How to Manage Policies in Falcon

Introduction

This post will cover some basic steps and concepts of managing policies in the Falcon Platform. It is often necessary to have multiple policies to manage a dynamic organization. We’ll cover basic policy creation, policy settings and adding devices to a policy in this document.

 

Video

Prerequisites

There are no specific requirements other than to have an installation of the Falcon product and sensors deployed. For more information on how to deploy a sensor, please see other articles in the Tech Center for specific guidance.

Steps

Navigate to the “Configuration” app and select “Prevention Policies”.

Prevention Policy Page

In our scenario we’ll create a policy to lock down the servers in an organization. To do this select the “add new policy button.

Add new policy button

After clicking the “Add New Policy” a “Policy Details” page will open.

add policy window

Add a name, in this case we’ll call the policy “Servers” and have them added manually. Add a description and select “create”

Upon policy creation, the “Policy Settings” page will open so that each settings can be enabled/disabled according to the needs of the policy. In this case enable all the settings and set the ML slider to “aggressive” since this policy will apply to servers. When policy settings are complete save then confirm the changes. Before adding members, enable the policy.

save policy settings

Note: enable the policy by selecting the check mark above the save button.

To add members to the policy navigate to the “Add Members” tab located to the right of the “Policy Settings” tab.

On the “Add Members” tab use the filter settings at the top of the page to identify servers in my organization.

Add members tab

Once the systems have been filtered (if necessary) select the checkbox next to the host to add to the new policy. Then click the “Assign to Policy” button.

select and assign to policy

Verify that the systems have been added to the policy select the current members tab.

policy members tab

At this point the policy has been created and enabled with the settings selected saved. Finally members have been added to the policy.

Conclusion

Falcon provides all the necessary management tools, whether a small to medium sized business or large enterprise.

More resources

 

Stop Breaches with CrowdStrike Falcon request a live demo