Swif

CrowdStrike Falcon is a cloud-native endpoint protection platform developed by CrowdStrike, a leading cybersecurity company. Falcon uses artificial intelligence, machine learning, and behavioral analytics to protect endpoints such as laptops, desktops, servers, and virtual machines from a wide range of cyber threats, including malware, ransomware, and advanced persistent threats (APTs).

To install CrowdStrike, there are 2 required steps:

Install pkg: You can choose to deploy the package to devices in 2 ways: 

1. Download the pkg on the <a href="https://falcon.us-2.crowdstrike.com/hosts/sensor-downloads" rel="nofollow noopener noreferrer" target="_blank">CrowdStrike download page</a> and upload it to your team's software page on Swifteam.

2. Or you can use our prebuilt CrowdStrike Falcon package on the Software page and Click "Add" to add to your team software.

Install profiles (macOS): You can download the CrowdStrike-provided MDM profile at <a href="https://falcon.us-2.crowdstrike.com/documentation/22/falcon-sensor-for-mac" rel="nofollow noopener noreferrer" target="_blank">the support page</a>. After the profile is downloaded, you can deploy the profile using Swif's custom policy function at Policy Management. Here is a sample CrowdStrike MDM profile for the M1 Macbook for your reference: <a href="https://swif-ab68b5ad46f1.intercom-attachments-7.com/i/o/703316618/139e280a69496fdb6126d412/Falcon+Profile+-+no+Kext.mobileconfig" rel="nofollow noopener noreferrer" target="_blank">Falcon Profile - no Kext.mobileconfig</a>. For custom profiles, please only copy the value of Payload Content to the profile content. Usually, it looks like &lt;array&gt;&lt;/array&gt;.

Run a scheduled command <code>falconctl</code> to configure the Falcon license.

1. <a href="https://help.swif.ai/en/articles/8988013-running-scheduled-command">Run a schedule command</a>. To make the command work on all devices, you can make the scheduled command run as Swif admin (Step 2). Swif admin password is available via Device Details &gt; Account tab &gt; Swif admin &gt; Change password &gt; Click to View.
2. <a href="https://help.swif.ai/en/articles/8941223-run-command-as-sudo">Run command as sudo</a>
   echo "password here" | sudo -S /Applications/Falcon.app/Contents/Resources/falconctl license XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-YY
3. You can then verify on a device to see if it has been configured successfully.
   echo "password here" | sudo -S /Applications/Falcon.app/Contents/Resources/falconctl stats<br><br>=== CloudInfo === Cloud Info Host: ts01-gyr-maverick.cloudsink.net Port: 443 State: connected ...

1. Install pkg: You can choose to deploy the package to devices in 2 ways: 
   1. Download the pkg on the <a href="https://falcon.us-2.crowdstrike.com/hosts/sensor-downloads" rel="nofollow noopener noreferrer" target="_blank">CrowdStrike download page</a> and upload it to your team's software page on Swifteam.
   
   2. Or you can use our prebuilt CrowdStrike Falcon package on the Software page and Click "Add" to add to your team software.
2. Install profiles (macOS): You can download the CrowdStrike-provided MDM profile at <a href="https://falcon.us-2.crowdstrike.com/documentation/22/falcon-sensor-for-mac" rel="nofollow noopener noreferrer" target="_blank">the support page</a>. After the profile is downloaded, you can deploy the profile using Swif's custom policy function at Policy Management. Here is a sample CrowdStrike MDM profile for the M1 Macbook for your reference: <a href="https://swif-ab68b5ad46f1.intercom-attachments-7.com/i/o/703316618/139e280a69496fdb6126d412/Falcon+Profile+-+no+Kext.mobileconfig" rel="nofollow noopener noreferrer" target="_blank">Falcon Profile - no Kext.mobileconfig</a>. For custom profiles, please only copy the value of Payload Content to the profile content. Usually, it looks like &lt;array&gt;&lt;/array&gt;.
   
    
3. Run a scheduled command <code>falconctl</code> to configure the Falcon license.
   1. <a href="https://help.swif.ai/en/articles/8988013-running-scheduled-command">Run a schedule command</a>. To make the command work on all devices, you can make the scheduled command run as Swif admin (Step 2). Swif admin password is available via Device Details &gt; Account tab &gt; Swif admin &gt; Change password &gt; Click to View.
   2. <a href="https://help.swif.ai/en/articles/8941223-run-command-as-sudo">Run command as sudo</a>
      echo "password here" | sudo -S /Applications/Falcon.app/Contents/Resources/falconctl license XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-YY
   3. You can then verify on a device to see if it has been configured successfully.
      echo "password here" | sudo -S /Applications/Falcon.app/Contents/Resources/falconctl stats<br><br>=== CloudInfo === Cloud Info Host: ts01-gyr-maverick.cloudsink.net Port: 443 State: connected ...

To uninstall CrowdStrike, there are 1 required step for Windows:

 Uninstall Falcon (Windows): When you remove Falcon from devices or groups on Swif, Windows uninstaller for Falcon will require you to manually enter a maintenance token on the devices that are uninstalling Falcon.

1.  Uninstall Falcon (Windows): When you remove Falcon from devices or groups on Swif, Windows uninstaller for Falcon will require you to manually enter a maintenance token on the devices that are uninstalling Falcon.
