CrowdStrike / ansible_collection_falcon

Comprehensive toolkit for streamlining your interactions with the CrowdStrike Falcon platform.
https://galaxy.ansible.com/ui/repo/published/crowdstrike/falcon/
GNU General Public License v3.0
97 stars 60 forks source link

Download one time only #455

Closed UDilhan closed 8 months ago

carlosmmatos commented 8 months ago

Hello - thanks for opening up a PR, but unfortunately this won't be acceptable as this situation would only apply to a homogenous environment. If you had a mix of OS' you were running against, then you would not be able to capture the proper sensors for those OS' using this approach.

If you want to discuss more, feel free to open up an issue and we can talk about your situation.

UDilhan commented 8 months ago

Hello,

Thank you for your answer. I understand why it could not work.

I will post another PR with a system that tracks if each kind of binary (windows/linux/macos) has been downloaded to prevent them to be downladed multiple times.. With something like an array that says "linux_already_downloaded=false, macos_already_downloaded=true,...".

BR, Ulutas Dilhan

carlosmmatos commented 8 months ago

Have you tried setting: falcon_api_sensor_download_path? The sensor_download module will only download it if it doesn't already exist.

You can check out the module docs for crowdstrike.falcon.sensor_download to get more information, but essentially what is happening in the falcon_install role is that if you don't set that variable, a default directory essentially gets created for each host you run against.

Now there are a couple ways to do this depending on however you would like to implement it, but here are some ideas:

Most basic - set the variable to an existing local directory you want to the files to download to:

- hosts: all
  vars:
    falcon_client_id: <FALCON_CLIENT_ID>
    falcon_client_secret: <FALCON_CLIENT_SECRET>
  roles:
  - role: crowdstrike.falcon.falcon_install
    vars:
      falcon_api_sensor_download_path: /tmp/linux

Use hostgroup vars:

[windows_hosts]
win_host1

[linux_hosts]
linux_host1
linux_host2

[mac_hosts]
mac_host1

[windows_hosts:vars]
falcon_api_sensor_download_path=/tmp/windows

[linux_hosts:vars]
falcon_api_sensor_download_path=/tmp/linux

[mac_hosts:vars]
falcon_api_sensor_download_path=/tmp/mac

Try it out and let me know if it's working for you.