Configuring CrowdStrike Falcon Automation Event Policies

Download this manual as a PDF file

This section describes how to configure the event policies found in the CrowdStrike Falcon Automation PowerPack.

Standard Event Policies

TheCrowdStrike Falcon Automation PowerPack includes one standard API event policy, "CrowdStrike: Alert to Event", that you can enable to trigger the events detected by the applications included in theCrowdStrike Falcon Automation PowerPack and its associated automation action policy.

To enable the event policies:

  1. Go to the Event Policies page (Events > Event Policies).
  2. Click the Actions menu () for the event policy and select Edit.
  3. In the Event Policy Editor page, click on the Enable Event Policy toggle to enable the event policy.
  4. Click Save.

To enable the event policies in the SL1 classic user interface:

  1. Go to the Event Policy Manager page (Registry > Events > Event Manager).
  2. Click the wrench icon () for the event policy.
  3. In the Operational State field, select Enabled.
  4. Click Save.