This post will cover some basic steps and concepts of managing policies in the Falcon Platform. It is often necessary to have multiple policies to manage a dynamic organization. We’ll cover basic policy creation, policy settings and adding devices to a policy in this document.
There are no specific requirements other than to have an installation of the Falcon product and sensors deployed. For more information on how to deploy a sensor, please see other articles in the Tech Center for specific guidance.
Navigate to the “Configuration” app and select “Prevention Policies”.
In our scenario we’ll create a policy to lock down the servers in an organization. To do this select the “add new policy button.
After clicking the “Add New Policy” a “Policy Details” page will open.
Add a name, in this case we’ll call the policy “Servers” and have them added manually. Add a description and select “create”
Upon policy creation, the “Policy Settings” page will open so that each settings can be enabled/disabled according to the needs of the policy. In this case enable all the settings and set the ML slider to “aggressive” since this policy will apply to servers. When policy settings are complete save then confirm the changes. Before adding members, enable the policy.
Note: enable the policy by selecting the check mark above the save button.
To add members to the policy navigate to the “Add Members” tab located to the right of the “Policy Settings” tab.
On the “Add Members” tab use the filter settings at the top of the page to identify servers in my organization.
Once the systems have been filtered (if necessary) select the checkbox next to the host to add to the new policy. Then click the “Assign to Policy” button.
Verify that the systems have been added to the policy select the current members tab.
At this point the policy has been created and enabled with the settings selected saved. Finally members have been added to the policy.
Falcon provides all the necessary management tools, whether a small to medium sized business or large enterprise.