CrowdStrike Proving Ground Lab

137 Launches
Solution Overview

WWT’s ATC CrowdStrike Proving Ground Lab exists to provide a unified solution built around relevant use cases. It seeks to showcase the CrowdStrike Falcon platform’s web UI and ability to alert on, and prevent, breaches using cloud data and machine learning.

This lab consists of several servers running common enterprise applications that include Nessus, Splunk, Tanium and Active Directory (w/DNS). Tanium and Splunk are integrated to emulate normal application communication. Several workstations, with Windows 7 and Windows 10 operating systems, exist across two distinct network locations (Headquarters and Operations). Some of these machines are randomly conducting various attacks that will generate alerts within the CrowdStrike console for exploration and visibility into how the product and solution operate. 

You will access the environment using a Windows-based jumphost, from which you can browse web consoles, open RDP/SSH sessions, etc. (see Lab Topology). 

Goals & Objectives

The purpose of this lab is to help you develop proficiency in navigating the CrowdStrike UI, and in deploying, managing and monitoring the CrowdStrike solution. The lab guide provides a flexible framework for evaluating the solution, its installation and the behavior in a sample customer environment.

The lab environment allows you to:

  • Login to the CrowdStrike Falcon cloud-based platform.
  • Navigate the CrowdStrike consoles interface, alerts and workflow.
  • Access the entire Proving Ground environment.
  • Open format, distinct network spaces, common applications and a Kali attack box.

Hardware & Software


  • CrowdStrike Falcon
  • Okta (Single Sign On)
  • Nessus vulnerability scanner
  • Splunk log collector
  • Tanium Core Platform
  • Palo Alto VM-Series firewall
  • Active Directory (w/DNS)


  • 1x Windows Jumphost (Windows Server 2016)
  • 3x Tanium Servers (Windows Server 2016)
  • 1x Microsoft SQL Server 2016 (Windows Server 2016)
  • 1x Spare Server (Windows Server 2016)
  • 1x Splunk Server (CentOS 7)
  • 1x Syslog Server (CentOS 7)
  • 1x Nessus Scanner (CentOS 7)


  • 4x Windows 10 Clients (Windows 10 Enterprise)
  • 3x Windows 7 Clients (Windows 7 Enterprise)
  • 3x Red Hat Clients (Red Hat Enterprise Linux 7)
  • 1x Attack Client (Kali Linux)


  • CrowdStrike Falcon platform