intel_rule_download

Downloads CrowdStrike Falcon Intel rule files (YARA, Snort, etc.). By default, downloads the latest rule file for the specified type. Can also download a specific rule file when provided with a C(rule_id).

Parameters

Parameter	Type	Required	Default	Description
`dest`	path	No		The directory path to save the rule file. If not specified, a temporary directory will be created using
`format`	str	No	zip	The format of the rule file to download. zip gzip
`name`	str	No		The filename to save the rule file as. If not specified, it will use the name provided by the API.
`rule_id`	str	No		The ID of a specific rule to download. If provided, the type parameter is ignored.
`type`	str	No		The rule news report type. Required when C(rule_id) is not provided. Used to fetch the latest rule file of this type when C(rule_id) is not specified. common-event-format netwitness snort-suricata-changelog snort-suricata-master snort-suricata-update yara-changelog yara-master yara-update cql-master cql-changelog cql-update

Examples

- name: Download the latest YARA master rule file
  crowdstrike.falcon.intel_rule_download:
    type: "yara-master"
    dest: "/tmp/rules"

- name: Download a specific rule file by ID
  crowdstrike.falcon.intel_rule_download:
    rule_id: "1234567890"
    dest: "/tmp/rules"
    name: "custom_rule.zip"

- name: Download the latest Snort rule file in gzip format
  crowdstrike.falcon.intel_rule_download:
    type: "snort-suricata-master"
    format: "gzip"
    dest: "/tmp/rules"

Return Values

Key	Type	Description
`path`		T
`rule_id`		T
`rule_name`		T
`rule_type`		T