File Activity Next to Falcon Telemetry
Files.com sends a record of every login, upload, download, permission change, automation run, and API call into CrowdStrike the moment it happens. File activity lands alongside the endpoint, identity, and threat-intelligence data your team already watches in Falcon, so a suspicious transfer correlates with what the endpoint was doing at the same moment.