Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
CrowdStrike Falcon
FIN-590
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-06 18:14
Verified
What It Detects
The Falcon sensor has not checked in for 30+ days AND the asset has known CVE vulnerabilities. This creates compound risk because the stale sensor means the asset cannot be remotely managed, patched, or monitored — and it has known vulnerabilities that require remediation. Patch deployments, sensor updates, and policy changes cannot reach this asset, leaving the CVEs permanently unaddressed until the sensor connectivity is restored.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Last Time Seen
older_than_days
30
CVE List
not_empty
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
×
+ Add item
Save Changes
Export Lucidum