Enhance uninstall / install script with additional features - Githubissues

CrowdStrike / falcon-scripts

Scripts to streamline the deployment and use of the CrowdStrike Falcon sensor

The Unlicense

154 stars 90 forks source link

Enhance uninstall / install script with additional features #92

Closed ps4signedout closed 1 year ago

ps4signedout commented 1 year ago

usecase: migration from US to EU i.e. steps:

retrieve uninstall token by using API (no powershell SDK integration)
retrieve all relevant tags (sensor AND Falcon) from old environment
write all into $hostname.csv (configurable)
uninstall sensor
verify uninstall
download sensor and retrieve CID
install sensor including sensor-tags as derived from step 2 from CSV file of #3
retrieve maintenance token from new environment
set Falcon tags derived in step 2 from CSV file of #3
verify sensor
remove orphaned host from old environment or set FLAG "moved"

Most probably it will not be one script more like an uninstall.ps1 && install.ps1 approach ;-)

ffalor commented 1 year ago

Changes to install/uninstall:

[x] Support ProvToken in install script
[x] Support MAINTENANCE_TOKEN in uninstall script
[x] Hide host in console after uninstall (via flag)

Migration Script:

[ ] Add migration script to support migrating falcon clouds