Skip to content
CrowdStrike Developer Center

rtr_script

Manages Real Time Response (RTR) custom scripts in CrowdStrike Falcon. RTR scripts allow administrators to upload and manage custom scripts that can be executed on remote hosts during response sessions.

API Scopes

Section titled “API Scopes”

The following API scopes are required:

  • Real Time Response (Admin): READ
  • Real Time Response (Admin): WRITE

Example Usage

Section titled “Example Usage”
terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}


provider "crowdstrike" {
  cloud = "us-2"
}


resource "crowdstrike_rtr_script" "cleanup" {
  name            = "cleanup-temp-files"
  description     = "Removes temporary files from common locations"
  content         = file("${path.module}/scripts/cleanup.ps1")
  platform_name   = "Windows"
  permission_type = "group"


  comments_for_audit_log = "Initial upload via Terraform"
}


output "rtr_script" {
  value = crowdstrike_rtr_script.cleanup
}

Schema

Section titled “Schema”

Required

Section titled “Required”
  • content (String) The script content. Use Terraform’s file() function to reference external script files.
  • name (String) The name of the RTR script.
  • permission_type (String) Who can use the script. Valid values: private (only the creator), group (RTR Admins), public (RTR Admins and Active Responders).
  • platform_name (String) The platform the script targets. Valid values: Windows, Mac, Linux.

Optional

Section titled “Optional”
  • comments_for_audit_log (String) Audit log comment for the change. Once set, clearing this field requires resource replacement.
  • description (String) The description of the RTR script. Once set, clearing this field requires resource replacement.

Read-Only

Section titled “Read-Only”
  • created_by (String) The user who created the script.
  • created_timestamp (String) The timestamp when the script was created.
  • id (String) The ID of the RTR script.
  • modified_by (String) The user who last modified the script.
  • modified_timestamp (String) The timestamp when the script was last modified.
  • sha256 (String) The SHA-256 hash of the script content.
  • size (Number) The file size of the script in bytes.

Import

Section titled “Import”

Import is supported using the following syntax:

Terminal window
# RTR Script can be imported by specifying the script ID.
terraform import crowdstrike_rtr_script.example 7fb858a949034a0cbca175f660f1e769
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use