Comments (10)
Hello @Gianlu - apologies as I noticed that I did not add the API Scope to the dynamic inventory in order to use it. Can you try adding the following API Scope to your credentials?
- assets [READ]
from ansible_collection_falcon.
Hello,
Sorry, where I have to define the scope? In crowdstryke console, I have full read for every single scope and I can't see the asset scope.
Moreover, with same credentials the falconpy samples work (es get_dups.py).
Thanks
from ansible_collection_falcon.
Which falconpy sample are you referring to? Also, would you mind sharing your dynamic inventory file configuration?
from ansible_collection_falcon.
Hello,
my inventory file is:
# filename: 20_my_inventory.falcon_discover.yml
plugin: crowdstrike.falcon.falcon_discover
client_id: '*****************'
client_secret: '************************'
cloud: eu-1
The duplicate finder is duplicate_sensors.py
Thanks
from ansible_collection_falcon.
Cool thanks.. So yeah, that FalconPy sample is for the Hosts collection service, not to be confused with the Discover service collection which is what this inventory file uses.
This would be the equivalent to trying this FalconPy sample. Can you let me know if that sample works for you?
from ansible_collection_falcon.
Hi @carlosmmatos I'm a colleague of @Gianlu and the one that manages the API keys and tokens. Nope, that sample doesn't work for me. I was wondering which scope I'm missing, as I've allowed (for debugging purpose obviously) every single scope in READ mode on my Falcon console. Is it possible that we may not have a specific subscription?
from ansible_collection_falcon.
Hey @romankis95 - It is possible you might not have the subscription needed for this. This is part of Exposure Management. This is what the subs needed would be:
And this is what the API scope would be:
If you are simply looking to take advantage of the Falcon Hosts API to use as an inventory, I have that as an action item todo.
from ansible_collection_falcon.
Hello @carlosmmatos.
It seems we don't have the right subscription but we are glad to read that an inventory version using the Hosts API is planned.
May I ask when do you plan to release it? I would be happy to be an "early adopter"; I hope the new version will have a similar input interface (eg. the fql filter) and will inherit cacheable
and constructable
(it's mandatory for us in order to modify inventory_hostname
).
I have just a couple of questions:
- Does the inventory via Hosts API return in ouput the same (or similar) set of metadata?
- May I ask if you plan to release the inventory with Jinja2 templating support in parameters?
Thanks
from ansible_collection_falcon.
As for timeline, I'm trying to play catchup this week on this project. Have a few minor changes/updates, but then I plan on starting to add new modules + inventory plugin. It shouldn't take to long to do the inventory plugin since it will be very similar to the existing one.
With regards to your questions - the answer is yes, it will have the same feel as the existing dynamic inventory file - it will inherit cacheable and constructible and use fql to query the api. The output of the Hosts API is different than the Discover API, but if you wanted to get an idea of what to expect, you can do the following:
import json
from falconpy import Hosts
# Do not hardcode API credentials!
falcon = Hosts(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Pass in an AID of an existing host
response = falcon.GetDeviceDetails(ids='AID')
print(json.dumps(response, indent=4))
As for Jinja2 support, this is part of constructable class in dynamic inventories, so since we will be using it should support jinja2 templating. (I assume this is what you are asking for).
from ansible_collection_falcon.
@Gianlu | @romankis95 - new PR is in place right now: #470
from ansible_collection_falcon.
Related Issues (20)
- fix python linting issues for plugins
- host_hide: add batching to prevent limit
- Auth tasks fails due to sudo on localhost HOT 3
- falcon_install tries to connect to localhost via aws_ssm HOT 4
- falcon_install role does not configure CID HOT 4
- ERROR: /opt/CrowdStrike/falconctl: unrecognized option '--message-log=True' HOT 6
- release 4.3.0
- new module - get host details using falcon hosts sc
- [falcon_install] Add ability to change permissions of the downloaded Falcon Sensor Installer HOT 3
- [falcon_configure] Add ability to prevent service falcon-sensor to start HOT 5
- [falcon_configure] Add ability to specify Customer ID and remove Agent ID HOT 4
- new module - query hidden hosts
- update sensor_download module to use new v2 endpoint
- update falcon_install role to take advantage of v2 sensor_download module
- new lookup plugin - get maintenance token
- new module - manage sensor update policies
- new module - manage prevention policies
- new module - manage filevantage policies
- new module - manage host groups
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible_collection_falcon.