CrowdStrike Proving Ground Lab

Solution overview

WWT's ATC CrowdStrike Proving Ground Lab exists to provide a unified solution built around relevant use cases. It seeks to showcase the CrowdStrike Falcon platform's web UI and ability to alert on, and prevent, breaches using cloud data and machine learning.

This lab consists of several servers running common enterprise applications that include Nessus, Splunk, Tanium and Active Directory (w/DNS). Tanium and Splunk are integrated to emulate normal application communication. Several workstations, with Windows 7 and Windows 10 operating systems, exist across two distinct network locations (Headquarters and Operations). Some of these machines are randomly conducting various attacks that will generate alerts within the CrowdStrike console for exploration and visibility into how the product and solution operate.

You will access the environment using a Windows-based jumphost, from which you can browse web consoles, open RDP/SSH sessions, etc. (see Lab Topology).

Lab diagram

Goals and objectives

The purpose of this lab is to help you develop proficiency in navigating the CrowdStrike UI, and in deploying, managing and monitoring the CrowdStrike solution. The lab guide provides a flexible framework for evaluating the solution, its installation and the behavior in a sample customer environment.

The lab environment allows you to:

Login to the CrowdStrike Falcon cloud-based platform.
Navigate the CrowdStrike consoles interface, alerts and workflow.
Access the entire Proving Ground environment.
Open format, distinct network spaces, common applications and a Kali attack box.