How to Manage Policies in CrowdStrike Falcon

Introduction

This post will cover some basic steps and concepts of managing policies in the Falcon Platform.  It is often necessary to have multiple policies to manage any organization.  We’ll cover basic policy creation, policy settings and adding devices to a policy in this document.

Video

Read Video Transcript

Prerequisites

There are no specific requirements other than to have an installation of the Falcon product and sensors deployed.  For more information on how to deploy a sensor, please see other articles in the Tech Center for specific guidance.

Steps

Navigate to the “Configuration” app and select “Prevention Policies”.

Policy Config page 9-2018

In our scenario we’ll create a policy for the servers in an organization.  To do this select the “add new policy button.

add new policy button

After clicking the “Add New Policy” a “Policy Details” page will open.

New Policy Details

Add a name, in this case we’ll call the policy “Servers” and have them added manually.  Add a description and select “create”

Upon policy creation, the “Policy Settings” page will open so that each settings can be enabled/disabled according to the needs of the policy.  In this case enable all the settings and set the ML slider to ” Extra Aggressive” since this policy will apply to servers.  When policy settings are complete, save and confirm the changes.  Before adding members, enable the policy.

Policy Settings Page

Note: enable the policy by selecting the “Enable” button above the “Save” button.

To add hosts to the policy click the “Assignment” tab located to the right of the “Settings” tab.

Assignment tab

Click on the “Add groups to policy” button. Groups are created to manage the policy assignment of hosts as they are added to the organization for example, as servers are added they can automatically be assigned a server policy.  In this case we will select the previously set up server group. Groups allow for the automatic or static assignment of policies. This enables systems to automatically be assigned the correct policy as soon as the Falcon sensor is deployed instead of manually assigning each host.

Select the group, then “Apply”

Add a group to a policy

After the “Add Groups to Policy” dialogue box is closed, navigate back to the settings tab and click “Enable” in the upper right corner.  Then “Save” to make sure all changes have been saved.

Enable and save policies

At this point, the policy has been created and enabled with the selected settings saved, members have been added to the policy.

Conclusion

Falcon provides all the necessary management tools, whether a small to medium sized business or large enterprise.

More resources

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial