falconctl
Configures CrowdStrike Falcon Sensor on Linux systems
Added in version 3.2.0
Parameters
Section titled “Parameters”| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
aid | bool | No | Whether or not you would like to delete the associated Agent ID. Useful when preparing a host as a master image for cloning or virtualization. This applies only to C(state=absent). | |
apd | str | No | Whether to enable or disable the Falcon sensor to use a proxy. To enable the proxy, set to C(‘false’). “Valid Options are: C(‘true’|‘false’|”)“ | |
aph | str | No | Specifies the application proxy host to use for Falcon sensor proxy configuration. | |
app | str | No | Specifies the application proxy port to use for Falcon sensor proxy configuration. | |
backend | str | No | Configure the backend for the Falcon sensor. This was introduced to support the BPF backend. C(backend) is only available in sensor versions that support the C(—backend) option (>6.46.0). “Valid Options are: C(‘auto’|‘bpf’|‘kernel’)“ | |
billing | str | No | Specify the (Pay-As-You-Go) billing model for Cloud Workloads. Falcon for Cloud Workloads (Pay-As-You-Go) is a billing model for your hosts that run in For ephemeral workloads in these cloud environments, you pay only for the hours that hosts “Valid Options are: C(‘metered’|‘default’|”)“ | |
cid | str | No | CrowdStrike Falcon Customer ID (CID). | |
cloud | str | No | Specify the cloud region for the Falcon sensor to connect to. C(cloud) is only available in sensor versions 7.28.0 and above with unified installer support. This parameter helps the sensor connect to the correct cloud region and can resolve AID generation timeouts. “Valid Options are: C(‘us-1’|‘us-2’|‘eu-1’|‘us-gov-1’|‘us-gov-2’)“ | |
feature | list | No | Configure the Falcon sensor feature flags. | |
maintenance_token | str | No | Maintenance token required for sensor operations when uninstall and maintenance protection is enabled. Required for sensor versions 7.20+ when protection is armed. Used to disable protection before uninstall, upgrade, or configuration changes. | |
message_log | str | No | Whether or not you would like to log messages to disk. “Valid Options are: C(‘true’|‘false’|”)“ | |
provisioning_token | str | No | Installation tokens prevent unauthorized hosts from being accidentally or maliciously added to your customer ID (CID). Optional security measure for your CID. This parameter requires supplying a C(cid). | |
state | str | No | Ensures that requested parameters are removed (absent) or added (present) to the Falcon sensor. | |
tags | str | No | Sensor grouping tags are optional, user-defined identifiers you can use to group and filter hosts. To assign multiple tags, separate tags with commas. I(The combined length of all tags for a host, including comma separators, cannot exceed 256 characters). | |
trace | str | No | Configure the appropriate trace level. |
Examples
Section titled “Examples”- name: Set CrowdStrike Falcon CID crowdstrike.falcon.falconctl: state: present cid: 1234567890ABCDEF1234567890ABCDEF-12
- name: Set CrowdStrike Falcon CID with Provisioning Token crowdstrike.falcon.falconctl: state: present cid: 1234567890ABCDEF1234567890ABCDEF-12 provisioning_token: 12345678
- name: Set CrowdStrike Falcon CID with Cloud Region (Sensor v7.28+) crowdstrike.falcon.falconctl: state: present cid: 1234567890ABCDEF1234567890ABCDEF-12 cloud: us-2
- name: Delete CrowdStrike Falcon CID crowdstrike.falcon.falconctl: state: absent cid: ""
- name: Delete Agent ID to Prep Master Image crowdstrike.falcon.falconctl: state: absent aid: true
- name: Configure Falcon Sensor Proxy crowdstrike.falcon.falconctl: state: present apd: false aph: example.com app: 8080