This collection is focused on installing, configuring, and removing CrowdStrike's Falcon sensor on macOS, Linux, and Windows.
This collection is supported and tested against the following Ansible versions: >=2.11.
Please read each role's README to familiarize yourself with the role variables and other requirements.
Role Name | Documentation | Build Status Linux | Build Status Windows |
---|---|---|---|
crowdstrike.falcon.falcon_install | README | ||
crowdstrike.falcon.falcon_configure | README | ||
crowdstrike.falcon.falcon_uninstall | README |
Name | Description |
---|---|
crowdstrike.falcon.falconctl | Configure CrowdStrike Falcon Sensor |
crowdstrike.falcon.falconctl_info | Get values associated with Falcon sensor. |
Before using the collection, you need to install the collection with the ansible-galaxy
CLI:
ansible-galaxy collection install crowdstrike.falcon
You can also include it in a requirements.yml
file and install it via ansible-galaxy collection install -r requirements.yml
using the format:
collections:
- crowdstrike.falcon
Note that if you install the collection from Ansible Galaxy, it will not be upgraded automatically when you upgrade the ansible
package. To upgrade the collection to the latest available version, run the following command:
ansible-galaxy collection install crowdstrike.falcon --upgrade
You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax to install version 0.1.0
:
ansible-galaxy collection install crowdstrike.falcon:==0.1.0
Install and configure the CrowdStrike Falcon Sensor at version N-2:
- hosts: all
vars:
falcon_client_id: <Falcon_UI_OAUTH_client_id>
falcon_client_secret: <Falcon_UI_OAUTH_client_secret>
roles:
- role: crowdstrike.falcon.falcon_install
vars:
falcon_sensor_version_decrement: 2
- role: crowdstrike.falcon.falcon_configure
vars:
# falcon_cid is autodetected using falcon_client_id|secret vars
falcon_tags: 'falcon,example,tags'
Apple platforms require Mobile Device Management (MDM) software to install kernel extensions without user prompting. Ansible is only able to run on macOS in an interactive session, which means end-users will receive prompts to accept the CrowdStrike kernel modules.
If you want to develop new content or improve on this collection, please open an issue or create a pull request. All contributions are welcome!
As of release > 3.2.18, we will now be following Ansible's development patterns for implementing Ansible's changelog fragments. This will require a changelog fragment to any PR that is not documentation or trivial. Most changelog entries will
likely be bugfixes
or minor_changes
. Please refer to the documentation for Ansible's changelog fragments to learn more.
See the license for more information.