ktp242
commented
5 years ago This base branch should be development
Closed holingpoon closed 5 years ago
ktp242
commented
5 years ago This base branch should be development
holingpoon
commented
5 years ago Re-doing this pull request to branch from development
What is Falcon Crowdstrike?
Two words: Intrusion Detection
How does it work?
A copy of Falcon sensor would be installed on Elastic Beanstalk instances or on cluster level of ECS Clusters. After installation, a falcon-sensor agent runs in the background detecting threats on the instance. Any threats detected will be available on the Falcon management console.
For the case of Elastic Beanstalk, since autoscaling would create new instances and destroy old instances, the installation process needs to be part of .ebextensions to ensure Falcon sensor is installed on every instance creation, hence the code addition and pull requests.
Acceptance Criteria
Instances can be seen on Falcon management console after code deployment.
QA Work Required?
No QA work required, but I need to know when it is okay to push the changes to QA servers and not be in the way of QA work.
Which applications are affected by this?
For the first round, I am putting Falcon sensor on front-facing Node apps except the Header, which would probably need extensive coordination. I will generate a list of applications affected by this change. A preliminary applications list is of the following:
References