Running PowerShell Script On AWS Systems Manager

CrowdStrike / falcon-scripts

Scripts to streamline the deployment and use of the CrowdStrike Falcon sensor

The Unlicense

142 stars 83 forks source link

Closed JamesDavidson13 closed 1 year ago

JamesDavidson13 commented 1 year ago

Hello,

I am running the script on Systems Manager as a Run Command using the document AWS-RunPowerShellScript.

The Run Command completes successfully with the output:Script complete

The Instance does not appear in the CrowdStrike console and when I SSH into the instance and check the tasklist, it is not running.

I did these same steps with our linux instances and it was successful. Any help would be greatly appreciated.

ffalor commented 1 year ago

hey @JamesDavidson13 we have published distributor packages that can be used to deploy the falcon sensor with aws systems manager.

There are a few options. Two require building your own package, but we recently released an official package that does not require building your own.

If you want to deploy the sensor to windows and linux instances via SSM this would be the approach that is community supported.

JamesDavidson13 commented 1 year ago

Hi @ffalor, thanks for the response!

Can I do this at the organization level or just per account?

ffalor commented 1 year ago

SSM associations are region specific, but you could create a cloudformation stackset to create the associations on multiple accounts and regions.

carlosmmatos commented 1 year ago

Closing the issue due to no activity. If you need to re-open it, please go ahead and provide additional information.