https://github.com/stuartapp/ansible-falcon
Ansible role to download and install CrowdStrike Falcon sensor
https://github.com/stuartapp/ansible-falcon
Last synced: about 1 year ago
JSON representation
Ansible role to download and install CrowdStrike Falcon sensor
- Host: GitHub
- URL: https://github.com/stuartapp/ansible-falcon
- Owner: StuartApp
- License: gpl-3.0
- Created: 2022-03-10T09:14:31.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2023-02-22T13:54:19.000Z (over 3 years ago)
- Last Synced: 2025-01-28T03:30:40.954Z (over 1 year ago)
- Size: 48.8 KB
- Stars: 0
- Watchers: 8
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
Role Name
=========
The purpose of this role is to download, install and configure CrowdStrike Falcon sensor it on our EC2 instances. The sensor must be downloaded from Crowdstrike Cloud using MFA.
In the first step, we will connect to the mentionced cloud environment to obtain a `Bearer token` which will be used to download the `pkg`. The distribution used is compatible with Ubuntu 16/18 and 20.
After downloading and installing the `pkg` - the `falcon-sensor` must be configured. According to the official documentation both the Customer ID (CID) and `provisioning-token` must be provided.
Requirements
------------
Role Variables and Secrets
--------------
Supported variables:
* `falcon_cloud` - CrowdStrike API URL for downloading the Falcon sensor.
* `falcon_install_tmp_dir` - Where should the sensor file be downloaded to on Linux
Supported secrets:
This information can be found on under Falcon UI and won't be changed in the near future:
* `falcon_client_id` - CrowdStrike OAUTH Client ID
* `falcon_client_secret` - CrowdStrike OAUTH Client Secret
* `falcon_customer_id` - CrowdStrike Customer ID
* `falcon_provisioning_token` - Falcon Installation Token
Dependencies
------------
No dependencies
Example Playbook
----------------
Include the role in `requirements.yml` as follows to test the changes depending on the branch (master of the one to be tested)
```yaml
- src: https://github.com/StuartApp/ansible-falcon.git
name: stuart.falcon
version: < branch name >
```
After adding the role to the requirements and installing we can proceed to call it from a playbook:
```yaml
- name: myplaybook
hosts: servers
roles:
- {role: stuart.falcon, tags: role-falcon}
```
Author Information
------------------
This role was created while working for Stuart Delivery.