Skip to main content

Hi Everyone,



Are there any Automox integration documents for Crowdstrike, how it works when Crowdstrike passes information to Automox through the API?



I have Crowdstrike integrated, but the lack of documentation after the announcement is a bit disheartening.



It also means I have no way to validate whether or not it is working, or how to implement the Automox side.



You can see what I’m after, with the documentation Mimecast has about their integration with Crowdstrike here:





Thank you,


Chris.

Hi Chris!

 

I’m on the Product Marketing team at Automox. We don’t want any customers to be disheartened and will be taking your feedback as a learning opportunity for our improvement.

 

 

The Crowdstrike / Automox partnership is fairly simple in its current form: Crowdstrike facilitates the autonomous installation of our agent in accordance with the host group specified during the setup depicted here.

 

 

Validating Progress

 

 

Enrollment timeline may vary due to device connectivity but as Crowdstrike completes Automox agent installations, you can monitor the progression of enrollment from the Devices tab within the Automox Console.

 

 

Benefit & Future State

 

 

The primary benefit of the current technical partnership is saving time and reducing IT/Ops efforts for device enrollment across organizational devices- anywhere they reside. Moving beyond network boundaries, Automox and Crowdstrike are partnering to tackle use cases that move beyond the current integration into operational aspects of each tool.

 

 

 

Tagging Product Manager @Scott_Schoenberger for tracking purposes and to chime in with any additional insights we can share.

 

Thanks, @ncolyer!



@it_stuck, Appreciate you posting. As Nic alluded to, we’re currently working on a deeper integration with Crowdstrike to support patch-now functionality for CVE impacted hosts surfaced by Spotlight. I’d love to chat more with you about future plans and get a sense of what would be most valuable to you if you have time to hop on a call. Feel free to shoot me an email if that’s of interest scott.schoenberger@automox.com



Also, hopefully the product document Nic linked in his response clears up some confusion. If not, let us know and we can work on getting more detailed documentation up.

What questions do you have? I have a fair bit of experience with this since this is what I use in my environment. I have also opened cases with Crowdstrike around this and have gotten answers from their engineering team. The Crowdstrike installation code is completely built by Crowdstrike. It uses their realtime response capabilities to deploy the Automox agent.



There are some nuances you need to be aware of when it comes to agent installation and removal or you might end up in a loop condition.



My experience is around administration and operations of both platform rather than what information Crowdstrike passes to Automox. I don’t believe there is any EDR data that is shared per se. The only thing Crowdstrike seems to be doing is to install the Automox agent based on the policy you configure in the Crowdstrike console.

In our org; we baked the Automox Agent into our images then setup a required policy for Crowdstrike.


Not gonna lie but Automox installs it faster than the native CS MSI standalone lol

Hi,



Firstly, thanks to all for responding, I appreciate the care Automox puts into the engagement with its customers.



In my initial understanding of the integration (the part I’m most interested in), is the ability for Crowdstrike to “tell” Automox, where a vulnerability needs patching, and then Automox gets on with it. Automated Patching, perfect.



This is eluded to here: https://blog.automox.com/automox-in-crowdstrike-store


Perhaps in the way I read the press briefing, it wasn’t clear to me that the functionality wasn’t yet available, but you could pivot the information from one toolset to the other.



Deployment isn’t much of a concern for me, as I can use other deployment tools, but can see the benefit it would have at scale.



Thank you,


Chris.

Aaaah. I believe that requires a Crowdstrike subscription called Spotlight.



I can also sort of see how if this isn’t built anyway, that you can write workers in Automox to call the Crowdstrike APIs for Spotlight to figure out what to patch.

@jesumyip


I have Spotlight, but there’s no guide on on either site on how to make it work, if you have a guide on how to use workers in Automox to call the Crowdstrike API’s, it would be appreciated.

Sorry, I don’t have a Spotlight subscription. Perhaps send an email to Crowdstrike support to ask?

Chris,



We were told about integration over a year ago (11/19). Having Crowdstrike install the Automox agent and calling it integration is a stretch. We have CS Spotlight but no sign of any true integration.



When will the middle of this Venn diagram start getting filled in?


Hey @GabeFC, Thanks for the message! We’re working closely with the Crowdstrike team right now to get CS Spotlight/AX Threat Remediation delivered in April. Please stay tuned for updates to come.

I have been on calls over the last year with both CS and Automox asking for a date. Finally! Thank you for the update. Much appreciated

Reply


Terms & ConditionsCookie settings