crowdstrike.falcon.kernel_support_info module – Get information about kernels supported by the Falcon Sensor for Linux
Note
This module is part of the crowdstrike.falcon collection (version 4.7.2).
To install it, use: ansible-galaxy collection install crowdstrike.falcon.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: crowdstrike.falcon.kernel_support_info.
New in crowdstrike.falcon 4.1.0
Synopsis
Retrieve details about the kernels supported by the Falcon sensor for Linux (kernel mode), matching the specified filter criteria.
See the CrowdStrike documentation for more information about available filters.
Requirements
The below requirements are needed on the host that executes this module.
Sensor update policies [READ] API scope
crowdstrike-falconpy >= 1.3.0
python >= 3.6
Parameters
Parameter |
Comments |
|---|---|
The registered result of the crowdstrike.falcon.auth module, or a dictionary containing the access_token and cloud keys. If provided, the client_id, client_secret, member_cid, and cloud options are ignored. Useful when needing to make multiple API calls to avoid rate limiting issues. |
|
The OAuth2 access token to use for authentication. |
|
The CrowdStrike cloud region to use. This can differ from the module’s cloud argument due to autodiscovery. |
|
The CrowdStrike API client ID to use. See the Falcon documentation for more information about API clients. The |
|
The CrowdStrike API secret that corresponds to the client ID. See the Falcon documentation for more information about API clients. The |
|
The CrowdStrike cloud region to use. All clouds are automatically discovered if not specified, except for the The Choices:
|
|
Extended headers that are prepended to the default headers dictionary. |
|
The filter expression that should be used to limit the results using FQL (Falcon Query Language) syntax. See the return values or CrowdStrike docs for more information about the available filters that can be used. |
|
The CrowdStrike member CID for MSSP authentication. See the Falcon documentation for more information about API clients. The |
|
Custom User-Agent string to use for requests to the API. The user agent string is prepended to the default user agent string ( See RFC 7231 for more information. The |
Notes
Note
This module will return a list of supported kernel information for kernel mode only of the Falcon sensor for Linux. This is not for user mode.
To help with your filters, you can use the kernel and sensor support distinct values API to retrieve a list of distinct values, with proper syntax, for any field. For more info, see Retrieving field values for kernel support filters.
Examples
- name: Show support info for all Ubuntu 20 kernels that have a release starting with 5.8
crowdstrike.falcon.kernel_support_info:
filter: "vendor:'ubuntu'+distro:'ubuntu20'+release:*'5.8.*'"
- name: Show support info for kernels with a release of 5.4.0-1040-gcp and an architecture of x86_64
crowdstrike.falcon.kernel_support_info:
filter: "release:'5.4.0-1040-gcp'+architecture:'x86_64'"
- name: Show support info using kernel and architecture from ansible_facts
crowdstrike.falcon.kernel_support_info:
filter: "release:'{{ ansible_facts['kernel'] }}'+architecture:'{{ ansible_facts['architecture'] }}'"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
A list of support information for the kernels that match the filter criteria Returned: success |
|
The Linux kernel architecture. Returned: success Sample: |
|
Sensor versions that support the specified kernel in the base sensor package. These sensor versions support the kernel when they are installed. Returned: success Sample: |
|
The timestamp when the kernel support information was created. Returned: success Sample: |
|
The Linux distribution associated with the kernel. Returned: success Sample: |
|
The Linux distribution version associated with the kernel. Returned: success Sample: |
|
The Linux kernel flavor. Returned: success Sample: |
|
The unique identifier of the kernel support information. Returned: success Sample: |
|
The timestamp when the kernel support information was last modified. Returned: success Sample: |
|
The Linux kernel release version. Returned: success Sample: |
|
The Linux vendor associated with the kernel. Returned: success Sample: |
|
Full Linux OS version identifier. Returned: success Sample: |
|
Sensor versions that added support using the ZTL module support method. These updates are generated without source modifications to the deployed sensor and enable the sensor to support the new kernel via offset mapping without having to upgrade to a newer sensor version. Returned: success Sample: |
|
Sensor versions that added support using the Zero Touch Linux (ZTL) support method. This method adds support for kernels through channel files without requiring a sensor update. Returned: success Sample: |