sensor_update_policy
Create, update, delete, and manage Falcon sensor update policies. Control sensor version updates, uninstall protection, and update schedules. Manage host group assignments for sensor update policies. Provides idempotent operations that only make changes when necessary.
Added in version 4.10.0
Parameters
Section titled “Parameters”| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
build | str | No | The sensor version setting for the policy. Can be a specific sensor build string or version number from the builds API. “Use sensor_update_builds_info module to get available build values for your tenant.” “Build format examples: C(20008|n-1|tagged|1), C(19320|Auto), C(17804).” “For sensor updates disabled, omit this parameter entirely.” “B(Note): Simple values like C(n-1), C(tagged) are not supported by the API.” | |
description | str | No | A description for the sensor update policy. Only used when I(state=present). | |
enabled | bool | No | Whether the policy should be enabled. Policies must be enabled to affect hosts. New policies are disabled by default. | |
host_group_action | str | No | The action to perform with the host groups specified in I(host_groups). C(add) assigns host groups to the policy. C(remove) unassigns host groups from the policy. Requires I(host_groups) to be specified. | |
host_groups | list | No | List of host group IDs to add to or remove from the policy. Use with I(host_group_action) to specify the operation. Only applicable for existing policies and when I(state=present). | |
name | str | No | The name of the sensor update policy. B(Preferred method) for idempotent operations - works for create, update, and delete. When used with I(platform_name), provides true Ansible idempotency across the entire policy lifecycle. Cannot be used to rename existing policies. | |
platform_name | str | No | The operating system platform for the policy. Required when using I(name) for policy identification (create, update, or delete). Cannot be changed after policy creation. | |
scheduler | dict | No | Time blocks during which to prohibit sensor cloud updates. Dictionary containing scheduler configuration. “Keys: C(enabled) (bool), C(timezone) (str), C(schedules) (list).” Each schedule contains C(start), C(end), and C(days) (0=Sunday, 6=Saturday). | |
sensor_update_policy | str | No | The ID of an existing sensor update policy. Alternative to I(name) + I(platform_name) for identifying existing policies. Provided for backward compatibility and when the policy ID is already known. | |
state | str | No | present | The desired state of the sensor update policy. C(present) ensures the sensor update policy exists with the specified configuration. C(absent) ensures the sensor update policy does not exist. |
uninstall_protection | str | No | The uninstall protection setting for hosts with this policy. C(ENABLED) protects the sensor from unauthorized uninstallation. C(DISABLED) allows end users to uninstall the sensor. C(MAINTENANCE_MODE) enables maintenance mode for the sensor. |
Examples
Section titled “Examples”# PREFERRED IDEMPOTENT PATTERNS (using name + platform_name)
- name: Create a Windows sensor update policy (idempotent) crowdstrike.falcon.sensor_update_policy: name: "Windows Production Policy" platform_name: Windows description: "Windows hosts production sensor policy" build: "20008|n-1|tagged|1" uninstall_protection: ENABLED state: present
- name: Update the same policy (same task definition, just different values) crowdstrike.falcon.sensor_update_policy: name: "Windows Production Policy" platform_name: Windows description: "UPDATED: Windows hosts production sensor policy" build: "19320|Auto" uninstall_protection: ENABLED enabled: true state: present
- name: Delete the same policy (same task definition, just state=absent) crowdstrike.falcon.sensor_update_policy: name: "Windows Production Policy" platform_name: Windows state: absent
- name: Create a Linux policy with scheduler (idempotent) crowdstrike.falcon.sensor_update_policy: name: "Linux Maintenance Policy" platform_name: Linux description: "Linux hosts with maintenance windows" build: "18202|n-1|tagged|5" scheduler: enabled: true timezone: "America/Chicago" schedules: - start: "08:00" end: "14:00" days: [1, 2, 3, 4, 5] # Weekdays state: present
- name: Create policy with sensor updates disabled (omit build parameter) crowdstrike.falcon.sensor_update_policy: name: "No Updates Policy" platform_name: "Mac" description: "Mac hosts with updates disabled" uninstall_protection: ENABLED # Omit 'build' parameter to disable sensor updates state: present
# ALTERNATIVE PATTERNS (using sensor_update_policy ID)# These examples show the alternative approach using policy IDs# for backward compatibility or when the ID is already known.
- name: Update an existing policy by ID crowdstrike.falcon.sensor_update_policy: sensor_update_policy: "12345678901234567890abcdef123456" description: "Updated description for production policy"
- name: Enable a sensor update policy by ID crowdstrike.falcon.sensor_update_policy: sensor_update_policy: "12345678901234567890abcdef123456" enabled: true
- name: Delete a sensor update policy by ID crowdstrike.falcon.sensor_update_policy: sensor_update_policy: "12345678901234567890abcdef123456" state: absent
# HOST GROUP MANAGEMENT# Host group operations work with both identification patterns
- name: Add host groups to a policy (using name) crowdstrike.falcon.sensor_update_policy: name: "Windows Production Policy" platform_name: Windows host_groups: - "d78cd791785442a98ec75249d8c385dd" - "a1b2c3d4e5f6789012345678901234ab" host_group_action: add
- name: Remove host groups from a policy (using ID) crowdstrike.falcon.sensor_update_policy: sensor_update_policy: "12345678901234567890abcdef123456" host_groups: - "d78cd791785442a98ec75249d8c385dd" host_group_action: removeReturn Values
Section titled “Return Values”| Key | Type | Description |
|---|---|---|
sensor_update_policy | - | |
host_group_results | - |