Robot
2023.10
false
Banner background image
Robot User Guide
Last updated Feb 27, 2024

CrowdStrike Integration

Integrating UiPath Robots with the CrowdStrike Falcon endpoint protection platform has the following advantages:

  • Extended security posture for your organization
  • Business continuity for your robot workforce
  • Improved visibility and analysis capabilities for your security team
  • Seamless technical integration

The integration provides an easy way to detect and selectively block any suspicious or malicious activity caused by the process execution, a short demo can be seen below:

Prerequisites and Configuration

  • 2021.10 Robot and Studio
  • 6.33 version of CrowdStrike Falcon sensor
  • (Optional) 2021.10 Orchestrator or Automation Cloud Orchestrator 1

    The integration is automatically activated when both UiPath Robot and CrowdStrike Falcon sensor are installed on the machine.

    1 When the robot is connected to an Orchestrator older than 2021.10, the TenantName, TenantKey, and TenantId fields are not sent to the CrowdStrike cloud console.

Integration Architecture

Data related to process execution contains annotation metadata which is sent to the CrowdStrike Falcon sensor. From there, it is sent to the CrowdStrike management console where it can be reviewed by the security team. The integration is based on the following components, which are split between UiPath and CrowdStrike:



Fields Description

Metadata sent to CrowdStrike Falcon includes:

  • Orchestrator URL - The URL that the robot uses for the Orchestrator connection (e.g. https://cloud.uipath.com).
  • Tenant Name - The tenant in the Orchestrator instance used by the robot.
  • Folder Info - The folder in Orchestrator where the process is found.
  • Package Name - The name of the package used by the robot to run the automation.
  • Process Name - The name of the process run by the robot.
  • Process Key (ID) - The process key (identifier).
  • Machine Name - The machine name on which the automation is running on.
  • Windows User - The Windows user under which the automation is running.
  • User Name - The username under which the automation is running.
  • User's Email - The Orchestrator user's email that runs the job.
  • Job ID - The job id in Orchestrator for the running job.
  • Job Start Date - The date when the job was started.

Visibility in UiPath products

The status of the integration between the Robot and the CrowdStrike Falcon endpoint protection platform is visible in the following places:

  • In Orchestrator, in the EDR Protection column, which is displayed in the Machines and the Installed Versions & Logs pages.
  • In the Assistant, by hovering over the tray icon.

CrowdStrike Documentation

Depending on the CrowdStrike account you are using, you can access one of the four documentation URLs:

  1. US-1
  2. US-2
  3. EU-1
  4. US-GOV-1

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.