CrowdStrike Falcon Spotlight delivers live vulnerability visibility through the existing endpoint agent, ranks risks with exploit intelligence, and pushes findings into ServiceNow for automated tickets and patch-confirmation. Coverage spans workstations, servers, and cloud and container workloads, yet lacks credentialed network scans for legacy devices. The feature set is strong but not as all-inclusive as the very top tier.

The lightweight Falcon sensor runs on Windows, macOS, Linux and cloud workloads, giving Spotlight data via a single agent. Image-registry hooks extend coverage to container environments for vulnerability assessment. Out-of-the-box integrations send findings to ServiceNow CMDB and leading SIEMs, and the platform offers SAML SSO for easy identity federation

Security teams get an intuitive browser-based dashboard that highlights vulnerabilities by severity in real time, and users report it is easy to navigate with little training. Analysts can move from fleet-wide views to a single host in a few clicks and see up-to-date data without waiting for periodic scans. The UI does not provide fully guided remediation wizards, so its overall usability sits just below the very top tier.

CrowdStrike offers 24 × 7 phone and chat help, and higher-tier plans include a technical account manager for focused guidance. Spotlight sensors refresh vulnerability data within a few hours of publication, so teams see new issues well inside a weekly cadence. An online portal packed with articles and videos supports quick self-service for everyday questions