Transcript
Hey everyone, happy Friday! We are continuing our Friday Flow series here and uh, as has become custom here, I don't know how many times you've been on now, Connor, but at least probably 4 or 5. Uh, we're joined by Connor Dunn. How are you doing, Connor? Hey, Blake. Good to be, uh, somewhat regular face here now. Yeah, absolutely. I probably gotta go back and do the math, but probably leading in terms of total total Friday flows. Videos. So. Sounds about right. Yeah. Thank you. Come on for number one. Yeah I'm excited to do this one. It's one. It's a story that you built um and got into the library yourself. Incorporates a couple of very popular tools these days and Jamf and CrowdStrike. Um, and when we wrap up, I'll highlight the new Jamf customer story as well. Um, but let's talk about the the tying story. Um, what is it that we're looking at today? Yeah. So basically the idea of this story is it allows you to, um, and share my screen. Which might actually sharing this one here. So the idea of this story is when devices are enrolled, sometimes you have software being installed directly through the your MDM platform like Jamf. In this case, um, one of the key tools you'd want installed on every device is your antivirus or your EDR tool, in this case, CrowdStrike. So when you set it up, when you enroll the device, CrowdStrike will get installed on your device. Um, sometimes, though, there's a few issues which are not always bubbled up to the surface. And it actually the device might not properly install CrowdStrike. So the idea of this was when a new device gets enrolled, lock up that device on CrowdStrike. If after an hour the device has not shown up, that's something that might need to get alerted to it for them to actually go in and fix and for them to be aware of this issue. Again, with there could be very other various other tools that are installed instead of CrowdStrike that you might want to check, but CrowdStrike is just the example we used here. Um, so this is what the story looks like, nice and small. Before you start, you do need to set up a webhook in Jamf. There are some instructions here with their documentation, and you're going to want your, um, install policy to actually download CrowdStrike to begin with. Or else every time a device is enrolled, you're going to get these alerts and errors. So what we can do here is this is just an example payload of what it might look like for Jamf. And we can send this here to Tignes. And we'll see. We'll get a notification in slack that a device has been enrolled. We then search for that device in CrowdStrike. And since it's found, we very quickly close off saying it's it's it is installed. Uh, if not, if I jump over to my device. Enrollment slack channel. You can see, earlier, we enrolled Blake's MacBook Pro, and we got this alert here. The channel is tagged that CrowdStrike is not detected on this device, so it might want to look into this for this device here we can see it was installed. Um, I ran this one earlier because didn't want us sitting around for an hour, uh, waiting for this to go through. I thought that might be a bit long for a Friday flow. We have to do some editing on the video, so thanks for running it early. But yeah, but yeah, that's the story. Very simple. But again, it's a very important thing to be keeping an eye on, making sure that your devices are properly enrolled and have all the software required on them. Yeah. Connor, I'm curious if you didn't have this workflow, you didn't have an automated way to look for any sort of like software installed on a device. Do you have a sense of how teams figure that out today, or is this something? This is just a value add. You know that you likely wouldn't really be able to do unless you're automating it. Yeah. So to be honest, it's very easy. The way this works. All I'm doing is I'm looking up in CrowdStrike for the device and I'm just going by hostname. Uh, Jamf also does capture the serial number of the device. So you could be searching for the device that way. Um, but. Yeah. Look, I was on a team where we had devices enrolled. Um, and our endpoint EDR solution wasn't installing. Um, we actually weren't. Didn't realize that was going on. Um, one day, I ended up sitting down. We went through exporting all our devices, doing a whole match up, massive Excel sheets, massive. A lot of work of actually tracking down devices. Sometimes the hostname could just be different from one solution to another, or try and sort this that out. But if you're doing capturing it right here or right now, at least you'll be alerted if there's an issue and you can actually double check yourself very easily. Right? Is the host name just being picked up? Slightly different? Um, so the idea of this is it just helps stop those headaches in the future. Cool. Yeah, that makes a ton of sense. Um, well, great. Thanks for running us through that. And like you said, I think it's cool. You know, you've built this around CrowdStrike, which is obviously a very popular tool, but in theory, you could swap out anything, uh, that you're using and want to be sure is installed. I, um, I'll, I'll steal your screen here real quick because I mentioned at the beginning. So staying on this, uh, this Jamf theme, I did want to just highlight their new case study for how they're using tines, and I won't I won't walk through everything today. You can. I'll post the link on the on the video and you can go read it yourself, but, Um, the highlight, the big takeaway that I thought was pretty cool was this is a very talented team. They were previously building using Python. Um, and they've just really been able, as you can read their 20 x, their workflow development speed. So you've taken, uh, already talented folks and kind of giving them a superpower to now where they're going, uh, you know, what was stopping them before wasn't probably ideas of automations to build, but just their capacity to do it. And they've they've taken a workflow development time down from one week to just two hours. So it's pretty cool to see what they're doing with the platform today led by those guys. You can see there, Andrew and Phineas and the rest of the Jamf team. So I'll post it. Um, and feel free to read through yourself. That puts a bow on, uh, on this week's Friday Flows. Connor. This rate. I'm sure we'll see you back here pretty soon. Thank you. I'm gunning for your spot, Blake. Perfect. Yeah. See you man. Bye. See you.