Supporting CrowdStrike Falcon Platform like a Pro
A few tips FWIW
If you’re familiar with Modern Endpoint security tools — you understand the basics of what you need to do. But here I’ll provide the fundamentals you need to know in order to manage Falcon NGAV/EDR in your environment.
Full disclosure, I own a personal subscription, from where I’ve taken the relevant screenshots used in this article.
Support Pages you’ll (very likely) need
What happens when something goes wrong in with anything you own? OFC you go to REDDIT first… but srly.. You likely look for support with the device’s vendor or maker.
To find out and open support cases for anything Falcon related, you can use the Support page (The link below requires a valid subscription to access it).
Get Help → User Settings
This page is a just mandatory for all kinds of Support and for much more… (as you’ll see below).
My tip here is to setup your notifications in the support page for relevant platform updates.
Under your settings you’ll find the Notification Preferences. Turn on the ones that are relevant for you related to products or Tech Alerts for Events and situations where you have to take action.
The next tip solves a major issue for any technology worker… finding information!
The Knowledge Base
Managing Supported Operating Systems vs Sensor versions is something you must be aware of too.
When you have a sensor running in a device with an unsupported OS, think of early builds of Windows (25H1, for instance) — you must check that the Falcon Sensor supports it.
This is a joint task between your Infrastructure team and your Security management team — easier said than done sometimes, but in reality the Falcon documentation provides all you need.
Initial use of the Falcon platform will lead you to using the “SEARCH” or official documentation for all your needs.
However — my pro tip goes a step beyond. Instead of either, use:
This is the BEST resource you have at hands to find what you need (The link below requires a valid subscription to access it).
The knowledge base includes a range of additional sources and support documentation about more reasonable needs anyone will have around the platform.
While the search and the docs page contain probably all you’ll need, the Knowledge base includes additional pools of information such as:
- Community
- Webinars
- Youtube
- and even, CrowdStrike University
It’s truly a one page for any questions you might have — using all these different sources!
In my use case, I was troubleshooting an endpoint in RFM. The search or docs didn’t have a troubleshooting guide, but guess what the Knowledge base did? Exactly have a support Knowledge article page around this.
With all of this at hand — managing and supporting Falcon is a breeze.
For more about Cyber Security and its future Consider subscribing to Medium (here) and following me in my other channels: https://linktr.ee/acamillo
Thank you for reading and leave your thoughts/comments!
References
CrowdStrike official documentation page.