Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
CrowdStrike Falcon
FIN-593
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-06 18:14
Verified
What It Detects
The CrowdStrike Falcon sensor on this host is operating in Reduced Functionality Mode (RFM). In RFM, the sensor continues running but loses critical detection and prevention capabilities — typically due to an unsupported kernel version, driver incompatibility, or inability to communicate with the CrowdStrike cloud. The host remains partially protected at best, with reduced visibility into process execution, file activity, and network connections.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Status
equals
rfm
Remediation
×
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum