-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
CrowdStrike (CS): Frequently Asked Questions (FAQs)
01/08/2025 
0 People found this article helpful
10,462 Views
Description
Table of Contents
General
Is a Proof of Concept (PoC) available?
Yes, we offer a 21-day Proof of Concept for new partners
What is involved with a Proof of Concept?
- Time Frame: 21 days, starting with the kickoff call
- Endpoint Limit: Unlimited
- Details outlining the PoC can be found here: CS : Proof of Concept (POC)
Will my licensing automatically convert to production at the end of the PoC?
- Yes, the CrowdStrike MDR implementation will be automatically converted to production at the end of the 21 day PoC unless canceled before the conversion
What are the responsibilities of the partner?
- Management of the deployment process
- Deployment of the CrowdStrike Agents
- Creating a Clean Baseline for the devices
- Implementing Protection Phase
- Maintaining polices and exclusions
- Removal of duplicate or retired machines
- Providing Tier 1 support to your customers
- Contacting SonicWall MSS for any Tier 2 or Tier 3 issues that you are unable to resolve
- Remediate issues identified from the provided report card
- Further investigate alerts sent from the SonicWall MSS SOC
What are the Deliverables from SonicWall MSS?
- Provides training, support, and documentation
- Setup and configuration of the Syslog/SIEM settings within the SIEM/SOAR platform
- Alerting of abnormal, suspicious or malicious behavior
- See the following article for more details on our SOC response: EPP Alert Processing
- Initial response to a compromise
Implementation
What devices do I need to install the CrowdStrike agent on?
- The CrowdStrike agent should be deployed on all devices in an environment
Is there a Multi-tenancy option?
- Yes, all CrowdStrike MDR accounts are setup with a ‘Parent-Child’ architecture
- Partners will be able to create their own customer sites and maintain policies as desired
- Customers will not be able to create their own tenants within the partner's Account
Support
How do I contact support?
- To start a support ticket, partners can visit https://sgi.myportallogin.com and when asked to select a product, select Endpoint Security, and then CS Support.
- Meetings can be scheduled via the CrowdStrike Support Calendly page:
- 30 minute meeting: https://calendly.com/cs-mdr/30-minute-follow-up
- 45 minute training session: https://calendly.com/cs-mdr/product-training
- If there is an emergency, we always recommend calling our office at 703.565.2395
- Standard Support hours for CrowdStrike MDR are currently 8 AM - 8 PM EST Monday - Friday
- MDR partners are provided with 24/7 Emergency Support
- Please call our office at 703.565.2395 if Emergency Support is needed
- MDR partners are provided with 24/7 Emergency Support
How do I access CrowdStrike documentation?
- We have created the following link for recommended documentation that all partners are provided once onboarding has started
Is there official training for CrowdStrike available for partners?
- SonicWall MSS will train the partner on all support and administrative topics
Monitoring
How are CrowdStrike logs retained?
- CrowdStrike syslogs are sent from the central management console to our SIEM/SOAR for SOC services
- These logs are maintained for 1 year
Do I get access to the SIEM?
- MDR partners are granted access to our SIEM (by request) for visibility and reporting purposes
Is your SOC outsourced?
- No. SonicWall MSS runs a 24x7x365 in-house Security Operations Center. All employees are US based and full time employees.
How am I contacted if there’s an issue?
- We ask for each partner to provide the preferred contact info for the following categories:
- CS General
- This will be used for all CrowdStrike related general communication to include news, release notes, etc
- CS Audit Report
- This is where we will send your CrowdStrike implementation report cards
- Likewise, you may indicate you would like to opt-out on receiving the twice-a-month report cards
- This is where we will send your CrowdStrike implementation report cards
- SOC Alerts
- The contact in the event our SOC Analysts find abnormal, suspicious, or malicious activity
- This would also be the contact that would receive advanced alerting from our SIEM
- Please let us know if you would like to separate this into two separate contacts
- SOC Emergency Contact
- Phone numbers in the event we need/you would like us to contact you after hours or in an emergency
- CS General
- Please reference the following article: EPP Alert Processing
Billing
How am I licensed for CrowdStrike?
- CrowdStrike MDR invoicing is conducted monthly
- The invoice will be a total of all devices belonging to our partner and the invoice will be provided on the first business day of the month
- How do I get a breakdown of my devices per customer?
- Please reference the following article: CrowdStrike (CS): Monthly Invoicing
Will I be charged for duplicate or offline/retired devices?
- Yes, we ask that partners monitor and remove duplicated devices or machines that have been retired but are still in the portal.
YES
NO