CrowdStrike Falcon

Export endpoint sensor deployment, detection activity, and vulnerability assessment from CrowdStrike Falcon console.

UC-04UC-05~15 min

Steps

  1. 1
    Log in to Falcon console

    Navigate to falcon.crowdstrike.com and sign in with admin credentials.

  2. 2
    Export host/sensor coverage

    Go to Host Management > Hosts. Export the full host list showing sensor version, last seen date, and OS. This demonstrates EDR deployment coverage.

  3. 3
    Export detection summary

    Navigate to Activity > Detections. Filter for last 30 days. Export the detection list showing severity, status, and resolution.

  4. 4
    Export Spotlight vulnerability report

    Go to Exposure Management > Spotlight > Vulnerabilities. Export critical/high vulnerabilities with remediation status.

Tips

  • Host coverage report is the single most important evidence for EDR (UC-04).
  • Show both the total host count and the sensor-covered count for coverage percentage.
  • Spotlight vulnerability data also satisfies patch management (UC-05) evidence requirements.

Automate CrowdStrike Falcon evidence collection with BindLedger connectors

Create Free Account →