Professional Documents
Culture Documents
Crowdstrike Falcom University
Crowdstrike Falcom University
OV E R AL L P R O G R A M DE S C R IPTI O N
CrowdStrikeTM is proud to announce the availability of
the CrowdStrike Falcon Certification Program (CFCP).
CFCP is a multi-tier certification program, covering
CROWDSTRIKE CERTIFIED FALCON HUNTER three levels of Falcon users from the administrator to
Completion of the FHT-202 course, access to your instance the front-line analyst to the investigator/hunter.
of Falcon and applicable user guides as listed in the
certification description. Completion FHT-201 and FHT-100
level courses are highly recommended. In creating this certification, CrowdStrike has
drawn on a talent pool of seasoned incident
responders, investigators/hunters and subject
matter experts who use the Falcon platform daily to
perform their incident response duties. This ensures
that analysts and administrators who hold one of
these certifications have demonstrated a
thorough knowledge in the respective area and
CROWDSTRIKE CERTIFIED FALCON RESPONDER
Completion of the FHT-201 course, access to your
their managers can trust that they can effectively
instance of F alcon and applicable user guides as listed in and proficiently use CrowdStrike products
the certification description. Completion of the FHT-100 and workflows.
level courses is highly recommended.
Tests are administered online through CrowdStrike University so there is no need to report to a physical
testing center. Each participant MUST have a valid subscription to CrowdStrike University. The cost for each
exam is $150 and the voucher can be purchased through your CrowdStrike sales representative. Each exam is
timed, candidates will have two opportunities to complete the exam successfully, and should have access
to their Falcon instance during the exam. The passing score for the exam is 80 percent.
Upon successful completion of an exam, the candidate will receive notification of completion
and a certificate will be sent via standard mail. Certifications are valid for a period of three years.
Questions regarding Falcon Certification can be sent to CFCP@crowdstrike.com
can perform basic proactive hunting for atomic indicators such as a Splunk syntax. They understand how to navigate between and use
domain names IP addresses or hash values across enterprise event multiple views such as Process Explorer, Host Search, Host Timeline
data, whether it is related to an alert of some external form of Intel. and Process Timeline to maximize productivity and quickly obtain the
desired results.
This examination is 60 questions and open book. Candidates are
allowed 90 minutes to complete this examination and should have This examination is 60 questions and open book. Candidates are
access to their Falcon instance during the exam. Candidates who allowed 90 minutes to complete this examination and should have
are unsuccessful will receive a second opportunity to complete the access to their Falcon instance during the exam. Candidates who
examination and should wait at least one week before the are unsuccessful will receive a second opportunity to complete the
second attempt. examination, and should wait at least one week before the second
attempt.
Required Learning Path: The required learning path for the CCFR
certification is the FHT-201 instructor-led course. Completion of FHT- Required Learning Path: The required learning path for the CCFH
100, FHT-101, FHT-105 and FHT-120 courses in CrowdStrike University is certification is the FHT-202 course. Completion of FHT-100, FHT-101,
highly recommended. The CCFA certificate is not required however it FHT-105 and FHT-120 courses in CrowdStrike University and the FHT-
is a commonly obtained first, especially for those who perform 201 instructor-led course are highly recommended. The CCFA and
multiple functions. Although the exam is open book, students should CCFR certificates is not required however they may be obtained first,
be familiar with the following guides as well (available in Falcon at especially for those who perform multiple functions. Although the
Support>Docs): exam is open book, students should be familiar with the following
guides as well (available in Falcon at Support>Docs):
• - Getting Started Guide
• - Streaming API Guide (for detection types) • - Getting Started Guide
• - Streaming API Guide (for detection types)
In addition to the above learning path, we suggest that candidates • - Events Data Dictionary
for this certification have at least six months of experience with • - Hunting Guide
CrowdStrike Falcon in a production environment.
In addition to the above learning path, CrowdStrike suggests that
candidates for this certification have at least six months of experience
CROWDSTRIKE with CrowdStrike Falcon in a production environment.
CERTIFIED FALCON
HUNTER
(CCFH)
The CCFH certification is directed at the investigative analyst who
performs deeper detection analysis and response as well as machine
timelining and event-related search queries. They are also frequently
responsible for insider-threat-related investigations and proactive
investigation (hunting) based on intel reports and other sources of
information. Examples of positions aligning with this certification are
Hunt Team Members, Security Analyst, SOC Analyst, Security Engineer,
IT Security Operations Manager, Security Administrator or Endpoint
Security Administrator.