Reference

Classes

falcon

configures and installs CrowdStrike Falcon Sensor

Examples

Basic usage

class { 'falcon':
  cid            => '12345',
  client_id      => '<client_id>',
  client_secret  => '<client_secret>',
  update_policy  => 'platform_default'
  install_method => 'api'
}

Parameters

The following parameters are available in the falcon class:

• package_manage
• config_manage
• service_manage
• cid
• install_method
• client_id
• client_secret
• version_manage
• falcon_cloud
• update_policy
• sensor_tmp_dir
• version
• version_decrement
• cleanup_installer
• provisioning_token
• package_name
• package_options
• service_enable
• service_name
• service_ensure
• proxy_host
• proxy_port
• proxy_enabled
• sensor_dl_proxy_host
• sensor_dl_proxy_port
• tags
• tag_membership

package_manage

Data type: Optional[Boolean]

Whether to install and manage the falcon sensor. Defaults to true.

Default value: $falcon::params::package_manage

config_manage

Data type: Optional[Boolean]

Whether to manage the falcon sensor configuration. Defaults to true.

Default value: $falcon::params::config_manage

service_manage

Data type: Optional[Boolean]

Whether to manage the service. Defaults to true.

Note

The falcon service requires the agent to be registered with the Customer CID in order to start.

Default value: $falcon::params::service_manage

cid

Data type: Optional[Variant[Sensitive[String], String]]

The Customer CID to register the agent with. If not provided, the agent will not be registered. The falcon service can not be started if cid is not configured. Defaults to undef.

Ignored if config_manage is set to false.

Default value: $falcon::params::cid

install_method

Data type: Optional[Enum['api', 'local']]

The method used to install the falcon sensor. Defaults to api.

Valid values:

• api
• local

When api is selected, the falcon api will be used to download the correct version of the falcon sensor.

When local is selected, a package resource is created with the values passed in the package_options parameter.

Default value: $falcon::params::install_method

client_id

Data type: Optional[Sensitive]

The client id used to authenticate with the Falcon API. Defaults to undef.

Required if install_method is set to api and ignored if install_method is set to local.

Default value: $falcon::params::client_id

client_secret

Data type: Optional[Sensitive]

The client secret used to authenticate with the Falcon API. Defaults to undef.

Required if install_method is set to api and ignored if install_method is set to local.

Default value: $falcon::params::client_secret

version_manage

Data type: Optional[Boolean]

Rather or not puppet should enforce a specific version and do upgrades/downgrades. Defaults to false.

Ignored if install_method is set to local.

Note

If you use update policies to manage the version, you should set this to false to prevent puppet

and the falcon platform from conflicting.

Default value: $falcon::params::version_manage

falcon_cloud

Data type: String

The name of the cloud to use for the Falcon API. Defaults to api.crowdstrike.com

Ignored if install_method is set to local.

Default value: $falcon::params::falcon_cloud

update_policy

Data type: Optional[String]

The update policy to use to determine the package version to download and install. Defaults to undef.

update_policy takes precedence over version_decrement.

Ignored if install_method is set to local.

Default value: $falcon::params::update_policy

sensor_tmp_dir

Data type: Optional[String]

The directory to use to stage the sensor package. Defaults to /tmp (or %TEMP% on Windows).

Ignored if install_method is set to local.

Default value: $falcon::params::sensor_tmp_dir

version

Data type: Optional[String]

The version of the sensor to install. When provided update_policy and version_decrement will be ignored. Defaults to undef.

Ignored if install_method is set to local.

Default value: $falcon::params::version

version_decrement

Data type: Optional[Numeric]

The number of versions to decrement from the latest version. When version, update_policy are not provided this will be used to determine the version to download and install. Defaults to 0.

Ignored if install_method is set to local.

Default value: $falcon::params::version_decrement

cleanup_installer

Data type: Optional[Boolean]

Rather or not to remove the sensor install package after use. Defaults to true.

Ignored if install_method is set to local.

Default value: $falcon::params::cleanup_installer

provisioning_token

Data type: Optional[String]

The provisioning token to use to register the sensor with the Falcon API. Defaults to undef.

Default value: $falcon::params::provisioning_token

package_name

Data type: Optional[String]

The name of the package to install. Defaults to the valid service name for the OS.

package_options will override if you pass in a package name.

Ignored if install_method is set to local.

Default value: $falcon::params::package_name

package_options

Data type: Hash[String, Any]

Allows you to override any package attribute. Defaults to {}.

Default value: $falcon::params::package_options

service_enable

Data type: Optional[Boolean]

Whether to enable the service. Defaults to true.

Ignored if service_manage is set to false.

Default value: $falcon::params::service_enable

service_name

Data type: Optional[String]

The name of the service to manage. Defaults to the valid service name for the OS.

Ignored if service_manage is set to false.

Default value: $falcon::params::service_name

service_ensure

Data type: Optional[String]

The desired service state. Defaults to running.

Ignored if service_manage is set to false.

Default value: $falcon::params::service_ensure

proxy_host

Data type: Optional[String]

The proxy host for the falcon agent to use. Defaults to undef.

Default value: $falcon::params::proxy_host

proxy_port

Data type: Optional[Numeric]

The proxy port for the falcon agent to use. Defaults to undef.

Default value: $falcon::params::proxy_port

proxy_enabled

Data type: Optional[Boolean]

Whether proxy is enabled. Defaults to undef.

Default value: $falcon::params::proxy_enabled

sensor_dl_proxy_host

Data type: Optional[String]

The proxy host to use when downloading the falcon sensor. Defaults to undef.

Default value: $falcon::params::sensor_dl_proxy_host

sensor_dl_proxy_port

Data type: Optional[Numeric]

The proxy port to use when downloading the falcon sensor. Defaults to undef.

Default value: $falcon::params::sensor_dl_proxy_port

tags

Data type: Optional[Array[String]]

List of tags to apply to the sensor. Defaults to undef.

Default value: $falcon::params::tags

tag_membership

Data type: Optional[Enum['inclusive', 'minimum']]

Rather specified tags should be treated as a complete list inclusive or as a list of tags to add to the existing list minimum. inclusive will ensure the sensor has only the tags specified in tags removing any tags that are not specified. minimum will ensure the sensor has the tags specified in tags but will not remove any existing tags. Defaults to minimum.

Default value: $falcon::params::tag_membership

Resource types

falconctl

Configure the Falcon Sensor

Properties

The following properties are available in the falconctl type.

cid

The cid to set for the Falcon Sensor

proxy_enabled

Valid values: true, false

Enable or disable the proxy for the Falcon Sensor

proxy_host

The proxy host to set for the Falcon Sensor

proxy_port

The proxy port to set for the Falcon Sensor

tags

List of tags to set for the Falcon Sensor

Parameters

The following parameters are available in the falconctl type.

• name
• provider
• provisioning_token
• tag_membership

name

namevar

The name of the resource

provider

The specific backend to use for this falconctl resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

provisioning_token

The provisioning token used to register the sensor

Default value: undef

tag_membership

Valid values: inclusive, minimum

Rather specified tags should be treated as a complete list inclusive or as a list of tags to add to the existing list minimum.

Default value: minimum

sensor_download

Download the Falcon Sensor

Properties

The following properties are available in the sensor_download type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

Parameters

The following parameters are available in the sensor_download type.

• bearer_token
• falcon_cloud
• file_path
• provider
• proxy_host
• proxy_port
• sha256
• version
• version_manage

bearer_token

The bearer token used to authenticate with the Falcon API

falcon_cloud

The falcon cloud URI to use

file_path

The full path to the file.

provider

The specific backend to use for this sensor_download resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

proxy_host

The proxy host to use for downloading the sensor package

proxy_port

The proxy port to use for downloading the sensor package

sha256

namevar

The sha256 of the package to download

version

The falcon sensor version that should be installed.

version_manage

If true download the required sensor package if current sensor version does not match desired version. False only download sensor package when no sensor is installed