How to Manage Updates in Falcon

Introduction

The Falcon Sensor updated is automated through CrowdStrike.  Updating a sensor takes no effort on the part of the users. Allowing the sensor to be updated automatically introduces new detection capabilities and feature enhancements.  However, CrowdStrike Falcon does allow customers to create groups of machines and then use those groups to manage sensor updates.  This document is intended to show the user how to create new groups, select devices and assign them to the new group.

Prerequisites

There are no special users or operating systems needed to add a system to a group but having managed device in the Falcon UI is required.  For more information on how to add a sensor to a please see the “How to install the Falcon Sensor” document in the tech center.

Step 1: Creating a new group

In the Falcon UI navigate to the “Devices App” then select the “Deployment Groups”.

 

On the Groups page there is the “Default Group”. Devices in the default group are initially set to “auto update”.

Deployment-groups-tab

 

Selecting the down arrows for each sensor type, Windows, Mac or Linux, will allow specific configuration for the sensor version and the release version desired.

To add a new Group select the “plus” sign in the Release Groups section.

add-group

 

Type in the name of the new group you’d like to create and then select the sensor versions you’d like systems in this group to be assigned.  You have the option to select the sensor version for Windows, Mac, and Linux operating systems.  When you are finished making your selections and naming your group click the “Apply” button.

add-new-group

The newly created group will be listed alphabetically in the “Name” column and a notification will appear noting that your group was created successfully.

release-group-confirmation-window

You will also notice that there are no systems that have been added to this group at this point.

Step 2: Add a system to the release group

Next we need to add a system or multiple systems to the newly created release group.  To do this select the Hosts Management tab.  On the Devices tab the systems are listed alphabetically by default.  Select the systems for the desired release group or select from filters at the top of the page to narrow the scope of systems listed.

selected-systems-to-add

Check the box next to the names of the host you’d like to add to the newly created release group.  Then select the “assign to release group” button at the top.

 

select-systems-and-assign

In the “Assign Release Group” window select the newly created release group, and select “confirm” on the bottom right.

 

assign-systems-to-release-group

A confirmation window will appear with a summary of the changes, if the changes are correct click “Continue”

change-summary-window

After clicking “Continue” a confirmation will appear.

 

Step 3: Confirm that the system has been added to the new group

Navigate back to the “Deployment Groups” tab and location the newly created Release Group and select the Release Group name in the color Blue.  The new group will open with the previously selected hosts.

Device-group-with-new-systems

Conclusion

While it is recommended that the sensor is updated to take advantage of the extra feature enhancements and improved protection and detection capabilities, we recognize that some customers would like to control this aspect.  Creating release groups allows customers this level of granularity and control over their environment.

More resources

 

 

Stop Breaches with CrowdStrike Falcon request a live demo