🛡️

Charlotte AI: See Charlotte AI in Action

May 15, 2025

Lecture: Charlotte AI and Modern Cybersecurity

Introduction

  • Overview of Adversaries:
    • Modern cyber adversaries are fast and evolving.
    • Security teams must be even faster to counteract threats.

What is Charlotte AI?

  • Generative AI Assistant:
    • Integrated across the CrowdStrike Falcon platform.
    • Aids in streamlining security workflows with speed and reliability.
  • Capabilities:
    • Allows analysts to query environments with natural language prompts.
    • Accelerates investigations with embedded AI functionality.

Key Concepts and Features

  • Adversary Problem vs. Malware Problem:
    • Emphasis on adversaries being the issue, not just malware.
  • Scattered Spider Threat Actor:
    • Notable adversary tracked by CrowdStrike.
    • Analysts can use Charlotte AI to gather insights on their methods and exposure.
  • Charlotte AI Prompt Book:
    • Collection of pre-built queries for specific tasks.
    • Customizable to focus on specific threats like Scattered Spider.
  • Query and Analysis:
    • Execute multiple prompts with one click to get comprehensive summaries.
    • Transparency with exact data sources and API calls used in queries.

Detection and Response

  • Detection Triaging:
    • Analyzes, prioritizes, and summarizes detections in minutes.
    • Provides expert-driven recommendations and prioritization scores.
  • Efficiency and Focus:
    • Streamlines workflows.
    • Reduces response times.
    • Empowers analysts to handle critical threats efficiently.

Script Analysis

  • PowerShell Script Detection:
    • Malicious processes and suspicious scripts identified by Charlotte AI.
    • Provides step-by-step plain language explanations of scripts using common malware techniques.

Incident Investigation

  • Falcon Next Gen SIM Incident Workbench:
    • Interactive visual map for incident connections.
    • Facilitates understanding of the incident's scope.
    • Summarization of incidents in plain language.

Conclusion

  • Benefits of Charlotte AI:
    • Purpose-built for understanding security team needs.
    • Leverages AI to maximize Falcon platform capabilities.
    • Enhances security team workflows and speeds up breach prevention.

Contact Information

  • For further engagement and learning about stopping breaches with Charlotte AI.

These notes summarize the features and capabilities of Charlotte AI as discussed in the lecture, focusing on its application within cybersecurity operations and its role in enhancing the efficiency of security teams.

Deep Dive

AI Prompt Book:

  • Collection of pre-built queries for specific tasks.
    • The Charlotte AI Prompt Book is a collection of pre-built queries designed to streamline investigations and analysis within the CrowdStrike Falcon platform.
    • Think of it as a library of ready-to-use search templates, tailored for specific security tasks.
    • Instead of writing complex queries from scratch, analysts can select a pre-built prompt, customize it as needed, and run it against their environment.
    • This significantly speeds up the investigation process.

Full transcript