Skip to content

CrowdStrike/gcp-vm-manager-os-policy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cs-policy

A helper tool for deploying CrowdStrike OS Poilcies to GCP Zones. This tool automates many of the manual steps required to create & deploy OS Policies to GCP VMs.

The tool does the following:

  • Downloads the N-1 version of the CrowdStrike Falcon Sensor
  • Uploads the CrowdStrike Falcon Sensors to the GCP Storage Bucket of your choice
  • Generates a OS Policy template for your environment
  • Creates a OS Policy Assignment in the GCP Zones of your choice

terminal

Supported Operating Systems

The CrowdStrike OS Policy currently supports the following operating systems:

Operating System Architecture
Red Hat Enterprise Linux 7 x86_64
Red Hat Enterprise Linux 8 x86_64
Red Hat Enterprise Linux 9 x86_64
CentOS 7 x86_64
CentOS 8 x86_64
SUSE Linux Enterprise Server 12 x86_64
SUSE Linux Enterprise Server 15 x86_64
Ubuntu 16.04 x86_64
Ubuntu 18.04 x86_64
Ubuntu 20.04 x86_64
Ubuntu 22.04 x86_64
Debian 9 x86_64
Debian 10 x86_64
Debian 11 x86_64
Debian 12 x86_64
All Windows Versions supported by the CrowdStrike Sensor x86_64

Note: For supported Windows versions, check the CrowdStrike documentation.

Requirements

  • CrowdStrike API Keys with the Sensor Download scope
  • gcloud cli installed
  • Project with VM Manager setup
  • GCP permissions to create OS Policy Assignments and upload files to the target GCP Storage Bucket

GCP VM Manager

OS Policy is a feature of GCP VM Manager. In order to use OS Policies to deploy the CrowdStrike Falcon Sensor, you must setup VM Manager. See the GCP VM Manager documentation for more information about VM Manager and how to set it up.

Generate API Keys

  1. In the CrowdStrike console, navigate to Support and resources > API Clients & Keys. Click Add new API Client.

  2. Add the following api scopes:

    Scope Permission Description
    Sensor Download READ Allows the tool to download the sensor and grab your CID from the CrowdStrike API.
  3. Click Add to create the API client. The next screen will display the API CLIENT ID, SECRET, and BASE URL. You will need all three for the next step.

    picture

    api-client-keys

Important

This page is only shown once. Make sure you copy CLIENT ID, SECRET, and BASE URL to a secure location.

  1. Use BASE_URL to infer the FALCON_CLOUD value.
    BASE URL FALCON_CLOUD
    https://api.crowdstrike.com us-1
    https://api.us-2.crowdstrike.com us-2
    https://api.eu-1.crowdstrike.com eu-1
    https://api.laggar.gcw.crowdstrike.com us-gov-1

Installation

Download release binaries that match your platform

Usage

  1. Authenticate with the gcloud CLI.

    gcloud auth application-default login

Note: There are other ways to authenticate with GCP like using a service account. Use whichever method is best for your environment. The cs-policy tool will find the credentials and use them.

  1. Set the project to the project you want to deploy the OS Policies to.

    gcloud config set project cs-policy
  2. OPTIONAL: Export the CrowdStrike API keys as environment variables. Alternatively you can provide the keys as command line arguments. See cs-policy create --help for more information.

    export FALCON_CLIENT_ID=********
    export FALCON_CLIENT_SECRET=********
    export FALCON_CLOUD=********

Important

FALCON_CLOUD supports the following values autodiscover, us-1, us-2, eu-1, us-gov-1. If not provided, the tool will default to autodiscover.

  1. Run the tool.

    cs-policy create --bucket=example-bucket --zones=us-central1-a,us-central1-b --linux-install-params='--tags="Washington/DC_USA,Production" --aph=proxy.example.com --app=8080' --windows-install-params='GROUPING_TAGS="Washington/DC_USA,Production" APP_PROXYNAME=proxy.example.com APP_PROXYPORT=8080'

    Use the --help flag to see all available options and more examples.

    cs-policy --help