crowdstrike.falcon.host_ids lookup – fetch host IDs (AIDs)
Note
This lookup plugin is part of the crowdstrike.falcon collection (version 4.7.2).
To install it, use: ansible-galaxy collection install crowdstrike.falcon.
You need further requirements to be able to use this lookup plugin,
see Requirements for details.
To use it in a playbook, specify: crowdstrike.falcon.host_ids.
New in crowdstrike.falcon 4.4.0
Synopsis
This lookup returns a list of host IDs (AIDs) which match the search criteria.
You can use optional FQL filters in your requests to find host IDs based on specific attributes, such as platform, hostname, or IP.
Can be used for other modules that require a list of host IDs as input.
Requirements
The below requirements are needed on the local controller node that executes this lookup.
Hosts [READ] API scope
crowdstrike-falconpy >= 1.3.0
python >= 3.6
Terms
Parameter |
Comments |
|---|---|
The filter expression that should be used to limit the results using FQL (Falcon Query Language) syntax. See the Falcon documentation for more information about the available filters. |
Keyword parameters
This describes keyword parameters of the lookup. These are the values key1=value1, key2=value2 and so on in the following
examples: lookup('crowdstrike.falcon.host_ids', key1=value1, key2=value2, ...) and query('crowdstrike.falcon.host_ids', key1=value1, key2=value2, ...)
Parameter |
Comments |
|---|---|
The CrowdStrike API client ID to use. See the Falcon documentation for more information about API clients. The |
|
The CrowdStrike API secret that corresponds to the client ID. See the Falcon documentation for more information about API clients. The |
|
The CrowdStrike cloud region to use. All clouds are automatically discovered if not specified, except for the The Choices:
|
|
Extended headers that are prepended to the default headers dictionary. |
|
The CrowdStrike member CID for MSSP authentication. See the Falcon documentation for more information about API clients. The |
|
Custom User-Agent string to use for requests to the API. The user agent string is prepended to the default user agent string ( See RFC 7231 for more information. The |
Notes
Note
When keyword and positional parameters are used together, positional parameters must be listed before keyword parameters:
lookup('crowdstrike.falcon.host_ids', term1, term2, key1=value1, key2=value2)andquery('crowdstrike.falcon.host_ids', term1, term2, key1=value1, key2=value2)This plugin will automatically handle pagination for you, so you do not need to worry about it.
You can avoid escaping double quotes by using a multiline string or setting a variable. See examples.
Examples
- name: Print all hosts IDs
ansible.builtin.debug:
msg: "{{ lookup('crowdstrike.falcon.host_ids', '') }}"
- name: Print all Windows hosts IDs (escaped double quotes)
ansible.builtin.debug:
msg: "{{ lookup('crowdstrike.falcon.host_ids', 'platform_name:\"Windows\"') }}"
- name: Print all Linux hosts IDs in reduced functionality mode (multiline string)
ansible.builtin.debug:
msg: >
{{
lookup('crowdstrike.falcon.host_ids',
'platform_name:"Linux"
+ reduced_functionality_mode:"yes"')
}}
Return Value
Key |
Description |
|---|---|
A list of host IDs (AIDs) that match the search criteria. Returned: success |