sva.sentinelone.sentinelone_filters module – Manage SentinelOne Filters

Note

This module is part of the sva.sentinelone collection (version 2.0.5).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install sva.sentinelone. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: sva.sentinelone.sentinelone_filters.

New in sva.sentinelone 1.0.0

Synopsis

  • This module is able to create, update and delete filters in SentinelOne

Requirements

The below requirements are needed on the host that executes this module.

  • deepdiff >= 5.6

Parameters

Parameter

Comments

console_url

string / required

Insert your management console URL

filter_fields

dictionary

Set the filter options you want to set. Available options can be referred in API documentation

e.g. computerName__contains or osTypes

name

string / required

The name of the filter

site_name

string / required

Name of the site in SentinelOne

state

string

Select the state of the filter

Choices:

  • "present" ← (default)

  • "absent"

token

string / required

SentinelOne API auth token to authenticate at the management API

Notes

Note

  • Python module deepdiff. Tested with version >=5.6. Lower version may work too

  • Currently only supported in single-account management consoles

  • Currently not applicable for account level filters

Examples

---
- name: Create filter
  sva.sentinelone.sentinelone_filters:
    console_url: "https://XXXXX.sentinelone.net"
    token: "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
    site_name: "test"
    name: "MyFilter"
    filter_fields:
      computerName__contains:
        - MyComputerName
      osTypes:
        - windows
- name: Update filter
  sva.sentinelone.sentinelone_filters:
    state: "present"
    console_url: "https://XXXXX.sentinelone.net"
    token: "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
    site_name: "test"
    name: "MyFilter"
    filter_fields:
      computerName__contains:
        - MyComputerName
        - MyOtherComputerName
      osTypes:
        - windows
- name: Delete filter
  sva.sentinelone.sentinelone_filters:
    state: "absent"
    console_url: "https://XXXXX.sentinelone.net"
    token: "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
    site_name: "test"
    name: "MyFilter"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

message

string

Get basic infos about the changes made

Returned: on success

Sample: "Filter is missing in site. Adding filter."

original_message

string

Get detailed infos about the changes made

Returned: on success

Sample: "{'changes': {'iterable_item_added': {\"root['computerName__contains'][1]\": 'test123'}}, 'siteName': 'msd'}"

Authors

  • Marco Wester (@mwester117)