation, network, and domain name rules, test regex patterns, and assign groups to prevention policies.

  • Module 9 Exclusions and Quarantines10:33

    Explore exclusions and quarantines to whitelist trusted processes, manage IOAs and EOAs with glob and regex patterns, and understand sensor visibility and quarantine basics on Windows and Mac.

  • Module 9: Reviewing Exclusions6:40

    Create machine learning and IOA exclusions using glob patterns to whitelist legitimate programs across all hosts, and note sensor visibility exclusions require extreme caution.

Requirements

  • A connection to the internet

Description

Master the Falcon Platform from an Administrative Perspective

This course is designed to provide learners with an in-depth understanding of CrowdStrike/EDR, a powerful endpoint security tool. Participants will learn how to install and configure CrowdStrike/EDR, manage hosts, create and manage prevention policies, customize IOAs, manage exclusions and quarantines, and troubleshoot issues.

Module 1: What is CrowdStrike/EDR

  • Introduction to CrowdStrike/EDR

  • Understanding Endpoint Detection and Response (EDR)

  • Key features and benefits of CrowdStrike/EDR

Module 2: Users and Roles

  • User and role management in CrowdStrike/EDR

  • Understanding permissions and access levels

  • Best practices for user and role management

Module 3: Installation

  • CrowdStrike/EDR installation prerequisites

  • Installing CrowdStrike/EDR on endpoints

  • Post-installation configurations and best practices

Module 4: Troubleshooting

  • Troubleshooting common issues with CrowdStrike/EDR

  • Best practices for effective troubleshooting

Module 5: Uninstalling & Sensor updates

  • Uninstalling CrowdStrike/EDR from endpoints

  • Updating CrowdStrike/EDR sensors

  • Best practices for sensor management

Module 6: Host management

  • Managing hosts using CrowdStrike/EDR

  • Understanding host groups and policies

  • Best practices for host management

Module 7: Prevention policies

  • Creating and managing prevention policies in CrowdStrike/EDR

  • Understanding policy rules and configurations

  • Best practices for policy management

Module 8: Custom IOAs

  • Creating custom Indicators of Attack (IOAs) in CrowdStrike/EDR

  • Understanding IOA rules and configurations

  • Best practices for custom IOA management

Module 9: Exclusions and Quarantines

  • Managing exclusions and quarantines in CrowdStrike/EDR

  • Understanding exclusion and quarantine rules and configurations

  • Best practices for exclusion and quarantine management

Target audience: IT professionals, cybersecurity professionals, system administrators, and anyone interested in learning how to manage and secure endpoints using CrowdStrike/EDR.

Who this course is for:

  • Learners should have a basic understanding of cybersecurity principles and some experience with endpoint security management. They should also have a working knowledge of operating systems, networking, and cybersecurity concepts.
  • Professionals wanting to advance their understanding of EDR tools
  • IT professionals, cybersecurity professionals, system administrators, and anyone interested in learning how to manage and secure endpoints using CrowdStrike/EDR.

Report abuse