Skip to content
CrowdStrike Developer Center

ml_certificate_exclusion

An ML certificate exclusion defines a machine learning exclusion scoped to a certificate and either all hosts or specific host groups.

API Scopes

Section titled “API Scopes”

The following API scopes are required:

  • Certificate Based Exclusions: READ
  • Certificate Based Exclusions: WRITE

Example Usage

Section titled “Example Usage”
terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}


provider "crowdstrike" {
  cloud = "us-2"
}


resource "crowdstrike_ml_certificate_exclusion" "example" {
  name        = "example-certificate-exclusion"
  enabled     = true
  host_groups = ["all"]


  certificate = {
    issuer     = "CN=Example Issuer,O=Example Corp,C=US"
    serial     = "1234567890"
    subject    = "CN=Example Subject,O=Example Corp,C=US"
    thumbprint = "example-thumbprint"
    valid_from = "2024-01-01T00:00:00Z"
    valid_to   = "2026-01-01T00:00:00Z"
  }
}

Schema

Section titled “Schema”

Required

Section titled “Required”
  • certificate (Attributes) Certificate fields that identify the certificate to exclude. (see below for nested schema)
  • enabled (Boolean) Whether the ML certificate exclusion is enabled.
  • host_groups (Set of String) The set of host group IDs this exclusion applies to. Use ["all"] to apply the exclusion globally to all hosts.
  • name (String) Display name of the ML certificate exclusion.

Optional

Section titled “Optional”
  • comment (String) Optional comment stored with the ML certificate exclusion.
  • description (String) Optional description of the ML certificate exclusion.

Read-Only

Section titled “Read-Only”
  • applied_globally (Boolean) Whether Falcon reports this exclusion as globally applied. Set host_groups to ["all"] to target all hosts.
  • created_by (String) User who created the exclusion.
  • created_on (String) Timestamp when the exclusion was created.
  • id (String) Unique identifier of the ML certificate exclusion.
  • modified_by (String) User who last modified the exclusion.
  • modified_on (String) Timestamp when the exclusion was last modified.

Nested Schema for certificate

Section titled “Nested Schema for certificate”

Required:

  • issuer (String) Certificate issuer.
  • serial (String) Certificate serial number.
  • subject (String) Certificate subject.
  • thumbprint (String) Certificate thumbprint.
  • valid_from (String) Certificate validity start timestamp in RFC3339 format.
  • valid_to (String) Certificate validity end timestamp in RFC3339 format.

Import

Section titled “Import”

Import is supported using the following syntax:

Terminal window
# Certificate based exclusions can be imported using their ID
terraform import crowdstrike_certificate_based_exclusion.example 12345678-1234-1234-1234-123456789012
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use