Skip to content

mfann-or/ansible_collection_falcon

 
 

Repository files navigation

Galaxy version Ansible Lint Ansible Test YAML Lint Python Lint

Ansible Collection - crowdstrike.falcon

This collection is focused on installing, configuring, and removing CrowdStrike's Falcon sensor on macOS, Linux, and Windows.

Ansible version compatibility

This collection is supported and tested against the following Ansible versions: >=2.11.

Included content

Roles

Please read each role's README to familiarize yourself with the role variables and other requirements.

Role Name Documentation Build Status Linux Build Status Windows
crowdstrike.falcon.falcon_install README falcon_install falcon_install
crowdstrike.falcon.falcon_configure README falcon_configure falcon_configure
crowdstrike.falcon.falcon_uninstall README falcon_uninstall falcon_uninstall

Modules

Name Description
crowdstrike.falcon.falconctl Configure CrowdStrike Falcon Sensor
crowdstrike.falcon.falconctl_info Get values associated with Falcon sensor.

Using this collection

Before using the collection, you need to install the collection with the ansible-galaxy CLI:

ansible-galaxy collection install crowdstrike.falcon

You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml using the format:

collections:
  - crowdstrike.falcon

Note that if you install the collection from Ansible Galaxy, it will not be upgraded automatically when you upgrade the ansible package. To upgrade the collection to the latest available version, run the following command:

ansible-galaxy collection install crowdstrike.falcon --upgrade

You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax to install version 0.1.0:

ansible-galaxy collection install crowdstrike.falcon:==0.1.0

Example Playbook

Install and configure the CrowdStrike Falcon Sensor at version N-2:

- hosts: all
  vars:
    falcon_client_id: <Falcon_UI_OAUTH_client_id>
    falcon_client_secret: <Falcon_UI_OAUTH_client_secret>
  roles:
  - role: crowdstrike.falcon.falcon_install
    vars:
      falcon_sensor_version_decrement: 2
  - role: crowdstrike.falcon.falcon_configure
    vars:
      # falcon_cid is autodetected using falcon_client_id|secret vars
      falcon_tags: 'falcon,example,tags'

Installing on MacOS

Apple platforms require Mobile Device Management (MDM) software to install kernel extensions without user prompting. Ansible is only able to run on macOS in an interactive session, which means end-users will receive prompts to accept the CrowdStrike kernel modules.

More information on Ansible and Ansible Collections

Contributing

If you want to develop new content or improve on this collection, please open an issue or create a pull request. All contributions are welcome!

As of release > 3.2.18, we will now be following Ansible's development patterns for implementing Ansible's changelog fragments. This will require a changelog fragment to any PR that is not documentation or trivial. Most changelog entries will likely be bugfixes or minor_changes. Please refer to the documentation for Ansible's changelog fragments to learn more.

License

See the license for more information.

About

Install and configure CrowdStrike's Falcon sensor via Ansible.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 60.7%
  • Python 35.4%
  • Dockerfile 3.9%