How can I view Crowdstrike configuration on a given host?

Last updated on March 18, 2025 ·Around 1 minute

A little while ago, I was asked about some EC2 hosts running Crowdstrike, particularly which versions they were running.

While Crowdstrike was running as a systemd daemon, it wasn't immediately clear how to poke at it to get at any configuration info.

It turns out that Crowdstrike's daemon shipped with a CLI tool available at /opt/CrowdStrike/falconctl.

You can use the -g flag to "GET" options followed by whichever flag might be useful. -h is your field here.

For getting the version, I was able to do that like so:

$ /opt/CrowdStrike/falconctl -g --version

$ /opt/CrowdStrike/falconctl -g --version