content_update_policies

This data source provides information about content update policies in Falcon.

API Scopes

The following API scopes are required:

• Content Update Policy: READ

Example Usage

terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}

provider "crowdstrike" {
  cloud = "us-2"
}

# Get all content update policies
data "crowdstrike_content_update_policies" "all" {}

# Get enabled policies
data "crowdstrike_content_update_policies" "enabled" {
  enabled = true
}

# Use FQL filter with sorting
data "crowdstrike_content_update_policies" "filtered_and_sorted" {
  filter = "enabled:true+name:'*prod*'"
  sort   = "name.asc"
}

# Get policies by ID
data "crowdstrike_content_update_policies" "specific" {
  ids = [
    "policy-id-1",
    "policy-id-2"
  ]
}

Schema

Optional

• created_by (String) Filter policies by the user who created them. All provided filter attributes must match for a policy to be returned (omitted attributes are ignored). Supports wildcard matching with '' where '' matches any sequence of characters until the end of the string or until the next literal character in the pattern is found. Multiple wildcards can be used in a single pattern. Matching is case insensitive. Cannot be used together with ‘filter’ or ‘ids’.
• description (String) Filter policies by description. All provided filter attributes must match for a policy to be returned (omitted attributes are ignored). Supports wildcard matching with '' where '' matches any sequence of characters until the end of the string or until the next literal character in the pattern is found. Multiple wildcards can be used in a single pattern. Matching is case insensitive. Cannot be used together with ‘filter’ or ‘ids’.
• enabled (Boolean) Filter policies by enabled status. All provided filter attributes must match for a policy to be returned (omitted attributes are ignored). Cannot be used together with ‘filter’ or ‘ids’.
• filter (String) FQL filter to apply to the content update policies query. When specified, only policies matching the filter will be returned. Cannot be used together with ‘ids’ or other filter attributes. Example: name:'*prod*'
• ids (List of String) List of content update policy IDs to retrieve. When specified, only policies with matching IDs will be returned. Cannot be used together with ‘filter’ or other filter attributes.
• modified_by (String) Filter policies by the user who last modified them. All provided filter attributes must match for a policy to be returned (omitted attributes are ignored). Supports wildcard matching with '' where '' matches any sequence of characters until the end of the string or until the next literal character in the pattern is found. Multiple wildcards can be used in a single pattern. Matching is case insensitive. Cannot be used together with ‘filter’ or ‘ids’.
• name (String) Filter policies by name. All provided filter attributes must match for a policy to be returned (omitted attributes are ignored). Supports wildcard matching with '' where '' matches any sequence of characters until the end of the string or until the next literal character in the pattern is found. Multiple wildcards can be used in a single pattern. Matching is case insensitive. Cannot be used together with ‘filter’ or ‘ids’.
• sort (String) Sort order for the results. Valid values include field names with optional ‘.asc’ or ‘.desc’ suffix. Example: ‘name.asc’, ‘precedence.desc’

Read-Only

• policies (Attributes List) The list of content update policies (see below for nested schema)

Nested Schema for policies

Read-Only:

• created_by (String) User who created the policy
• created_timestamp (String) Timestamp when the policy was created
• description (String) The content update policy description
• enabled (Boolean) Whether the content update policy is enabled
• host_groups (List of String) List of host group IDs assigned to the policy
• id (String) The content update policy ID
• modified_by (String) User who last modified the policy
• modified_timestamp (String) Timestamp when the policy was last modified
• name (String) The content update policy name
• rapid_response (Attributes) Ring assignment settings for rapid response allow/block listing content category (see below for nested schema)
• sensor_operations (Attributes) Ring assignment settings for sensor operations content category (see below for nested schema)
• system_critical (Attributes) Ring assignment settings for system critical content category (see below for nested schema)
• vulnerability_management (Attributes) Ring assignment settings for vulnerability management content category (see below for nested schema)

Nested Schema for policies.rapid_response

Read-Only:

• delay_hours (Number) Delay in hours when using ‘ga’ ring assignment
• pinned_content_version (String) Pinned content version for the content category
• ring_assignment (String) Ring assignment for the content category (ga, ea, pause)

Nested Schema for policies.sensor_operations

Read-Only:

• delay_hours (Number) Delay in hours when using ‘ga’ ring assignment
• pinned_content_version (String) Pinned content version for the content category
• ring_assignment (String) Ring assignment for the content category (ga, ea, pause)

Nested Schema for policies.system_critical

Read-Only:

• delay_hours (Number) Delay in hours when using ‘ga’ ring assignment
• pinned_content_version (String) Pinned content version for the content category
• ring_assignment (String) Ring assignment for the content category (ga, ea)

Nested Schema for policies.vulnerability_management

Read-Only:

• delay_hours (Number) Delay in hours when using ‘ga’ ring assignment
• pinned_content_version (String) Pinned content version for the content category
• ring_assignment (String) Ring assignment for the content category (ga, ea, pause)