Greetings,
Does anyone here have experience deploying the CrowdStrike Falcon sensor on Databricks worker instances? For context, the cluster is deployed in AWS and we use a Databricks Ubuntu 20.04 AMI. Databricks allows adding a bootstrap/startup script that we attempted to use to download and install the Falcon sensor, which did not work as Databricks apparently runs inside of an LXC userspace and the Falcon sensor is not compatible (per CrowdStrike support). To confirm, I deployed an EC2 instance using the same AMI and bootstrap script directly from the AWS console and the Falcon sensor installs/runs normally on the underlying OS.
We also noticed that the Databricks AMI didn't have the SSM agent installed, preventing the use of State Manager to deploy the sensor.
Is there any way to "bake" the Falcon sensor into a custom AMI and specify it when creating Databricks clusters? Any other options?
Thanks