Home  >  APT3  >  Results  >  CrowdStrike  >  Configuration

CrowdStrike Configuration

The following product description and configuration information was provided by the vendor and has been included in its unedited form. Any MITRE comments are included in italics.

Product Versions

Endpoint Protection Standard Bundle with the Standard Falcon Overwatch option.

  • The bundle includes Prevent, Insight, Overwatch
  • Version 4.11.7402.0


CrowdStrike Falcon is a complete endpoint security platform for Windows, macOS and Linux. It provides advanced detection and prevention functionality through a single endpoint agent that combines:

    • Falcon Prevent for next generation antivirus
    • Falcon Insight for Endpoint Detection and Response (EDR)
    • Falcon Device Control for removable media protection
    • Falcon OverWatch for managed threat hunting
    • Falcon Discover for IT Hygiene
    • Falcon Spotlight for vulnerability management
    • Falcon X for integrated threat intelligence

Falcon was the first cloud-delivered endpoint protection platform and this approach has not only simplified the deployment and operational aspects of endpoint security but has also driven significant enhancements in protection efficacy. With millions of machines in over 176 countries continuously streaming security events to CrowdStrike's cloud analytics platform, customers benefit from the community immunity effect that occurs when over 1 trillion security events are crowdsourced from the install base and analyzed in the cloud. These cloud analytics work in conjunction with the behavioral indicators of attack (IOAs) and machine learning capabilities that are built into a single, lightweight Falcon agent that detects and prevents malicious activity at all stages of the attack lifecycle.

CrowdStrike's cloud analytics platform is powered by the ThreatGraph™. This is a purpose-built distributed graph database in the cloud that centralizes security data to enable rapid detection and prevention of advanced threats, both by analytics engines and by CrowdStrike's managed threat hunting team - Falcon OverWatch. This is a global team of elite threat hunters whose job it is to proactively hunt for previously undetected intrusions as well as to help customers understand, prioritize and respond to the threats revealed by Falcon. As this team uncovers new attack techniques, they feed that intelligence back into the platform. Protection against that new adversary tradecraft is then immediately distributed to all Falcon customers via the platform. This combinations of analytics engines and expert threat hunters forms a virtuous cycle that continuously improves the product and ensures CrowdStrike customers stay one step ahead of the adversary.

The CrowdStrike Falcon management interface has adopted the MITRE ATT&CK framework to provide a uniform and widely adopted language for describing malicious behavior it has detected or prevented.


Sensor Visibility: Action: Enable All
'All' includes the options:
  • Additional User Mode Data
  • Enable Cloud Next-Gen Antivirus
  • Settings
    • Cloud Anti-malware: Detection: Aggressive (options include disabled, cautious, moderate, aggressive, and extra aggressive)
    • Adware and PUP: Detection: Moderate (options include disabled, cautious, moderate, aggressive, and extra aggressive)
  • All prevention was left disabled (the default). By default all Antivirus detection is disabled.
  • No other product configurations were changed.