Sensor Installation Flashcards
Does Falcon cloud support SSL?
No
WindowsSensor.exe /install /quiet /norestart CID=(cid)
Windows Cmd Install
Tags that assign metadata to hosts, used to filter hosts
Sensor Tags
WindowsSensor.exe /install /quiet /norestart CID=(cid) Grouping_Tags=”washington/DC_USA, prod”
Windows cmd install with Sensor Tags
what needs to happen if sensor tags need to be changed after the install?
A registry key must be changed
APP_PROXYNAME=
APP_PROXYPORT=
OR PACURL
Proxy Configuration (1)
PACURL=
OR proxy name and port
Proxy Configuration (2)
NO_START=1 (good for master image prep)
Sensor does not start until reboot
with uninstall and maint. protection turned on, what is needed to uninstall the sensor?
CS uninstall tool & uninstall token
csuninstalltool.exe MAINTENANCE_TOKEN= /quiet
cmd to uninstall sensor for windows
sudo installer -verboseR -package
Install for Mac
/library/cs/
License tool location for Mac
sudo /library/cs/falconctl license ……
license
sudo /library/cs/falconctl uninstall –maintenance -token
cmd for Mac offline, maint token
sudo /library/cs/falconctl uninstall
cmd for Mac online
Linux Falcon tool the ensures the Falcon sensor will be fully operational by checking compatibility
falcon-kernel-check tool
mode in the which the Falcon sensor will work if it is incompatible with the sensor
RFM - Reduced Functionality Mode
sudo /opt/crowdstrike/falconctl -s -cid=
Linux install
service falcon-sensor start
Start sensor for hosts with systevinit (linux)
systemctl start falcon-sensor
Start sensor for hosts with systemd (Linux)
ps -e | grep falcon-sensor
Confirm the Linux Sensor is running
sudo /opt/crowdstrike/falconctl -s -aph –app=
Configure proxy, Linux
sudo /opt/crowdstrike/falconctl -g -aph -app
Confirm Settings
sudo /opt/crowdstrike/falconctl -s -apd=FALSE
Enable Proxy - Linux
