Back to Tech Center

How to Manage Policies in CrowdStrike Falcon®

CrowdStrike Tech Center

Introduction

The Falcon Agent update is automated through policy and CrowdStrike.  After setting an update policy, updating an agent takes no effort on the part of the users. Allowing the agent to be updated automatically and regularly introduces new detection capabilities and feature enhancements.  However, CrowdStrike Falcon® does allow customers to create different update policies for different groups of systems..  This document is intended to show the user how to create new groups, select devices and assign them to the new group.

Video

Read Video Transcript

Prerequisites

There are no specific requirements other than to have an installation of the Falcon product and sensors deployed.  For more information on how to deploy a sensor, please see other articles in the Tech Center for specific guidance.

Steps

In the Falcon UI navigate to the “Configuration App” then select the “Agent Update Policies.”

You will see list of the existing policies as well as a default, “auto update” policy.

Sensor Update Policy

You will notice tabs  each agent type, Windows, Mac or Linux, will allow specific configuration for the agent updates on each platform..

To add a new Policy select the “Add new policy” button  on the right.

Add new policy

After selecting the appropriate platform (Windows, Mac, and Linux), type in the name of the new policy you’d like to create and then select the agent versions you’d like systems in this group to be assigned.  When you are finished making your selections and naming your group click the “Create” button.

New Policy Details

You will then be prompted to select a set agent version OR chose to auto update systems where this new policy is applied.

Select build

You will then need to “Save” the changes to the new policy and “Enable” it when you are ready to apply it to systems.

Save and Enable

Step 2: Assign systems to the update policy

Next we need to add host groups to the newly created policy.  To do this, select “Add groups to policy” on the right.

Sensor Deployment Assignment

A window will appear with the existing host groups.  Simply check the groups that should receive this new agent update policy and select “Apply”

Assign group to update policy

Step 3: Confirm that a system has been received the new policy

Navigate back to the “Hosts App” and search for an applicable system.  From this view, you can confirm booth the agent update and prevent policies for any installed agent.

Sensor Update Policy Column

Conclusion

While it is recommended that the agent is updated to take advantage of the extra feature enhancements and improved protection and detection capabilities, we recognize that some customers need change management control.  Creating different agent update policies allows customers this level of granularity and control over their environment.

More resources

Related Content