Try SpotterCrowdStrike Falcon Discover inventory source
| "added in version" 4.0.0 of crowdstrike.falcon"
Authors: Carlos Matos (@carlosmmatos)
Install with ansible-galaxy collection install crowdstrike.falcon:==4.3.2
collections:
- name: crowdstrike.falcon
version: 4.3.2Query asset details from the CrowdStrike Falcon Discover API. To learn more about Falcon Discover and Exposure Management, see the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/page/f2197af5/asset-management-overview-discover)
The inventory file is a YAML configuration and must end with C(falcon_discover.{yml|yaml}).
Example: C(my_inventory.falcon_discover.yml)
cache:
default: false
description:
- Toggle to enable/disable the caching of the inventory's source data, requires a
cache plugin setup to work.
env:
- name: ANSIBLE_INVENTORY_CACHE
ini:
- key: cache
section: inventory
type: bool
cloud:
choices:
- us-1
- us-2
- us-gov-1
- eu-1
default: us-1
description:
- The CrowdStrike cloud region to use.
- All clouds are automatically discovered if not specified, except for the C(us-gov-1)
cloud.
- The C(FALCON_CLOUD) environment variable can also be used.
type: str
filter:
description:
- The filter expression that should be used to limit the results using FQL (Falcon
Query Language) syntax.
- See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/page/a9df69ec/asset-management-apis#t0e123bd)
for more information about what filters are available for this inventory.
type: str
groups:
default: {}
description: Add hosts to group based on Jinja2 conditionals.
type: dict
strict:
default: false
description:
- If V(yes) make invalid entries a fatal error, otherwise skip and continue.
- Since it is possible to use facts in the expressions they might not always be available
and we ignore those errors by default.
type: bool
compose:
default: {}
description: Create vars from jinja2 expressions.
type: dict
client_id:
aliases:
- falcon_client_id
description:
- The CrowdStrike API client ID to use.
- See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
for more information about API clients.
- The C(FALCON_CLIENT_ID) environment variable can also be used.
type: str
member_cid:
description:
- The CrowdStrike member CID for MSSP authentication.
- See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
for more information about API clients.
- The C(FALCON_MEMBER_CID) environment variable can also be used.
type: str
cache_plugin:
default: memory
description:
- Cache plugin to use for the inventory's source data.
env:
- name: ANSIBLE_CACHE_PLUGIN
- name: ANSIBLE_INVENTORY_CACHE_PLUGIN
ini:
- key: fact_caching
section: defaults
- key: cache_plugin
section: inventory
type: str
cache_prefix:
default: ansible_inventory_
description:
- Prefix to use for cache plugin files/tables
env:
- name: ANSIBLE_CACHE_PLUGIN_PREFIX
- name: ANSIBLE_INVENTORY_CACHE_PLUGIN_PREFIX
ini:
- key: fact_caching_prefix
section: defaults
- key: cache_prefix
section: inventory
keyed_groups:
default: []
description: Add hosts to group based on the values of a variable.
elements: dict
suboptions:
default_value:
description:
- The default value when the host variable's value is an empty string.
- This option is mutually exclusive with O(keyed_groups[].trailing_separator).
type: str
version_added: '2.12'
version_added_collection: ansible.builtin
key:
description:
- The key from input dictionary used to generate groups
type: str
parent_group:
description: parent group for keyed group
type: str
prefix:
default: ''
description: A keyed group name will start with this prefix
type: str
separator:
default: _
description: separator used to build the keyed group name
type: str
trailing_separator:
default: true
description:
- Set this option to V(False) to omit the O(keyed_groups[].separator) after the
host variable when the value is an empty string.
- This option is mutually exclusive with O(keyed_groups[].default_value).
type: bool
version_added: '2.12'
version_added_collection: ansible.builtin
type: list
cache_timeout:
default: 3600
description:
- Cache duration in seconds
env:
- name: ANSIBLE_CACHE_PLUGIN_TIMEOUT
- name: ANSIBLE_INVENTORY_CACHE_TIMEOUT
ini:
- key: fact_caching_timeout
section: defaults
- key: cache_timeout
section: inventory
type: int
client_secret:
aliases:
- falcon_client_secret
description:
- The CrowdStrike API secret that corresponds to the client ID.
- See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
for more information about API clients.
- The C(FALCON_CLIENT_SECRET) environment variable can also be used.
type: str
use_extra_vars:
default: false
description: Merge extra vars into the available variables for composition (highest
precedence).
env:
- name: ANSIBLE_INVENTORY_USE_EXTRA_VARS
ini:
- key: use_extra_vars
section: inventory_plugins
type: bool
version_added: '2.11'
version_added_collection: ansible.builtin
cache_connection:
description:
- Cache connection data or path, read cache plugin documentation for specifics.
env:
- name: ANSIBLE_CACHE_PLUGIN_CONNECTION
- name: ANSIBLE_INVENTORY_CACHE_CONNECTION
ini:
- key: fact_caching_connection
section: defaults
- key: cache_connection
section: inventory
type: str
leading_separator:
default: true
description:
- Use in conjunction with keyed_groups.
- By default, a keyed group that does not have a prefix or a separator provided will
have a name that starts with an underscore.
- This is because the default prefix is "" and the default separator is "_".
- Set this option to False to omit the leading underscore (or other separator) if
no prefix is given.
- If the group name is derived from a mapping the separator is still used to concatenate
the items.
- To not use a separator in the group name at all, set the separator for the keyed
group to an empty string instead.
type: boolean
version_added: '2.11'
version_added_collection: ansible.builtin