crowdstrike.falcon.host_group_info module – Get information about Falcon host groups
Note
This module is part of the crowdstrike.falcon collection (version 4.9.1).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install crowdstrike.falcon.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: crowdstrike.falcon.host_group_info.
New in crowdstrike.falcon 4.10.0
Synopsis
Returns detailed information for one or more host groups.
Some of the details returned include group name, description, group type, assignment rules, creation and modification timestamps, and member counts.
Can retrieve specific host groups by ID or search for groups using FQL filters.
Optionally includes detailed member information for each group.
Requirements
The below requirements are needed on the host that executes this module.
Host Groups [READ] API scope
crowdstrike-falconpy >= 1.3.0
python >= 3.6
Parameters
Parameter |
Comments |
|---|---|
The registered result of the crowdstrike.falcon.auth module, or a dictionary containing the access_token and cloud keys. If provided, the client_id, client_secret, member_cid, and cloud options are ignored. Useful when needing to make multiple API calls to avoid rate limiting issues. |
|
The OAuth2 access token to use for authentication. |
|
The CrowdStrike cloud region to use. This can differ from the module’s cloud argument due to autodiscovery. |
|
The CrowdStrike API client ID to use. See the Falcon documentation for more information about API clients. The |
|
The CrowdStrike API secret that corresponds to the client ID. See the Falcon documentation for more information about API clients. The |
|
The CrowdStrike cloud region to use. All clouds are automatically discovered if not specified, except for the The Choices:
|
|
Extended headers that are prepended to the default headers dictionary. |
|
FQL (Falcon Query Language) filter expression to limit results. Examples: Cannot be used together with host_groups. |
|
A list of host group IDs to get information about. If not provided, all accessible host groups will be returned (subject to filter and pagination). |
|
Whether to include detailed member information for each host group. When enabled, adds a This may significantly increase response time and size for groups with many members. Choices:
|
|
Maximum number of host groups to return. Must be between 1 and 5000. Default: |
|
The CrowdStrike member CID for MSSP authentication. See the Falcon documentation for more information about API clients. The |
|
Starting index for pagination. Use with limit to paginate through large result sets. Default: |
|
Property to sort results by. Prefix with Examples: |
|
Custom User-Agent string to use for requests to the API. The user agent string is prepended to the default user agent string ( See RFC 7231 for more information. The |
Examples
- name: Get information about all host groups
crowdstrike.falcon.host_group_info:
- name: Get information about specific host groups
crowdstrike.falcon.host_group_info:
host_groups:
- "12345678901234567890abcdef123456"
- "abcdef123456789012345678901234"
- name: Search for host groups by name pattern
crowdstrike.falcon.host_group_info:
filter: "name:'Production*'"
limit: 50
- name: Get dynamic host groups created in the last 7 days
crowdstrike.falcon.host_group_info:
filter: "group_type:'dynamic'+created_timestamp:>'{{ (ansible_date_time.epoch | int - 604800) }}'"
sort: "-created_timestamp"
- name: Get host group information including member details
crowdstrike.falcon.host_group_info:
host_groups: ["12345678901234567890abcdef123456"]
include_members: true
- name: Paginate through all host groups
crowdstrike.falcon.host_group_info:
limit: 100
offset: "{{ page * 100 }}"
loop: "{{ range(0, total_groups // 100 + 1) | list }}"
loop_control:
loop_var: page
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
A list of host groups that match the search criteria. Returned: success |
|
The assignment rule for dynamic groups (FQL filter). Returned: success Sample: |
|
The user who created the host group. Returned: success Sample: |
|
The timestamp when the host group was created. Returned: success Sample: |
|
The description of the host group. Returned: success Sample: |
|
A hash representing the current state of the group. Returned: success Sample: |
|
The type of host group (static, dynamic, or staticByID). Returned: success Sample: |
|
The unique identifier of the host group. Returned: success Sample: |
|
List of host group members (only when include_members=true). Returned: when include_members=true |
|
The host ID (AID) of the member. Returned: success Sample: |
|
The hostname of the member host. Returned: success Sample: |
|
When the member host was last seen. Returned: success Sample: |
|
The platform of the member host. Returned: success Sample: |
|
The user who last modified the host group. Returned: success Sample: |
|
The timestamp when the host group was last modified. Returned: success Sample: |
|
The name of the host group. Returned: success Sample: |
|
Metadata about the query results. Returned: success |
|
Pagination information. Returned: success |
|
The limit used for this query. Returned: success Sample: |
|
The starting index used for this query. Returned: success Sample: |
|
Total number of host groups matching the query. Returned: success Sample: |
|
Time taken to execute the query in seconds. Returned: success Sample: |