Security agents

• Meeting compliance requirements for endpoint detection and response (EDR)
• Monitoring development environments for threats
• Maintaining security visibility across your organization

​

CrowdStrike Falcon

​

Prerequisites

• CrowdStrike Falcon subscription with container sensor support
• Access to Falcon container images
• Customer ID (CID)

​

Configuration

1. Go to Policies and toggle Enable CrowdStrike Falcon
2. Click Settings

3. Enter required information:
   • Customer ID (CID): Stored securely, not visible in secrets list
   • Falcon Sensor Image: Full image reference (e.g., 123456789.dkr.ecr.us-east-1.amazonaws.com/falcon-sensor:7.18.0-17106)

4. (Optional) Expand Advanced Options:
   • Tags: Comma-separated tags for Falcon console grouping
   • Additional Falcon Options: Key-value pairs for falconctl config

5. Click Save

​

CLI configuration

# View current configuration
gitpod organization security-agent get --organization-id <org-id>

# Enable CrowdStrike Falcon
gitpod organization security-agent set \
  --organization-id <org-id> \
  --crowdstrike-enabled \
  --crowdstrike-image <image-reference> \
  --crowdstrike-cid-secret-id <secret-id>

​

How it works

​

Effect on users

​

Troubleshooting