crowd strike Charlotte AI today's adversaries are moving fast to stay ahead security teams need to move even faster Charlotte AI is a generative AI assistant that spans the crowd strike Falcon platform helping security teams streamline workflows with speed and confidence with Charlotte AI analysts can query their environments using plain language prompts or FastTrack investig ations with embedded AI across the Falcon platform we've always said organizations don't have a malware problem they have an adversary problem scattered spider is a well-known threat actor tracked by crowd strike after hearing about a recent attack the analyst wants to understand this threat actor tradecraft and their organization's exposure start by opening a Charlotte AI prompt book a collection of pre-built queries tailored for specific tasks then customize an adversary summary prompt book to focus on scattered spider and run four prompts with a single click in seconds Charlotte AI correlates information from various Falcon modules constructing a comprehensive summary of scattered spiders tradecraft a table of recent detections and a list of open vulnerabilities in their environment AI doesn't have to be a black box the analyst can even inspect the exact data sources and API calls used by Shar Scarlet AI ensuring every answer is transparent and verifiable to investigate one of the detections the analyst clicks on the link provided and opens the detection in Falcon endpoint security the process table reveals a malicious process executed alongside suspicious Powershell scripts signaling potential adversary activity detection triage with Charlotte AI automatically analyzes prioritizes and summarizes detections within minutes helping analysts focus on what Matters Most by delivering expert driven recommendations and assigning escalation priority scores detection triage streamlines workflows reduces response times and empowers analysts to address critical threats with confidence and efficiency if the analyst isn't familiar with the script or its commands they can invoke Charlotte AI to assist by clicking analyze with Charlotte AI in seconds Charlotte AI generates a step-by-step plain language explanation breaking down how the script invokes Powershell to execute an encoded string a common malware obfuscation technique from here the analyst can also view this incident in the Falcon next gen Sim incident workbench the workbench provides an interactive visual map of the connections between users devices and triggering events helping the analyst quickly understand the scope of the incident using the embedded investigate with Charlotte AI feature the analyst can seamlessly invoke Charlotte AI to summarize the incident in plain language Charlotte AI is purpose-built to understand what security teams are looking for and has the expertise to know exactly where to look for it helping organizations realize the full value of their Falcon platform and turbocharged security workflows with industry-leading AI ready to stop breaches even faster contact us to learn how you can stop breaches with Charlotte AI