Endpoint Security, CrowdStrike, Sensor Tagging

How to install and uninstall CrowdStrike manually

Systems

CrowdStrike

Affected Customers

University of Illinois IT Pros leveraging Technology Services CrowdStrike

Actions

General Information

CrowdStrike has the ability to apply one or more "tags" to a given host during or after installation. These tags can be used to filter endpoints in the CrowdStrike console and even assign them to a dynamic group.

Tags are supported for: Tags must meet the following requirements:

Windows Sensor Tagging

Assigning Sensor Tags During Installation

The GROUPING_TAGS command-line option can be used during sensor installation to assign one or more "tags" to a Windows endpoint within CrowdStrike. This tag can be used to filter Windows endpoints in the CrowdStrike console and even assign them to a dynamic group.

Example: WindowsSensor.exe /install /norestart CID=<your CID> GROUPING_TAGS="Admin,Production"

Assigning Sensor Tags Post-installation Via Registry Key
  1. Locate the following registry key in the Windows Registry Editor:
    • HKEY_LOCAL_MACHINE\SYSTEM\CrowdStrike\{9b03c1d9-3138-44ed-9fae-d9f4c034b88d}\{16e0423f-7058-48c9-a204-725362b67639}\Default
  2. Determine if the GroupingTags value name is present.
    • If so, proceed to the next step.
    • If not, create a new string value: GroupingTags
  3. Add or edit the tags for this host in the GroupingTags value data field.
  4. Reboot. If a restart is not feasible, the tags will be updated when the sensor is next upgraded or downgraded.

As an example, the screenshot below shows the GroupingTags value data that will set two tags: “Admin” and “Production”.

WinGroupingTags.png

Assigning or Modifying Sensor Tags Via Command-Line

You can use the reg set command to set or modify the Windows registry key described above.

Examples:

Note: Any change of the GroupingTags requires a sensor restart for the change to take effect. If a restart is not feasible, the tags will be updated when the sensor is next upgraded or downgraded.

macOS Sensor Tagging

The grouping-tags command-line option can be used post-installation to assign one or more "tags" to a macOS endpoint within CrowdStrike. This tag can be used to filter macOS endpoints in the CrowdStrike console and even assign them to a dynamic group.

Examples:

Note: Any change of the tags value done with falconctl requires a sensor restart for the change to take effect.

Linux Sensor Tagging

The --tags command-line option can be used to assign one or more "tags" to a Linux endpoint within CrowdStrike. This tag can be used to filter Linux endpoints in the CrowdStrike console and even assign them to a dynamic group.

Examples:

Note: Any change of the tags value done with falconctl requires a sensor restart for the change to take effect.

Support


Contact the EPS team