CrowdStrike (CS): Frequently Asked Questions (FAQs)

Description

General

Is a Proof of Concept (PoC) available?

Yes, we offer a 21-day Proof of Concept for new partners

What is involved with a Proof of Concept?

  • Time Frame: 21 days, starting with the kickoff call
  • Endpoint Limit: Unlimited
  • Details outlining the PoC can be found here: CS : Proof of Concept (POC)

Will my licensing automatically convert to production at the end of the PoC?

  • Yes, the CrowdStrike MDR implementation will be automatically converted to production at the end of the 21 day PoC unless canceled before the conversion

What are the responsibilities of the partner?

  • Management of the deployment process
    • Deployment of the CrowdStrike Agents
    • Creating a Clean Baseline for the devices
    • Implementing Protection Phase
  • Maintaining polices and exclusions
  • Removal of duplicate or retired machines
  • Providing Tier 1 support to your customers
  • Contacting SonicWall MSS for any Tier 2 or Tier 3 issues that you are unable to resolve
  • Remediate issues identified from the provided report card
  • Further investigate alerts sent from the SonicWall MSS SOC

What are the Deliverables from SonicWall MSS?

  • Provides training, support, and documentation
  • Setup and configuration of the Syslog/SIEM settings within the SIEM/SOAR platform
  • Alerting of abnormal, suspicious or malicious behavior
  • Initial response to a compromise

Implementation

 

What if I already have CrowdStrike deployed and want to move to the CrowdStrike MDR offering?

  • Our CrowdStrike MDR offering requires devices to be registered in accounts created under our overall management.
  • You will need to uninstall and reinstall the CrowdStrike sensor to have the devices register in the CrowdStrike MDR account.

What devices do I need to install the CrowdStrike agent on?

  • The CrowdStrike agent should be deployed on all devices in an environment

Is there a Multi-tenancy option?

  • Yes, all CrowdStrike MDR accounts are setup with a ‘Parent-Child’ architecture
    • Partners will be able to create their own customer sites and maintain policies as desired
    • Customers will not be able to create their own tenants within the partner's Account

Support

How do I contact support?

  • To start a support ticket, partners can visit https://msssupport.myportallogin.com and when asked to select a product, select Endpoint Security, and then CS Support.
  • Meetings can be scheduled via the CrowdStrike Support Calendly page:
  • If there is an emergency, we always recommend calling our office at 703.565.2395
  • Standard Support hours for CrowdStrike MDR are currently 8 AM - 8 PM EST Monday - Friday
    • MDR partners are provided with 24/7 Emergency Support
      • Please call our office at 703.565.2395 if Emergency Support is needed

How do I access CrowdStrike documentation?

  • We have created the following link for recommended documentation that all partners are provided once onboarding has started

Is there official training for CrowdStrike available for partners?

  • SonicWall MSS will train the partner on all support and administrative topics

Monitoring

How are CrowdStrike logs retained?

  • CrowdStrike syslogs are sent from the central management console to our SIEM/SOAR for SOC services
    • These logs are maintained for 1 year

Do I get access to the SIEM?

  • MDR partners are granted access to our SIEM (by request) for visibility and reporting purposes

Is your SOC outsourced?

  • No. SonicWall MSS runs a 24x7x365 in-house Security Operations Center. All employees are US based and full time employees.

How am I contacted if there’s an issue?

  • We ask for each partner to provide the preferred contact info for the following categories:
    • CS General
      • This will be used for all CrowdStrike related general communication to include news, release notes, etc
    • CS Audit Report
      • This is where we will send your CrowdStrike implementation report cards
        • Likewise, you may indicate you would like to opt-out on receiving the twice-a-month report cards
    • SOC Alerts
      • The contact in the event our SOC Analysts find abnormal, suspicious, or malicious activity
      • This would also be the contact that would receive advanced alerting from our SIEM
        • Please let us know if you would like to separate this into two separate contacts
    • SOC Emergency Contact
      • Phone numbers in the event we need/you would like us to contact you after hours or in an emergency
  • Please reference the following article: EPP Alert Processing

Billing

How am I licensed for CrowdStrike?

  • CrowdStrike MDR invoicing is conducted monthly
    • The invoice will be a total of all devices belonging to our partner and the invoice will be provided on the first business day of the month
    • How do I get a breakdown of my devices per customer?

Will I be charged for duplicate or offline/retired devices?

  • Yes, we ask that partners monitor and remove duplicated devices or machines that have been retired but are still in the portal.

Related Articles

  • CS : Child CID Provisioning
    Read More
  • Cylance - Uninstalling Agent
    Read More
  • Cylance - Support Collection Tool
    Read More
not finding your answers?
was this article helpful?