Skip to content
CrowdStrike Developer Center

sensor_visibility_exclusions

This data source provides information about sensor visibility exclusions in Falcon.

API Scopes

Section titled “API Scopes”

The following API scopes are required:

  • Sensor Visibility Exclusions: READ
  • Sensor Visibility Exclusions: WRITE

Example Usage

Section titled “Example Usage”
terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}


provider "crowdstrike" {
  cloud = "us-2"
}


# Get all sensor visibility exclusions
data "crowdstrike_sensor_visibility_exclusions" "all" {
  sort = "value.asc"
}


# Get globally applied exclusions using individual attributes
data "crowdstrike_sensor_visibility_exclusions" "global_exclusions" {
  applied_globally = true
  sort             = "created_on.desc"
}


# Get exclusions created by specific users with wildcard matching
data "crowdstrike_sensor_visibility_exclusions" "admin_exclusions" {
  created_by = "admin*"
  sort       = "value.asc"
}


# Get exclusions for specific paths using wildcard matching
data "crowdstrike_sensor_visibility_exclusions" "windows_exclusions" {
  value = "C:\\Program Files\\*"
  sort  = "last_modified.desc"
}


# Get specific exclusions by their IDs
data "crowdstrike_sensor_visibility_exclusions" "specific_exclusions" {
  ids = [
    "037a1708a8504b3a9cdbfdefba05f932",
    "4979a243c0d84342a66692f4810348ef"
  ]
}


# Get globally applied exclusions using FQL filter
data "crowdstrike_sensor_visibility_exclusions" "fql_global" {
  filter = "applied_globally:true"
  sort   = "value.asc"
}


# Get exclusions modified by specific user using FQL filter
data "crowdstrike_sensor_visibility_exclusions" "fql_modified_by_admin" {
  filter = "modified_by:'admin@company.com'"
  sort   = "last_modified.desc"
}


# Combined filters using individual attributes
data "crowdstrike_sensor_visibility_exclusions" "combined_filters" {
  applied_globally = false
  created_by       = "*admin*"
  value            = "/opt/*"
  sort             = "created_on.desc"
}

Schema

Section titled “Schema”

Optional

Section titled “Optional”
  • applied_globally (Boolean) Filter exclusions by whether they are applied globally. All provided filter attributes must match for an exclusion to be returned (omitted attributes are ignored). Cannot be used together with ‘filter’ or ‘ids’.
  • created_by (String) Filter exclusions by the user who created them. All provided filter attributes must match for an exclusion to be returned (omitted attributes are ignored). Supports wildcard matching with '' where '' matches any sequence of characters until the end of the string or until the next literal character in the pattern is found. Multiple wildcards can be used in a single pattern. Matching is case insensitive. Cannot be used together with ‘filter’ or ‘ids’.
  • filter (String) FQL filter to apply to the sensor visibility exclusions query. When specified, only exclusions matching the filter will be returned. Cannot be used together with ‘ids’ or other filter attributes. Example: applied_globally:true
  • ids (List of String) List of sensor visibility exclusion IDs to retrieve. When specified, only exclusions with matching IDs will be returned. Cannot be used together with ‘filter’ or other filter attributes.
  • modified_by (String) Filter exclusions by the user who last modified them. All provided filter attributes must match for an exclusion to be returned (omitted attributes are ignored). Supports wildcard matching with '' where '' matches any sequence of characters until the end of the string or until the next literal character in the pattern is found. Multiple wildcards can be used in a single pattern. Matching is case insensitive. Cannot be used together with ‘filter’ or ‘ids’.
  • sort (String) Sort order for the results. Valid values include field names with optional ‘.asc’ or ‘.desc’ suffix. Example: ‘value.asc’, ‘created_on.desc’
  • value (String) Filter exclusions by the exclusion value/path. All provided filter attributes must match for an exclusion to be returned (omitted attributes are ignored). Supports wildcard matching with '' where '' matches any sequence of characters until the end of the string or until the next literal character in the pattern is found. Multiple wildcards can be used in a single pattern. Matching is case insensitive. Cannot be used together with ‘filter’ or ‘ids’.

Read-Only

Section titled “Read-Only”

Nested Schema for exclusions

Section titled “Nested Schema for exclusions”

Read-Only:

  • applied_globally (Boolean) Whether the exclusion is applied globally to all host groups
  • apply_to_descendant_processes (Boolean) Whether the exclusion applies to descendant processes
  • created_by (String) User who created the exclusion
  • created_on (String) Timestamp when the exclusion was created
  • host_groups (List of String) List of host group IDs assigned to the exclusion
  • id (String) The sensor visibility exclusion ID
  • last_modified (String) Timestamp when the exclusion was last modified
  • modified_by (String) User who last modified the exclusion
  • regexp_value (String) The regular expression representation of the exclusion value
  • value (String) The exclusion value/path
  • value_hash (String) The hash of the exclusion value
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use