Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure Device Profiles - CrowdStrike

  1. Last updated
  2. Save as PDF
   icons.png  Watch the visual story about Configuring Device Profiles - CrowdStrike

Skyhigh SSE platform enables customers to create Zero trust device policies using a combination of native Zero Trust Assessments capabilities such as OS version, presence of registry key, Antivirus(On/Off) and more to assess device posture. CrowdStrike performs zero trust assessment and provides various scores like OS score, sensor score, and overall score of the client. By using a combination of these scores, we can enforce powerful Zero Trust Assessment of devices before allowing access to private applications via Skyhigh Private Access.

Before you Begin 

  • Download the latest SCP build.

Note:  The CrowdStrike Integration reads Zero Trust Assessment scores pushed locally to each endpoint by CrowdStrike.CrowdStrike Falcon requires a Feature Flag to be enabled for a Customer ID (CID) to allow ZTA data files to be pushed to endpoints. The Feature Flag to distribute ZTA files to endpoints – zta_distribute_payload – can only be enabled by opening a case with CrowdStrike Support with the request for the Feature Flag zta_distribute_payload be enabled.

 

 

  • Ensure that you have installed CrowdStrike on your system before using it as integration option. 

  • Go to Setting > Infrastructure > Web Gateway Setup > Configure SCP > Manage SCP > Global Configuration to enable CrowdStrike in Device Risk Assessment settings to use the CrowdStrike integration option.

clipboard_e517505fb6e4d9577dd7b439a6eb48b8f.png

Configure CrowdStrike Integration 

  1. Go to Settings > Infrastructure  > Web Gateway Setup.
  2. In the Configure Device Profile section, click New Device Profile.
  3. In the Name box, enter the name of the device profile.
  4. In the Select Device Risk Assessment section, select CrowdStrike from the dropdown option.  
  5. Complete the following fields:
    • CrowdStrike ID — Enter the valid CrowdStrike customer ID.
    • OS Score —   The possible operators are == (equals), >= (greater than or equal to), > (greater than), <= (less than or equal to), < (less than). In the Value field, specify the OS score between 0 to 100. 
    • Sensor Score  — The possible operators are == (equals), >= (greater than or equal to), > (greater than), <= (less than or equal to), < (less than). In the Value field, specify the Sensor score between 0 to 100.
    • Overall Score  — The possible operators are == (equals), >= (greater than or equal to), > (greater than), <= (less than or equal to), < (less than). In the Value field, specify the Overall score between 0 to 100.

clipboard_ed90c8c6ba9ca23d4a8961b5038b87f35.png

  1. Click Save and Publish the changes.

CrowdStrike ZTA score is not stored in a JWT on the local machine by default. Contact Crowdstrike support to enable the zta_distribute_payload setting.

Match CrowdStrike Profile with PA Policy

  1. Go to Settings Access Control > Private Access Policy.
  2. In the Private Access Policy page, select the Device Profile as the Criteria.
  3. In the Value option, select CrowdStrike to view all the configured CrowdStrike profiles.
  4. Click Done.

clipboard_e14c6aeea396f2e530f100122ddbe605a.png

  1. Choose the required Action from Select Action and enable the rule.
  2. Publish the changes.

clipboard_ebb23e408595f4202c32c91ad38c8fba4.png

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. TOPIC ID 750