- 入门指南
- 了解 UiPath Robot
- UiPath Assistant
- 安装要求
- Installing robots for unattended automations
- Configuring robots for unattended automations
- Deploying unattended automations
- Connecting robots for unattended automations to Orchestrator
- Setting up Windows Server for High-Density Robots
- 通过代理服务器重定向机器人
- Implementing authentication
- Adjusting registry settings for execution in minimized RDP windows
- Using network locations
- 设置 Linux 机器人
- 配置包签名验证
- 设置包文件夹和网络路径
- 配置活动订阅源
- Installing robots for attended automations
- Configuring robots for attended automations
- 集成
- CrowdStrike 集成
- 故障排除
Robot admin guide
CrowdStrike 集成
The integration of UiPath Robot with the CrowdStrike Falcon endpoint protection platform has the following advantages:
-
Extended security posture for your organization - This means you can enhance the overall security framework of your organization.
-
Business continuity for your robot workforce - This ensures your robot workforce continues to function without interruption.
-
Improved visibility and analysis capabilities for your security team - The integration allows the security team to more easily monitor and analyze the actions of the robots.
-
Seamless technical integration - This minimizing potential technical issues.
The following demo shows how the integration provides an easy way to detect and selectively block any suspicious or malicious activity caused by the automation execution:
- 2021.10 Robot 和 Studio
- 6.33 版本的 CrowdStrike Falcon 传感器
-
(可选)2021.10 Orchestrator 或 Automation Cloud Orchestrator
1当计算机上同时安装 UiPath Robot 和 CrowdStrike Falcon 传感器时,系统会自动激活该集成。
1当机器人连接到版本低于 2021.10 的 Orchestrator 时,系统不会将TenantName、TenantKey和TenantId字段发送到 CrowdStrike 云控制台。
Data related to automation execution contains annotation metadata which is sent to the CrowdStrike Falcon sensor. From there, it is sent to the CrowdStrike management console where it can be reviewed by the security team. The integration is based on the following components, which are split between UiPath and CrowdStrike:
The Robot sends the following metadata to CrowdStrike Falcon:
- Orchestrator URL - The URL that the robot uses for the Orchestrator connection (e.g. https://cloud.uipath.com).
- Tenant Name - The tenant in the Orchestrator instance used by the robot.
- Folder Info - The folder in Orchestrator where the process is found.
- Package Name - The name of the package used by the robot to run the automation.
- Process Name - The name of the process run by the robot.
- Process Key (ID) - The process key (identifier).
- Machine Name - The machine name on which the automation is running on.
- Windows 用户 - 运行自动化的 Windows 用户。
- 用户名 - 运行自动化的用户名。
- User's Email - The Orchestrator user's email that runs the job.
- Job ID - The job id in Orchestrator for the running job.
- Job Start Date - The date when the job was started.
The integration status of your CrowdStrike Robot protection could be one of the following:
-
“已启用 ” - 已启用 CrowdStrike 保护;对于计算机模板,将在与该模板关联的所有主机上启用 EDR 保护。
-
N/A - CrowdStrike 保护未启用或状态未知。
-
混合 (此状态仅针对计算机模板显示,并且仅在“ 计算机 ” 页面上显示)- 在连接到模板的某些主机上启用 CrowdStrike 保护,在其他主机上禁用,或者状态不可用。
To see the integration status, access the following places:
-
Orchestrator, on the Tenant > Machines > Installed Versions & Logs page, check the EDR Protection column. It displays the status of your CrowdStrike Robot protection per machine or machine template over the last 30 days.
-
Assistant, hover over the tray icon.
