Topic
This article explains how to deploy CrowdStrike to your devices after you enable the integration in NinjaOne, set up notifications for antivirus activities, and empower your technicians to take action on discovered threats.
Environment
- NinjaOne Integrations
- CrowdStrike
Description
With CrowdStrike enabled in NinjaOne, the integration is policy-driven from within NinjaOne. The policy triggers the NinjaOne agent to detect the existing installation of the CrowdStrike Sensor on the endpoint and automatically perform the installation if the sensor is not present. If a device already has CrowdStrike installed before NinjaOne integration, the NinjaOne agent can read the existing agent ID.
Before deploying CrowdStrike as your endpoint antivirus tool, you must enable the integration in NinjaOne. To do so, refer to CrowdStrike: Integration Guide.
The following questions relate to the CrowdStrike integration in NinjaOne. For general questions about using the CrowdStrike software, refer to the CrowdStrike software resources. You must log in with your CrowdStrike account to access their support documentation.
- Terminology Used in This Article
- How do I integrate NinjaOne and CrowdStrike with GovCloud or Commercial Cloud?
- Around your SIEM: Does CrowdStrike have the ability to accept via API other sources that aren't natively integrated?
- What happens if I deploy to an unsupported Linux kernel?
- Does the integration support mobile devices, such as iOS or Android?
- How long does it take to perform a Full Disk Scan?
Terminology Used in This Article
For more definitions, refer to NinjaOne Terminology.
| Acronym | Definition |
|---|---|
| API | Application Programming Interface |
| HEC | HTTP Event Collector |
| HTTP | Hypertext Transfer Protocol |
| OS | Operating System |
| SIEM | Security Information and Event Management |
How do I integrate NinjaOne and CrowdStrike with GovCloud or Commercial Cloud?
Starting with Falcon sensor for Microsoft Windows version 7.19, CrowdStrike provides a unified installer to deploy sensors, which we only support in the following instances: NA, US2, and EU. GovCloud uses a different installer binary, requiring you to create or install a custom script using your files.
Please contact CrowdStrike Support for assistance.
Around your SIEM: Does CrowdStrike have the ability to accept via API other sources that aren't natively integrated?
CrowdStrike can ingest data via API, HEC, Syslog, and others.
What happens if I deploy to an unsupported Linux kernel?
NinjaOne currently does not support Linux for our CrowdStrike integration; however, you can use a customer identification (CID) token (such as a NinjaOne organization) for installation.
If you accidentally deploy to an "unsupported" kernel, or if a supported kernel is updated to an "unsupported" kernel, the NinjaOne agent will report its status, and you can then take action.
Also, the NinjaOne agent may protect the OS even if the kernel is unsupported. The status report means we are unaware of this new kernel, and something new may have been introduced that we haven't tested. But NinjaOne doesn't turn off the agent; it continues to work normally as long as the new kernel allows it and encounters no problems.
Does the integration support mobile devices, such as Apple iOS or Android?
Yes, through the Falcon Mobile add-on or module.
How long does it take to perform a Full Disk Scan?
CrowdStrike in NinjaOne performs an on-time scan to look at threats in real time when a file is opened or executed. Full disk scans are not an option at this time.
Additional Resources
For more documentation about using CrowdStrike in NinjaOne, refer to Integrations and Third-Party Apps: Resource Catalog.