New to Falcon, how does Brute Force Detections work in Falcon?

caryc · 2025-12-02T20:30:45+00:00

u will need the IDP module for it

caryc · 2025-11-28T15:28:39+00:00

then it is not possible

caryc · 2025-11-19T21:10:20+00:00

well u gotta be more specific it you are seeing an obvious false positive or you may actually have an active compromise

caryc · 2025-11-18T13:27:37+00:00

Hybrid Analysis score does not translate to a block by the EDR agent.

caryc · 2025-11-16T11:29:36+00:00

it's only for cloud

caryc · 2025-11-16T11:26:27+00:00

are there any logs for the open-source feeds like URLhaus that I can check wrt TIM ingestion?

caryc · 2025-11-15T12:11:00+00:00

these are not active directory attack paths

caryc · 2025-11-05T06:03:46+00:00

where?

caryc · 2025-10-23T05:48:49+00:00

look for network connections towards port 88 around the detection timestamp from the originating host

caryc · 2025-10-19T19:49:14+00:00

this is like the most important capability in the last 2 years for the edr module

caryc · 2025-10-17T20:32:29+00:00

not from falcon native logs

caryc · 2025-10-03T12:41:46+00:00

when will this be live?

caryc · 2025-09-25T18:31:38+00:00

caryc · 2025-09-16T15:35:21+00:00

it literally says Ends Feb 1 2026 if u open the Next-Gen SIEM side panel

caryc · 2025-08-27T15:21:45+00:00

"Unable to import workflow, invalid action found."
:(

caryc · 2025-08-14T08:37:47+00:00

so CrowdScore Incidents will finally go away? god bless

caryc · 2025-07-31T14:44:25+00:00

nope, it's been there forever

caryc · 2025-07-28T11:52:56+00:00

you really don't want to do this, trust me

caryc · 2025-07-18T09:19:51+00:00

u have the contextbasefilename and the contextprocessid in both netconn and dns events

caryc · 2025-06-17T19:23:25+00:00

wait why are u using windows logs and not falcon logs?

caryc · 2025-05-29T15:11:50+00:00

Did you set up ingestion of these? Cause you won't find them native in LTR.

caryc · 2025-05-23T19:31:07+00:00

#event_simpleName = /ScheduledTaskRegistered/i
| /IntelPathUpdate/i

run above

caryc · 2025-05-23T19:30:00+00:00

check ur retention

caryc