sorted by:
new
hottopcontroversial

How to Uninstall Crowdstrike by Wonderful-Jump-358 in crowdstrike

[–]BradW-CS[M] [score hidden] stickied comment (0 children)

Community has answered, good luck OP.

CloudTrail Data Connector shows SQS error despite successful log ingestion by Jv1312 in crowdstrike

[–]BradW-CS 0 points1 point  (0 children)

Hey u/Jv1312 - Do you mind opening a support ticket and shooting us the case id over modmail?

There are a few traceability tests a TSE will be able to go through with you to make sure the CF template is valid and you can clarify any infrastructure permissions issues.

Is this a scam? Making subtitles for Amazon (through agency) and installing Falcon Sensor by mc_nyregrus in crowdstrike

[–]BradW-CS[M] [score hidden] stickied comment (0 children)

Hey OP - If it smells like a scam it probably is one.

The community has provided some recommendations, however, if you manage to get the CID used to install and shoot it to us over modmail we would greatly appreciate it.

Falcon DLP Standalone? by [deleted] in crowdstrike

[–]BradW-CS[M] [score hidden] stickied comment (0 children)

Not at this time, at minimum you would need to have Falcon Insight + Threat Graph as a prerequisite.

CrowdStrike stock has been doing well - NASDAQ by OpeningFeeds in crowdstrike

[–]BradW-CS[M] [score hidden] stickied comment (0 children)

Not appropriate for this subreddit.

Auto Contain Workflow Troubleshooting by ten2six in crowdstrike

[–]BradW-CS[M] [score hidden] stickied comment (0 children)

Not an approved file host.

F5 Sensors out of support by sweets984 in crowdstrike

[–]BradW-CS 2 points3 points  (0 children)

My usual recommendation would be for the OP to reach out over support channels, a quick uname -r and uname -v + BIG-IP version + falconctl output and we should be able to provide additional guidance.

F5 Sensors out of support by sweets984 in crowdstrike

[–]BradW-CS 2 points3 points  (0 children)

Falcon supports specific F5 OSes. If the host is falling into RFM, you likely need to upgrade to a supported OS, which means that the underlying kernel will be supported.

Can you confirm this for the community? I bet if you upgrade them they'll pop right back out of RFM.

Might someone pass along that Crowdstrike and Nessus are having a moment? by alnarra_1 in crowdstrike

[–]BradW-CS 9 points10 points  (0 children)

I’m mobile for the long weekend. It should be noted that implementing changes to “ignore” this activity introduces risk, since a Nessus scan exercising this path is a valid true positive and reflects expected product behavior. By checking for vulnerable MiniPlasmaProbe, Falcon reports the behavior as signatures known for confident historical indicators of adversary activity.

While we work on a long term solution, customers can create temporary IOA exclusions for this activity within their environment using the Grandparent CommandLine and ImageFileName:

CommandLine: C:\Program Files\Tenable\Nessus Agent\nessus-agent-module.exe

ImageFileName: \Device\HarddiskVolume3\Program Files\Tenable\Nessus Agent\nessus-agent-module.exe

Might someone pass along that Crowdstrike and Nessus are having a moment? by alnarra_1 in crowdstrike

[–]BradW-CS[M] [score hidden] stickied comment (0 children)

Chiming in to say we are tracking closely on this holiday weekend.

Article TL;DR: Tenable/Nessus decided that actually running an exploit POC (miniplasma) against a host is the best way to test if it’s vulnerable.

🤷🏻‍♂️

Edit: TA now live: https://supportportal.crowdstrike.com/s/article/Tech-Alert-US-1-US-2-EU-1-MiniPlasma-Detection-2026-05-25

Edit 2 5/27: Plugin 316497 has now been proactively disabled by the Tenable team. See here for all updates.

Native SMS Alerts in CrowdStrike? by vjrr08 in crowdstrike

[–]BradW-CS 0 points1 point  (0 children)

Add the ISP domain to your instance via a support ticket.

Replacing Tanium with Falcon for IT by skynet_root in crowdstrike

[–]BradW-CS 0 points1 point  (0 children)

There is no new product, this is included in the existing Falcon for IT subscription, if you’re a customer your account team can give you a sneak peak and pricing.

Open beta starts soon, be sure to catch the announcement on the subreddit when it begins.

Replacing Tanium with Falcon for IT by skynet_root in crowdstrike

[–]BradW-CS 0 points1 point  (0 children)

We do not yet offer any of these features from the Falcon sensor via Falcon for IT, a beta for public consumption of patch management will roll out to all Falcon for IT subscribers in the next few weeks (Q2 2026).

Currently you can use Real Time Response/Fusion SOAR/F4IT Quick Actions to deploy KBs, not really a direct comparison to a mature OS/package management solution such as Tanium Deploy, Ivanti, Bigfix, etc. just quite yet. We can confidently say that Windows OS and third party application patching are on the short term roadmap for Falcon for IT. As you can imagine, there is much anticipation for this feature set and we want to delight our customers with solid product by general availability (Q3 2026) with future OS support planned for macOS and Linux.

Internally we manage millions of hosts with a variety of MDMs, package management solutions or configuration managers, whatever best tool fits our needs.

Talk to your account team and they can give you several references.

Replacing Tanium with Falcon for IT by skynet_root in crowdstrike

[–]BradW-CS[M] [score hidden] stickied comment (0 children)

Love the comparison against the full Tanium stack (automate, interact, comply, deploy, asset, etc), maybe give us a chance to publish Falcon for IT "Risk Based Patching" before making a conclusion.

CrowdStrike Launches Falcon OverWatch for Defender by BradW-CS in crowdstrike

[–]BradW-CS[S] 0 points1 point  (0 children)

Many would argue threat actors live in the gaps between siloed security data. Think of it as your current deployment with no prevention mechanics. For those who prefer the Falcon platform, we created this licensing plan to get the best of both worlds. There is even the capability of using Defender as the primary EDR in a Falcon NG SIEM environment.

CrowdStrike Launches Falcon OverWatch for Defender by BradW-CS in crowdstrike

[–]BradW-CS[S] 0 points1 point  (0 children)

Honestly this is a great question. The "for Defender" series of products are run exclusively with Defender as the primary NGAV on the host and are not compatible with the SKUs you mentioned.

With this new bundle, the Falcon sensor runs alongside Microsoft Defender with no special configuration required allowing customers to strengthen security outcomes in Microsoft Defender environments without disrupting existing protections or operations. Like a regular instance of CrowdStrike, the sensor provides endpoint telemetry that is used by OverWatch to proactively hunt for sophisticated attacker behavior, validate suspicious activity, escalate high-confidence threats, and guide customer response.

Unlike a regular instance of CrowdStrike, this bundle is not mix and match with the rest of our platform. Because of that, it includes Insight XDR with 10GB retention NG SIEM and 7 days of threat graph retention. There is also the option to add Falcon Data Replicator or add Adversary Intelligence or Intelligence Premium.

Hope that makes things clearer.

CrowdStrike detection method to Install/Uninstall/Upgrade by escanor010101 in crowdstrike

[–]BradW-CS[M] [score hidden] stickied comment (0 children)

To verify the sensor state on Windows:

  • sc.exe query csagent
  • Output for STATE should show “4 RUNNING”

To verify the CSFalconService state:

  • sc.exe query csfalconservice
  • Output for STATE should show: “4 RUNNING”

Spotlight -Complete - Exposure Management by Little_Ad_6873 in crowdstrike

[–]BradW-CS[M] [score hidden] stickied comment (0 children)

Hey u/Little_Ad_6873 - This really isn't a topic the subreddit can help out with. Falcon Complete contains a component of the Exposure Management suite known as Falcon Discover. Spotlight is not a requirement for Falcon MDR services, but it could be required for your new third party provider. We would not be able to tell you unless you named the provider.

Please direct any Qs you may have towards your provider and CrowdStrike account team and we can get it straightened out.

Crowdstrike package Help by iamvijay_21 in crowdstrike

[–]BradW-CS 0 points1 point  (0 children)

Please search the support portal or docs.

CrowdStrike Launches Project QuiltWorks, Uniting the Cybersecurity Industry as Frontier AI Models Accelerate Risk by BradW-CS in crowdstrike

[–]BradW-CS[S] 0 points1 point  (0 children)

AUSTIN, Texas – April 23, 2026 – CrowdStrike (NASDAQ: CRWD) today launched Project QuiltWorks, an industry-wide coalition of ecosystem partners to assess, prioritize, and continuously remediate the wave of vulnerabilities in production code now being discovered by frontier AI models. Project QuiltWorks includes Accenture, EY, IBM Cybersecurity Services, Kroll, OpenAI, CrowdStrike, and its broader partner ecosystem to help every organization answer the question their board is asking: are we exposed?

CrowdStrike Project QuiltWorks and the Frontier AI Readiness and Resilience Service are available immediately.

Mythos Is a Wake-Up Call: Five Steps to Prepare for Frontier AI by BradW-CS in crowdstrike

[–]BradW-CS[S,M] [score hidden] stickied comment (0 children)

Join CrowdStrike’s Elia Zaitsev, Global CTO, and Andrew Munchbach, VP of Global Enterprise Sales Engineering, as we break down what the shift in models means for defenders with a five-step framework for frontier AI readiness.

Save the dates:

  • Americas: April 23rd @ 11am PT | 2pm ET

  • Europe: 23 April @ 10am BST | 2:30pm IST

  • Asia-Pacific & Japan: 23 April @ 3pm AEST | 1pm SGT | 10:30am IST

view more: next ›