{"id":4821,"date":"2025-08-26T13:04:21","date_gmt":"2025-08-26T13:04:21","guid":{"rendered":"https:\/\/uplatz.com\/blog\/?p=4821"},"modified":"2025-08-27T02:45:08","modified_gmt":"2025-08-27T02:45:08","slug":"crowdstrike-falcon-pocket-book","status":"publish","type":"post","link":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/","title":{"rendered":"CrowdStrike Falcon Pocket Book"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Blog-solid-color-images-1-1024x576.png\" alt=\"CrowdStrike Falcon Pocket Book\" width=\"840\" height=\"473\" class=\"alignnone size-large wp-image-4868\" srcset=\"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Blog-solid-color-images-1-1024x576.png 1024w, https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Blog-solid-color-images-1-300x169.png 300w, https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Blog-solid-color-images-1-768x432.png 768w, https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Blog-solid-color-images-1.png 1280w\" sizes=\"auto, (max-width: 840px) 100vw, 840px\" \/><br \/>\n<!-- CrowdStrike Falcon Pocket Book \u2014 Uplatz (50 Cards, Wide Layout, Readable Code, Scoped Styles) --><\/p>\n<div style=\"margin: 16px 0;\">\n<style>\n    .wp-nodejs-pb { font-family: Arial, sans-serif; max-width: 1320px; margin:0 auto; }\n    .wp-nodejs-pb .heading{\n      background: linear-gradient(135deg, #e0f2fe, #ccfbf1); \/* lighter gradient *\/\n      color:#0f172a; padding:22px 24px; border-radius:14px;\n      text-align:center; margin-bottom:18px; box-shadow:0 8px 20px rgba(0,0,0,.08);\n      border:1px solid #cbd5e1;\n    }\n    .wp-nodejs-pb .heading h2{ margin:0; font-size:2.1rem; letter-spacing:.2px; }\n    .wp-nodejs-pb .heading p{ margin:6px 0 0; font-size:1.02rem; opacity:.9; }<\/p>\n<p>    \/* Wide, dense grid *\/\n    .wp-nodejs-pb .grid{\n      display:grid; gap:14px;\n      grid-template-columns: repeat(auto-fill, minmax(400px, 1fr));\n    }\n    @media (min-width:1200px){\n      .wp-nodejs-pb .grid{ grid-template-columns: repeat(3, 1fr); }\n    }<\/p>\n<p>    .wp-nodejs-pb .section-title{\n      grid-column:1\/-1; background:#f8fafc; border-left:8px solid #0ea5e9;\n      padding:12px 16px; border-radius:10px; font-weight:700; color:#0f172a; font-size:1.08rem;\n      box-shadow:0 2px 8px rgba(0,0,0,.05); border:1px solid #e2e8f0;\n    }\n    .wp-nodejs-pb .card{\n      background:#ffffff; border-left:6px solid #0ea5e9;\n      padding:18px; border-radius:12px;\n      box-shadow:0 6px 14px rgba(0,0,0,.06);\n      transition:transform .12s ease, box-shadow .12s ease;\n      border:1px solid #e5e7eb;\n    }\n    .wp-nodejs-pb .card:hover{ transform: translateY(-3px); box-shadow:0 10px 22px rgba(0,0,0,.08); }\n    .wp-nodejs-pb .card h3{ margin:0 0 10px; font-size:1.12rem; color:#0f172a; }\n    .wp-nodejs-pb .card p{ margin:0; font-size:.96rem; color:#334155; line-height:1.62; }<\/p>\n<p>    \/* Color helpers *\/\n    .bg-blue { border-left-color:#0ea5e9 !important; background:#f0f9ff !important; }\n    .bg-green{ border-left-color:#10b981 !important; background:#f0fdf4 !important; }\n    .bg-amber{ border-left-color:#f59e0b !important; background:#fffbeb !important; }\n    .bg-violet{ border-left-color:#8b5cf6 !important; background:#f5f3ff !important; }\n    .bg-rose{ border-left-color:#ef4444 !important; background:#fff1f2 !important; }\n    .bg-cyan{ border-left-color:#06b6d4 !important; background:#ecfeff !important; }\n    .bg-lime{ border-left-color:#16a34a !important; background:#f0fdf4 !important; }\n    .bg-orange{ border-left-color:#f97316 !important; background:#fff7ed !important; }\n    .bg-indigo{ border-left-color:#6366f1 !important; background:#eef2ff !important; }\n    .bg-emerald{ border-left-color:#22c55e !important; background:#ecfdf5 !important; }\n    .bg-slate{ border-left-color:#334155 !important; background:#f8fafc !important; }<\/p>\n<p>    \/* Utilities *\/\n    .tight ul{ margin:0; padding-left:18px; }\n    .tight li{ margin:4px 0; }\n    .mono{ font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace; }\n    .kbd{ background:#e5e7eb; border:1px solid #cbd5e1; padding:1px 6px; border-radius:6px; font-family:ui-monospace,monospace; font-size:.88em; }\n    .muted{ color:#64748b; }\n    .wp-nodejs-pb code{ background:#f1f5f9; padding:0 4px; border-radius:4px; border:1px solid #e2e8f0; }\n    .wp-nodejs-pb pre{\n      background:#f5f5f5; color:#111827; border:1px solid #e5e7eb;\n      padding:12px; border-radius:8px; overflow:auto; font-size:.92rem; line-height:1.55;\n    }\n    .q{font-weight:700;}\n    .qa p{ margin:8px 0; }\n    .qa b{ color:#0f172a; }\n  <\/style>\n<div class=\"wp-nodejs-pb\">\n<div class=\"heading\">\n<h2>CrowdStrike Falcon Pocket Book \u2014 Uplatz<\/h2>\n<p>      50 deep-dive flashcards \u2022 Wide layout \u2022 Fewer scrolls \u2022 20+ Interview Q&amp;A \u2022 Readable code examples\n    <\/p><\/div>\n<div class=\"grid\">\n      <!-- ===================== SECTION 1 ===================== --><\/p>\n<div class=\"section-title\">Section 1 \u2014 Fundamentals<\/div>\n<div class=\"card bg-blue\">\n<h3>1) What is CrowdStrike Falcon?<\/h3>\n<p>        A cloud-native EDR\/EPP platform delivering prevention, detection, response, threat intel, identity protection, and vulnerability insight via a lightweight sensor and cloud analytics.<\/p>\n<pre><code class=\"mono\"># Components: Sensor (endpoint) + Cloud (Falcon) + Modules<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-green\">\n<h3>2) Core Modules<\/h3>\n<p>        Prevention (NGAV), EDR, Real Time Response (RTR), Threat Intelligence, Spotlight (vuln), Identity Protection, Cloud Security, Device Control, Firewall Mgmt, Sandbox.<\/p>\n<pre><code class=\"mono\"># License bundles vary by org; enable per policy<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-amber\">\n<h3>3) How Falcon Works<\/h3>\n<p>        Sensor observes telemetry (process, file, net, registry), applies ML\/IOAs locally, streams to cloud for analytics, correlates with intel, and raises detections mapped to MITRE ATT&amp;CK.<\/p>\n<pre><code class=\"mono\">Telemetry \u2192 Analytics \u2192 Detections \u2192 Response<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-violet\">\n<h3>4) EPP vs EDR<\/h3>\n<p>        EPP blocks known\/unknown threats pre-execution; EDR gives deep visibility, detections, and investigation\/response tooling. Use both for layered defense.<\/p>\n<pre><code class=\"mono\">Prevent (NGAV) + Detect (EDR) + Respond (RTR)<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-rose\">\n<h3>5) Key Terms<\/h3>\n<p>        <b>IOA<\/b> (behavioral patterns), <b>IOC<\/b> (indicators), <b>Detection<\/b>, <b>Incident<\/b>, <b>Policy<\/b>, <b>Containment<\/b>, <b>Host Group<\/b>, <b>Falcon Query<\/b>.<\/p>\n<pre><code class=\"mono\">Host \u2192 Policy \u2192 Sensor \u2192 Detections\/Incidents<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-cyan\">\n<h3>6) Deployment Models<\/h3>\n<p>        SaaS console; sensors on Windows\/macOS\/Linux\/Servers. Optional cloud and identity sensors for workloads and identity telemetry.<\/p>\n<pre><code class=\"mono\"># Always validate OS support matrix before rollout<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-lime\">\n<h3>7) Data &amp; Privacy<\/h3>\n<p>        Telemetry is security-focused; configure data retention, region, and PII handling per policy. Use RBAC and audit logs.<\/p>\n<pre><code class=\"mono\"># Governance: tag assets, restrict roles, review exports<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-orange\">\n<h3>8) Detections 101<\/h3>\n<p>        Severity + Tactic\/Technique (MITRE) + evidence. Response actions: contain host, kill process, quarantine file, RTR, ticketing\/webhook.<\/p>\n<pre><code class=\"mono\">Status: New \u2192 In Progress \u2192 Closed<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-indigo\">\n<h3>9) Policies &amp; Host Groups<\/h3>\n<p>        Policies define prevention\/EDR settings; precedence by platform and assignment to host groups (tags, OU, etc.). Use rings (pilot \u2192 broad).<\/p>\n<pre><code class=\"mono\">Groups: \"Pilot\", \"Prod-Servers\", \"HQ-Workstations\"<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-emerald\">\n<h3>10) Q&amp;A \u2014 \u201cWhy Falcon vs legacy AV?\u201d<\/h3>\n<p>        <span class=\"q\">Answer:<\/span> Behavior-based IOAs, strong cloud analytics, instant telemetry, lightweight agent, integrated IR tooling, and ATT&amp;CK mapping for faster investigations.\n      <\/div>\n<p>      <!-- ===================== SECTION 2 ===================== --><\/p>\n<div class=\"section-title\">Section 2 \u2014 Sensors, Policies, Prevention &amp; Detections<\/div>\n<div class=\"card bg-blue\">\n<h3>11) Sensor Install (Windows)<\/h3>\n<p>        Deploy via EDR tools\/SCCM\/Intune. Include customer ID (CID) and verify connectivity. (Use official docs for exact switches.)<\/p>\n<pre><code class=\"mono\"># PowerShell (simplified example)\r\nStart-Process \"WindowsSensor.exe\" -ArgumentList \"\/install \/quiet CID=XXXXXXXXXXXX-XX\"<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-green\">\n<h3>12) Sensor Install (macOS)<\/h3>\n<p>        Use MDM with PPPC\/kext\/system extensions approved; grant Full Disk Access as required by policy.<\/p>\n<pre><code class=\"mono\"># Jamf\/MDM payloads for approvals + .pkg deployment<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-amber\">\n<h3>13) Sensor Install (Linux)<\/h3>\n<p>        Packages vary (rpm\/deb). Ensure kernel compatibility; allow outbound to Falcon cloud domains.<\/p>\n<pre><code class=\"mono\">sudo dpkg -i falcon-sensor.deb\r\nsudo \/opt\/CrowdStrike\/falconctl -s --cid=XXXXXXXXXXXX-XX<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-violet\">\n<h3>14) Verify Sensor Health<\/h3>\n<p>        Confirm host appears in console, sensor version current, telemetry flowing, and prevention on. Monitor health dashboards.<\/p>\n<pre><code class=\"mono\"># CLI (Linux)\r\nsudo \/opt\/CrowdStrike\/falconctl -g --aid<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-rose\">\n<h3>15) Policy Rings<\/h3>\n<p>        Start with \u201cDetect\u201d in a pilot group, observe, then graduate to \u201cPrevent\u201d where stable. Document exceptions, change control, and rollback.<\/p>\n<pre><code class=\"mono\">Rings: Canary \u2192 EarlyAdopter \u2192 Broad<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-cyan\">\n<h3>16) Prevention Tuning<\/h3>\n<p>        Enable ML, script control, exploit mitigation, and ransomware protection per risk appetite. Use detection-only mode briefly during baselining.<\/p>\n<pre><code class=\"mono\"># Keep logs; escalate blocklists gradually<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-lime\">\n<h3>17) Exclusions (Best Practice)<\/h3>\n<p>        Narrow scope to signed, known paths. Avoid wildcards and user-writable dirs. Review regularly with audit evidence.<\/p>\n<pre><code class=\"mono\">Include hash\/publisher; avoid global *\/Temp\/*<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-orange\">\n<h3>18) Containment &amp; Quarantine<\/h3>\n<p>        Contain isolates host network except to Falcon; quarantine prevents file execution. Release requires approval workflow.<\/p>\n<pre><code class=\"mono\">Actions: ContainHost, LiftContainment, Quarantine, Restore<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-indigo\">\n<h3>19) Detection Lifecycle<\/h3>\n<p>        Triage \u2192 scope impact \u2192 validate evidence \u2192 respond (kill\/contain) \u2192 eradicate (patch, creds) \u2192 recover \u2192 lessons. Link to incident tickets.<\/p>\n<pre><code class=\"mono\">Owner, SLA, Notes, Linked Jira\/SNOW<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-emerald\">\n<h3>20) Q&amp;A \u2014 \u201cFalse Positives?\u201d<\/h3>\n<p>        <span class=\"q\">Answer:<\/span> Triage patterns, check hash reputation, verify behavior, and adjust policy or targeted exclusions. Never blanket exclude user-writable paths.\n      <\/div>\n<p>      <!-- ===================== SECTION 3 ===================== --><\/p>\n<div class=\"section-title\">Section 3 \u2014 Investigation, RTR, Threat Hunting &amp; Intel<\/div>\n<div class=\"card bg-blue\">\n<h3>21) Investigation View<\/h3>\n<p>        Process tree, timeline, IOA triggers, file\/network artifacts, users, registry, and command lines. Pivot on parent\/child relationships.<\/p>\n<pre><code class=\"mono\">Pivot: Process \u2192 Hash \u2192 Other Hosts<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-green\">\n<h3>22) Falcon Query Language (FQL)<\/h3>\n<p>        Search events and detections with filters (hostname, user, hash, cmdline, tactic). Save queries for reuse and dashboards.<\/p>\n<pre><code class=\"mono\">event_simpleName:\"ProcessRollup2\" AND CommandLine:*powershell*<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-amber\">\n<h3>23) Real Time Response (RTR) Basics<\/h3>\n<p>        Secure remote shell to an endpoint (role-gated). Common uses: collect triage artifacts, query processes, remove artifacts. Actions are audited.<\/p>\n<pre><code class=\"mono\"># Examples (read\/collect oriented)\r\nls, cat, get, ps, netstat<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-violet\">\n<h3>24) Containment During RTR<\/h3>\n<p>        Contain before invasive actions; maintain chain of custody. Export artifacts to a case folder with hashes.<\/p>\n<pre><code class=\"mono\"># Hash every collected file for integrity<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-rose\">\n<h3>25) Spotlight (Vulnerability)<\/h3>\n<p>        Visibility into CVEs across hosts; prioritize by exploitability and exposure. Create remediation tickets and track closure.<\/p>\n<pre><code class=\"mono\">Filters: CVSS, Vendor, App, Host Group<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-cyan\">\n<h3>26) Identity Protection<\/h3>\n<p>        Detects credential misuse, MFA fatigue, lateral movement paths, weak protocols. Integrate with IdP and DCs for signals.<\/p>\n<pre><code class=\"mono\">Alerts: Kerberoasting, Pass-the-Hash, RDP anomalies<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-lime\">\n<h3>27) Threat Intelligence<\/h3>\n<p>        Actor profiles, indicators, TTPs, and reports. Map detections to active actor tradecraft for prioritization.<\/p>\n<pre><code class=\"mono\">IOC feeds \u2192 match against environment<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-orange\">\n<h3>28) Custom IOA &amp; Detections<\/h3>\n<p>        Define behavioral rules for your environment (e.g., restricted script interpreters). Test in detect-only, then enforce.<\/p>\n<pre><code class=\"mono\">Rule: powershell.exe with base64 + network call<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-indigo\">\n<h3>29) Watchlists &amp; Dashboards<\/h3>\n<p>        Track sensitive assets, privileged accounts, and crown jewels. Build dashboards for exec and SOC metrics.<\/p>\n<pre><code class=\"mono\">KPIs: MTTD, MTTR, contain time, repeat offenders<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-emerald\">\n<h3>30) Q&amp;A \u2014 \u201cHunt vs Respond?\u201d<\/h3>\n<p>        <span class=\"q\">Answer:<\/span> Hunting is proactive\u2014look for faint signals\/TTPs; response is reactive\u2014contain, eradicate, recover. Both feed each other via lessons learned.\n      <\/div>\n<p>      <!-- ===================== SECTION 4 ===================== --><\/p>\n<div class=\"section-title\">Section 4 \u2014 Integrations, APIs, SIEM, Cloud &amp; Automation<\/div>\n<div class=\"card bg-blue\">\n<h3>31) API Access<\/h3>\n<p>        Create API client (Client ID\/Secret) with least-privilege scopes. Use OAuth2 to obtain bearer tokens; rotate regularly.<\/p>\n<pre><code class=\"mono\"># OAuth token (pseudo)\r\nPOST \/oauth2\/token { client_id, client_secret }<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-green\">\n<h3>32) Sample API Call<\/h3>\n<p>        Query detections\/incidents and pipe to SIEM or data lake. Handle pagination and rate limits with backoff.<\/p>\n<pre><code class=\"mono\">curl -H \"Authorization: Bearer &lt;TOKEN&gt;\" \\\r\n\"https:\/\/api.crowdstrike.com\/detections\/queries\/detections\/v1\"<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-amber\">\n<h3>33) Webhooks<\/h3>\n<p>        Push new detections\/incidents to SOAR or chat for instant triage. Verify signatures; queue processing for reliability.<\/p>\n<pre><code class=\"mono\">POST \/webhooks\/falcon \u2192 enqueue \u2192 ack<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-violet\">\n<h3>34) SIEM Integrations<\/h3>\n<p>        Splunk, Sentinel, QRadar, Elastic: pull or push detections, events, and audit logs. Normalize fields; map ATT&amp;CK\/TTP tags.<\/p>\n<pre><code class=\"mono\">Parse \u2192 Enrich (host, user) \u2192 Index<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-rose\">\n<h3>35) SOAR Playbooks<\/h3>\n<p>        Auto-contain critical-severity hosts, open tickets, notify owners, and request approval for quarantine. Maintain human-in-the-loop.<\/p>\n<pre><code class=\"mono\">If severity \u2265 High \u2192 Contain + Notify + Ticket<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-cyan\">\n<h3>36) Cloud Security<\/h3>\n<p>        Monitor cloud workloads\/containers; detect runtime threats and misconfigurations. Feed findings back to engineering for hardening.<\/p>\n<pre><code class=\"mono\">K8s signals + cloud logs \u2192 detections<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-lime\">\n<h3>37) Identity &amp; Zero Trust<\/h3>\n<p>        Correlate endpoint and identity signals; enforce step-up auth or isolate risky sessions. Reduce lateral movement paths.<\/p>\n<pre><code class=\"mono\">Risk score \u2192 Conditional access policy<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-orange\">\n<h3>38) Data Lake Export<\/h3>\n<p>        Stream telemetry\/detections to storage (e.g., S3\/ADLS) for long-term analytics. Partition by date\/host for efficient queries.<\/p>\n<pre><code class=\"mono\">path: \/year=2025\/month=08\/day=26\/<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-indigo\">\n<h3>39) Reporting &amp; KPIs<\/h3>\n<p>        Exec summaries with trends, top TTPs, patch SLAs, mean time to contain, investigation backlog, false-positive rate.<\/p>\n<pre><code class=\"mono\">Board: \"Risk posture\" + \"IR velocity\"<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-emerald\">\n<h3>40) Q&amp;A \u2014 \u201cAPI Security?\u201d<\/h3>\n<p>        <span class=\"q\">Answer:<\/span> Least-privilege scopes, rotate secrets, IP-allowlist, signed webhooks, per-route quotas, and audit logs. Never embed keys in client apps.\n      <\/div>\n<p>      <!-- ===================== SECTION 5 ===================== --><\/p>\n<div class=\"section-title\">Section 5 \u2014 Operations, Governance, Tuning &amp; Interview Q&amp;A<\/div>\n<div class=\"card bg-blue\">\n<h3>41) RBAC &amp; Multi-Tenant<\/h3>\n<p>        Separate roles for SOC Tier1\/2, IR, admins, and auditors. Use host groups and sites\/business units for scoping.<\/p>\n<pre><code class=\"mono\">Principle: Least privilege + separation of duties<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-green\">\n<h3>42) IR Runbooks<\/h3>\n<p>        Document steps for malware, phishing, insider, and ransomware events: detect \u2192 contain \u2192 eradicate \u2192 recover \u2192 postmortem.<\/p>\n<pre><code class=\"mono\">Include comms templates + legal\/reg shells<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-amber\">\n<h3>43) Patch &amp; Vulnerability Flow<\/h3>\n<p>        Spotlight \u2192 prioritize exploitable CVEs \u2192 ticket \u2192 deploy \u2192 verify. Track SLA by asset criticality and exposure.<\/p>\n<pre><code class=\"mono\">SLA: Critical servers &lt; 7 days<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-violet\">\n<h3>44) Performance &amp; Stability<\/h3>\n<p>        Keep sensors updated, monitor CPU\/RAM impact, and test with app owners. Maintain an exemption review board.<\/p>\n<pre><code class=\"mono\">Ring updates + A\/B testing in pilot groups<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-rose\">\n<h3>45) Business Continuity<\/h3>\n<p>        Plan for console unavailability or network isolation: local prevention remains; document offline procedures and escalation.<\/p>\n<pre><code class=\"mono\">Runbooks: offline triage + later sync<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-cyan\">\n<h3>46) Compliance Mapping<\/h3>\n<p>        Map controls to ISO\/NIST\/PCI: malware protection, logging, incident response, vulnerability management, access control.<\/p>\n<pre><code class=\"mono\">Evidence: policies, detections, tickets, reports<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-lime\">\n<h3>47) Tuning Cadence<\/h3>\n<p>        Weekly: review new detections, false positives, and new software baselines. Monthly: rules refresh, dashboards, exclusions audit.<\/p>\n<pre><code class=\"mono\">CAB approves high-impact policy changes<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-orange tight\">\n<h3>48) Production Checklist<\/h3>\n<ul>\n<li>Sensor coverage \u2265 98% endpoints<\/li>\n<li>Policy rings + rollback plan<\/li>\n<li>SIEM\/SOAR integration live<\/li>\n<li>IR runbooks tested quarterly<\/li>\n<li>Backlog &lt; SLA, KPIs trending down<\/li>\n<li>Access reviews + audit logs<\/li>\n<\/ul><\/div>\n<div class=\"card bg-indigo\">\n<h3>49) Common Pitfalls<\/h3>\n<p>        Overbroad exclusions, stale sensors, no pilot ring, ignoring identity signals, lack of ticket linkage, and weak API protection.<\/p>\n<pre><code class=\"mono\">Fix: governance + automation + metrics<\/code><\/pre>\n<\/p><\/div>\n<div class=\"card bg-emerald qa\">\n<h3>50) Interview Q&amp;A \u2014 20 Practical Questions (Expanded)<\/h3>\n<p><b>1) Falcon value prop?<\/b> Behavior-driven prevention + rich telemetry + fast IR.<\/p>\n<p><b>2) IOA vs IOC?<\/b> IOA = behavior\/pattern; IOC = specific artifact (hash, IP, domain).<\/p>\n<p><b>3) Policy rings?<\/b> Pilot in detect, measure, then enforce prevent in phases.<\/p>\n<p><b>4) Reduce false positives?<\/b> Targeted exclusions, validate reputation, and monitor drift.<\/p>\n<p><b>5) MITRE mapping?<\/b> Detections carry tactic\/technique for triage and reporting.<\/p>\n<p><b>6) What\u2019s RTR?<\/b> Secure remote shell for triage\/response with audit controls.<\/p>\n<p><b>7) When to contain?<\/b> Lateral movement risk or active C2; prioritize critical assets.<\/p>\n<p><b>8) Spotlight prioritization?<\/b> Exploitability, external exposure, business criticality.<\/p>\n<p><b>9) Identity signals?<\/b> Detect credential abuse, abnormal authentications, path risks.<\/p>\n<p><b>10) SIEM integration?<\/b> Centralize detections\/telemetry, correlation, and retention.<\/p>\n<p><b>11) Webhooks vs polling?<\/b> Webhooks for near-real-time, polling for backfills.<\/p>\n<p><b>12) API security?<\/b> Rotate secrets, scope tokens, store in vault, IP allowlist.<\/p>\n<p><b>13) Telemetry privacy?<\/b> Limit PII, RBAC, logging, and data export governance.<\/p>\n<p><b>14) Endpoint performance?<\/b> Keep sensors current; test with heavy apps; monitor.<\/p>\n<p><b>15) Custom IOA use?<\/b> Enforce org-specific controls (e.g., block unsigned scripts).<\/p>\n<p><b>16) KPI examples?<\/b> MTTD\/MTTR, contain time, patch SLA, repeat detections.<\/p>\n<p><b>17) Ransomware response?<\/b> Contain, snapshot\/backup check, isolate shares, IR playbook.<\/p>\n<p><b>18) Cloud workload?<\/b> Enable runtime visibility; integrate with cloud logs.<\/p>\n<p><b>19) Change management?<\/b> CAB review, staged rollout, rollback tested.<\/p>\n<p><b>20) Pitfall to avoid?<\/b> Blanket exclusions and skipping post-incident lessons learned.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>CrowdStrike Falcon Pocket Book \u2014 Uplatz 50 deep-dive flashcards \u2022 Wide layout \u2022 Fewer scrolls \u2022 20+ Interview Q&amp;A \u2022 Readable code examples Section 1 \u2014 Fundamentals 1) What is <span class=\"readmore\"><a href=\"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/\">Read More &#8230;<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":4868,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2547,2462],"tags":[],"class_list":["post-4821","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-crowdstrike-falcon","category-pocket-book"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CrowdStrike Falcon Pocket Book | Uplatz Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CrowdStrike Falcon Pocket Book | Uplatz Blog\" \/>\n<meta property=\"og:description\" content=\"CrowdStrike Falcon Pocket Book \u2014 Uplatz 50 deep-dive flashcards \u2022 Wide layout \u2022 Fewer scrolls \u2022 20+ Interview Q&amp;A \u2022 Readable code examples Section 1 \u2014 Fundamentals 1) What is Read More ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/\" \/>\n<meta property=\"og:site_name\" content=\"Uplatz Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Uplatz-1077816825610769\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-26T13:04:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-27T02:45:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Blog-solid-color-images-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"uplatzblog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@uplatz_global\" \/>\n<meta name=\"twitter:site\" content=\"@uplatz_global\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"uplatzblog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/\"},\"author\":{\"name\":\"uplatzblog\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/person\\\/8ecae69a21d0757bdb2f776e67d2645e\"},\"headline\":\"CrowdStrike Falcon Pocket Book\",\"datePublished\":\"2025-08-26T13:04:21+00:00\",\"dateModified\":\"2025-08-27T02:45:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/\"},\"wordCount\":1259,\"publisher\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Blog-solid-color-images-1.png\",\"articleSection\":[\"CrowdStrike Falcon\",\"Pocket Book\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/\",\"name\":\"CrowdStrike Falcon Pocket Book | Uplatz Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Blog-solid-color-images-1.png\",\"datePublished\":\"2025-08-26T13:04:21+00:00\",\"dateModified\":\"2025-08-27T02:45:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/#primaryimage\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Blog-solid-color-images-1.png\",\"contentUrl\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/Blog-solid-color-images-1.png\",\"width\":1280,\"height\":720,\"caption\":\"CrowdStrike Falcon Pocket Book\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/crowdstrike-falcon-pocket-book\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CrowdStrike Falcon Pocket Book\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/\",\"name\":\"Uplatz Blog\",\"description\":\"Uplatz is a global IT Training &amp; Consulting company\",\"publisher\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#organization\",\"name\":\"uplatz.com\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/11\\\/Uplatz-Logo-Copy-2.png\",\"contentUrl\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/11\\\/Uplatz-Logo-Copy-2.png\",\"width\":1280,\"height\":800,\"caption\":\"uplatz.com\"},\"image\":{\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/Uplatz-1077816825610769\\\/\",\"https:\\\/\\\/x.com\\\/uplatz_global\",\"https:\\\/\\\/www.instagram.com\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/7956715?trk=tyah&amp;amp;amp;amp;trkInfo=clickedVertical:company,clickedEntityId:7956715,idx:1-1-1,tarId:1464353969447,tas:uplatz\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/uplatz.com\\\/blog\\\/#\\\/schema\\\/person\\\/8ecae69a21d0757bdb2f776e67d2645e\",\"name\":\"uplatzblog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g\",\"caption\":\"uplatzblog\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CrowdStrike Falcon Pocket Book | Uplatz Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/","og_locale":"en_US","og_type":"article","og_title":"CrowdStrike Falcon Pocket Book | Uplatz Blog","og_description":"CrowdStrike Falcon Pocket Book \u2014 Uplatz 50 deep-dive flashcards \u2022 Wide layout \u2022 Fewer scrolls \u2022 20+ Interview Q&amp;A \u2022 Readable code examples Section 1 \u2014 Fundamentals 1) What is Read More ...","og_url":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/","og_site_name":"Uplatz Blog","article_publisher":"https:\/\/www.facebook.com\/Uplatz-1077816825610769\/","article_published_time":"2025-08-26T13:04:21+00:00","article_modified_time":"2025-08-27T02:45:08+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Blog-solid-color-images-1.png","type":"image\/png"}],"author":"uplatzblog","twitter_card":"summary_large_image","twitter_creator":"@uplatz_global","twitter_site":"@uplatz_global","twitter_misc":{"Written by":"uplatzblog","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/#article","isPartOf":{"@id":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/"},"author":{"name":"uplatzblog","@id":"https:\/\/uplatz.com\/blog\/#\/schema\/person\/8ecae69a21d0757bdb2f776e67d2645e"},"headline":"CrowdStrike Falcon Pocket Book","datePublished":"2025-08-26T13:04:21+00:00","dateModified":"2025-08-27T02:45:08+00:00","mainEntityOfPage":{"@id":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/"},"wordCount":1259,"publisher":{"@id":"https:\/\/uplatz.com\/blog\/#organization"},"image":{"@id":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/#primaryimage"},"thumbnailUrl":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Blog-solid-color-images-1.png","articleSection":["CrowdStrike Falcon","Pocket Book"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/","url":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/","name":"CrowdStrike Falcon Pocket Book | Uplatz Blog","isPartOf":{"@id":"https:\/\/uplatz.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/#primaryimage"},"image":{"@id":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/#primaryimage"},"thumbnailUrl":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Blog-solid-color-images-1.png","datePublished":"2025-08-26T13:04:21+00:00","dateModified":"2025-08-27T02:45:08+00:00","breadcrumb":{"@id":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/#primaryimage","url":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Blog-solid-color-images-1.png","contentUrl":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2025\/08\/Blog-solid-color-images-1.png","width":1280,"height":720,"caption":"CrowdStrike Falcon Pocket Book"},{"@type":"BreadcrumbList","@id":"https:\/\/uplatz.com\/blog\/crowdstrike-falcon-pocket-book\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/uplatz.com\/blog\/"},{"@type":"ListItem","position":2,"name":"CrowdStrike Falcon Pocket Book"}]},{"@type":"WebSite","@id":"https:\/\/uplatz.com\/blog\/#website","url":"https:\/\/uplatz.com\/blog\/","name":"Uplatz Blog","description":"Uplatz is a global IT Training &amp; Consulting company","publisher":{"@id":"https:\/\/uplatz.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/uplatz.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/uplatz.com\/blog\/#organization","name":"uplatz.com","url":"https:\/\/uplatz.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/uplatz.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2016\/11\/Uplatz-Logo-Copy-2.png","contentUrl":"https:\/\/uplatz.com\/blog\/wp-content\/uploads\/2016\/11\/Uplatz-Logo-Copy-2.png","width":1280,"height":800,"caption":"uplatz.com"},"image":{"@id":"https:\/\/uplatz.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Uplatz-1077816825610769\/","https:\/\/x.com\/uplatz_global","https:\/\/www.instagram.com\/","https:\/\/www.linkedin.com\/company\/7956715?trk=tyah&amp;amp;amp;amp;trkInfo=clickedVertical:company,clickedEntityId:7956715,idx:1-1-1,tarId:1464353969447,tas:uplatz"]},{"@type":"Person","@id":"https:\/\/uplatz.com\/blog\/#\/schema\/person\/8ecae69a21d0757bdb2f776e67d2645e","name":"uplatzblog","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7f814c72279199f59ded4418a8653ad15f5f8904ac75e025a4e2abe24d58fa5d?s=96&d=mm&r=g","caption":"uplatzblog"}}]}},"_links":{"self":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts\/4821","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/comments?post=4821"}],"version-history":[{"count":2,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts\/4821\/revisions"}],"predecessor-version":[{"id":4869,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/posts\/4821\/revisions\/4869"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/media\/4868"}],"wp:attachment":[{"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/media?parent=4821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/categories?post=4821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/uplatz.com\/blog\/wp-json\/wp\/v2\/tags?post=4821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}