Skip to content

chismitnick/ansible_collection_falcon

 
 

Repository files navigation

Galaxy version Ansible Lint Ansible Test YAML Lint Python Lint

Ansible Collection - crowdstrike.falcon

This collection is focused on installing, configuring, and removing CrowdStrike's Falcon sensor on macOS, Linux, and Windows.

Ansible version compatibility

This collection has been tested against and supports the following Ansible versions: >=2.11

Included content

Roles

Role Name Documentation Build Status
crowdstrike.falcon.falcon_install Readme falcon_install
crowdstrike.falcon.falcon_configure Readme falcon_configure
crowdstrike.falcon.falcon_uninstall Readme falcon_uninstall

Using this collection

Before using the collection, you need to install the collection with the ansible-galaxy CLI:

ansible-galaxy collection install crowdstrike.falcon

You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml using the format:

collections:
  - crowdstrike.falcon

Note that if you install the collection from Ansible Galaxy, it will not be upgraded automatically when you upgrade the ansible package. To upgrade the collection to the latest available version, run the following command:

ansible-galaxy collection install crowdstrike.falcon --upgrade

You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax to install version 0.1.0:

ansible-galaxy collection install crowdstrike.falcon:==0.1.0

Example Playbook

Install and configure the CrowdStrike Falcon Sensor at version N-2:

- hosts: all
  vars:
    falcon_client_id: <Falcon_UI_OAUTH_client_id>
    falcon_client_secret: <Falcon_UI_OAUTH_client_secret>
  roles:
  - role: crowdstrike.falcon.falcon_install
    vars:
      falcon_sensor_version_decrement: 2
  - role: crowdstrike.falcon.falcon_configure
    vars:
      # falcon_cid is autodetected using falcon_client_id|secret vars
      falcon_tags: 'falcon,example,tags'

Installing on MacOS

Apple platforms require Mobile Device Management (MDM) software to install kernel extensions without user prompting. Ansible is only able to run on macOS in an interactive session, which means end-users will receive prompts to accept the CrowdStrike kernel modules.

More information on Ansible and Ansible Collections

Contributing

If you want to develop new content or improve on this collection, please open an issue or create a pull request. All contributions are welcome!

License

See the license for more information.

About

Install and configure CrowdStrike's Falcon sensor via Ansible.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 61.1%
  • Python 35.0%
  • Dockerfile 3.9%