XLAB Steampunk logo Try Spotter
 / home / crowdstrike / crowdstrike.falcon / 4.3.2 / module / host_hide

crowdstrike.falcon.host_hide (4.3.2) — module

Hide/Unhide hosts from the Falcon console

| "added in version" 4.0.0 of crowdstrike.falcon"

Authors: Carlos Matos (@carlosmmatos)

Install collection | Add to requirements.yml | Description | Requirements | Usage examples | Inputs | Outputs

Install collection

Install with ansible-galaxy collection install crowdstrike.falcon:==4.3.2


Add to requirements.yml

  collections:
    - name: crowdstrike.falcon
      version: 4.3.2

Description

Manages the visibility of hosts in the Falcon console.

To prevent unnecessary detections from an inactive or a duplicate host, you can opt to hide the host from the console. This action does not uninstall or deactivate the sensor. Detection reporting resumes after a host is unhidden.

The module will return a list of successfull and failed hosts agent IDs (AIDs) for the action performed.


Requirements

Usage examples

Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Hide a host from the Falcon console
  crowdstrike.falcon.host_hide:
    hosts: "12345678901234567890"
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Unhide hosts from the Falcon console
  crowdstrike.falcon.host_hide:
    hosts:
      - "12345678901234567890"
      - "09876543210987654321"
    hidden: false
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Individually hide hosts with a list from the Falcon console
  crowdstrike.falcon.host_hide:
    auth: "{{ falcon.auth }}"  # Use auth saved from crowdstrike.falcon.auth module
    hosts: "{{ item }}"
  loop: "{{ host_ids }}"
  register: hide_result
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Fail if any hosts could not be hidden
  fail:
    msg: "Hosts could not be hidden: {{ hide_result.failed_hosts }}"
  when: hide_result.failed_hosts | length > 0

Inputs

    
auth:
    description:
    - The registered result of the M(crowdstrike.falcon.auth) module, or a dictionary
      containing the I(access_token) and I(cloud) keys.
    - If provided, the I(client_id), I(client_secret), I(member_cid), and I(cloud) options
      are ignored.
    - Useful when needing to make multiple API calls to avoid rate limiting issues.
    suboptions:
      access_token:
        description:
        - The OAuth2 access token to use for authentication.
        type: str
      cloud:
        description:
        - The CrowdStrike cloud region to use.
        - This can differ from the module's I(cloud) argument due to autodiscovery.
        type: str
    type: dict

cloud:
    choices:
    - us-1
    - us-2
    - us-gov-1
    - eu-1
    default: us-1
    description:
    - The CrowdStrike cloud region to use.
    - All clouds are automatically discovered if not specified, except for the C(us-gov-1)
      cloud.
    - The C(FALCON_CLOUD) environment variable can also be used.
    type: str

hosts:
    description:
    - A list of host agent IDs (AIDs) to perform the action on.
    elements: str
    required: true
    type: list

hidden:
    default: true
    description:
    - Whether to hide or unhide the hosts.
    type: bool

client_id:
    aliases:
    - falcon_client_id
    description:
    - The CrowdStrike API client ID to use.
    - See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
      for more information about API clients.
    - The C(FALCON_CLIENT_ID) environment variable can also be used.
    type: str

member_cid:
    description:
    - The CrowdStrike member CID for MSSP authentication.
    - See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
      for more information about API clients.
    - The C(FALCON_MEMBER_CID) environment variable can also be used.
    type: str

user_agent:
    description:
    - Custom User-Agent string to use for requests to the API.
    - The user agent string is prepended to the default user agent string (C(crowdstrike-ansible/<version>)).
    - See L(RFC 7231,https://tools.ietf.org/html/rfc7231#section-5.5.3) for more information.
    - The C(FALCON_USER_AGENT) environment variable can also be used.
    type: str

ext_headers:
    description:
    - Extended headers that are prepended to the default headers dictionary.
    type: dict

client_secret:
    aliases:
    - falcon_client_secret
    description:
    - The CrowdStrike API secret that corresponds to the client ID.
    - See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
      for more information about API clients.
    - The C(FALCON_CLIENT_SECRET) environment variable can also be used.
    type: str

Outputs

failed_hosts:
  contains:
    code:
      description:
      - The error code returned by the API.
      returned: when a host agent ID fails
      type: int
    id:
      description:
      - The host agent ID that failed to be hidden or unhidden.
      returned: when a host agent ID fails
      type: str
    message:
      description:
      - The error message returned by the API.
      returned: when a host agent ID fails
      type: str
  description:
  - A list of dictionaries containing host IDs that failed to be hidden or unhidden.
  elements: dict
  returned: always
  type: list
hosts:
  description:
  - A list of host agent IDs (AIDs) that were successfully hidden or unhidden.
  elements: str
  returned: always
  type: list
Got feedback? steampunk@xlab.si | © 2024. All rights reserved.
Cookie policy-Privacy policy-Terms of use-Security policy