Subscribe

UiPath Robot

The UiPath Robot Guide

CrowdStrike Integration

About

Integrating UiPath Robots with the CrowdStrike Falcon endpoint protection platform has the following advantages:

  • Extended security posture for your organization
  • Business continuity for your robot workforce
  • Improved visibility and analysis capabilities for your security team
  • Seamless technical integration

The integration provides an easy way to detect and selectively block any suspicious or malicious activity caused by the process execution, a short demo can be seen below:

Prerequisites and Configuration

  • 2021.10 Robot and Studio
  • 6.33 version of CrowdStrike Falcon sensor
  • (Optional) 2021.10 Orchestrator or Automation Cloud Orchestrator 1
    The integration is automatically activated when both UiPath Robot and CrowdStrike Falcon sensor are installed on the machine.
    1 When the robot is connected to an Orchestrator older than 2021.10, the TenantName, TenantKey, and TenantId fields are not sent to the CrowdStrike cloud console.

Integration Architecture

Data related to process execution contains annotation metadata which is sent to the CrowdStrike Falcon sensor. From there, it is sent to the CrowdStrike management console where it can be reviewed by the security team. The integration is based on the following components, which are split between UiPath and CrowdStrike:

988

Fields Description

Metadata sent to CrowdStrike Falcon includes:

  • Orchestrator URL - The URL that the robot uses for the Orchestrator connection (e.g. https://cloud.uipath.com).
  • Tenant Name - The tenant in the Orchestrator instance used by the robot.
  • Folder Info - The folder in Orchestrator where the process is found.
  • Package Name - The name of the package used by the robot to run the automation.
  • Process Name - The name of the process run by the robot.
  • Process Key (ID) - The process key (identifier).
  • Machine Name - The machine name on which the automation is running on.
  • Windows User - The Windows user under which the automation is running.
  • User Name - The username under which the automation is running.
  • User's Email - The Orchestrator user's email that runs the job.
  • Job ID - The job id in Orchestrator for the running job.
  • Job Start Date - The date when the job was started.

Visibility in UiPath products

The status of the integration between the Robot and the CrowdStrike Falcon endpoint protection platform is visible in the following places:

  • In Orchestrator, in the EDR Protection column, which is displayed in the Machines and the Installed Versions & Logs pages.
  • In the Assistant, by hovering over the tray icon.

CrowdStrike Documentation

Depending on the CrowdStrike account you are using, you can access one of the four documentation URLs:

  1. US-1
  2. US-2
  3. EU-1
  4. US-GOV-1

Updated 2 months ago


CrowdStrike Integration


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.