Try SpotterConfigure CrowdStrike Falcon Sensor
| "added in version" 3.2.0 of crowdstrike.falcon"
Authors: Gabriel Alford (@redhatrises), Carlos Matos (@carlosmmatos)
Install with ansible-galaxy collection install crowdstrike.falcon:==4.3.2
collections:
- name: crowdstrike.falcon
version: 4.3.2Configures CrowdStrike Falcon Sensor on Linux systems
- name: Set CrowdStrike Falcon CID
crowdstrike.falcon.falconctl:
state: present
cid: 1234567890ABCDEF1234567890ABCDEF-12
- name: Set CrowdStrike Falcon CID with Provisioning Token
crowdstrike.falcon.falconctl:
state: present
cid: 1234567890ABCDEF1234567890ABCDEF-12
provisioning_token: 12345678
- name: Delete CrowdStrike Falcon CID
crowdstrike.falcon.falconctl:
state: absent
cid: ""
- name: Delete Agent ID to Prep Master Image
crowdstrike.falcon.falconctl:
state: absent
aid: yes
- name: Configure Falcon Sensor Proxy
crowdstrike.falcon.falconctl:
state: present
apd: no
aph: example.com
app: 8080
aid:
description:
- Whether or not you would like to delete the associated Agent ID.
- Useful when preparing a host as a master image for cloning or virtualization.
- This applies only to C(state=absent).
type: bool
apd:
description:
- Whether to enable or disable the Falcon sensor to use a proxy.
- To enable the proxy, set to C('false').
- 'Valid Options are: C(''true''|''false''|'''')'
type: str
aph:
description:
- Specifies the application proxy host to use for Falcon sensor proxy configuration.
type: str
app:
description:
- Specifies the application proxy port to use for Falcon sensor proxy configuration.
type: str
cid:
description:
- CrowdStrike Falcon Customer ID (CID).
type: str
tags:
description:
- Sensor grouping tags are optional, user-defined identifiers you can use to group
and filter hosts.
- To assign multiple tags, separate tags with commas.
- I(The combined length of all tags for a host, including comma separators, cannot
exceed 256 characters).
type: str
state:
choices:
- absent
- present
description:
- Ensures that requested parameters are removed (absent) or added (present) to the
Falcon sensor.
required: true
type: str
trace:
choices:
- none
- err
- warn
- info
- debug
description:
- Configure the appropriate trace level.
type: str
backend:
description:
- Configure the backend for the Falcon sensor. This was introduced to support the
BPF backend.
- C(backend) is only available in sensor versions that support the C(--backend) option
(>6.46.0).
- 'Valid Options are: C(''auto''|''bpf''|''kernel'')'
type: str
billing:
description:
- Specify the (Pay-As-You-Go) billing model for Cloud Workloads.
- Falcon for Cloud Workloads (Pay-As-You-Go) is a billing model for your hosts that
run in Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
- For ephemeral workloads in these cloud environments, you pay only for the hours
that hosts are active each month C(metered), rather than a full annual contract
price per sensor C(default).
- 'Valid Options are: C(''metered''|''default''|'''')'
type: str
feature:
choices:
- none
- enableLog
- disableLogBuffer
description:
- Configure the Falcon sensor feature flags.
elements: str
type: list
message_log:
description:
- Whether or not you would like to log messages to disk.
- 'Valid Options are: C(''true''|''false''|'''')'
type: str
provisioning_token:
description:
- Installation tokens prevent unauthorized hosts from being accidentally or maliciously
added to your customer ID (CID).
- Optional security measure for your CID.
- This paramter requires supplying a C(cid).
type: str