Crowdstrike Falcon sensors go through a rapid development cycle on both slow and fast tracks.
Overview
Crowdstrike Falcon sensors (the endpoint protection client applications) are divided into two tracks. The normal track, which is the recommended track, is updated about 10 times per year (excluding June and December). A long-term track contains sensors that are updated in June and December, and supported for 12 months.
Crowdstrike recommends that all device sensors are within N-2 (current and no older than 2 previous versions) for breach warranty coverage.
Where to find this
The version control for the Falcon sensors is located in the sensor update policy. The default is an auto-updating N-1, which means in most cases an endpoint will have a sensor version that is not much more than 30 days old.
Where to start
It's recommended to start with the default release and update cadence. Circumstances may dictate a faster adoption, such as testing a beta OS version, or slower, if a device needs to hold at a slower cadence or has proven fragile with sensor updates.
Gotchas & pitfalls
Crowdstrike makes Early Adopter builds available 3-5 days before release as the new N version. If desired, a policy could be applied to test or Early Adopter groups for feedback before the N version rotates. However, if most host groups are on N-1, then testing the upcoming N version is less critical.
More Information