Skip to content
CrowdStrike Developer Center

sensor_update_policies

This data source provides information about sensor update policies in Falcon.

API Scopes

Section titled “API Scopes”

The following API scopes are required:

  • Sensor update policies: READ

Example Usage

Section titled “Example Usage”
terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}


provider "crowdstrike" {
  cloud = "us-2"
}


# Get all sensor update policies
data "crowdstrike_sensor_update_policies" "all" {}


# Output IDs of policies with build turned off (null)
output "policy_ids_with_build_off" {
  value = [
    for policy in data.crowdstrike_sensor_update_policies.all.policies :
    policy.id if policy.build == null
  ]
}


# Output IDs of Linux policies with ARM64 builds turned off (null)
output "linux_policy_ids_with_arm64_off" {
  value = [
    for policy in data.crowdstrike_sensor_update_policies.all.policies :
    policy.id if policy.platform_name == "Linux" && policy.build_arm64 == null
  ]
}


# Output IDs of all policies with any build turned off (standard or ARM64)
output "all_policy_ids_with_builds_off" {
  value = setunion(
    [
      for policy in data.crowdstrike_sensor_update_policies.all.policies :
      policy.id if policy.build == null
    ],
    [
      for policy in data.crowdstrike_sensor_update_policies.all.policies :
      policy.id if policy.platform_name == "Linux" && policy.build_arm64 == null
    ]
  )
}


# Get only enabled policies
data "crowdstrike_sensor_update_policies" "enabled" {
  enabled = true
}


# Get policies for a specific platform
data "crowdstrike_sensor_update_policies" "windows_policies" {
  platform_name = "Windows"
}


# Get policies using FQL filter
data "crowdstrike_sensor_update_policies" "filtered" {
  filter = "enabled:true+platform_name:'Linux'"
}


# Get policies sorted by name
data "crowdstrike_sensor_update_policies" "sorted" {
  sort = "name.asc"
}


# Get specific policies by ID
data "crowdstrike_sensor_update_policies" "specific" {
  ids = [
    "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6",
    "b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7"
  ]
}

Schema

Section titled “Schema”

Optional

Section titled “Optional”
  • created_by (String) Filter policies by the user who created them. All provided filter attributes must match for a policy to be returned (omitted attributes are ignored). Supports wildcard matching with '' where '' matches any sequence of characters until the end of the string or until the next literal character in the pattern is found. Multiple wildcards can be used in a single pattern. Matching is case insensitive. Cannot be used together with ‘filter’ or ‘ids’.
  • description (String) Filter policies by description. All provided filter attributes must match for a policy to be returned (omitted attributes are ignored). Supports wildcard matching with '' where '' matches any sequence of characters until the end of the string or until the next literal character in the pattern is found. Multiple wildcards can be used in a single pattern. Matching is case insensitive. Cannot be used together with ‘filter’ or ‘ids’.
  • enabled (Boolean) Filter policies by enabled status. All provided filter attributes must match for a policy to be returned (omitted attributes are ignored). Cannot be used together with ‘filter’ or ‘ids’.
  • filter (String) FQL filter to apply to the sensor update policies query. When specified, only policies matching the filter will be returned. Cannot be used together with ‘ids’ or other filter attributes. Example: platform_name:'Windows'
  • ids (List of String) List of sensor update policy IDs to retrieve. When specified, only policies with matching IDs will be returned. Cannot be used together with ‘filter’ or other filter attributes.
  • modified_by (String) Filter policies by the user who last modified them. All provided filter attributes must match for a policy to be returned (omitted attributes are ignored). Supports wildcard matching with '' where '' matches any sequence of characters until the end of the string or until the next literal character in the pattern is found. Multiple wildcards can be used in a single pattern. Matching is case insensitive. Cannot be used together with ‘filter’ or ‘ids’.
  • name (String) Filter policies by name. All provided filter attributes must match for a policy to be returned (omitted attributes are ignored). Supports wildcard matching with '' where '' matches any sequence of characters until the end of the string or until the next literal character in the pattern is found. Multiple wildcards can be used in a single pattern. Matching is case insensitive. Cannot be used together with ‘filter’ or ‘ids’.
  • platform_name (String) Filter policies by platform_name (Windows, Linux, Mac). All provided filter attributes must match for a policy to be returned (omitted attributes are ignored). Cannot be used together with ‘filter’ or ‘ids’.
  • sort (String) Sort order for the results. Valid values include field names with optional ‘.asc’ or ‘.desc’ suffix. Example: ‘name.asc’, ‘precedence.desc’

Read-Only

Section titled “Read-Only”

Nested Schema for policies

Section titled “Nested Schema for policies”

Read-Only:

  • build (String) The target build applied to devices in the policy
  • build_arm64 (String) The ARM64 build applied to Linux devices (only set for Linux policies)
  • created_by (String) User who created the policy
  • created_timestamp (String) Timestamp when the policy was created
  • description (String) The sensor update policy description
  • enabled (Boolean) Whether the sensor update policy is enabled
  • host_groups (List of String) List of host group IDs assigned to the policy
  • id (String) The sensor update policy ID
  • modified_by (String) User who last modified the policy
  • modified_timestamp (String) Timestamp when the policy was last modified
  • name (String) The sensor update policy name
  • platform_name (String) The platform name (Windows, Linux, Mac)
  • schedule (Attributes) The schedule that controls when sensor updates are allowed (see below for nested schema)
  • uninstall_protection (Boolean) Whether uninstall protection is enabled

Nested Schema for policies.schedule

Section titled “Nested Schema for policies.schedule”

Read-Only:

  • enabled (Boolean) Whether the update schedule is enabled
  • time_blocks (Attributes Set) Time blocks when sensor updates are prohibited (see below for nested schema)
  • timezone (String) The timezone used for the time blocks

Nested Schema for policies.schedule.time_blocks

Section titled “Nested Schema for policies.schedule.time_blocks”

Read-Only:

  • days (Set of String) Days of the week when this time block is active
  • end_time (String) End time in 24HR format
  • start_time (String) Start time in 24HR format
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use