Forge Home


Install and manage CrowdStrike Falcon Sensor


230 latest version

5.0 quality score

Version information

  • 1.3.0 (latest)
  • 1.2.4
  • 1.2.3
  • 1.2.2
  • 1.2.1
  • 1.2.0
released Nov 23rd 2021
This version is compatible with:
  • Puppet Enterprise 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • Debian

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'ruthenium-crowdstrike', '1.3.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add ruthenium-crowdstrike
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install ruthenium-crowdstrike --version 1.3.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



ruthenium/crowdstrike — version 1.3.0 Nov 23rd 2021

Build Status Puppet Forge Puppet Forge -- Downloads


The module is designed to deploy and manage CrowdStrike's Falcon Sensor antivirus agent.

Table of Contents

  1. Description
  2. Setup - The basics of getting started with crowdstrike
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.


The modules installs and manages or removes the Falcon Sensor anti-virus agent by CrowdStrike. Proxy settings and tags can be confiugred additionaly.


Setup requirements

The module installs a package falcon-sensor, which it assumes to be available in a repo configured on the system. The vendor does not maintain a Linux repository.

Beginning with crowdstrike

The most basic usage of the module:

class { 'crowdstrike': cid => 'AAAAAAAAAAAAA-BB' }

Parameter cid is mandatory.


In most cases just specifying cid (customer id) is sufficient, but adding tags is desirable for easy grouping and searching of the hosts in the CrowdStrike console:

class { 'crowdstrike':
  cid  => 'AAAAAAAAAAAA-BB',
  tags => [ 'My Organization', 'My Department' ]

If the computer does not have direct access to the CrowdStrike cloud service, connection can be routed through a proxy server:

class { 'crowdstrike':
  cid        => 'AAAAAAAAAAAA-BB',
  proxy_host => '',
  proxy_port => 3128

Both proxy_host and proxy_port are mandatory if either specified.

If provisioning token is reqired during the installation, use the provisioning_token parameter:

class { 'crowdstrike':
  cid                => 'AAAAAAAAAAAA-BB',
  provisioning_token => 'XXXXXXXXXXXXXX'


If proxy has been used and later disabled, the host and port configuration is not removed entirely, only disabled. This does not affect the functionality in any way.