Crowdstrike EDR Incident Portal
EDR Forensic Operations Instructions
- Investigate Telemetry: Click directly on any incident log row in the dashboard to open the deep-dive tab panels (Summary, Process Chains, and IOCs).
- Extract Exact Values: Copy and paste findings directly from the platform views into the assessment boxes below. Capitalization is insensitive, but factual text strings must match perfectly.
50
4
Healthy
| Severity | Detection | Date | Host | Actions |
|---|---|---|---|---|
| High | Initial Access via Malicious Office Document | Jan 4th 2026, 08:11 | DESKTOP-HR01 | |
| High | Credential Dumping via LSASS Memory Access | Jan 4th 2026, 07:32 | WIN-ENG-LAPTOP03 | |
| Medium | Execution from AppData Directory | Jan 4th 2026, 07:03 | DESKTOP-DEV01 | |
| Medium | Suspicious Persistence via Scheduled Task | Jan 4th 2026, 06:28 | DESKTOP-UATSERVER |
Detection Title
Path:
Command Line:
PID:
Parent Process:
Signed Validation:
SHA256 Hash:
Observed Behavior:
Threat Intel Label:
| Indicator Type | Value | Source Context | Action Status |
|---|
Forensic Assessment Portal
Submit artifacts pulled from the alerts above. Maintain exact punctuation and format spacing where defined.
0 / 0 Solved