How to Manage Policies in CrowdStrike Falcon®
The Falcon Agent update is automated through policy and CrowdStrike. After setting an update policy, updating an agent takes no effort on the part of the users. Allowing the agent to be updated automatically and regularly introduces new detection capabilities and feature enhancements. However, CrowdStrike Falcon® does allow customers to create different update policies for different groups of systems.. This document is intended to show the user how to create new groups, select devices and assign them to the new group.
There are no specific requirements other than to have an installation of the Falcon product and sensors deployed. For more information on how to deploy a sensor, please see other articles in the Tech Center for specific guidance.
In the Falcon UI navigate to the “Configuration App” then select the “Agent Update Policies.”
You will see list of the existing policies as well as a default, “auto update” policy.
You will notice tabs each agent type, Windows, Mac or Linux, will allow specific configuration for the agent updates on each platform..
To add a new Policy select the “Add new policy” button on the right.
After selecting the appropriate platform (Windows, Mac, and Linux), type in the name of the new policy you’d like to create and then select the agent versions you’d like systems in this group to be assigned. When you are finished making your selections and naming your group click the “Create” button.
You will then be prompted to select a set agent version OR chose to auto update systems where this new policy is applied.
You will then need to “Save” the changes to the new policy and “Enable” it when you are ready to apply it to systems.
Step 2: Assign systems to the update policy
Next we need to add host groups to the newly created policy. To do this, select “Add groups to policy” on the right.
A window will appear with the existing host groups. Simply check the groups that should receive this new agent update policy and select “Apply”
Step 3: Confirm that a system has been received the new policy
Navigate back to the “Hosts App” and search for an applicable system. From this view, you can confirm booth the agent update and prevent policies for any installed agent.
While it is recommended that the agent is updated to take advantage of the extra feature enhancements and improved protection and detection capabilities, we recognize that some customers need change management control. Creating different agent update policies allows customers this level of granularity and control over their environment.
- CrowdStrike 15-Day Free Trial
- Sign up for a weekly Falcon demo
- Request a 1:1 Demo
- Guide to AV Replacement
- CrowdStrike Endpoint Security Products
How to Manage Policies on the Falcon Platform
One of the key features required to be legitimate AV replacement product is the ability to manage policies in large, complex environments. CrowdStrike Falcon® gives enterprise organizations granular control over their policies. In the UI, navigate to the configuration app and select Prevention Policies. The prevention policies page has multiple tabs, Windows policies and Mac policies.
To manage any device using Mac OS, select the Mac Policies tab and add, remove, or edit Mac policies there. We’ll walk you through basic policy creation. To do this, select the Add New Policy button. Give your policy a name. In my case, I’ll create a generic server policy. The platform will be Windows. Then select either Manual or Automatic Assignment. I’ll choose manual for this example.
Then if you’d like to fill a description, you can do so at the bottom. After selecting Create, the policy settings page will open where you can configure the policy details. This page is divided into two sections, malware protection and behavior-based prevention. Since I will lock down my servers, I’ll enable all protection. Once those are all enabled, save and confirm the changes.
Now that the policy has been configured, we’ll add systems to the policy under the Add Members tab. I’ll use the categories across the top to filter my choices. After filtering choices using the operating system, I see four systems from which to choose. I’ll select the two at the bottom, as the other two servers are domain controllers and they have their own specific policy.
I can verify that these systems have been added to the policy by selecting the Current Members tab. Once I’m satisfied with my changes, I’ll select Enable and confirm. Hitting the All Policies will take me back to the policy management page where we see the newly created policy listed at the bottom.