So creating a module called uhcollector (using pdk) create a file falcon_version.rb
uhcollector/lib
└── facter
├── custom_facts.rb
└── falcon_version.rbThis is the ruby code I used to create a fact called falcon_version:
# encoding: UTF-8
Facter.add(:uhfalcon_version) do
result = Facter::Core::Execution.execute('/opt/CrowdStrike/falconctl -g --version'.chomp)
if $?.success?
harray = result.split(' ')
setcode do
harray[2]
end
else
setcode do
'absent'
end
end
end
That modules is assigned to the hosts and then the fact is collected. By the command line you can interrogate:
<strong>facter -p uhfalcon_version
</strong>[2024-07-24 22:12:09.320586 ] INFO Facter - executed with command line: -p uhfalcon_version
7.17.17005.0