Add CrowdStrike Falcon Sensor status verification to Jenkins job config

jenkins-docker/jobs/Await Initialization/config.xml

@@ -65,6 +65,8 @@ terraform init
 output_names=$(terraform output -json | jq -r 'keys[]')
 echo "Output names: $output_names"
 
+falcon_check_failed=false
+
 for output_name in $output_names; do
   reset_role
   assume_role
@@ -90,9 +92,64 @@ for output_name in $output_names; do
   done
 
   echo "${output_name} EC2 Initialization Complete"
+
+  # Verify CrowdStrike Falcon Sensor is running and connected
+  echo "Checking CrowdStrike Falcon Sensor status on ${output_name} (${INSTANCE_ID})..."
+  falcon_command_json=$(jq -n '{commands: ["sudo systemctl status falcon-sensor.service"]}')
+  falcon_command_id=$(aws ssm send-command \
+    --instance-ids "${INSTANCE_ID}" \
+    --document-name "AWS-RunShellScript" \
+    --comment "Check CrowdStrike Falcon Sensor status" \
+    --parameters "$falcon_command_json" \
+    --query "Command.CommandId" \
+    --output text)
+
+  # Wait for the command to complete (timeout after 30 attempts / ~150 seconds)
+  falcon_max_attempts=10
+  falcon_attempt=0
+  while true; do
+    falcon_attempt=$((falcon_attempt + 1))
+    if [[ ${falcon_attempt} -gt ${falcon_max_attempts} ]]; then
+      echo "ERROR: Timed out waiting for Falcon Sensor status check on ${output_name} (${INSTANCE_ID}) after ${falcon_max_attempts} attempts."
+      falcon_check_failed=true
+      break
+    fi
+    falcon_status=$(aws ssm get-command-invocation --command-id ${falcon_command_id} --instance-id ${INSTANCE_ID} --query 'Status' --output text)
+    if [[ "${falcon_status}" == "Success" ]]; then
+      break
+    elif [[ "${falcon_status}" == "Failed" || "${falcon_status}" == "Cancelled" || "${falcon_status}" == "TimedOut" ]]; then
+      echo "ERROR: Failed to check Falcon Sensor on ${output_name} (${INSTANCE_ID}). Command status: ${falcon_status}"
+      aws ssm get-command-invocation --command-id ${falcon_command_id} --instance-id ${INSTANCE_ID} --query 'StandardErrorContent' --output text
+      falcon_check_failed=true
+      break
+    else
+      echo "Waiting for Falcon Sensor status check... (${falcon_status}) [attempt ${falcon_attempt}/${falcon_max_attempts}]"
+      sleep 5
+    fi
+  done
+
+  falcon_output=$(aws ssm get-command-invocation --command-id ${falcon_command_id} --instance-id ${INSTANCE_ID} --query 'StandardOutputContent' --output text)
+  echo "$falcon_output"
+
+  # Verify the sensor is active and connected
+  if ! echo "$falcon_output" | grep -q "Active: active (running)"; then
+    echo "ERROR: CrowdStrike Falcon Sensor is NOT running on ${output_name} (${INSTANCE_ID})"
+    falcon_check_failed=true
+  elif ! echo "$falcon_output" | grep -q "ConnectToCloud successful"; then
+    echo "WARNING: CrowdStrike Falcon Sensor may not be connected to cloud on ${output_name} (${INSTANCE_ID})"
+    falcon_check_failed=true
+  else
+    echo "CrowdStrike Falcon Sensor verified on ${output_name} (${INSTANCE_ID})"
+  fi
 done
+
+if [[ "$falcon_check_failed" == "true" ]]; then
+  echo "One or more instances failed the CrowdStrike Falcon Sensor check. Marking build as unstable."
+  exit 2
+fi
 </command>
       <configuredLocalRules/>
+      <unstableReturn>2</unstableReturn>
     </hudson.tasks.Shell>
     <hudson.tasks.Shell>
       <command># json tag schema.  Used to uniquely identify a projects staging instances.