crowdstrike.falcon.sensor_update_policy_info module – Get information about Falcon Update Sensor Policies

Note

This module is part of the crowdstrike.falcon collection (version 4.7.2).

To install it, use: ansible-galaxy collection install crowdstrike.falcon. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: crowdstrike.falcon.sensor_update_policy_info.

New in crowdstrike.falcon 4.0.0

Synopsis

  • Returns a set of Sensor Update Policies which match the filter criteria.

  • See the FalconPy documentation for more information about the available filters and sort options.

Requirements

The below requirements are needed on the host that executes this module.

  • Sensor update policies [READ] API scope

  • crowdstrike-falconpy >= 1.3.0

  • python >= 3.6

Parameters

Parameter

Comments

auth

dictionary

The registered result of the crowdstrike.falcon.auth module, or a dictionary containing the access_token and cloud keys.

If provided, the client_id, client_secret, member_cid, and cloud options are ignored.

Useful when needing to make multiple API calls to avoid rate limiting issues.

access_token

string

The OAuth2 access token to use for authentication.

cloud

string

The CrowdStrike cloud region to use.

This can differ from the module’s cloud argument due to autodiscovery.

client_id

aliases: falcon_client_id

string

The CrowdStrike API client ID to use.

See the Falcon documentation for more information about API clients.

The FALCON_CLIENT_ID environment variable can also be used.

client_secret

aliases: falcon_client_secret

string

The CrowdStrike API secret that corresponds to the client ID.

See the Falcon documentation for more information about API clients.

The FALCON_CLIENT_SECRET environment variable can also be used.

cloud

string

The CrowdStrike cloud region to use.

All clouds are automatically discovered if not specified, except for the us-gov-1 cloud.

The FALCON_CLOUD environment variable can also be used.

Choices:

  • "us-1" ← (default)

  • "us-2"

  • "us-gov-1"

  • "eu-1"

ext_headers

dictionary

Extended headers that are prepended to the default headers dictionary.

filter

string

The filter expression that should be used to limit the results using FQL (Falcon Query Language) syntax.

See the FalconPy documentation for more information about the available filters.

member_cid

string

The CrowdStrike member CID for MSSP authentication.

See the Falcon documentation for more information about API clients.

The FALCON_MEMBER_CID environment variable can also be used.

sort

string

The property to sort by in FQL (Falcon Query Language) syntax.

See the FalconPy documentation for more information about sorting with FQL.

user_agent

string

Custom User-Agent string to use for requests to the API.

The user agent string is prepended to the default user agent string (crowdstrike-ansible/<version>).

See RFC 7231 for more information.

The FALCON_USER_AGENT environment variable can also be used.

Examples

- name: Get all Sensor Policies
  crowdstrike.falcon.sensor_update_policy_info:

- name: Get enabled windows Sensor Policies
  crowdstike.falcon.sensor_update_policy_info:
    filter: "platform_name:'Windows'+enabled:'true'"

- name: Get Sensor Policies and sort ascending by platform_name
  crowdstike.falcon.sensor_update_policy_info:
    sort: "platform_name.asc"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

policies

list / elements=dictionary

Array of Sensor Update Policies matching the filter criteria.

Returned: success

cid

string

The unique identifier of the customer.

Returned: success

Sample: "d78cd791785442a98ec75249d8c385dd"

created_by

string

The user who created the policy.

Returned: success

Sample: "user@example.com"

created_timestamp

string

The timestamp when the policy was created.

Returned: success

Sample: "2021-03-01T00:00:00Z"

description

string

The description of the policy.

Returned: success

Sample: "Windows 10 Sensor Policy"

enabled

boolean

Whether the policy is enabled.

Returned: success

Sample: true

groups

list / elements=dictionary

The groups associated with the policy.

Returned: success

Sample: []

assignment_rule

string

The assignment rule of the group.

Returned: success

Sample: "hostname:['demo-win10-1']"

created_by

string

The user who created the group.

Returned: success

Sample: "user@example.com"

created_timestamp

string

The timestamp when the group was created.

Returned: success

Sample: "2021-03-01T00:00:00Z"

description

string

The description of the group.

Returned: success

Sample: "Windows 10 Sensor Policy"

group_type

string

The type of the group.

Returned: success

Sample: "static"

id

string

The unique identifier of the group.

Returned: success

Sample: "d78cd791785442a98ec75249d8c385dd"

modified_by

string

The user who last modified the group.

Returned: success

Sample: "user@example.com"

modified_timestamp

string

The timestamp when the group was last modified.

Returned: success

Sample: "2021-03-01T00:00:00Z"

name

string

The name of the group.

Returned: success

Sample: "Windows 10 Sensor Policy"

id

string

The unique identifier of the policy.

Returned: success

Sample: "d78cd791785442a98ec75249d8c385dd"

modified_by

string

The user who last modified the policy.

Returned: success

Sample: "user"

modified_timestamp

string

The timestamp when the policy was last modified.

Returned: success

Sample: "2021-03-01T00:00:00Z"

name

string

The name of the policy.

Returned: success

Sample: "Windows 10 Sensor Policy"

platform_name

string

The name of the platform.

Returned: success

Sample: "Windows"

settings

dictionary

The settings of the policy.

Returned: success

Sample: {"build": "n-1|tagged"}

Authors

  • Frank Falor (@ffalor)

  • Carlos Matos (@carlosmmatos)