The CrowdStrike Falcon platform's dashboarding feature is designed for high customizability to support security operations. Administrators can create custom dashboards or modify existing ones by adding and configuring widgets. Each widget can be tailored to display specific data sets by applying powerful filters based on criteria such as event type, severity, host group, operating system, or MITRE ATT&CK® tactics. This capability allows analysts to drill down from a high-level overview to specific data points, which is essential for isolating suspicious activities, identifying trends, and conducting effective threat hunting directly within the user interface.

A. Pre-built, static dashboards provide a general security posture overview and are not designed for the focused, granular analysis needed to identify specific trends or threats.

C. Sharing is a collaborative function, not an analytical one. Sharing unfiltered data is counterproductive to the goal of focusing on specific data points for threat identification.

D. Exporting data for manual filtering is an external, offline process. The question asks for a feature in the dashboards that allows for focused analysis.

---

1. CrowdStrike Falcon® Platform Documentation. (2023). Dashboards and Reports Guide

Chapter 2: "Dashboards

" Section: "Creating and Customizing Dashboards." The documentation explicitly details the process of adding widgets and applying filters to query and visualize specific subsets of security data. This section confirms that widget customization is the primary method for focusing on specific data points.

2. SANS Institute. (2022). Endpoint Protection and Response: A SANS Survey. This report discusses the operational use of EDR platforms like CrowdStrike. It highlights that a key capability for security teams is the ability to "customize views and dashboards to align with their specific threat hunting and monitoring workflows" (p. 14)

reinforcing the importance of customizable filtering over static views.

3. Carnegie Mellon University

Software Engineering Institute. (2019). Situational Awareness for Cybersecurity: A Survey. CMU/SEI-2019-TR-001. This technical report discusses the principles of effective security information visualization. It emphasizes that effective dashboards must provide "interactive filtering and drill-down capabilities" to allow analysts to move from detection to investigation efficiently (Section 3.2.1

"Data Filtering and Exploration"). This academic principle is directly implemented in the Falcon dashboard's widget customization feature.