Crowd strike installed not installed list using palo alto HIP object

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Crowd strike installed not installed list using palo alto HIP object

L1 Bithead

Hi Teams & Friends,

                                   Hope you're good and safe !

                                    We have configured GP VPN we have license for configuring HIP objects it was working as expected one of our new requirement was to know ANTI-MALWARE which is installed in client machines also need to know how many users installed crowd strike how many not installed and need to trigger notification to install crowd-strike.


We tried KB & docs below :




Tried HIP Notifications




++ We tried above but no luck kindly let me know incase any way to find out that which all the devices crowd strikes installed and not.


++ It's been great if we got solution guys....looking for your quick replies friends.....;)....;)




Thanks & Regards,
Kirubakaran M - Security Support Engineer



















Security Support Engineer

L2 Linker

Hi Kirubakaran,

Good topic to raise. I have taken a few screenshots of an approach I would take. I use Cortex XDR Advanced Endpoint Protection so was unable to check we dont get the HIP log and alert if Crowdsrike was installed. But if you use the details below and test yourself. If not getting expected results, it may need a TAC case. 


Good link below that looks at using HIP checks when multiple OS's connecting to the same portals and gateways. I wrote up a few years ago under a different logon...



create hip objects. Be basic and build layers. Create objects to just ID the OS. 




 Build up the HIP profiles. the setup below will check if Crowdstrike is NOT installed on macbook and windows only and not ios devices. It also checks if windows defender is installed on windows pc's only. 



 Handy report below. Set the time frame accordingly and ideally link this up in a report group , then email scheduler to get the reports emailed out on a schedule.  



The report configured above looks at the crowdstrike check only. We can traceback user and device from the report.  






The screenshot above notifies the user if the check is matched / they dont have Crowdstrike installed. 





hope that helps, 



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!