CrowdStrike Falcon Automation PowerPack Release Notes, version 100

Version 100 of the "CrowdStrike Falcon Automation" PowerPack is the initial version of the PowerPack. This PowerPack introduces an example credential, run book automation policies, run book action policies, and event policies to configure to notify users about events.

This PowerPack works with the "CrowdStrike Falcon Automation" SyncPack.

Before You Install

Ensure that you are running version 11.2.0 or later of Skylar One before installing the "CrowdStrike Falcon AutomationPowerPack.

For details on upgrading Skylar One, see the relevant Skylar One Platform Release Notes.

Installation Process

If you are currently using the Dynamic Applications in this PowerPack to monitor devices, collection errors might occur for one or two polling cycles during the installation of a new version. To prevent collection errors during an upgrade, you can optionally disable collection for monitored devices before performing the following steps and re-enable collection after the upgrade.

To install this PowerPack:

  1. Search for and download the PowerPack from the PowerPacks page at the ScienceLogic Support Center (Skylar One > PowerPacks).
  2. In Skylar One (formerly SL1), go to the PowerPacks page (System > Manage > PowerPacks).
  3. Click the Actions menu and choose Import PowerPack. The Import PowerPack modal appears.
  4. Click Browse and navigate to the PowerPack file from step 1.
  5. Select the PowerPack file and click Import. The PowerPack Installer modal displays a list of the PowerPack contents.
  6. Click Install. The PowerPack is added to the PowerPack Manager page.

Features

This release includes the following features:

  • An example SOAP/XML credential that you can use as a template to send information to PowerFlow: "PowerFlow Crowdstrike".
  • A run book automation policy that lets CrowdStrike automatically update SL1 events: "CrowdStrike: Clear Detection ID".
  • A run book action policy that integrates with CrowdStrike to automatically update SL1 events: "CrowdStrike: Clear Detection ID".
  • An event policy to trigger SL1 events detected by the applications included in the CrowdStrike SyncPack: "CrowdStrike: Alert to Event".

Known Issues

This release has no known issues.