Skip to content
CrowdStrike Developer Center

ml_file_path_exclusion

Manages machine learning exclusions for trusted file paths in the CrowdStrike Falcon Platform. At least one exclusion mode must be enabled via exclude_detections and/or exclude_uploads.

API Scopes

Section titled “API Scopes”

The following API scopes are required:

  • Machine Learning Exclusions: READ
  • Machine Learning Exclusions: WRITE

Example Usage

Section titled “Example Usage”
terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}


provider "crowdstrike" {
  cloud = "us-2"
}


resource "crowdstrike_ml_file_path_exclusion" "example" {
  pattern            = "/tmp/build_artifacts/*"
  host_groups        = ["all"]
  exclude_detections = true
}

Schema

Section titled “Schema”

Required

Section titled “Required”
  • host_groups (Set of String) The set of host group IDs this exclusion applies to. Use all to apply globally.
  • pattern (String) The file path or pattern to exclude from machine learning detections.

Optional

Section titled “Optional”
  • comment (String) Additional context stored when creating or updating the exclusion. Falcon does not return this field on reads, so imported resources cannot populate it automatically.
  • exclude_detections (Boolean) Whether to exclude matching files from machine learning detections and preventions.
  • exclude_uploads (Boolean) Whether to exclude matching files from cloud extraction/uploads.

Read-Only

Section titled “Read-Only”
  • applied_globally (Boolean) Whether Falcon reports this exclusion as globally applied.
  • created_by (String) The user who created the exclusion.
  • created_on (String) The timestamp when the exclusion was created.
  • id (String) The unique identifier for the machine learning exclusion.
  • last_modified (String) The timestamp when the exclusion was last modified.
  • last_updated (String) The RFC850 timestamp of the last update to this resource by Terraform.
  • modified_by (String) The user who last modified the exclusion.
  • regexp_value (String) The regular expression representation of pattern generated by Falcon.
  • value_hash (String) The hash of the configured exclusion pattern value.

Import

Section titled “Import”

Import is supported using the following syntax:

Terminal window
# ML file path exclusions can be imported using their ID
terraform import crowdstrike_ml_file_path_exclusion.example 12345678-1234-1234-1234-123456789012
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use