Crowdstrike EDR Incident Portal

EDR Forensic Operations Instructions

  1. Investigate Telemetry: Click directly on any incident log row in the dashboard to open the deep-dive tab panels (Summary, Process Chains, and IOCs).
  2. Extract Exact Values: Copy and paste findings directly from the platform views into the assessment boxes below. Capitalization is insensitive, but factual text strings must match perfectly.
50
4
Healthy
SeverityDetectionDateHostActions
High Initial Access via Malicious Office Document Jan 4th 2026, 08:11 DESKTOP-HR01
High Credential Dumping via LSASS Memory Access Jan 4th 2026, 07:32 WIN-ENG-LAPTOP03
Medium Execution from AppData Directory Jan 4th 2026, 07:03 DESKTOP-DEV01
Medium Suspicious Persistence via Scheduled Task Jan 4th 2026, 06:28 DESKTOP-UATSERVER

Forensic Assessment Portal

Submit artifacts pulled from the alerts above. Maintain exact punctuation and format spacing where defined.

0 / 0 Solved