How to Manage Policies in Falcon


This post will cover some basic steps and concepts of managing policies in the Falcon Platform.  It is often necessary to have multiple policies to manage a dynamic organization.  We’ll cover basic policy creation, policy settings and adding devices to a policy in this document.



Read Video Transcript


There are no specific requirements other than to have an installation of the Falcon product and sensors deployed.  For more information on how to deploy a sensor, please see other articles in the Tech Center for specific guidance.


Navigate to the “Configuration” app and select “Prevention Policies”.

Prevention Policy Page

In our scenario we’ll create a policy to lock down the servers in an organization.  To do this select the “add new policy button.

Add new policy button

After clicking the “Add New Policy” a “Policy Details” page will open.

add policy window

Add a name, in this case we’ll call the policy “Servers” and have them added manually.  Add a description and select “create”

Upon policy creation, the “Policy Settings” page will open so that each settings can be enabled/disabled according to the needs of the policy.  In this case enable all the settings and set the ML slider to “aggressive” since this policy will apply to servers.  When policy settings are complete save then confirm the changes.  Before adding members, enable the policy.

save policy settings

Note: enable the policy by selecting the check mark above the save button.

To add members to the policy navigate to the “Add Members” tab located to the right of the “Policy Settings” tab.

On the “Add Members” tab use the filter settings at the top of the page to identify servers in my organization.

Add members tab

Once the systems have been filtered (if necessary) select the checkbox next to the host to add to the new policy.  Then click the “Assign to Policy” button.

select and assign to policy

Verify that the systems have been added to the policy select the current members tab.

policy members tab

At this point the policy has been created and enabled with the settings selected saved.  Finally members have been added to the policy.


Falcon provides all the necessary management tools, whether a small to medium sized business or large enterprise.

More resources

CrowdStrike Falcon Free Trial

Try CrowdStrike Free for 15 Days Get Started with A Free Trial