How to Manage Policies in CrowdStrike Falcon®
Introduction
The Falcon Agent update is automated through policy and CrowdStrike. After setting an update policy, updating an agent takes no effort on the part of the users. Allowing the agent to be updated automatically and regularly introduces new detection capabilities and feature enhancements. However, CrowdStrike Falcon® does allow customers to create different update policies for different groups of systems.. This document is intended to show the user how to create new groups, select devices and assign them to the new group.
Video
Prerequisites
There are no specific requirements other than to have an installation of the Falcon product and sensors deployed. For more information on how to deploy a sensor, please see other articles in the Tech Center for specific guidance.
Steps
In the Falcon UI navigate to the “Configuration App” then select the “Agent Update Policies.”
You will see list of the existing policies as well as a default, “auto update” policy.
You will notice tabs each agent type, Windows, Mac or Linux, will allow specific configuration for the agent updates on each platform..
To add a new Policy select the “Add new policy” button on the right.
After selecting the appropriate platform (Windows, Mac, and Linux), type in the name of the new policy you’d like to create and then select the agent versions you’d like systems in this group to be assigned. When you are finished making your selections and naming your group click the “Create” button.
You will then be prompted to select a set agent version OR chose to auto update systems where this new policy is applied.
You will then need to “Save” the changes to the new policy and “Enable” it when you are ready to apply it to systems.
Step 2: Assign systems to the update policy
Next we need to add host groups to the newly created policy. To do this, select “Add groups to policy” on the right.
A window will appear with the existing host groups. Simply check the groups that should receive this new agent update policy and select “Apply”
Step 3: Confirm that a system has been received the new policy
Navigate back to the “Hosts App” and search for an applicable system. From this view, you can confirm booth the agent update and prevent policies for any installed agent.
Conclusion
While it is recommended that the agent is updated to take advantage of the extra feature enhancements and improved protection and detection capabilities, we recognize that some customers need change management control. Creating different agent update policies allows customers this level of granularity and control over their environment.
More resources
