Try SpotterGet information about Falcon Update Sensor Policies
| "added in version" 4.0.0 of crowdstrike.falcon"
Authors: Frank Falor (@ffalor), Carlos Matos (@carlosmmatos)
Install with ansible-galaxy collection install crowdstrike.falcon:==4.3.2
collections:
- name: crowdstrike.falcon
version: 4.3.2Returns a set of Sensor Update Policies which match the filter criteria.
See the L(FalconPy documentation,https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#queryCombinedSensorUpdatePoliciesV2) for more information about the available filters and sort options.
- name: Get all Sensor Policies crowdstrike.falcon.sensor_update_policy_info:
- name: Get enabled windows Sensor Policies
crowdstike.falcon.sensor_update_policy_info:
filter: "platform_name:'Windows'+enabled:'true'"
- name: Get Sensor Policies with a limit of 10
crowdstike.falcon.sensor_update_policy_info:
limit: 10
- name: Get Sensor Policies and sort assending by platform_name
crowdstike.falcon.sensor_update_policy_info:
sort: "platform_name.asc"
auth:
description:
- The registered result of the M(crowdstrike.falcon.auth) module, or a dictionary
containing the I(access_token) and I(cloud) keys.
- If provided, the I(client_id), I(client_secret), I(member_cid), and I(cloud) options
are ignored.
- Useful when needing to make multiple API calls to avoid rate limiting issues.
suboptions:
access_token:
description:
- The OAuth2 access token to use for authentication.
type: str
cloud:
description:
- The CrowdStrike cloud region to use.
- This can differ from the module's I(cloud) argument due to autodiscovery.
type: str
type: dict
sort:
description:
- The property to sort by in FQL (Falcon Query Language) syntax.
- See the L(FalconPy documentation,https://www.falconpy.io/Usage/Falcon-Query-Language.html#using-fql-in-a-sort)
for more information about sorting with FQL.
type: str
cloud:
choices:
- us-1
- us-2
- us-gov-1
- eu-1
default: us-1
description:
- The CrowdStrike cloud region to use.
- All clouds are automatically discovered if not specified, except for the C(us-gov-1)
cloud.
- The C(FALCON_CLOUD) environment variable can also be used.
type: str
limit:
description:
- The maximum number of records to return. [1-5000]
- Use with the offset parameter to manage pagination of results.
type: int
filter:
description:
- The filter expression that should be used to limit the results using FQL (Falcon
Query Language) syntax.
- See the L(FalconPy documentation,https://www.falconpy.io/Service-Collections/Sensor-Update-Policy.html#available-filters-2)
for more information about the available filters.
type: str
offset:
description:
- The offset to start retrieving records from.
type: int
client_id:
aliases:
- falcon_client_id
description:
- The CrowdStrike API client ID to use.
- See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
for more information about API clients.
- The C(FALCON_CLIENT_ID) environment variable can also be used.
type: str
member_cid:
description:
- The CrowdStrike member CID for MSSP authentication.
- See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
for more information about API clients.
- The C(FALCON_MEMBER_CID) environment variable can also be used.
type: str
user_agent:
description:
- Custom User-Agent string to use for requests to the API.
- The user agent string is prepended to the default user agent string (C(crowdstrike-ansible/<version>)).
- See L(RFC 7231,https://tools.ietf.org/html/rfc7231#section-5.5.3) for more information.
- The C(FALCON_USER_AGENT) environment variable can also be used.
type: str
ext_headers:
description:
- Extended headers that are prepended to the default headers dictionary.
type: dict
client_secret:
aliases:
- falcon_client_secret
description:
- The CrowdStrike API secret that corresponds to the client ID.
- See the L(Falcon documentation,https://falcon.crowdstrike.com/documentation/46/crowdstrike-oauth2-based-apis#understanding-api-clients)
for more information about API clients.
- The C(FALCON_CLIENT_SECRET) environment variable can also be used.
type: str
pagination:
description: Pagination details for the query.
returned: success
sample:
limit: 5000
offset: 0
total: 1
type: dict
policies:
contains:
cid:
description: The unique identifier of the customer.
returned: success
sample: d78cd791785442a98ec75249d8c385dd
type: str
created_by:
description: The user who created the policy.
returned: success
sample: user@example.com
type: str
created_timestamp:
description: The timestamp when the policy was created.
returned: success
sample: '2021-03-01T00:00:00Z'
type: str
description:
description: The description of the policy.
returned: success
sample: Windows 10 Sensor Policy
type: str
enabled:
description: Whether the policy is enabled.
returned: success
sample: true
type: bool
groups:
contains:
assignment_rule:
description: The assignment rule of the group.
returned: success
sample: hostname:['demo-win10-1']
type: str
created_by:
description: The user who created the group.
returned: success
sample: user@example.com
type: str
created_timestamp:
description: The timestamp when the group was created.
returned: success
sample: '2021-03-01T00:00:00Z'
type: str
description:
description: The description of the group.
returned: success
sample: Windows 10 Sensor Policy
type: str
group_type:
description: The type of the group.
returned: success
sample: static
type: str
id:
description: The unique identifier of the group.
returned: success
sample: d78cd791785442a98ec75249d8c385dd
type: str
modified_by:
description: The user who last modified the group.
returned: success
sample: user@example.com
type: str
modified_timestamp:
description: The timestamp when the group was last modified.
returned: success
sample: '2021-03-01T00:00:00Z'
type: str
name:
description: The name of the group.
returned: success
sample: Windows 10 Sensor Policy
type: str
description: The groups associated with the policy.
elements: dict
returned: success
sample: []
type: list
id:
description: The unique identifier of the policy.
returned: success
sample: d78cd791785442a98ec75249d8c385dd
type: str
modified_by:
description: The user who last modified the policy.
returned: success
sample: user
type: str
modified_timestamp:
description: The timestamp when the policy was last modified.
returned: success
sample: '2021-03-01T00:00:00Z'
type: str
name:
description: The name of the policy.
returned: success
sample: Windows 10 Sensor Policy
type: str
platform_name:
description: The name of the platform.
returned: success
sample: Windows
type: str
settings:
description: The settings of the policy.
returned: success
sample:
build: n-1|tagged
type: dict
description:
- Array of Sensor Update Policies matching the filter criteria.
elements: dict
returned: success
type: list