Solved: Has anyone installed the Falcon Sensor from Crowds...

genesissplunk · ‎04-05-2022

Hello,

We have Splunk on Linux servers.

Has anyone installed the Falcon Sensor from Crowdstike on their Linux servers that host Splunk?

Crowdstrike is a next-gen antivirus solution.

Any issues or unforeseen consequences?

Thanks,

PickleRick · ‎04-05-2022

If you absolutely must, follow the https://docs.splunk.com/Documentation/Splunk/8.2.5/ReleaseNotes/RunningSplunkalongsideWindowsantivir... document.

However, I'd strongly advise against installing AV software on splunk servers - with so many exclusions it'd be pretty useless anyway. And the additional load on the server (especially the I/O load on scans) can mess with your indexers.

View solution in original post

PickleRick · ‎04-05-2022

If you absolutely must, follow the https://docs.splunk.com/Documentation/Splunk/8.2.5/ReleaseNotes/RunningSplunkalongsideWindowsantivir... document.

However, I'd strongly advise against installing AV software on splunk servers - with so many exclusions it'd be pretty useless anyway. And the additional load on the server (especially the I/O load on scans) can mess with your indexers.

Has anyone installed the Falcon Sensor from Crowdstike on their Linux servers that host Splunk?

Linux

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies