| Topic | Details |
| Topic 1 | - ATT&CK Frameworks: This domain covers understanding the MITRE ATT&CK framework and applying its tactics and techniques within Falcon to provide context to detections.
|
| Topic 2 | - Detection Analysis: This domain covers analyzing and triaging detections in Falcon, including interpreting dashboards, endpoint detections, contextual data, process views, prevalence, IOCs, and implementing hash management actions like blocking, allowlisting, and exclusions.
|
| Topic 3 | - Real Time Response (RTR): This domain covers RTR technical capabilities, administrative settings, connecting to hosts, using RTR commands for remediation, utilizing custom scripts, setting up workflows, and reviewing audit logs.
|
| Topic 4 | - Search Tools: This domain covers utilizing User Search, IP Search, Hash Search, Host Search, and Bulk Domain Search to gather intelligence during investigations.
|
| Topic 5 | - Event Search: This domain focuses on performing advanced event searches from detections, refining searches using event actions, and distinguishing between commonly used event types.
|