Note: In case CrowdStrike Falcon Spotlight integration isn't available in your Endpoint Central server, kindly contact support.
By seamlessly integrating CrowdStrike Falcon Spotlight into the Endpoint Central console, IT administrators can now efficiently address identified vulnerabilities with the deployment of corresponding patches. Bid farewell to the hassle of navigating to multiple dashboards and manually mapping vulnerabilities with the appropriate patches. The CrowdStrike Falcon Spotlight integration handles it all for you, simplifying the entire process and saving all the valuable time and efforts.
1) Will Spotlight automatically update the required patches, or do we need to configure Endpoint Central to extract the scan results?
The Spotlight API details must be configured in the Endpoint Central console (one-time setup). After integration, vulnerabilities scanned by Spotlight will be automatically imported into the Endpoint Central console and the required patches will be mapped.
2) Do we need to perform a scan after patching, or will the data automatically update to Spotlight once Endpoint Central patches the vulnerabilities?
After creating a Manual Deployment task in Endpoint Central and successfully deploying the patches, a scan must be performed in Spotlight to update the latest scan results. This scan can also be scheduled for convenience.
3) Is it necessary to install both the Spotlight and Endpoint Central agents on the systems for successful integration?
Yes, you need to install both the Spotlight and Endpoint Central agents on the systems. This setup ensures that the patches are automatically mapped to the vulnerabilities identified by Spotlight.
4) How are patches deployed to mitigate vulnerabilities after integration?
Following integration, vulnerabilities identified by Spotlight can be imported into the Endpoint Central console. Patches can then be deployed manually by creating a Manual Deployment task.
5) Why are certain vulnerabilities marked as Not Available in terms of Patch Availability?
Patches for vulnerabilities detected by Spotlight are mapped by comparing with the imported CVE information. Specifically, only patches supported by Endpoint Central will be associated with Spotlight-detected vulnerabilities. Check the list of supported applications for reference. Note: Endpoint Central currently does not support patching user installed applications. Threats detected by Spotlight with available patches will be listed under Threats & Patches > Spotlight Threats. Users can also deploy patches for these vulnerabilities directly from this view.
Kindly contact support for any queries.