falcon: configures and installs CrowdStrike Falcon Sensor
falcon::config: This class handles the configuration of the falcon server.falcon::install: This class handles falcon sensor package.falcon::params: This class contains the defaults for the falcon module.falcon::service: This class handles falcon sensor service.
falconctl: Configure the Falcon Sensorsensor_download: Download the Falcon Sensor
falcon::sensor_download_info: Get sensor info like install package SHA and version
configures and installs CrowdStrike Falcon Sensor
class { 'falcon':
cid => '12345',
client_id => '<client_id>',
client_secret => '<client_secret>',
update_policy => 'platform_default'
install_method => 'api'
}The following parameters are available in the falcon class:
package_manageconfig_manageservice_managecidinstall_methodclient_idclient_secretversion_managefalcon_cloudupdate_policysensor_tmp_dirversionversion_decrementcleanup_installerprovisioning_tokenpackage_namepackage_optionsservice_enableservice_nameservice_ensure
Data type: Optional[Boolean]
Whether to install and manage the falcon sensor. Defaults to true.
Default value: $falcon::params::package_manage
Data type: Optional[Boolean]
Whether to manage the falcon sensor configuration. Defaults to true.
Default value: $falcon::params::config_manage
Data type: Optional[Boolean]
Whether to manage the service. Defaults to true.
NOTE: The falcon service requires the agent to be registered with the Customer CID in order to start.
Default value: $falcon::params::service_manage
Data type: Optional[String]
The Customer CID to register the agent with. If not provided, the agent will not be registered. The falcon service can not be started
if cid is not configured. Defaults to undef.
Ignored if config_manage is set to false.
Default value: $falcon::params::cid
Data type: Optional[Enum['api', 'local']]
The method used to install the falcon sensor. Defaults to api.
Valid values:
apilocal
When api is selected, the falcon api will be used to download the correct version of the falcon sensor.
When local is selected, a package resource is created with the values passed in the package_options parameter.
Default value: $falcon::params::install_method
Data type: Optional[Sensitive]
The client id used to authenticate with the Falcon API. Defaults to undef.
Required if install_method is set to api and ignored if install_method is set to local.
Default value: $falcon::params::client_id
Data type: Optional[Sensitive]
The client secret used to authenticate with the Falcon API. Defaults to undef.
Required if install_method is set to api and ignored if install_method is set to local.
Default value: $falcon::params::client_secret
Data type: Optional[Boolean]
Rather or not puppet should enforce a specific version and do upgrades/downgrades. Defaults to false.
Ignored if install_method is set to local.
NOTE: If you use update policies to manage the version, you should set this to
falseto prevent puppet and the falcon platform from conflicting.
Default value: $falcon::params::version_manage
Data type: String
The name of the cloud to use for the Falcon API. Defaults to api.crowdstrike.com
Ignored if install_method is set to local.
Default value: $falcon::params::falcon_cloud
Data type: Optional[String]
The update policy to use to determine the package version to download and install. Defaults to undef.
update_policy takes precedence over version_decrement.
Ignored if install_method is set to local.
Default value: $falcon::params::update_policy
Data type: Optional[String]
The directory to use to stage the sensor package. Defaults to /tmp (or %TEMP% on Windows).
Ignored if install_method is set to local.
Default value: $falcon::params::sensor_tmp_dir
Data type: Optional[String]
The version of the sensor to install. When provided update_policy and version_decrement will be ignored. Defaults to undef.
Ignored if install_method is set to local.
Default value: $falcon::params::version
Data type: Optional[Numeric]
The number of versions to decrement from the latest version. When version, update_policy are not provided
this will be used to determine the version to download and install. Defaults to 0.
Ignored if install_method is set to local.
Default value: $falcon::params::version_decrement
Data type: Optional[Boolean]
Rather or not to remove the sensor install package after use. Defaults to true.
Ignored if install_method is set to local.
Default value: $falcon::params::cleanup_installer
Data type: Optional[String]
The provisioning token to use to register the sensor with the Falcon API. Defaults to undef.
Default value: $falcon::params::provisioning_token
Data type: Optional[String]
The name of the package to install. Defaults to the valid service name for the OS.
package_options will override if you pass in a package name.
Ignored if install_method is set to local.
Default value: $falcon::params::package_name
Data type: Hash[String, Any]
Allows you to override any package attribute. Defaults to {}.
Default value: $falcon::params::package_options
Data type: Optional[Boolean]
Whether to enable the service. Defaults to true.
Ignored if service_manage is set to false.
Default value: $falcon::params::service_enable
Data type: Optional[String]
The name of the service to manage. Defaults to the valid service name for the OS.
Ignored if service_manage is set to false.
Default value: $falcon::params::service_name
Data type: Optional[String]
The desired service state. Defaults to running.
Ignored if service_manage is set to false.
Default value: $falcon::params::service_ensure
Configure the Falcon Sensor
The following properties are available in the falconctl type.
The cid to set for the Falcon Sensor
The following parameters are available in the falconctl type.
namevar
The name of the resource
The specific backend to use for this falconctl resource. You will seldom need to specify this --- Puppet will usually
discover the appropriate provider for your platform.
The provisioning token used to register the sensor
Default value: undef
Download the Falcon Sensor
The following properties are available in the sensor_download type.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
The following parameters are available in the sensor_download type.
The bearer token used to authenticate with the Falcon API
The falcon cloud URI to use
The full path to the file.
The specific backend to use for this sensor_download resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
namevar
The sha256 of the package to download
The falcon sensor version that should be installed.
If true download the required sensor package if current sensor version does not match desired version. False only download sensor package when no sensor is installed
Type: Ruby 4.x API
Get sensor info like install package SHA and version
falcon::sensor_download_info('client_id', 'client_secret', { 'falcon_cloud' => 'api.crowdstrike.com'})Get sensor info like install package SHA and version
Returns: Hash download information about the sensor
sha256the SHA256 checksum of the sensor packageversionthe version of the sensor packageos_namethe name of the operating system the sensor is forfile_paththe fully qualified file path to download the sensor package tobearer_tokenthe bearer token used to authenticate with the Falcon APIplatform_namethe name of the platform the sensor is for
falcon::sensor_download_info('client_id', 'client_secret', { 'falcon_cloud' => 'api.crowdstrike.com'})Data type: Sensitive
the client id used to authenticate with the Falcon API
Data type: Sensitive
the client secret used to authenticate with the Falcon API
Data type: Hash
used to determine how download information is retrieved
versionthe version of the sensor to usefalcon_cloudthe name of the cloud to useupdate_policythe update policy to usesensor_tmp_dirthe temporary directory to use