- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-27-2021 03:51 AM
Hi Teams & Friends,
Hope you're good and safe !
We have configured GP VPN we have license for configuring HIP objects it was working as expected one of our new requirement was to know ANTI-MALWARE which is installed in client machines also need to know how many users installed crowd strike how many not installed and need to trigger notification to install crowd-strike.
We tried KB & docs below :
HIP OBJECT WORKING MECHANISM
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLSYCA4
Tried HIP Notifications
HIP OBJECT MALWARE PROTECTION TAB
++ We tried above but no luck kindly let me know incase any way to find out that which all the devices crowd strikes installed and not.
++ It's been great if we got solution guys....looking for your quick replies friends.....;)....;)
Regards
Thanks & Regards,
Kirubakaran M - Security Support Engineer
09-22-2021 07:54 AM - edited 09-22-2021 07:58 AM
Hi Kirubakaran,
Good topic to raise. I have taken a few screenshots of an approach I would take. I use Cortex XDR Advanced Endpoint Protection so was unable to check we dont get the HIP log and alert if Crowdsrike was installed. But if you use the details below and test yourself. If not getting expected results, it may need a TAC case.
Good link below that looks at using HIP checks when multiple OS's connecting to the same portals and gateways. I wrote up a few years ago under a different logon...
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTnCAK
create hip objects. Be basic and build layers. Create objects to just ID the OS.
Build up the HIP profiles. the setup below will check if Crowdstrike is NOT installed on macbook and windows only and not ios devices. It also checks if windows defender is installed on windows pc's only.
Handy report below. Set the time frame accordingly and ideally link this up in a report group , then email scheduler to get the reports emailed out on a schedule.
The report configured above looks at the crowdstrike check only. We can traceback user and device from the report.
The screenshot above notifies the user if the check is matched / they dont have Crowdstrike installed.
hope that helps,
Rob
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!