Crowdstrike Falcon Sandbox

Solution Overview
Crowdstrike Falcon is a best-of-breed cloud-based endpoint security tool suite featuring both endpoint protection ("EPP") and endpoint detection and response ("EDR") capabilities.  Falcon combines the most effective prevention technologies and full attack visibility with built-in threat intelligence.

Relying upon a single endpoint and a cloud-native service, the Crowdstrike Falcon suite includes a broad range of modules to cover most endpoint security functions:
  • Falcon Prevent - Next-Generation Antivirus
  • Falcon Insight - Endpoint Detection and Response 
  • Falcon Device Control
  • Falcon Overwatch - Threat Hunting
  • Falcon Discover - IT Hygiene
  • Falcon Spotlight - Vulnerability Management
  • Falcon X - Threat Intelligence
  • Falcon Search - Malware Search
  • Falcon Sandbox - Sandboxing and Malware Analysis

This lab provides a sandbox environment that can be used to evaluate the Falcon suite of products across a wide variety of endpoints, including both Windows and Unix-based operating systems. There is also an attack machine, running Kali Linux from which a user can deploy benign, non-weaponized malware to test the efficacy of these tools.

Goals & Objectives

The purpose of the sandbox lab is to help you develop proficiency in deploying, managing and monitoring the Crowdstrike solution. The lab guide provides a flexible framework for evaluating the solution, its installation and behavior in a sample customer environment.

The lab environment will allow you to:
  • Access the ESA baseline Sandbox environment.
  • Login to the cloud-based portal.
  • Navigate the portal's interface and workflow.
  • Deploy agents on Windows systems.
  • Deploy agents on Linux systems.

Hardware & Software

  • Crowdstrike Falcon (current version). 
Server Devices 
  • 1x Windows Jumphost (Windows Server 2016). 
  • 1x Generic Server (Windows Server 2012). 
  • 1x Generic Server (Windows Server 2016). 
  • 1x Generic Server (Red Hat Enterprise Linux 7). 
  • 1x Generic Server (CentOS 7). 
  • 1x Generic Server (Solaris 11). 
Client Devices 
  • 1x Attack Client (Windows 10 Enterprise). 
  • 1x Generic Client (Windows 7 Enterprise). 
  • 1x Attack Host (Kali Linux 2018).