CrowdStrike Classification Details

This article summarizes which device attributes can be enriched from our connector with CrowdStrike, and the benefits of using that enriched data in policy.

Our integration with CrowdStrike is intended to allow customers to use the most accurate device classifications in policy decisions. CrowdStrike, via their endpoint agent, collects and identifies device details and attributes. Elisity leverages our own network based rapid device discovery mechanisms alongside CrowdStrike so that our customer’s devices get the most appropriate policies applied in a timely manner. 

 

When a new device is discovered by any of Elisity's methods, Cloud Control Center queries CrowdStrike using the following parameters until a match is found: 

  1. IP + MAC
  2. DeviceID (MAC Address)
  3. IP Address fallback if MAC Address is not known

Engage Elisity support to modify the behavior of the above query order. 

 

By default, a new query is made every 24 hours to check for updated device attributes but can be refreshed on demand by clicking the refresh button next to the IdentityGraph tile for CrowdStrike. Advanced settings for query and initial delay timers can be configured. Any devices learned by Elisity prior to the Connector being configured will be automatically scheduled for enrichment during the next 24 hour cycle and based on their attachment timestamp. 

 

 

Was this article helpful?
0 out of 0 found this helpful