Red Hat Insights has expanded its recommendation capabilities to security software by integrating with CrowdStrike, a security provider which provides protection across endpoints and cloud workloads, identity and data. Insights Advisor provides Red Hat administrators proactive recommendations and early warnings for their Red Hat systems based on decades of operational expertise from Red Hat and select independent software vendor (ISV) partners. Through a new integration between Insights and the lightweight CrowdStrike Falcon® agent, organizations can have greater confidence that their Red Hat Enterprise Linux (RHEL) systems remain resilient against evolving cyber threats with integrated guidance from CrowdStrike.
Correct deployment and maintenance of any security tool is paramount to its effective protection. While the CrowdStrike Falcon sensor is certified for RHEL and requires no local configuration, proactive guidance helps operations and security teams stay in sync on the sensor’s requirements for effective protection. The integration eliminates communication gaps between these teams by bringing CrowdStrike-specific recommendations directly to the Red Hat Hybrid Cloud Console. CrowdStrike is the first security partner of Red Hat to provide this kind of integration.
In the next few sections, we’ll explore how to set up the integration, what recommendations are available, and how to interact with CrowdStrike Falcon data using the Insights API.
Getting started with Red Hat Insights and CrowdStrike Falcon
To start protecting your RHEL systems with the CrowdStrike Falcon platform, you need to install the Falcon sensor RPM package. Red Hat customers can use the Red Hat Ansible Certified Content Collection for CrowdStrike to simplify the deployment process through automation. If you are not a CrowdStrike customer, you can start a free trial.
Enabling Insights on a RHEL system is very straightforward and typically requires just to register a host by running insights-client --register
. For more information, check out the Insights getting started guide. No additional setup is required to activate the CrowdStrike Falcon integration, as Insights collects all required data and systems facts out of the box.
Recommendations available in the Insights Advisor service
The main goal of the recommendations Red Hat developed with CrowdStrike is to make sure the RHEL endpoints run a supported version of the Falcon sensor and that it’s set up correctly for optimal operation. Doing so makes sure that the handoff of the Falcon sensor from the security team to the operations team doesn’t result in any miscommunication or gap in protection.
After navigating to the Insights Advisor service, CrowdStrike recommendations will show up next to the rest of the default recommendations that Insights provides.
Ensuring compatibility between RHEL and the Falcon sensor
If the installed Falcon sensor is incompatible with the RHEL host, it will fall into Reduced Functionality Mode (RFM) in which it is unable to detect or prevent any malicious behavior, significantly limiting its security protection. RFM is highlighted to security teams in the Falcon console, and this recommendation brings that same visibility to operations teams in the Red Hat Hybrid Cloud Console. Insights Advisor mitigates this configuration issue by recommending the correct sensor mode based on the host’s kernel version.
Making sure you are running a fully supported Falcon sensor
CrowdStrike continually releases new sensor versions and sunsets old ones in order to provide customers the best security capabilities. The Falcon platform supports automated over-the-air updates, but some organizations may choose to manually push these updates instead. Insights Advisor is now aware of the Falcon sensor’s support lifecycle and will alert when the installed sensor version is nearing or past the end of its lifespan, and provide guidance for automatically or manually upgrading the sensor.
Watching for a non-running Falcon sensor
Ensuring the Falcon system service is running is critical to providing enhanced protection. If Insights Advisor detects that the service is installed but not running, a recommendation will be shown to start and enable the service. Note that the Red Hat Ansible Certified Content Collection for CrowdStrike handles this automatically during Falcon sensor deployment.
Additional system facts and integration through Insights APIs
Insights users can integrate Red Hat Insights into their existing operational workflows. As part of our collaboration with CrowdStrike, we have introduced three new system facts that are now available for those who prefer to query their Insights inventory through Insights APIs:
falcon_aid -
a unique identifier of the host in the Falcon platformfalcon_backend -
indicates whether the Falcon sensor is running in kernel, eBPF or auto-switching modefalcon_version -
version of the Falcon sensor
To query Insights inventory for these new systems facts, you can run the following command:
curl -X 'GET' \
'https://console.redhat.com/api/inventory/v1/hosts/<system_uuid>/system_profile?fields%5Bsystem_profile%5D=third_party_services'
\
-H 'accept: application/json' \
-H 'Authorization: Bearer <token>'
THe JSON response will contain the following:
{
"id": "system_uuid",
"system_profile": {
"third_party_services": {
"crowdstrike": {
"falcon_backend": "<falcon_backend_mode>",
"falcon_aid": "<falcon_aid>",
"falcon_version": "<falcon_sensor_version>"
}
}
}
}
Check out the Red Hat Insights API Cheat Sheet to get started with Insights APIs.
Learn more
執筆者紹介
With more than 10 years of experience in the software industry, Stefan Bunciak is currently the Product Manager for Red Hat Insights. He completed his master's degree in Informatics at Masaryk University in Brno and is skilled in project and people management, quality engineering, and software development. In his spare time, he plays violin in a folklore band.
Evan Stoner is a Senior Solution Architect at CrowdStrike focused on integrating its leading security platform with Red Hat’s enterprise open source solutions. Together, Red Hat and CrowdStrike provide a stable and secure foundation for the hybrid cloud: on-premises, in the cloud, or at the edge. Evan has previously held roles as a solution architect for aerospace and defense at Red Hat, platform engineering lead at a defense contractor, and cybersecurity researcher in academia. He has worked at the intersection of security and open source his entire career.
類似検索
チャンネル別に見る
自動化
テクノロジー、チームおよび環境に関する IT 自動化の最新情報
AI (人工知能)
お客様が AI ワークロードをどこでも自由に実行することを可能にするプラットフォームについてのアップデート
オープン・ハイブリッドクラウド
ハイブリッドクラウドで柔軟に未来を築く方法をご確認ください。
セキュリティ
環境やテクノロジー全体に及ぶリスクを軽減する方法に関する最新情報
エッジコンピューティング
エッジでの運用を単純化するプラットフォームのアップデート
インフラストラクチャ
世界有数のエンタープライズ向け Linux プラットフォームの最新情報
アプリケーション
アプリケーションの最も困難な課題に対する Red Hat ソリューションの詳細
オリジナル番組
エンタープライズ向けテクノロジーのメーカーやリーダーによるストーリー
製品
ツール
試用、購入、販売
コミュニケーション
Red Hat について
エンタープライズ・オープンソース・ソリューションのプロバイダーとして世界をリードする Red Hat は、Linux、クラウド、コンテナ、Kubernetes などのテクノロジーを提供しています。Red Hat は強化されたソリューションを提供し、コアデータセンターからネットワークエッジまで、企業が複数のプラットフォームおよび環境間で容易に運用できるようにしています。
言語を選択してください
Red Hat legal and privacy links
- Red Hat について
- 採用情報
- イベント
- 各国のオフィス
- Red Hat へのお問い合わせ
- Red Hat ブログ
- ダイバーシティ、エクイティ、およびインクルージョン
- Cool Stuff Store
- Red Hat Summit