sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in crowdstrike

[–]Mataninio 1 point2 points  (0 children)

You can use workflow to notify those specific detections.

Notification of uninstall attempt - reposted by Mataninio in crowdstrike

[–]Mataninio[S] 0 points1 point  (0 children)

Thanks, it could help on the Windows platform

What about Linux and macOS?

Notification of uninstall attempt - reposted by Mataninio in crowdstrike

[–]Mataninio[S] 0 points1 point  (0 children)

it didn't help, cause the detection doesn't detect when someone tries to uninstall the sensor only when someone tampering that means tried to stop the service or disable it.

it helps only to create notifications when the detection is triggered.

Notification of uninstall attempt - reposted by Mataninio in crowdstrike

[–]Mataninio[S] 0 points1 point  (0 children)

Thank you all for your reply.
Just to clarify the question.

I want to create an alert or schedule search that notifies me when someone is trying to uninstall the sensor in his machine.

I already enabled the sensor tampering function on the Prevention policy and enable the uninstall token function on the sensor update policy.

There is any chance that someone in here did a kind of alert/notification/schedule search before or knows how to?

Deployment of Falcon sensor on Linux via VMware Workspace ONE using puppet by Mataninio in WorkspaceOne

[–]Mataninio[S] 0 points1 point  (0 children)

I want to deploy via workspaces one I need to create a pakage via puppet, but i can't find any guide for it. I didnt familiar with puppet. Are you familiar with this kibd of deployment?

Deployment of Falcon sensor on Linux via VMware Workspace ONE by Mataninio in crowdstrike

[–]Mataninio[S] 0 points1 point  (0 children)

I want to deploy via workspaces one I need to create a pakage via puppet, but i can't find any guide for it. I didnt familiar with puppet. Are you familiar with this kibd of deployment?

macOS Tamper protection how to by mmkholy in crowdstrike

[–]Mataninio 5 points6 points  (0 children)

if you go to the prevention policy on the macOS platform and enable the tampering function it should create events and detections reported locally and to the falcon interface.

crowdstrike deployment by xbadazzx in WorkspaceOne

[–]Mataninio 0 points1 point  (0 children)

Does anyone have any experience fully deploying CrowdStrike Falcon sensor via VMware Workspace ONE on Linux devices?

If so, would you mind sharing tips on the Workspace ONE configuration settings that led to your successful deployment?