crowdstrike / crowdstrike.falcon / 4.3.2 / module / host_hide Hide/Unhide hosts from the Falcon console | "added in version" 4.0.0 of crowdstrike.falcon" Authors: Carlos Matos (@carlosmmatos)crowdstrike.falcon.host_hide (4.3.2) — module
Install with ansible-galaxy collection install crowdstrike.falcon:==4.3.2
collections: - name: crowdstrike.falcon version: 4.3.2
Manages the visibility of hosts in the Falcon console.
To prevent unnecessary detections from an inactive or a duplicate host, you can opt to hide the host from the console. This action does not uninstall or deactivate the sensor. Detection reporting resumes after a host is unhidden.
The module will return a list of successfull and failed hosts agent IDs (AIDs) for the action performed.
- name: Hide a host from the Falcon console crowdstrike.falcon.host_hide: hosts: "12345678901234567890"
- name: Unhide hosts from the Falcon console crowdstrike.falcon.host_hide: hosts: - "12345678901234567890" - "09876543210987654321" hidden: false
- name: Individually hide hosts with a list from the Falcon console crowdstrike.falcon.host_hide: auth: "{{ falcon.auth }}" # Use auth saved from crowdstrike.falcon.auth module hosts: "{{ item }}" loop: "{{ host_ids }}" register: hide_result
- name: Fail if any hosts could not be hidden fail: msg: "Hosts could not be hidden: {{ hide_result.failed_hosts }}" when: hide_result.failed_hosts | length > 0
auth: description: - The registered result of the M(crowdstrike.falcon.auth) module, or a dictionary containing the I(access_token) and I(cloud) keys. - If provided, the I(client_id), I(client_secret), I(member_cid), and I(cloud) options are ignored. - Useful when needing to make multiple API calls to avoid rate limiting issues. suboptions: access_token: description: - The OAuth2 access token to use for authentication. type: str cloud: description: - The CrowdStrike cloud region to use. - This can differ from the module's I(cloud) argument due to autodiscovery. type: str type: dict cloud: choices: - us-1 - us-2 - us-gov-1 - eu-1 default: us-1 description: - The CrowdStrike cloud region to use. - All clouds are automatically discovered if not specified, except for the C(us-gov-1) cloud. - The C(FALCON_CLOUD) environment variable can also be used. type: str hosts: description: - A list of host agent IDs (AIDs) to perform the action on. elements: str required: true type: list hidden: default: true description: - Whether to hide or unhide the hosts. type: bool client_id: aliases: - falcon_client_id description: - The CrowdStrike API client ID to use. - See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients) for more information about API clients. - The C(FALCON_CLIENT_ID) environment variable can also be used. type: str member_cid: description: - The CrowdStrike member CID for MSSP authentication. - See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients) for more information about API clients. - The C(FALCON_MEMBER_CID) environment variable can also be used. type: str user_agent: description: - Custom User-Agent string to use for requests to the API. - The user agent string is prepended to the default user agent string (C(crowdstrike-ansible/<version>)). - See L(RFC 7231,https://tools.ietf.org/html/rfc7231#section-5.5.3) for more information. - The C(FALCON_USER_AGENT) environment variable can also be used. type: str ext_headers: description: - Extended headers that are prepended to the default headers dictionary. type: dict client_secret: aliases: - falcon_client_secret description: - The CrowdStrike API secret that corresponds to the client ID. - See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients) for more information about API clients. - The C(FALCON_CLIENT_SECRET) environment variable can also be used. type: str
failed_hosts: contains: code: description: - The error code returned by the API. returned: when a host agent ID fails type: int id: description: - The host agent ID that failed to be hidden or unhidden. returned: when a host agent ID fails type: str message: description: - The error message returned by the API. returned: when a host agent ID fails type: str description: - A list of dictionaries containing host IDs that failed to be hidden or unhidden. elements: dict returned: always type: list hosts: description: - A list of host agent IDs (AIDs) that were successfully hidden or unhidden. elements: str returned: always type: list