crowdstrike.falcon.falconctl module – Configure CrowdStrike Falcon Sensor
Note
This module is part of the crowdstrike.falcon collection (version 4.9.1).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install crowdstrike.falcon.
To use it in a playbook, specify: crowdstrike.falcon.falconctl.
New in crowdstrike.falcon 3.2.0
Synopsis
Configures CrowdStrike Falcon Sensor on Linux systems
Parameters
Parameter |
Comments |
|---|---|
Whether or not you would like to delete the associated Agent ID. Useful when preparing a host as a master image for cloning or virtualization. This applies only to Choices:
|
|
Whether to enable or disable the Falcon sensor to use a proxy. To enable the proxy, set to Valid Options are: |
|
Specifies the application proxy host to use for Falcon sensor proxy configuration. |
|
Specifies the application proxy port to use for Falcon sensor proxy configuration. |
|
Configure the backend for the Falcon sensor. This was introduced to support the BPF backend.
Valid Options are: |
|
Specify the (Pay-As-You-Go) billing model for Cloud Workloads. Falcon for Cloud Workloads (Pay-As-You-Go) is a billing model for your hosts that run in Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. For ephemeral workloads in these cloud environments, you pay only for the hours that hosts are active each month Valid Options are: |
|
CrowdStrike Falcon Customer ID (CID). |
|
Specify the cloud region for the Falcon sensor to connect to.
This parameter helps the sensor connect to the correct cloud region and can resolve AID generation timeouts. Valid Options are: Choices:
|
|
Configure the Falcon sensor feature flags. Choices:
|
|
Maintenance token required for sensor operations when uninstall and maintenance protection is enabled. Required for sensor versions 7.20+ when protection is armed. Used to disable protection before uninstall, upgrade, or configuration changes. |
|
Whether or not you would like to log messages to disk. Valid Options are: |
|
Installation tokens prevent unauthorized hosts from being accidentally or maliciously added to your customer ID (CID). Optional security measure for your CID. This parameter requires supplying a |
|
Ensures that requested parameters are removed (absent) or added (present) to the Falcon sensor. Choices:
|
|
Sensor grouping tags are optional, user-defined identifiers you can use to group and filter hosts. To assign multiple tags, separate tags with commas. The combined length of all tags for a host, including comma separators, cannot exceed 256 characters. |
|
Configure the appropriate trace level. Choices:
|
Examples
- name: Set CrowdStrike Falcon CID
crowdstrike.falcon.falconctl:
state: present
cid: 1234567890ABCDEF1234567890ABCDEF-12
- name: Set CrowdStrike Falcon CID with Provisioning Token
crowdstrike.falcon.falconctl:
state: present
cid: 1234567890ABCDEF1234567890ABCDEF-12
provisioning_token: 12345678
- name: Set CrowdStrike Falcon CID with Cloud Region (Sensor v7.28+)
crowdstrike.falcon.falconctl:
state: present
cid: 1234567890ABCDEF1234567890ABCDEF-12
cloud: us-2
- name: Delete CrowdStrike Falcon CID
crowdstrike.falcon.falconctl:
state: absent
cid: ""
- name: Delete Agent ID to Prep Master Image
crowdstrike.falcon.falconctl:
state: absent
aid: true
- name: Configure Falcon Sensor Proxy
crowdstrike.falcon.falconctl:
state: present
apd: false
aph: example.com
app: 8080