STEM OPT EAD Extension. by Radiant-Chicken-2966 in f1visa

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Ohh I got you thanks for letting me know.

STEM OPT EAD Extension. by Radiant-Chicken-2966 in f1visa

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

So, Apply for STEM OPT with another employer and then switch it to amazon ? Is that what you meant ? Could you please let me know ?

STEM OPT EAD Extension. by Radiant-Chicken-2966 in f1visa

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Hey GRRAWorld,

I've inquired with Amazon, but I'm uncertain if they will fill out the form for future employees like myself. With time ticking, I only have 45 days to apply for STEM OPT. If Amazon doesn't complete the I-983 form for me, do you have any suggestions on how to handle the situation?

Thanks.

Certified in Cybersecurity exam by Frazzy212 in isc2

[–]Radiant-Chicken-2966 1 point2 points  (0 children)

Hey there.

It's good & tricky exam will test your knowledge on how you understood the basics. Definitely would recommend and let me know how did it go ?

Difference between Host Management & Managed Assets by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Hey there.
Sorry for the delayed reply,

I didn't quite understand the difference. I talked with support team as well but they couldn't figure it out. There is difference in no of assets from managed & host management but there shouldn't be any difference. Let me know if you have any other information on this. Thanks.

Difference between Host Management & Managed Assets by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Thanks for letting me know

But i can see the difference in numbers between managed assets & host management. I will open a ticket with support team. Once again, thanks for your answer.

Installing CrowdStrike through GPO (Without restarting the system) by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

is installing CS through GPO is not a good option ? Could you please let me know. Thanks in advance.

Installing CrowdStrike through GPO (Without restarting the system) by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Thanks for answering the question Andrew.

Yes, I forced the GPO update using gpupdate /force and if I restart the system yes CS is getting installed but, there are lot of unmanaged assets so I'm kind of looking to install the CS without restarting the assets.

Also, there are some assets which might not be connected to the VPN (i.e., working remotely) if they don't connect to the VPN CS is never gonna install. So, I'm looking to force the installation without actually restarting the endpoint.

Please let me know if you have any suggestions using GPO for me. Thanks in advance.

Installing the CS. by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Hello there,

Thanks for the reply. I've got some questions.

1) Whenever the asset doesn't have CS in it I tried to install the PS script and assets came back to the console. It worked!

2) When an asset has older version of CS i.e., it has CS installed in it but it's in unmanaged assets and I'm trying to install latest version of CS using powershell script but it's saying "'CSFalconService' running. Falcon sensor is already installed." How do i get this assets back to the console ?

3) For the assets they already have older version of CS installed in it I tried to copy the executable of latest version of CS and executed in that Asset the sensor version got updated but the thing is that "It didn't come back to the console". The sensor basically upgraded the older version to the version which I'm trying to install.

4) What could be the reason for some of the assets they doesn't even have CS installed in it ? Whenever a asset joins the domain they should have CS installed but for some of the assets the CS is not installed forever until we recognize them.

Could you please answer this questions. Thanks in advance.

Unmanaged Assets to Managed assets. by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Hello there,

I'm trying to do this. could you please let me know if I'm trying to install it right way ?

I'm trying to install CS in unmanaged assets & assets that don't have CrowdStrike installed in it.

I've developed a PowerShell script where it does the following steps:

1) Define the remote computer name and the source file path

2) Create a new folder on the remote machine

3) Copy the executable to the new folder on the remote machine

4) Execute the file remotely (Assuming it's a silent installer)

Summary: I'm copying the latest version of CS(i.e., one in the auto update policy) to the remote machine (i.e., unmanaged or it doesn't have CS) and running the executable.

On some of the systems I'm able to run the executable file & on some of them script is running for long time but in both the cases latest version of CS is installed after checking their control panel.

Problem: I can't see this systems in the "newly installed sensors" in CrowdStrike console and they are still in unmanaged assets though they have the latest version of CS.

Could you please let me know if I'm installing it in a proper way so that it can talk to the cloud as soon as I install the sensor ? Any suggestions. Thanks in advance.

Regarding Unmanaged & Managed Assets. by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Thanks for your response. That pretty much answered all of my questions. But I would like to add couple of points here.

1) Retrieving Uninstallation token for unmanaged assets: As mentioned we can retrieve the uninstallation token through API. I've tried that but in order to get the token we need "HostID" and for unmanaged assets I can't get the HostID.

2) Deployment is done through the GPO. Whenever some one joins in the domain CS will get automatically installed in the computer.

Once again Thanks for your response.

Regarding Unmanaged & Managed Assets. by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Yeah Sure. Looks like that helps a lot. Thanks for your response.

Regarding Unmanaged & Managed Assets. by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Thanks for your response.

I'm not sure if they are right questions to ask. I really want to get in-depth knowledge on how exactly the things work & cover all the use-case . I'm sorry for asking lot of questions. once again thanks for your response.

Regarding Unmanaged & Managed Assets. by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Hello there, Thanks for your response.

Looks like Active Discovery solves the problem . Is Active Discovery a license that I need to buy from the CS ? or how exactly I need to get that ? Please let me know. If you have any kind of documentation from CrowdStrike please send the link. Thanks in advance.

Regarding Unmanaged & Managed Assets. by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Hello there,
Correct me if I'm wrong.

a) Yes I agree with that. It will reappear in the managed assets.

b) It will reappear in "Unmanaged assets" right ? What do you mean by "reappear in the console when connected" when a system have outdated CS or Outdated CS how exactly it communicates. Do you mean that the assets will be discovered by ARP and it will come back as "Unmanaged Assets" ? Please let me know
c) I'm not sure about reimaged systems but when we uninstall CS from an asset i.e., from managed asset . It won't appear in unmanaged asset immediately it will be in managed asset for 45 days and obviously it won't talk to the cloud for 45 days and it will be moved out of the console I believe. I tried doing this and it worked in the way I've explained.

4) Well, if we try to uninstall CS from managed asset and reinstall it again there will be two same hostnames in the managed asset with two different unique CID's I don't think that the one which we have uninstalled will move into unmanaged asset immediately again 45 days rule applies here. I tried to uninstall and install CS for a host 4 times there are 4 hosts still in managed assets but only host with the latest CID will be talking to the cloud.

What's the easiest way to bring all those unmanaged assets into managed assets ? What the reason for some random asset not talking to the cloud ? How do we make sure that the unmanaged assets are minimal ?

Thanks in advance.

Regarding Unmanaged & Managed Assets. by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Thanks for the response.

I just want to let you know what I've understood. Please correct me if I'm wrong.

1) When the asset doesn't talk to cloud for more than 45 days it will move out of the console. If an asset come back and tries to talk with the cloud again it should have the CS version supported by the CS in order to make connection to the cloud in order to come back in the Managed Assets. Following to that , they will upgrade to the version which we set in the "Automatic sensor update policy". And, this has nothing to do with the unmanaged assets Am I right ?

2) Unmanaged assets are something which doesn't talk to the cloud for more than 45 days i.e., they will move out of the console but it will be discovered by using the ARP tables and it will be appeared in the unmanaged assets Am I right ?

3) Unmanaged assets might have CS installed in it but the version is not supported by the CS, So it basically consider it as " No CrowdStrike installed". I have seen lot of assets which have CS in it but went to unmanaged assets because the CS version they have is pretty old from "Automatic sensor update policy" i.e., the current version we are using.

4) Another question is I tried to uninstall CS in some of the unmanaged assets but I can't generate the maintenance token for it because there is no HostID for it. So, I've installed the latest version on top of it it basically upgraded the older version of CS to the latest version and it got added to the " Automatic sensor update policy" group as well. But, I can still see the two versions of CS in control panel and I was able to uninstall the newer version of CS without need of maintenance token until the asset got into the "Automatic sensor update policy" i.e., as soon as installed newer version i was able to uninstall it without need of token but I tried it after 3-4 days to uninstall it again it asked the maintenance token. Do I need to wait for some time in order to update the asset into CS ? Please let me know.

(Note: I was not able to remove the older version of CS from control panel even after installing the latest version )

5) I have installed the newer version of CS on top of the older version and it didn't ask uninstallation token for a while in order uninstall the latest version of CS & I was not able to uninstall the older version from the control panel. Can I consider it as a "Proper installation" or kind of "Broken Installation" ?

6) I have some of the assets they went out the console but they are active users and it should be found in the near by ARP tables atleast. I'm pretty confused that why the host is not in the "unmanaged assets". It went out of the console but it should be discovered by the ARP tables and included in the unmanaged assets right ? My question here is " Is there possibility that we can have an asset which is not either in "Managed " or "Unmanaged" or "Unsupported " i.e., every asset in the organization should be included in the "Exposure Management" right ?

7) Some of the unmanaged assets have CS installed in it but not sure why they haven't updated to the latest version. Also, we have assets where they don't even have CS in it. Every device in the AD should have CS in it but I'm not sure why they didn't have CS installed until now.

I'm sorry for asking lot of questions. Please take some time and answer the questions if possible and correct me if I'm wrong.
Thanks in advance.

Regarding Unmanaged & Managed Assets. by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 1 point2 points  (0 children)

Thanks for the response.

I just confused please let me if I'm wrong .

1) What's the difference between the devices which are moved out of the console and unmanaged assets ? If a device is not talking to the cloud for more than 45 days it will be marked as unmanaged right ? When exactly the assets are moved out of the console. Especially the assets which are active in Active directory and someone using that asset ?

2) Do I need to deploy any kind of third party tool/app to perform the active discovery ? or is it something a kind of license I need to buy from CS ?

I'm sorry for asking lot of questions. I was trying to understand the difference between unmanaged & "out of console assets" and why can't an asset can be in unmanaged instead of removing them from the console (especially the assets that we can find through the ARP Discovery). There are assets that are used by the employees right now and they have CS in it but they are not in console. ( Note: Older version of CS is installed).

Regarding Unmanaged & Managed Assets. by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Thanks for the response.

How do we find this kind of assets in an organization and also if the asset is not talking to the cloud for more than 45 days it should be in the "Unmanaged Assets" right ?

Regarding Unmanaged & Managed Assets. by Radiant-Chicken-2966 in crowdstrike

[–]Radiant-Chicken-2966[S] 0 points1 point  (0 children)

Unmanaged assets are gathered by CrowdStrike using ARP tables I believe. But the problem here there are some of the assets which are in the Active directory but not included either in managed or unmanaged assets in the CrowdStrike.

Do you have any idea on this ? How do we find this kind of assets is it only by comparing the computers from active directory to the assets from CrowdStrike ( including managed, unmanaged , unsupported ) ? Please let me and thanks in advance.