Try SpotterManage authentication
| "added in version" 4.0.0 of crowdstrike.falcon"
Authors: Carlos Matos (@carlosmmatos)
Install with ansible-galaxy collection install crowdstrike.falcon:==4.3.2
collections:
- name: crowdstrike.falcon
version: 4.3.2Manage token authentication with CrowdStrike Falcon API.
Utilizing access tokens can enhance efficiency when making multiple API calls helping to circumvent rate-limiting constraints.
The module will not report changes.
Refer to the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis) for detailed information on OAuth2 authentication with CrowdStrike Falcon.
- name: Generate Authentication Credentials (access token and cloud region) crowdstrike.falcon.auth:
- name: Generate Authentication Credentials with specific member CID
crowdstrike.falcon.auth:
member_cid: "{{ member_cid_var }}"
- name: Revoke an OAuth2 token
crowdstrike.falcon.auth:
action: revoke
access_token: "{{ access_token_var }}"
cloud:
choices:
- us-1
- us-2
- us-gov-1
- eu-1
default: us-1
description:
- The CrowdStrike cloud region to use.
- All clouds are automatically discovered if not specified, except for the C(us-gov-1)
cloud.
- The C(FALCON_CLOUD) environment variable can also be used.
type: str
action:
choices:
- generate
- revoke
default: generate
description:
- Define the action to be performed.
- When I(action=generate), this module returns authentication credentials, which include
the OAuth2 access token and cloud region.
- When I(action=revoke), this module revokes the OAuth2 token specified in the I(access_token)
parameter.
type: str
client_id:
aliases:
- falcon_client_id
description:
- The CrowdStrike API client ID to use.
- See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
for more information about API clients.
- The C(FALCON_CLIENT_ID) environment variable can also be used.
type: str
member_cid:
description:
- The CrowdStrike member CID for MSSP authentication.
- See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
for more information about API clients.
- The C(FALCON_MEMBER_CID) environment variable can also be used.
type: str
user_agent:
description:
- Custom User-Agent string to use for requests to the API.
- The user agent string is prepended to the default user agent string (C(crowdstrike-ansible/<version>)).
- See L(RFC 7231,https://tools.ietf.org/html/rfc7231#section-5.5.3) for more information.
- The C(FALCON_USER_AGENT) environment variable can also be used.
type: str
ext_headers:
description:
- Extended headers that are prepended to the default headers dictionary.
type: dict
access_token:
description:
- The OAuth2 access token to be revoked.
- Required if I(action=revoke).
type: str
client_secret:
aliases:
- falcon_client_secret
description:
- The CrowdStrike API secret that corresponds to the client ID.
- See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
for more information about API clients.
- The C(FALCON_CLIENT_SECRET) environment variable can also be used.
type: str
auth:
contains:
access_token:
description:
- The generated OAuth2 access token.
- Returned when action is set to C(generate).
returned: success
type: str
cloud:
description:
- The CrowdStrike cloud region to use. This may differ from the module's I(cloud)
argument due to the autodiscovery process.
- Returned when action is set to C(generate).
returned: success
type: str
description: The authentication credentials (OAuth2 access token and cloud region).
returned: success
type: dict