deploying-edr-agent-with-crowdstrike

# Deploying EDR Agent with CrowdStrike ## When to Use Use this skill when: - Deploying CrowdStrike Falcon sensors to Windows, macOS, or Linux endpoints - Configuring Falcon prevention and detection policies for different endpoint groups - Integrating CrowdStrike telemetry with SIEM (Splunk, Elastic, Sentinel) for correlated detection - Troubleshooting sensor connectivity, performance, or detection issues **Do not use** this skill for deploying other EDR solutions (Carbon Black, SentinelOne) or for Falcon cloud workload protection (use cloud-specific deployment guides). ## Prerequisites - CrowdStrike Falcon console access with Falcon Administrator role - Customer ID (CID) and Falcon sensor installer package - Administrative/root access on target endpoints - Network access: endpoints must reach CrowdStrike cloud (ts01-b.cloudsink.net on port 443) - Deployment tool: SCCM, Intune, GPO, Ansible, or manual installation ## Workflow ### Step 1: Obtain Falcon Sensor Installer and CID ``` 1. Log into Falcon Console: https://falcon.crowdstrike.com 2. Navigate: Host setup and management → Sensor downloads 3. Download the appropriate installer: - Windows: WindowsSensor_<version>.exe - macOS: FalconSensorMacOS_<version>.pkg - Linux: falcon-sensor_<version>_amd64.deb / .rpm 4. Copy the Customer ID (CID) from the Sensor downloads page - CID format: <32-char-hex>-<2-char-checksum> ``` ### Step 2: Deploy Falcon Sensor - Windows **Silent installation via command line**: ``...