CrowdStrike July Outage (C-00000291)

Incident Report for Rapid Response Status Page

Resolved

This incident has been resolved.
Posted Jul 19, 2024 - 10:42 UTC

Identified

Dear Customers,

Team Axon is aware of the significant outage affecting Windows machines with CrowdStrike EDR agents, caused by a driver update.
To assist with scoping the impact, we have created a dedicated SQL query and visibility dashboard for our CrowdStrike customers.

1. Visibility dashboard: The dashboard “CrowdStrike July Outage (C-00000291) Visibility Dashboard” is available from the Hunters platform —> “Data” --> “Visibility” page.

2. Visibility query: The dashboard helps identify affected machines by checking for LFODownloadConfirmation events, which indicate when a specific CrowdStrike-related driver (C-00000291) has been downloaded from their servers. Additionally, the query detects if the driver file has been deleted by correlating it with deletion events. You can find the query on Axon’s RR Github: https://github.com/axon-git/rapid-response/blob/main/CrowdStrike%20July%20Outage%20(C-00000291)/crowdstrike_july_outage_c-00000291_visibility_query.sql


Yours,

Team Axon
Posted Jul 19, 2024 - 10:27 UTC
This incident affected: Rapid Response.