crowdstrike.falcon.host_info module – Get information about Falcon hosts
Note
This module is part of the crowdstrike.falcon collection (version 4.7.0).
To install it, use: ansible-galaxy collection install crowdstrike.falcon
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: crowdstrike.falcon.host_info
.
New in crowdstrike.falcon 4.4.0
Synopsis
Returns detailed information for one or more hosts.
Some of the details returned include software information, such as platform, OS version, kernel version, and OS build ID (OS build ID available for Windows and macOS only); network information, such as IP addresses and MAC addresses; sensor information, such as its version; status information, such as last seen time and network containment status; and more.
Requirements
The below requirements are needed on the host that executes this module.
Hosts [READ] API scope
crowdstrike-falconpy >= 1.3.0
python >= 3.6
Parameters
Parameter |
Comments |
---|---|
The registered result of the crowdstrike.falcon.auth module, or a dictionary containing the access_token and cloud keys. If provided, the client_id, client_secret, member_cid, and cloud options are ignored. Useful when needing to make multiple API calls to avoid rate limiting issues. |
|
The OAuth2 access token to use for authentication. |
|
The CrowdStrike cloud region to use. This can differ from the module’s cloud argument due to autodiscovery. |
|
The CrowdStrike API client ID to use. See the Falcon documentation for more information about API clients. The |
|
The CrowdStrike API secret that corresponds to the client ID. See the Falcon documentation for more information about API clients. The |
|
The CrowdStrike cloud region to use. All clouds are automatically discovered if not specified, except for the The Choices:
|
|
Extended headers that are prepended to the default headers dictionary. |
|
A list of host agent IDs (AIDs) to get information about. Use the crowdstrike.falcon.host_ids lookup plugin to get a list of host IDs matching specific criteria. |
|
The CrowdStrike member CID for MSSP authentication. See the Falcon documentation for more information about API clients. The |
|
Custom User-Agent string to use for requests to the API. The user agent string is prepended to the default user agent string ( See RFC 7231 for more information. The |
Examples
- name: Get information about a single host
crowdstrike.falcon.host_info:
hosts: "12345678901234567890"
- name: Get information about more than one host
crowdstrike.falcon.host_info:
hosts:
- "12345678901234567890"
- "09876543210987654321"
- name: Get information about all Windows hosts (using host_ids lookup)
crowdstrike.falcon.host_info:
hosts: "{{ lookup('crowdstrike.falcon.host_ids', windows_host_filter) }}"
vars:
windows_host_filter: 'platform_name:"Windows"'
- name: Get information about all Linux hosts in reduced functionality mode (using host_ids lookup)
crowdstrike.falcon.host_info:
hosts: >
{{
lookup('crowdstrike.falcon.host_ids',
'platform_name:"Linux"
+ reduced_functionality_mode:"yes"')
}}
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
A list of host IDs (AIDs) that match the search criteria. Returned: success |
|
Flags indicating the load state of the agent. Returned: success Sample: |
|
The local time of the agent. Returned: success Sample: |
|
The version of the agent. Returned: success Sample: |
|
The manufacturer of the BIOS. Returned: success Sample: |
|
The version of the BIOS. Returned: success Sample: |
|
The type of chassis. Returned: success Sample: |
|
The description of the chassis type. Returned: success Sample: |
|
The unique identifier of the customer. Returned: success Sample: |
|
The base configuration ID. Returned: success Sample: |
|
The build configuration ID. Returned: success Sample: |
|
The platform configuration ID. Returned: success Sample: |
|
The IP address used for connection. Returned: success Sample: |
|
The MAC address used for connection. Returned: success Sample: |
|
The signature of the CPU. Returned: success Sample: |
|
The vendor of the CPU. Returned: success Sample: |
|
The IP address of the default gateway. Returned: success Sample: |
|
The type of Linux deployment. Returned: success Sample: |
|
The host ID (AID). Returned: success Sample: |
|
The policies applied to the device. Returned: success Sample: |
|
The external IP address of the host. Returned: success Sample: |
|
The timestamp of when the host was first seen. Returned: success Sample: |
|
The hash of the groups the host belongs to. Returned: success Sample: |
|
The list of groups the host belongs to. Returned: success Sample: |
|
The hostname of the host. Returned: success Sample: |
|
The cloud ID of the instance. This field is only available for cloud-based hosts. Returned: success Sample: |
|
The version of the kernel. Returned: success Sample: |
|
The timestamp of when the host was last seen. Returned: success Sample: |
|
The mode of the Linux sensor. Returned: success Sample: |
|
The local IP address of the host. Returned: success Sample: |
|
The MAC address of the host. Returned: success Sample: |
|
The major version of the host. Returned: success Sample: |
|
Additional metadata about the host. Returned: success |
|
Version metadata. Returned: success Sample: |
|
Version string metadata. Returned: success Sample: |
|
The minor version of the host. Returned: success Sample: |
|
The timestamp of when the host was last modified. Returned: success Sample: |
|
The version of the operating system. Returned: success Sample: |
|
The platform ID of the host. Returned: success Sample: |
|
The platform name of the host. Returned: success Sample: |
|
The list of policies applied to the host. Returned: success |
|
Indicates if the policy is applied. Returned: success Sample: |
|
The timestamp of when the policy was applied. Returned: success |
|
The timestamp of when the policy was assigned. Returned: success Sample: |
|
The ID of the policy. Returned: success Sample: |
|
The type of policy. Returned: success Sample: |
|
The list of rule groups within the policy. Returned: success Sample: |
|
The hash of the policy settings. Returned: success Sample: |
|
The description of the product type. Returned: success Sample: |
|
Indicates if the host is in reduced functionality mode. Returned: success Sample: |
|
The serial number of the host. Returned: success Sample: |
|
The cloud service provider of the host. Returned: success Sample: |
|
The account ID of the cloud service provider. Returned: success Sample: |
|
The containment status of the host. Returned: success Sample: |
|
The manufacturer of the system. Returned: success Sample: |
|
The product name of the system. Returned: success Sample: |
|
The list of tags associated with the host. Returned: success Sample: |
|
The cloud zone the host belongs to. This field is only available for cloud-based hosts. Returned: success Sample: |