Endpoint Security, CrowdStrike, Getting Started with CrowdStrike

How to set up your unit for use of CrowdStrike Falcon.

Provisioning

CrowdStrike is managed centrally by Technology Services Security for colleges and units affiliated with the Urbana campus and System Offices. Before requesting provisioning, determine the management model your college or unit will use. See Endpoint Security, CrowdStrike, Management Models for information on the options available. An account is not required to provision CrowdStrike for the Community instance.

Once the management model has been decided, submit a provisioning request, selecting CrowdStrike from the 'Service' dropdown and Provision from the 'Request Type' dropdown, and completing all fields. The Endpoint Services team will send a reply confirming the service or requesting more information.

For Named instances, determine which IT professionals should have accounts, and which roles to assign to them. See Endpoint Security, CrowdStrike, Roles for a listing of the roles available.

Installation

The CrowdStrike sensor may be installed either manually or via Munki and MECM, as provided by EPS. See the below documentation for details on each method.

Consider using sensor tagging at install to make organization easier. See Endpoint Security, CrowdStrike, Sensor Tagging for details.

Management

Once your account has been created, log into the CrowdStrike console at https://falcon.crowdstrike.com/login/ with your university email address.

In order to properly respond to threats, all hosts must at a minimum have an assigned prevention policy and sensor update policy. Depending on the management model your unit chose, responsibilities will vary. See Endpoint Security, CrowdStrike, Security Best Practices for additional advice.

All policies require hosts to be assigned to groups before they can be applied. See the below official documentation for details (login required).

Community

Prevention and sensor update policies are set centrally. No configuration required.

Named

Prevention policies are set centrally. Sensor update policies should be set by users with the Endpoint Manager role. Central policies may be applied if desired.

Self-Managed

Prevention policies should be set by users with the Falcon Administrator role. Sensor update policies should be set by users with either the Falcon Administrator or Endpoint Manager role. In either case, central policies may be applied if desired.


Contact the EPS team




Keywords:falcon, antivirus, malware, instance, cid, cids, community, named, self-managed, provision, provisioning, install, installing, installation, console, EPS, windows, mac, macos, linux, prevention, sensor, update, policy, policies, TechS-EPS-CS   Doc ID:106593
Owner:Security S.Group:University of Illinois Technology Services
Created:2020-10-12 11:35 CSTUpdated:2020-10-22 11:32 CST
Sites:University of Illinois Technology Services
Feedback:  0   0