Crowdstrike Integration

Hi Everyone,

Are there any Automox integration documents for Crowdstrike, how it works when Crowdstrike passes information to Automox through the API?

I have Crowdstrike integrated, but the lack of documentation after the announcement is a bit disheartening.

It also means I have no way to validate whether or not it is working, or how to implement the Automox side.

You can see what I’m after, with the documentation Mimecast has about their integration with Crowdstrike here:

Thank you,
Chris.

1 Like

Hi Chris!

I’m on the Product Marketing team at Automox. We don’t want any customers to be disheartened and will be taking your feedback as a learning opportunity for our improvement.

The Crowdstrike / Automox integration is fairly simple in its current form: Crowdstrike facilitates the autonomous installation of our agent in accordance with the host group specified during the setup depicted here.

Validating Progress

Enrollment timeline may vary due to device connectivity but as Crowdstrike completes Automox agent installations, you can monitor the progression of enrollment from the Devices tab within the Automox Console.

Benefit & Future State

The primary benefit of the current integration is saving time and reducing IT/Ops efforts for device enrollment across organizational devices- anywhere they reside. Moving beyond network boundaries, Automox and Crowdstrike are partnering to tackle use cases that move beyond the current integration into operational aspects of each tool.


Tagging Product Manager @Scott_Schoenberger for tracking purposes and to chime in with any additional insights we can share.

Thanks, @ncolyer!

@it_stuck, Appreciate you posting. As Nic alluded to, we’re currently working on a deeper integration with Crowdstrike to support patch-now functionality for CVE impacted hosts surfaced by Spotlight. I’d love to chat more with you about future plans and get a sense of what would be most valuable to you if you have time to hop on a call. Feel free to shoot me an email if that’s of interest scott.schoenberger@automox.com

Also, hopefully the product document Nic linked in his response clears up some confusion. If not, let us know and we can work on getting more detailed documentation up.

What questions do you have? I have a fair bit of experience with this since this is what I use in my environment. I have also opened cases with Crowdstrike around this and have gotten answers from their engineering team. The Crowdstrike installation code is completely built by Crowdstrike. It uses their realtime response capabilities to deploy the Automox agent.

There are some nuances you need to be aware of when it comes to agent installation and removal or you might end up in a loop condition.

My experience is around administration and operations of both platform rather than what information Crowdstrike passes to Automox. I don’t believe there is any EDR data that is shared per se. The only thing Crowdstrike seems to be doing is to install the Automox agent based on the policy you configure in the Crowdstrike console.

2 Likes

In our org; we baked the Automox Agent into our images then setup a required policy for Crowdstrike.
Not gonna lie but Automox installs it faster than the native CS MSI standalone lol

1 Like

Hi,

Firstly, thanks to all for responding, I appreciate the care Automox puts into the engagement with its customers.

In my initial understanding of the integration (the part I’m most interested in), is the ability for Crowdstrike to “tell” Automox, where a vulnerability needs patching, and then Automox gets on with it. Automated Patching, perfect.

This is eluded to here: https://blog.automox.com/automox-in-crowdstrike-store
Perhaps in the way I read the press briefing, it wasn’t clear to me that the functionality wasn’t yet available, but you could pivot the information from one toolset to the other.

Deployment isn’t much of a concern for me, as I can use other deployment tools, but can see the benefit it would have at scale.

Thank you,
Chris.

Aaaah. I believe that requires a Crowdstrike subscription called Spotlight.

I can also sort of see how if this isn’t built anyway, that you can write workers in Automox to call the Crowdstrike APIs for Spotlight to figure out what to patch.

@jesumyip
I have Spotlight, but there’s no guide on on either site on how to make it work, if you have a guide on how to use workers in Automox to call the Crowdstrike API’s, it would be appreciated.

Sorry, I don’t have a Spotlight subscription. Perhaps send an email to Crowdstrike support to ask?