All Operations - CrowdStrike/falconpy GitHub Wiki
| Operation ID | Service Collection | Description |
|---|---|---|
| action_get_v1 | IOC | Get Actions by ids. |
| action_query_v1 | IOC | Query Actions. |
| ActionUpdateCount | Quarantine | Returns count of potentially affected quarantined files for each action. |
| addCIDGroupMembers | MSSP (Flight Control) | Add new CID group member. |
| addRole | MSSP (Flight Control) | Create a link between user group and CID group, with zero or more additional roles. The call does not replace any existing link between them. User group ID and CID group ID have to be specified in request. |
| addUserGroupMembers | MSSP (Flight Control) | Add new user group member. Maximum 500 members allowed per user group. |
| admission_control_add_host_groups | Admission Control Policies | Add one or more host groups to an admission control policy. |
| admission_control_add_rule_group_custom_rule | Admission Control Policies | Add one or more custom Rego rules to a rule group in an admission control policy. |
| admission_control_create_policy | Admission Control Policies | Create an admission control policy. |
| admission_control_create_rule_groups | Admission Control Policies | Create one or more rule groups and add them to an existing admission control policy. |
| admission_control_delete_policies | Admission Control Policies | Delete an admission control policy. |
| admission_control_delete_rule_groups | Admission Control Policies | Delete rule groups. |
| admission_control_get_policies | Admission Control Policies | Get admission control policies. |
| admission_control_query_policies | Admission Control Policies | Search admission control policies. |
| admission_control_remove_host_groups | Admission Control Policies | Remove one or more host groups from an admission control policy. |
| admission_control_remove_rule_group_custom_rule | Admission Control Policies | Delete one or more custom Rego rules from all rule groups in an admission control policy. |
| admission_control_replace_rule_group_selectors | Admission Control Policies | Replace labels and/or namespaces of a rule group within an admission control policy. |
| admission_control_set_rule_group_precedence | Admission Control Policies | Change precedence of rule groups within an admission control policy. |
| admission_control_update_policy | Admission Control Policies | Update an admission control policy. |
| admission_control_update_policy_precedence | Admission Control Policies | Update admission control policy precedence. |
| admission_control_update_rule_groups | Admission Control Policies | Update a rule group. |
| aggregate_events | Firewall Management | Aggregate events for customer |
| aggregate_external_assets | Exposure Management | Returns external assets aggregates. |
| aggregate_policy_rules | Firewall Management | Aggregate rules within a policy for customer |
| aggregate_query_scan_host_metadata | ODS | Get aggregates on ODS scan-hosts data. |
| aggregate_rule_groups | Firewall Management | Aggregate rule groups for customer |
| aggregate_rules | Firewall Management | Aggregate rules for customer |
| aggregate_scans | ODS | Get aggregates on ODS scan data. |
| aggregate_scheduled_scans | ODS | Get aggregates on ODS scheduled-scan data. |
| AggregateAlerts | Falcon Complete Dashboard | Retrieve aggregate alerts values based on the matched filter |
| AggregateAllowList | Falcon Complete Dashboard | Retrieve aggregate allowlist ticket values based on the matched filter |
| AggregateAssessmentsGroupedByClustersV2 | Kubernetes Container Compliance | Returns cluster details along with aggregated assessment results organized by cluster, including pass/fail assessment counts for various asset types. |
| AggregateAssessmentsGroupedByRulesV2 | Kubernetes Container Compliance | Returns rule details along with aggregated assessment results organized by compliance rule, including pass/fail assessment counts. |
| AggregateBlockList | Falcon Complete Dashboard | Retrieve aggregate blocklist ticket values based on the matched filter |
| AggregateCases | Message Center | Retrieve aggregate case values based on the matched filter |
| AggregateComplianceByAssetType | Kubernetes Container Compliance | Provides aggregated compliance assessment metrics and rule status information, organized by asset type. |
| AggregateComplianceByClusterType | Kubernetes Container Compliance | Provides aggregated compliance assessment metrics and rule status information, organized by Kubernetes cluster type. |
| AggregateComplianceByFramework | Kubernetes Container Compliance | Provides aggregated compliance assessment metrics and rule status information, organized by compliance framework. |
| AggregateDeviceCountCollection | Falcon Complete Dashboard | Retrieve aggregate host/devices count based on the matched filter |
| AggregateEscalations | Falcon Complete Dashboard | Retrieve aggregate escalation ticket values based on the matched filter |
| AggregateFailedRulesByClustersV3 | Kubernetes Container Compliance | Retrieves the most non-compliant clusters, ranked in descending order based on the number of failed compliance rules across severity levels (critical, high, medium, and low). |
| AggregateFCIncidents | Falcon Complete Dashboard | Retrieve aggregate incident values based on the matched filter |
| AggregateHuntingGuides | CAO Hunting | Aggregate hunting guides. |
| AggregateImageAssessmentHistory | Container Images | Image assessment history |
| AggregateImageCount | Container Images | Aggregate count of images |
| AggregateImageCountByBaseOS | Container Images | Aggregate count of images grouped by Base OS distribution |
| AggregateImageCountByState | Container Images | Aggregate count of images grouped by state |
| AggregateIntelligenceQueries | CAO Hunting | Aggregate intelligence queries. |
| AggregateNotificationsExposedDataRecordsV1 | Recon | Get notification exposed data record aggregates as specified via JSON in request body. The valid aggregation fields are: [cid notification_id created_date rule.id rule.name rule.topic source_category site author file.name credential_status bot.operating_system.hardware_id bot.bot_id] |
| AggregateNotificationsV1 | Recon | Get notification aggregates as specified via JSON in request body. |
| AggregatePreventionPolicy | Falcon Complete Dashboard | Retrieve prevention policies aggregate values based on the matched filter |
| AggregateRemediations | Falcon Complete Dashboard | Retrieve aggregate remediation ticket values based on the matched filter |
| aggregates_access_tags_post_v1 | Case Management | Get access tag aggregates. |
| aggregates_file_details_post_v1 | Case Management | Aggregate file details. |
| aggregates_notification_groups_post_v1 | Case Management | Aggregate notification groups. |
| aggregates_notification_groups_post_v2 | Case Management | Aggregate notification groups (v2). |
| aggregates_rule_versions_post_v1 | Correlation Rules | Get rules aggregates as specified via json in the request body. |
| aggregates_slas_post_v1 | Case Management | Aggregate SLAs. |
| aggregates_templates_post_v1 | Case Management | Aggregate templates. |
| AggregatesDetectionsGlobalCounts | Overwatch Dashboard | Get the total number of detections pushed across all customers |
| AggregateSensorUpdatePolicy | Falcon Complete Dashboard | Retrieve sensor update policies aggregate values |
| AggregatesEvents | Overwatch Dashboard | Get aggregate OverWatch detection event info by providing an aggregate query |
| AggregatesEventsCollections | Overwatch Dashboard | Get OverWatch detection event collection info by providing an aggregate query |
| AggregatesIncidentsGlobalCounts | Overwatch Dashboard | Get the total number of incidents pushed across all customers |
| AggregatesOWEventsGlobalCounts | Overwatch Dashboard | Get the total number of OverWatch events across all customers |
| AggregateSupportIssues | Falcon Complete Dashboard | Retrieve support issue aggregate values |
| AggregateTopFailedImages | Kubernetes Container Compliance | Retrieves the most non-compliant container images, ranked in descending order based on the number of failed assessments across severity levels (critical, high, medium, and low). |
| AggregateTotalDeviceCounts | Falcon Complete Dashboard | Retrieve aggregate total host/devices based on the matched filter |
| aggregateUsersV1 | User Management | Get user aggregates as specified via json in request body. |
| api_preempt_proxy_post_graphql | Identity Protection | Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents. |
| ArchiveDeleteV1 | Sample Uploads | Delete an archive that was uploaded previously |
| ArchiveGetV1 | Sample Uploads | Retrieves the archives upload operation statuses. Status done means that archive was processed successfully. Status error means that archive was not processed successfully. |
| ArchiveListV1 | Sample Uploads | Retrieves the archives files in chunks. |
| ArchiveUploadV1 | Sample Uploads | Uploads an archive and extracts files list from it. Operation is asynchronous use /archives/entities/archives/v1 to check the status. After uploading, use /archives/entities/extractions/v1 to copy the file to internal storage making it available for content analysis. This method is deprecated in favor of /archives/entities/archives/v2
|
| ArchiveUploadV2 | Sample Uploads | Uploads an archive and extracts files list from it. Operation is asynchronous use /archives/entities/archives/v1 to check the status. After uploading, use /archives/entities/extractions/v1 to copy the file to internal storage making it available for content analysis. |
| audit_events_query | Installation Tokens | Search for audit events by providing a FQL filter and paging details. |
| audit_events_read | Installation Tokens | Gets the details of one or more audit events by id. |
| AzureDownloadCertificate | CSPM Registration | Returns JSON object(s) that contain the base64 encoded certificate for a service principal. |
| AzureRefreshCertificate | CSPM Registration | Refresh certificate and returns JSON object(s) that contain the base64 encoded certificate for a service principal. |
| BatchActiveResponderCmd | Real Time Response | Batch executes a RTR active-responder command across the hosts mapped to the given batch ID. |
| BatchAdminCmd | Real Time Response Admin | Batch executes a RTR administrator command across the hosts mapped to the given batch ID. |
| BatchCmd | Real Time Response | Batch executes a RTR read-only command across the hosts mapped to the given batch ID. |
| BatchGetCmd | Real Time Response | Batch executes get command across hosts to retrieve files. After this call is made GET /real-time-response/combined/batch-get-command/v1 is used to query for the results. |
| BatchGetCmdStatus | Real Time Response | Retrieves the status of the specified batch get command. Will return successful files when they are finished processing. |
| BatchInitSessions | Real Time Response | Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. |
| BatchRefreshSessions | Real Time Response | Batch refresh a RTR session on multiple hosts. RTR sessions will expire after 10 minutes unless refreshed. |
| blob_download_external_assets | Exposure Management | Download the entire contents of the blob. The relative link to this endpoint is returned in the get_external_assets request. |
| blob_preview_external_assets | Exposure Management | Download a preview of the blob. The relative link to this endpoint is returned in the get_external_assets request. |
| BulkInstallParsers | NGSIEM | Install multiple CrowdStrike-managed out-of-the-box (OOTB) parsers. |
| cancel_scans | ODS | Cancel ODS scans for the given scan ids. |
| CaseAddActivity | Message Center | Add an activity to case. Only activities of type comment are allowed via API |
| CaseAddAttachment | Message Center | Upload an attachment for the case. |
| CaseDownloadAttachment | Message Center | retrieves an attachment for the case, given the attachment id |
| cb_exclusions_create_v1 | Certificate Based Exclusions | Create new Certificate Based Exclusions. |
| cb_exclusions_delete_v1 | Certificate Based Exclusions | Delete the exclusions by id |
| cb_exclusions_get_v1 | Certificate Based Exclusions | Find all exclusion IDs matching the query with filter |
| cb_exclusions_query_v1 | Certificate Based Exclusions | Search for cert-based exclusions. |
| cb_exclusions_update_v1 | Certificate Based Exclusions | Updates existing Certificate Based Exclusions |
| certificates_get_v1 | Certificate Based Exclusions | Retrieves certificate signing information for a file |
| cloud_compliance_framework_posture_summaries | Cloud Security Compliance | Get compliance framework posture summaries. |
| cloud_compliance_rule_posture_summaries | Cloud Security Compliance | Get compliance rule posture summaries. |
| cloud_registration_aws_create_account | Cloud AWS Registration | Creates a new account in our system for a customer. |
| cloud_registration_aws_delete_account | Cloud AWS Registration | Deletes an existing AWS account or organization in our system. |
| cloud_registration_aws_get_accounts | Cloud AWS Registration | Retrieve existing AWS accounts by account IDs. |
| cloud_registration_aws_query_accounts | Cloud AWS Registration | Retrieve existing AWS accounts by account IDs. |
| cloud_registration_aws_trigger_health_check | Cloud AWS Registration | Trigger a health check for AWS accounts. |
| cloud_registration_aws_update_account | Cloud AWS Registration | Patches a existing account in our system for a customer. |
| cloud_registration_aws_validate_accounts | Cloud AWS Registration | Validate AWS accounts. |
| cloud_registration_azure_create_registration | Cloud Azure Registration | Creates a new Azure registration. |
| cloud_registration_azure_delete_legacy_subscription | Cloud Azure Registration | Deletes a legacy Azure subscription. |
| cloud_registration_azure_delete_registration | Cloud Azure Registration | Deletes an existing Azure registration. |
| cloud_registration_azure_download_azure_script | Cloud Azure Registration | Download Azure deployment script. |
| cloud_registration_azure_download_script | Cloud Azure Registration | Retrieve script to create resources |
| cloud_registration_azure_get_registration | Cloud Azure Registration | Retrieves Azure registration details. |
| cloud_registration_azure_trigger_health_check | Cloud Azure Registration | Trigger a health check for Azure registrations. |
| cloud_registration_azure_update_registration | Cloud Azure Registration | Updates an existing Azure registration. |
| cloud_registration_azure_validate_registration | Cloud Azure Registration | Validate Azure registrations. |
| cloud_registration_gcp_create_registration | Cloud GCP Registration | Creates a new GCP registration. |
| cloud_registration_gcp_delete_registration | Cloud GCP Registration | Deletes an existing GCP registration. |
| cloud_registration_gcp_get_entities | Cloud GCP Registration | Retrieve all GCP entities grouped by type with support for FQL filtering, sorting, and pagination. |
| cloud_registration_gcp_get_registration | Cloud GCP Registration | Retrieves GCP registration details. |
| cloud_registration_gcp_put_registration | Cloud GCP Registration | Create or update GCP registration. |
| cloud_registration_gcp_trigger_health_check | Cloud GCP Registration | Trigger a health check for GCP registrations. |
| cloud_registration_gcp_update_registration | Cloud GCP Registration | Updates an existing GCP registration. |
| cloud_security_assets_combined_application_findings | Cloud Security Assets | Get findings for an application resource with pagination. |
| cloud_security_assets_combined_compliance_by_account | Cloud Security Assets | Gets combined compliance data aggregated by account and region. Results can be filtered and sorted. |
| cloud_security_assets_entities_get | Cloud Security Assets | Gets raw resources based on the provided IDs param. Maximum of 100 resources can be requested with this method. Use POST method with same path if more are required. |
| cloud_security_assets_queries | Cloud Security Assets | Gets a list of resource IDs for the given parameters, filters and sort criteria. |
| cloud_security_registration_oci_create_account | Cloud Security OCI Registration | Create OCI tenancy account in CSPM. |
| cloud_security_registration_oci_delete_account | Cloud Security OCI Registration | Delete an existing OCI tenancy in CSPM. |
| cloud_security_registration_oci_download_script | Cloud Security OCI Registration | Retrieve script to create resources in tenancy OCID. |
| cloud_security_registration_oci_get_account | Cloud Security OCI Registration | Retrieve a list of OCI tenancies with support for FQL filtering, sorting, and pagination. |
| cloud_security_registration_oci_rotate_key | Cloud Security OCI Registration | Refresh key for the OCI Tenancy. |
| cloud_security_registration_oci_update_account | Cloud Security OCI Registration | Update an existing OCI account. |
| cloud_security_registration_oci_validate_tenancy | Cloud Security OCI Registration | Validate the OCI account in CSPM for a provided CID. For internal clients only. |
| combined_applications | Discover | Search for applications in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns details on applications which match the filter criteria. |
| combined_cloud_risks | Cloud Security | Get cloud risks with full details based on filters and sort criteria. |
| combined_ecosystem_subsidiaries | Exposure Management | Retrieves a list of ecosystem subsidiaries with their detailed information. |
| combined_edges_get | ThreatGraph | Retrieve edges for a given vertex id. One edge type must be specified |
| combined_file_details_get_v1 | Case Management | Get combined file details. |
| combined_hosts | Discover | Search for assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns details on assets which match the filter criteria. |
| combined_ran_on_get | ThreatGraph | Look up instances of indicators such as hashes, domain names, and ip addresses that have been seen on devices in your environment. |
| combined_rules_get_v1 | Correlation Rules | Find all rules matching the query and filter. |
| combined_rules_get_v2 | Correlation Rules | Find all rules matching the query and filter. |
| combined_summary_get | ThreatGraph | Retrieve summary for a given vertex ID |
| CombinedBaseImages | Container Images | Retrieve base images identified by the provided filter criteria |
| CombinedDetections | Cloud Snapshots | Search IaC Detections using a query in Falcon Query Language. |
| CombinedDevicesByFilter | Hosts | Search for hosts in your environment by platform, hostname, IP, and other criteria. Returns full device records. |
| CombinedHiddenDevicesByFilter | Hosts | Search for hidden hosts in your environment by platform, hostname, IP, and other criteria. Returns full device records. |
| CombinedImageByVulnerabilityCount | Container Images | Retrieve top x images with the most vulnerabilities |
| CombinedImageDetail | Container Images | Retrieve image entities identified by the provided filter criteria |
| CombinedImageIssuesSummary | Container Images | Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities |
| CombinedImagesFindings | Kubernetes Container Compliance | Returns detailed compliance assessment results for container images, providing the information needed to identify compliance violations. |
| CombinedImageVulnerabilitySummary | Container Images | aggregates information about vulnerabilities for an image |
| CombinedNodesFindings | Kubernetes Container Compliance | Returns detailed compliance assessment results for kubernetes nodes, providing the information needed to identify compliance violations. |
| combinedQueryEvaluationLogic | Spotlight Evaluation Logic | Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria. |
| combinedQueryVulnerabilities | Spotlight Vulnerabilities | Search for Vulnerabilities in your environment by providing a FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria |
| CombinedReleaseNotesV1 | Deployments | Queries for releases resources and returns details. |
| CombinedReleasesV1Mixin0 | Deployments | Queries for releases resources and returns details. |
| combinedSupportedEvaluationExt | Spotlight Evaluation Logic | Perform a combined query and get for RiskSupportedEvaluation entities. |
| combinedUserRolesV1 | User Management | Get User Grant(s). This endpoint lists both direct as well as flight control grants between a User and a Customer. |
| CombinedUserRolesV2 | User Management | Get User Grant(s). This operation lists both direct as well as flight control grants between a User and a Customer. |
| ConnectCSPMGCPAccount | CSPM Registration | Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id |
| ConnectD4CGCPAccount | D4C Registration | Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id |
| create_network_locations | Firewall Management | Create new network locations provided, and return the ID. |
| create_rule | Custom IOA | Create a rule within a rule group. Returns the rule. |
| create_rule_group | Firewall Management | Create new rule group on a platform for a customer with a name and description, and return the ID |
| create_rule_group_validation | Firewall Management | Validates the request of creating a new rule group on a platform for a customer with a name and description |
| create_rule_groupMixin0 | Custom IOA | Create a rule group for a platform with a name and an optional description. Returns the rule group. |
| create_scan | ODS | Create ODS scan and start or schedule scan for the given scan request. |
| CreateActionsV1 | Recon | Create actions for a monitoring rule. Accepts a list of actions that will be attached to the monitoring rule. |
| CreateAWSAccount | Kubernetes Protection | Creates a new AWS account in our system for a customer and generates the installation script |
| CreateAzureSubscription | Kubernetes Protection | Creates a new Azure Subscription in our system |
| CreateBaseImagesEntities | Container Images | Creates base images using the provided details |
| CreateCase | Message Center | create a new case |
| CreateCaseV2 | Message Center | create a new case |
| createCIDGroups | MSSP (Flight Control) | Create new CID groups. Name is a required field but description is an optional field. Maximum 500 CID groups allowed. |
| CreateCloudGroupExternal | Cloud Security | Create a new Cloud Group with specified properties and selectors. |
| CreateComplianceControl | Cloud Policies | Create a new custom compliance control. |
| CreateComplianceFramework | Cloud Policies | Create a new custom compliance framework. |
| createContentUpdatePolicies | Content Update Policies | Create Content Update Policies by specifying details about the policy to create. |
| CreateCSPMAwsAccount | CSPM Registration | Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. |
| CreateCSPMAzureAccount | CSPM Registration | Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. |
| CreateCSPMAzureManagementGroup | CSPM Registration | Creates a new management group in our system for a customer. |
| CreateCSPMGCPAccount | CSPM Registration | Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. |
| CreateD4CAwsAccount | D4C Registration | Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. |
| CreateD4CGCPAccount | D4C Registration | Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. |
| CreateDashboardFromTemplate | NGSIEM | Create a dashboard from a template. |
| CreateDeploymentEntity | Cloud Snapshots | Launch a snapshot scan for a given cloud asset. |
| createDeviceControlPolicies | Device Control Policies | Create Device Control Policies by specifying details about the policy to create |
| CreateDiscoverCloudAzureAccount | D4C Registration | Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. |
| CreateDiscoverCloudGCPAccount | D4C Registration | Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. |
| CreateExecutorNode | ASPM | Create a new relay node |
| CreateExportJobsV1 | Recon | Launch asynchronous export job. Use the job ID to poll the status of the job using GET /entities/exports/v1. |
| CreateFileV1 | Foundry LogScale | Creates a lookup file. |
| createFirewallPolicies | Firewall Policies | Create Firewall Policies by specifying details about the policy to create |
| createHostGroups | Host Group | Create Host Groups by specifying details about the group to create |
| CreateIntegration | ASPM | Create a new integration |
| CreateIntegrationTask | ASPM | Create new integration task. |
| createIOAExclusionsV1 | IOA Exclusions | Create the IOA exclusions |
| CreateIOC | IOCs | This operation has been superseded by the IOC.indicator_create_v1 operation and is no longer used. |
| CreateLookupFile | NGSIEM | Create a new lookup file. |
| CreateMigrationV1 | Host Migration | Create a device migration job. |
| createMLExclusionsV1 | ML Exclusions | Create the ML exclusions |
| CreateOrUpdateAWSSettings | Cloud Connect AWS | Create or update Global Settings which are applicable to all provisioned AWS accounts |
| CreateParser | NGSIEM | Create a new parser. |
| CreateParserFromTemplate | NGSIEM | Create a parser from a template. |
| createPolicies | FileVantage | Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type. |
| CreatePolicies | Image Assessment Policies | Create Image Assessment policies |
| CreatePolicyGroups | Image Assessment Policies | Create Image Assessment Policy Group entities |
| createPreventionPolicies | Prevention Policy | Create Prevention Policies by specifying details about the policy to create |
| CreateRegistryEntities | Falcon Container | Create a registry entity using the provided details |
| createRTResponsePolicies | Response Policies | Create Response Policies by specifying details about the policy to create |
| CreateRule | Cloud Policies | Create a new rule. |
| createRuleGroups | FileVantage | Creates a new rule group of the specified type. |
| CreateRuleOverride | Cloud Policies | Create a new rule override. |
| createRules | FileVantage | Creates a new rule configuration within the specified rule group. |
| CreateRulesV1 | Recon | Create monitoring rules. |
| CreateSavedQuery | NGSIEM | Create a new saved query. |
| CreateSavedSearchesDynamicExecuteAltV1 | Foundry LogScale | Execute a dynamic saved search |
| CreateSavedSearchesDynamicExecuteV1 | Foundry LogScale | Execute a dynamic saved search |
| CreateSavedSearchesExecuteAltV1 | Foundry LogScale | Execute a saved search |
| CreateSavedSearchesExecuteV1 | Foundry LogScale | Execute a saved search |
| CreateSavedSearchesIngestAltV1 | Foundry LogScale | Populate a saved search |
| CreateSavedSearchesIngestV1 | Foundry LogScale | Populate a saved search |
| createScheduledExclusions | FileVantage | Creates a new scheduled exclusion configuration for the provided policy id. |
| createSensorUpdatePolicies | Sensor Update Policy | Create Sensor Update Policies by specifying details about the policy to create |
| createSensorUpdatePoliciesV2 | Sensor Update Policy | Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection |
| CreateSuppressionRule | Cloud Policies | Create a new suppression rule. |
| createSVExclusionsV1 | Sensor Visibility Exclusions | Create the sensor visibility exclusions |
| CreateUser | User Management | Deprecated : Please use POST /user-management/entities/users/v1. Create a new user. After creating a user, assign one or more roles with POST /user-roles/entities/user-roles/v1 |
| createUserGroups | MSSP (Flight Control) | Create new user groups. Name is a required field but description is an optional field. Maximum 500 user groups allowed per customer. |
| createUserV1 | User Management | Create a new user. After creating a user, assign one or more roles with POST '/user-management/entities/user-role-actions/v1' |
| CrowdScore | Incidents | Query environment wide CrowdScore and return the entity data |
| cspm_evaluations_combined_iom_by_rule | Cloud Security Detections | Return IOMs grouped by rule. |
| cspm_evaluations_iom_entities | Cloud Security Detections | Get CSPM evaluation IOM entities. |
| cspm_evaluations_iom_queries | Cloud Security Detections | Query CSPM evaluation IOMs. |
| customer_settings_read | Installation Tokens | Check current installation token settings. |
| customer_settings_update | Installation Tokens Settings | Update installation token settings. |
| delete_external_assets | Exposure Management | Delete multiple external assets. |
| delete_network_locations | Firewall Management | Delete network location entities by ID. |
| delete_policy_rules | Identity Protection | Delete policy rules. |
| delete_rule_groups | Firewall Management | Delete rule group entities by ID |
| delete_rule_groupsMixin0 | Custom IOA | Delete rule groups by ID. |
| delete_rules | Custom IOA | Delete rules from a rule group by ID. |
| delete_scheduled_scans | ODS | Delete ODS scheduled-scans for the given scheduled-scan ids. |
| DeleteActionV1 | Recon | Delete an action from a monitoring rule based on the action ID. |
| DeleteAWSAccounts | Cloud Connect AWS | Delete a set of AWS Accounts by specifying their IDs |
| DeleteAWSAccountsMixin0 | Kubernetes Protection | Delete AWS accounts. |
| DeleteAzureSubscription | Kubernetes Protection | Deletes a new Azure Subscription in our system |
| DeleteBaseImages | Container Images | Deletes base images by base image UUID |
| deleteCIDGroupMembers | MSSP (Flight Control) | Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members. |
| deleteCIDGroupMembersV2 | MSSP (Flight Control) | Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group. |
| deleteCIDGroups | MSSP (Flight Control) | Delete CID groups by ID. |
| DeleteCloudGroupsExternal | Cloud Security | Delete Cloud Groups in batch by their UUIDs. |
| DeleteComplianceControl | Cloud Policies | Delete custom compliance controls. |
| DeleteComplianceFramework | Cloud Policies | Delete a custom compliance framework and all associated controls and rule assignments. |
| deleteContentUpdatePolicies | Content Update Policies | Delete a set of Content Update Policies by specifying their IDs. |
| DeleteCSPMAwsAccount | CSPM Registration | Deletes an existing AWS account or organization in our system. |
| DeleteCSPMAzureAccount | CSPM Registration | Deletes an Azure subscription from the system. |
| DeleteCSPMAzureManagementGroup | CSPM Registration | Deletes Azure management groups from the system. |
| DeleteCSPMGCPAccount | CSPM Registration | Deletes a GCP account from the system. |
| DeleteD4CAwsAccount | D4C Registration | Deletes an existing AWS account or organization in our system. |
| DeleteD4CGCPAccount | D4C Registration | Deletes a GCP account from the system. |
| DeleteDashboard | NGSIEM | Delete a dashboard. |
| deleteDeviceControlPolicies | Device Control Policies | Delete a set of Device Control Policies by specifying their IDs |
| deletedRoles | MSSP (Flight Control) | Delete links or additional roles between user groups and CID groups. User group ID and CID group ID have to be specified in request. Only specified roles are removed if specified in request payload, else association between User Group and CID group is dissolved completely (if no roles specified). |
| DeleteExecutorNode | ASPM | Delete a relay node |
| DeleteExportJobsV1 | Recon | Delete export jobs (and their associated file(s)) based on their IDs. |
| DeleteFile | Quick Scan Pro | Deletes file by its sha256 identifier. |
| deleteFirewallPolicies | Firewall Policies | Delete a set of Firewall Policies by specifying their IDs |
| DeleteGroup | ASPM | Delete group. |
| deleteHostGroups | Host Group | Delete a set of Host Groups by specifying their IDs |
| DeleteImageDetails | Falcon Container | Delete image details from the CrowdStrike registry. |
| DeleteIntegration | ASPM | Delete an existing integration by its ID |
| DeleteIntegrationTask | ASPM | Delete an existing integration task by its ID |
| deleteIOAExclusionsV1 | IOA Exclusions | Delete the IOA exclusions by id |
| DeleteIOC | IOCs | This operation has been superseded by the IOC.indicator_delete_v1 operation and is no longer used. |
| DeleteLookupFile | NGSIEM | Delete a lookup file. |
| deleteMLExclusionsV1 | ML Exclusions | Delete the ML exclusions by id |
| DeleteNotificationsV1 | Recon | Delete notifications based on IDs. Notifications cannot be recovered after they are deleted. |
| DeleteObject | Custom Storage | Delete the specified object |
| DeleteParser | NGSIEM | Delete a parser. |
| deletePolicies | FileVantage | Deletes 1 or more policies. |
| DeletePolicy | Image Assessment Policies | Delete Image Assessment Policy by policy UUID |
| DeletePolicyGroup | Image Assessment Policies | Delete Image Assessment Policy Group entities |
| deletePreventionPolicies | Prevention Policy | Delete a set of Prevention Policies by specifying their IDs |
| DeleteRegistryEntities | Falcon Container | Delete the registry entity identified by the entity UUID |
| DeleteReport | Falcon Intelligence Sandbox | Delete report based on the report ID. Operation can be checked for success by polling for the report ID on the report-summaries endpoint. |
| deleteRTResponsePolicies | Response Policies | Delete a set of Response Policies by specifying their IDs |
| deleteRuleGroups | FileVantage | Deletes 1 or more rule groups |
| DeleteRuleMixin0 | Cloud Policies | Delete a rule. |
| DeleteRuleOverride | Cloud Policies | Delete a rule override. |
| deleteRules | FileVantage | Deletes 1 or more rules from the specified rule group. |
| DeleteRulesV1 | Recon | Delete monitoring rules. |
| DeleteSampleV2 | Falcon Intelligence Sandbox | Removes a sample, including file, meta and submissions from the collection |
| DeleteSampleV3 | Sample Uploads | Removes a sample, including file, meta and submissions from the collection |
| DeleteSavedQuery | NGSIEM | Delete a saved query. |
| DeleteScanResult | Quick Scan Pro | Deletes the result of an QuickScan Pro scan. |
| deleteScheduledExclusions | FileVantage | Deletes 1 or more scheduled exclusions from the provided policy id. |
| deleteSensorUpdatePolicies | Sensor Update Policy | Delete a set of Sensor Update Policies by specifying their IDs |
| deleteSensorVisibilityExclusionsV1 | Sensor Visibility Exclusions | Delete the sensor visibility exclusions by id |
| DeleteSuppressionRules | Cloud Policies | Delete Suppression Rules by ID. |
| DeleteTags | ASPM | Remove existing tags |
| DeleteUser | User Management | Deprecated : Please use DELETE /user-management/entities/users/v1. Delete a user permanently |
| deleteUserGroupMembers | MSSP (Flight Control) | Delete user group members entry. |
| deleteUserGroups | MSSP (Flight Control) | Delete user groups by ID. |
| deleteUserV1 | User Management | Delete a user permanently. |
| DeleteVersionedObject | Custom Storage | Delete the specified versioned object. |
| DescribeCollection | Custom Storage | Fetch metadata about an existing collection. |
| DescribeCollections | Custom Storage | Fetch metadata about one or more existing collections. |
| DevicesCount | IOCs | Number of hosts in your customer account that have observed a given custom IOC |
| DevicesRanOn | IOCs | Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1 |
| DiscoverCloudAzureDownloadCertificate | D4C Registration | Returns JSON object(s) that contain the base64 encoded certificate for a service principal. |
| DismissAffectedEntityV3 | SaaS Security | Dismiss affected entity. |
| DismissSecurityCheckV3 | SaaS Security | Dismiss security check. |
| DownloadExportFile | Falcon Container | Download an export file. |
| DownloadExportFileMixin0 | Serverless Exports | Download an export file. |
| DownloadFeedArchive | Intelligence Feeds | Downloads feed file contents as a zip archive. |
| DownloadFile | Downloads | Retrieve a pre-signed URL for the requested file. |
| DownloadSensorInstallerById | Sensor Download | Download sensor installer by SHA256 ID |
| DownloadSensorInstallerByIdV2 | Sensor Download | Download sensor installer by SHA256 ID |
| DownloadSensorInstallerByIdV3 | Sensor Download | Download sensor installer by SHA256 ID. |
| entities_access_tags_get_v1 | Case Management | Get access tags. |
| entities_alert_evidence_post_v1 | Case Management | Create alert evidence entities. |
| entities_case_tags_delete_v1 | Case Management | Remove case tags. |
| entities_case_tags_post_v1 | Case Management | Add case tags. |
| entities_cases_patch_v2 | Case Management | Updates given fields on the specified case. |
| entities_cases_post_v2 | Case Management | Retrieves all Cases given their IDs. |
| entities_cases_put_v2 | Case Management | Create or update cases (v2). |
| entities_classification_delete_v2 | Data Protection Configuration | Delete classifications that match the provided ids. |
| entities_classification_get_v2 | Data Protection Configuration | Get the classifications that match the provided ids. |
| entities_classification_patch_v2 | Data Protection Configuration | Update classifications. |
| entities_classification_post_v2 | Data Protection Configuration | Create classifications. |
| entities_cloud_application_create | Data Protection Configuration | Persist the given cloud application for the provided entity instance. |
| entities_cloud_application_delete | Data Protection Configuration | Delete cloud application. |
| entities_cloud_application_get | Data Protection Configuration | Get a particular cloud-application. |
| entities_cloud_application_patch | Data Protection Configuration | Update a cloud application. |
| entities_content_pattern_create | Data Protection Configuration | Persist the given content pattern for the provided entity instance. |
| entities_content_pattern_delete | Data Protection Configuration | Delete content pattern. |
| entities_content_pattern_get | Data Protection Configuration | Get a particular content-pattern(s). |
| entities_content_pattern_patch | Data Protection Configuration | Update a content pattern. |
| entities_enterprise_account_create | Data Protection Configuration | Persist the given enterprise account for the provided entity instance. |
| entities_enterprise_account_delete | Data Protection Configuration | Delete enterprise account. |
| entities_enterprise_account_get | Data Protection Configuration | Get a particular enterprise-account(s). |
| entities_enterprise_account_patch | Data Protection Configuration | Update a enterprise account. |
| entities_event_evidence_post_v1 | Case Management | Create event evidence entities. |
| entities_fields_get_v1 | Case Management | Get field entities. |
| entities_file_details_get_v1 | Case Management | Get file details entities. |
| entities_file_details_patch_v1 | Case Management | Update file details entities. |
| entities_file_type_get | Data Protection Configuration | Get a particular file-type. |
| entities_files_bulk_download_post_v1 | Case Management | Bulk download files. |
| entities_files_delete_v1 | Case Management | Delete files. |
| entities_files_download_get_v1 | Case Management | Download a file. |
| entities_files_upload_post_v1 | Case Management | Upload a file. |
| entities_get_rtr_file_metadata_post_v1 | Case Management | Get metadata for a file via RTR without retrieving it. |
| entities_latest_rules_get_v1 | Correlation Rules | Retrieve latest rule versions by rule IDs. |
| entities_local_application_create | Data Protection Configuration | Create a local application. |
| entities_local_application_delete | Data Protection Configuration | Delete a local application. |
| entities_local_application_get | Data Protection Configuration | Get a local application. |
| entities_local_application_group_create | Data Protection Configuration | Create a local application group. |
| entities_local_application_group_delete | Data Protection Configuration | Delete a local application group. |
| entities_local_application_group_get | Data Protection Configuration | Get a local application group. |
| entities_local_application_group_patch | Data Protection Configuration | Update a local application group. |
| entities_local_application_patch | Data Protection Configuration | Update a local application. |
| entities_notification_groups_delete_v1 | Case Management | Delete notification group entities. |
| entities_notification_groups_delete_v2 | Case Management | Delete notification group entities (v2). |
| entities_notification_groups_get_v1 | Case Management | Get notification group entities. |
| entities_notification_groups_get_v2 | Case Management | Get notification group entities (v2). |
| entities_notification_groups_patch_v1 | Case Management | Update notification group entities. |
| entities_notification_groups_patch_v2 | Case Management | Update notification group entities (v2). |
| entities_notification_groups_post_v1 | Case Management | Create notification group entities. |
| entities_notification_groups_post_v2 | Case Management | Create notification group entities (v2). |
| entities_perform_action | Hosts | Performs the specified action on the provided group IDs. |
| entities_policy_delete_v2 | Data Protection Configuration | Delete policies that match the provided ids. |
| entities_policy_get_v2 | Data Protection Configuration | Get policies that match the provided ids. |
| entities_policy_patch_v2 | Data Protection Configuration | Update policies. |
| entities_policy_post_v2 | Data Protection Configuration | Create policies. |
| entities_policy_precedence_post_v1 | Data Protection Configuration | Update Policy Precedence. |
| entities_processes | IOCs | For the provided ProcessID retrieve the process details |
| entities_retrieve_rtr_file_post_v1 | Case Management | Retrieve a file from host using RTR and add it to a case. |
| entities_retrieve_rtr_recent_file_post_v1 | Case Management | Retrieve a recently fetched RTR file and add it to a case. |
| entities_rule_versions_delete_v1 | Correlation Rules | Delete versions by IDs. |
| entities_rule_versions_export_post_v1 | Correlation Rules | Export rule versions. |
| entities_rule_versions_import_post_v1 | Correlation Rules | Import rule versions. |
| entities_rule_versions_publish_patch_v1 | Correlation Rules | Publish existing rule version. |
| entities_rules_delete_v1 | Correlation Rules | Delete rules by IDs. |
| entities_rules_get_v1 | Correlation Rules | Retrieve rules by IDs. |
| entities_rules_get_v2 | Correlation Rules | Retrieve rule versions by IDs. |
| entities_rules_ownership_put_v1 | Correlation Rules Admin | Change the owner of an existing Correlation Rule. |
| entities_rules_patch_v1 | Correlation Rules | Update a correlation rule. |
| entities_rules_post_v1 | Correlation Rules | Create a correlation rule. |
| entities_sensitivity_label_create_v2 | Data Protection Configuration | Create new sensitivity label (V2). |
| entities_sensitivity_label_delete_v2 | Data Protection Configuration | Delete sensitivity labels matching the IDs (V2). |
| entities_sensitivity_label_get_v2 | Data Protection Configuration | Get sensitivity label matching the IDs (V2). |
| entities_slas_delete_v1 | Case Management | Delete SLA entities. |
| entities_slas_get_v1 | Case Management | Get SLA entities. |
| entities_slas_patch_v1 | Case Management | Update SLA entities. |
| entities_slas_post_v1 | Case Management | Create SLA entities. |
| entities_states_v1 | Device Content | Retrieve the host content state for a number of ids between 1 and 100. |
| entities_template_snapshots_get_v1 | Case Management | Get template snapshot entities. |
| entities_templates_delete_v1 | Case Management | Delete template entities. |
| entities_templates_export_get_v1 | Case Management | Export templates. |
| entities_templates_get_v1 | Case Management | Get template entities. |
| entities_templates_get_v1Mixin0 | Correlation Rules | Retrieve rule templates by IDs. |
| entities_templates_import_post_v1 | Case Management | Import templates. |
| entities_templates_patch_v1 | Case Management | Update template entities. |
| entities_templates_post_v1 | Case Management | Create template entities. |
| entities_templates_rules_post_v1 | Correlation Rules | Create rule from template. |
| entities_vertices_get | ThreatGraph | Retrieve metadata for a given vertex ID |
| entities_vertices_getv2 | ThreatGraph | Retrieve metadata for a given vertex ID |
| entities_web_location_create_v2 | Data Protection Configuration | Persist the given web-locations. |
| entities_web_location_delete_v2 | Data Protection Configuration | Delete web-location. |
| entities_web_location_get_v2 | Data Protection Configuration | Get web-location entities matching the provided ID(s). |
| entities_web_location_patch_v2 | Data Protection Configuration | Update a web-location. |
| entitiesRolesGETV2 | User Management | Get info about a role |
| entitiesRolesV1 | User Management | Get info about a role |
| EnumerateFile | Downloads | Enumerate a list of files available for CID. |
| exclusions_aggregates_v2 | ML Exclusions | Get exclusion aggregates as specified via json in request body. |
| exclusions_create_v2 | ML Exclusions | Create the exclusions, with ancestor fields. |
| exclusions_delete_v2 | ML Exclusions | Delete the exclusions by id, with ancestor fields. |
| exclusions_get_all_v2 | ML Exclusions | Get all exclusions. |
| exclusions_get_reports_v2 | ML Exclusions | Create a report of ML exclusions scoped by the given filters. |
| exclusions_get_v2 | ML Exclusions | Get the exclusions by id, with ancestor fields. |
| exclusions_perform_action_v2 | ML Exclusions | Actions used to manipulate the content of exclusions, with ancestor fields. |
| exclusions_search_v2 | ML Exclusions | Search for exclusions, with ancestor fields. |
| exclusions_update_v2 | ML Exclusions | Update the exclusions by id, with ancestor fields. |
| ExecuteCommand | API Integrations | Execute a command. |
| ExecuteCommandProxy | API Integrations | Execute a command and proxy the response directly. |
| ExecuteFunctionData | ASPM | A selected list of queryLanguage queries. |
| ExecuteFunctionDataCount | ASPM | A selected list of queryLanguage count queries. |
| ExecuteFunctionDataQuery | ASPM | A selected list of queryLanguage queries. |
| ExecuteFunctionDataQueryCount | ASPM | A selected list of queryLanguage count queries. |
| ExecuteFunctions | ASPM | A selected list of queryLanguage services queries. |
| ExecuteFunctionsCount | ASPM | A selected list of queryLanguage count queries. |
| ExecuteFunctionsOvertime | ASPM | A selected list of queryLanguage overtime queries. |
| ExecuteFunctionsQuery | ASPM | A selected list of queryLanguage services queries. |
| ExecuteFunctionsQueryCount | ASPM | A selected list of queryLanguage count queries. |
| ExecuteFunctionsQueryOvertime | ASPM | A selected list of queryLanguage overtime queries. |
| ExecuteQuery | ASPM | Execute a query. The syntax used is identical to that of the query page. |
| extAggregateClusterAssessments | Container Image Compliance | Get the assessments for each cluster. |
| extAggregateFailedContainersByRulesPath | Container Image Compliance | Get the containers grouped into rules on which they failed. |
| extAggregateFailedContainersCountBySeverity | Container Image Compliance | Get the failed containers count grouped into severity levels. |
| extAggregateFailedImagesByRulesPath | Container Image Compliance | Get the images grouped into rules on which they failed. |
| extAggregateFailedImagesCountBySeverity | Container Image Compliance | Get the failed images count grouped into severity levels. |
| extAggregateFailedRulesByClusters | Container Image Compliance | Get the failed rules for each cluster grouped into severity levels. |
| extAggregateFailedRulesByImages | Container Image Compliance | Get images with failed rules, rule count grouped by severity for each image. |
| extAggregateFailedRulesCountBySeverity | Container Image Compliance | Get the failed rules count grouped into severity levels. |
| extAggregateImageAssessments | Container Image Compliance | Get the assessments for each image. |
| extAggregateRulesAssessments | Container Image Compliance | Get the assessments for each rule. |
| extAggregateRulesByStatus | Container Image Compliance | Get the rules grouped by their statuses. |
| ExternalCreateConnectorConfig | NGSIEM | Create a new configuration for a data connector. |
| ExternalCreateDataConnection | NGSIEM | Create a new data connection. |
| ExternalDeleteConnectorConfigs | NGSIEM | Delete data connection config. |
| ExternalDeleteDataConnection | NGSIEM | Delete a data connection. |
| ExternalGetDataConnectionByID | NGSIEM | Get data connection by ID. |
| ExternalGetDataConnectionStatus | NGSIEM | Get data connection provisioning status. |
| ExternalGetDataConnectionToken | NGSIEM | Get Ingest token for data connection. |
| ExternalListConnectorConfigs | NGSIEM | List configurations for a data connector. |
| ExternalListDataConnections | NGSIEM | List and search data connections. |
| ExternalListDataConnectors | NGSIEM | List available data connectors. |
| ExternalPatchConnectorConfig | NGSIEM | Patch configurations for a data connector. |
| ExternalRegenerateDataConnectionToken | NGSIEM | Regenerate Ingest token for data connection. |
| ExternalUpdateDataConnection | NGSIEM | Update a data connection. |
| ExternalUpdateDataConnectionStatus | NGSIEM | Update data connection status. |
| ExtractionCreateV1 | Sample Uploads | Extracts files from an uploaded archive and copies them to internal storage making it available for content analysis. |
| ExtractionGetV1 | Sample Uploads | Retrieves the files extraction operation statuses. Status done means that all files were processed successfully. Status error means that at least one of the file could not be processed. |
| ExtractionListV1 | Sample Uploads | Retrieves the files extractions in chunks. Status done means that all files were processed successfully. Status error means that at least one of the file could not be processed. |
| fdrschema_combined_event_get | Event Schema | Fetch combined schema |
| fdrschema_entities_event_get | Event Schema | Fetch event schema by ID |
| fdrschema_entities_field_get | Field Schema | Fetch field schema by ID |
| fdrschema_queries_event_get | Event Schema | Get list of event IDs given a particular query. |
| fdrschema_queries_field_get | Field Schema | Get list of field IDs given a particular query. |
| FetchFilesDownloadInfo | Downloads | Get files info and pre-signed download URLs. |
| FetchFilesDownloadInfoV2 | Downloads | Get cloud security tools info and pre-signed download URLs. |
| FindContainersByContainerRunTimeVersion | Kubernetes Protection | Retrieve containers by container_runtime_version |
| FindContainersCountAffectedByZeroDayVulnerabilities | Kubernetes Protection | Retrieve containers count affected by zero day vulnerabilities |
| get_accounts | Discover | Get details on accounts by providing one or more IDs. |
| get_applications | Discover | Get details on applications by providing one or more IDs. |
| get_data_scanner_tasks | DataScanner | Retrieve pending tasks. |
| get_ecosystem_subsidiaries | Exposure Management | Retrieves detailed information about ecosystem subsidiaries by ID. |
| get_events | Firewall Management | Get events entities by ID and optionally version |
| get_external_assets | Exposure Management | Get details on external assets by providing one or more IDs. |
| get_firewall_fields | Firewall Management | Get the firewall field specifications by ID |
| get_hosts | Discover | Get details on assets by providing one or more IDs. |
| get_image_registry_credentials | DataScanner | Retrieves image registry credentials. |
| get_iot_hosts | Discover | Get details on IoT assets by providing one or more IDs. |
| get_logins | Discover | Get details on logins by providing one or more IDs. |
| get_malicious_files_by_ids | ODS | Get malicious files by ids. |
| get_network_locations | Firewall Management | Get a summary of network locations entities by ID |
| get_network_locations_details | Firewall Management | Get network locations entities by ID |
| get_patterns | Custom IOA | Get pattern severities by ID. |
| get_platforms | Firewall Management | Get platforms by ID, e.g., windows or mac or droid |
| get_platformsMixin0 | Custom IOA | Get platforms by ID. |
| get_policy_containers | Firewall Management | Get policy container entities by policy ID |
| get_policy_rules | Identity Protection | Get policy rules. |
| get_policy_rules_query | Identity Protection | Query policy rule IDs. |
| get_rule_groups | Firewall Management | Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order. |
| get_rule_groupsMixin0 | Custom IOA | Get rule groups by ID. |
| get_rule_types | Custom IOA | Get rule types by ID. |
| get_rules | Firewall Management | Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string) |
| get_rules_get | Custom IOA | Get rules by ID and optionally with cid and/or version in the following format: [cid:]ID[:version]. |
| get_rulesMixin0 | Custom IOA | Get rules by ID and optionally with cid and/or version in the following format: [cid:]ID[:version]. The max number of IDs is constrained by URL size. |
| get_scan_host_metadata_by_ids | ODS | Get scan hosts by ids. |
| get_scans_by_scan_ids | ODS | Get Scans by IDs. |
| get_scans_by_scan_ids_v2 | ODS | Get Scans by IDs. |
| get_scheduled_scans_by_scan_ids | ODS | Get ScheduledScans by IDs. |
| getActionsMixin0 | FileVantage | Retrieve the processing results for one or more actions. |
| GetActionsV1 | Recon | Get actions based on their IDs. IDs can be retrieved using the GET /queries/actions/v1 endpoint. |
| GetActivityMonitorV3 | SaaS Security | Get activity monitor. |
| GetAggregateDetects | Detects | Get detect aggregates as specified via json in request body. |
| GetAggregateFiles | Quarantine | Get quarantine file aggregates as specified via json in request body. |
| GetAlertsV3 | SaaS Security | Get alerts. |
| GetAppInventory | SaaS Security | Get application inventory. |
| GetAppInventoryUsers | SaaS Security | Get application inventory users. |
| GetArchiveExport | CAO Hunting | Creates an Archive Export. |
| GetArtifacts | Falcon Intelligence Sandbox | Download IOC packs, PCAP files, memory dumps, and other analysis artifacts. |
| getAssessmentsByScoreV1 | Zero Trust Assessment | Get Zero Trust Assessment data for one or more hosts by providing a customer ID (CID) and a range of scores. |
| getAssessmentV1 | Zero Trust Assessment | Get Zero Trust Assessment data for one or more hosts by providing agent IDs (AID) and a customer ID (CID). |
| GetAssetInventoryV3 | SaaS Security | Get asset inventory. |
| getAuditV1 | Zero Trust Assessment | Get the Zero Trust Assessment audit report for one customer ID (CID). |
| GetAvailableRoleIds | User Management | Deprecated : Please use GET /user-management/queries/roles/v1. Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to /customer/entities/roles/v1. |
| GetAWSAccounts | Cloud Connect AWS | Retrieve a set of AWS Accounts by specifying their IDs |
| GetAWSAccountsMixin0 | Kubernetes Protection | Provides a list of AWS accounts. |
| GetAWSSettings | Cloud Connect AWS | Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts |
| GetAzureInstallScript | Kubernetes Protection | Provides the script to run for a given tenant id and subscription IDs |
| GetAzureTenantConfig | Kubernetes Protection | Gets the Azure tenant Config |
| GetAzureTenantIDs | Kubernetes Protection | Provides all the azure subscriptions and tenants |
| GetBehaviorDetections | CSPM Registration | Get list of detected behaviors |
| GetBehaviors | Incidents | Get details on behaviors by providing behavior IDs |
| GetCaseActivityByIds | Message Center | Retrieve activities for given id's |
| GetCaseEntitiesByIDs | Message Center | Retrieve message center cases |
| getChanges | FileVantage | Retrieve information on changes |
| getChildren | MSSP (Flight Control) | Get link to child customer by child CID(s) |
| getChildrenV2 | MSSP (Flight Control) | Get link to child customer by child CID(s) |
| getCIDGroupById | MSSP (Flight Control) | Deprecated : Please use GET /mssp/entities/cid-groups/v2. Get CID groups by ID. |
| getCIDGroupByIdV2 | MSSP (Flight Control) | Get CID Groups by ID. |
| getCIDGroupMembersBy | MSSP (Flight Control) | Deprecated : Please use GET /mssp/entities/cid-group-members/v2. Get CID group members by CID group ID. |
| getCIDGroupMembersByV2 | MSSP (Flight Control) | Get CID group members by CID Group ID. |
| GetCloudEventIds | CSPM Registration | Get cloud event IDs. |
| GetCloudSecurityIntegrationState | ASPM | Get Cloud Security integration state. |
| GetClusters | Kubernetes Protection | Provides the clusters acknowledged by the Kubernetes Protection service |
| getCombinedAssessmentsQuery | Configuration Assessment | Search for assessments in your environment by providing a FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria |
| GetCombinedCloudClusters | Kubernetes Protection | Returns a combined list of provisioned cloud accounts and known kubernetes clusters |
| GetCombinedImages | Container Images | Get image assessment results by providing a FQL filter and paging details |
| GetCombinedImages | Falcon Container | Gets image assessment results by providing a FQL filter and paging details. |
| GetCombinedPluginConfigs | API Integrations | Queries for config resources and returns details |
| GetCombinedSensorInstallersByQuery | Sensor Download | Get sensor installer details by provided query |
| GetCombinedSensorInstallersByQueryV2 | Sensor Download | Get sensor installer details by provided query |
| GetCombinedSensorInstallersByQueryV3 | Sensor Download | Get sensor installer details by provided query. |
| GetCombinedVulnerabilitiesSARIF | Serverless Exports | Retrieve all lambda vulnerabilities that match the given query and return in the SARIF format. |
| GetComplianceControls | Cloud Policies | Get compliance controls by ID. |
| GetComplianceFrameworks | Cloud Policies | Get compliance frameworks by ID. |
| GetConfigurationDetectionEntities | CSPM Registration | Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections. |
| GetConfigurationDetectionIDsV2 | CSPM Registration | Get list of active misconfiguration ids - including custom policy detections in addition to default policy detections. |
| GetConfigurationDetections | CSPM Registration | Get list of active misconfigurations |
| getContents | FileVantage | Retrieves the content captured for the provided change ID. |
| getContentUpdatePolicies | Content Update Policies | Retrieve a set of Content Update Policies by specifying their IDs. |
| GetCredentials | Falcon Container | Gets the registry credentials |
| GetCredentialsIAC | Cloud Snapshots | Retrieve the registry credentials (external endpoint). |
| GetCredentialsMixin0 | Provision | Gets the registry credentials |
| GetCSPMAwsAccount | CSPM Registration | Returns information about the current status of an AWS account. |
| GetCSPMAwsAccountScriptsAttachment | CSPM Registration | Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. |
| GetCSPMAwsConsoleSetupURLs | CSPM Registration | Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. |
| GetCSPMAzureAccount | CSPM Registration | Return information about Azure account registration |
| GetCSPMAzureManagementGroup | CSPM Registration | Return information about Azure management group registration |
| GetCSPMAzureUserScriptsAttachment | CSPM Registration | Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment |
| GetCSPMGCPServiceAccountsExt | CSPM Registration | Returns the service account id and client email for external clients. |
| GetCSPMGCPUserScriptsAttachment | CSPM Registration | Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment |
| GetCSPMGCPValidateAccountsExt | CSPM Registration | Run a synchronous health check. |
| GetCSPMPoliciesDetails | CSPM Registration | Given an array of policy IDs, returns detailed policies information. |
| GetCSPMPolicy | CSPM Registration | Given a policy ID, returns detailed policy information. |
| GetCSPMPolicySettings | CSPM Registration | Returns information about current policy settings. |
| GetCSPMScanSchedule | CSPM Registration | Returns scan schedule configuration for one or more cloud platforms. |
| GetD4CAwsAccount | D4C Registration | Returns information about the current status of an AWS account. |
| GetD4CAWSAccountScriptsAttachment | D4C Registration | Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. |
| GetD4CAwsConsoleSetupURLs | D4C Registration | Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. |
| GetD4CCGPAccount | D4C Registration | Returns information about the current status of an GCP account. |
| GetD4CGCPServiceAccountsExt | D4C Registration | Returns the service account id and client email for external clients. |
| GetD4CGCPUserScripts | D4C Registration | Return a script for customer to run in their cloud environment to grant us access to their GCP environment |
| GetD4CGCPUserScriptsAttachment | D4C Registration | Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment |
| GetDashboardTemplate | NGSIEM | Get a dashboard template. |
| getDefaultDeviceControlPolicies | Device Control Policies | Retrieve the configuration for a Default Device Control Policy |
| getDefaultDeviceControlSettings | Device Control Policies | Get default device control settings (USB and Bluetooth). |
| GetDeliverySettings | Delivery Settings | Get Delivery Settings. |
| GetDeploymentsExternalV1 | Deployments | Get deployment resources by IDs. |
| GetDetectSummaries | Detects | View information about detections |
| getDeviceControlPolicies | Device Control Policies | Retrieve a set of Device Control Policies by specifying their IDs |
| getDeviceControlPoliciesV2 | Device Control Policies | Get device control policies for the given filter criteria. Supports USB and Bluetooth. |
| GetDeviceCountCollectionQueriesByFilter | Falcon Complete Dashboard | Retrieve device count collection Ids that match the provided FQL filter, criteria with scrolling enabled |
| GetDeviceDetails | Hosts | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the /devices/queries/devices/v1 endpoint, the Falcon console or the Streaming API |
| GetDeviceDetailsV1 | Hosts | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the /devices/queries/devices/v1 endpoint, the Falcon console or the Streaming API. (Max: 500) |
| GetDeviceDetailsV2 | Hosts | Get details on one or more hosts by providing host IDs as a query parameter. Supports up to a maximum 100 IDs. |
| GetDeviceInventoryV3 | SaaS Security | Get device inventory. |
| GetDiscoverCloudAzureAccount | D4C Registration | Return information about Azure account registration |
| GetDiscoverCloudAzureTenantIDs | D4C Registration | Return available tenant ids for discover for cloud |
| GetDiscoverCloudAzureUserScripts | D4C Registration | Return a script for customer to run in their cloud environment to grant us access to their Azure environment |
| GetDiscoverCloudAzureUserScriptsAttachment | D4C Registration | Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment |
| GetDiscoverCloudCGPAccount | D4C Registration | Returns information about the current status of an GCP account. |
| GetDiscoverCloudGCPUserScripts | D4C Registration | Return a script for customer to run in their cloud environment to grant us access to their GCP environment |
| GetDiscoverCloudGCPUserScriptsAttachment | D4C Registration | Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment |
| GetDriftIndicatorsValuesByDate | Drift Indicators | Returns the count of Drift Indicators by the date. by default it's for 7 days. |
| GetEnrichedAsset | Cloud Policies | Get enriched assets that combine a primary resource with all its related resources. |
| GetEntityIDsByQueryPOST | Deployments | returns the release notes for the IDs in the request. |
| GetEntityIDsByQueryPOSTV2 | Deployments | Get entity IDs by query (v2). |
| getEvaluationLogic | Spotlight Evaluation Logic | Get details on evaluation logic items by providing one or more IDs. |
| getEvaluationLogicMixin0 | Configuration Assessment Evaluation Logic | Get details on evaluation logic items by providing one or more finding IDs. |
| GetEvaluationResult | Cloud Policies | Get evaluation results based on the provided rule. |
| GetEventsBody | Tailored Intelligence | Get event body for the provided event ID |
| GetEventsEntities | Tailored Intelligence | Get events entities for specified ids. |
| GetExecutorNodes | ASPM | Get all the relay nodes |
| GetExecutorNodesMetadata | ASPM | Get metadata about all executor nodes. |
| GetExportJobsV1 | Recon | Get the status of export jobs based on their IDs. Export jobs can be launched by calling POST /entities/exports/v1. When a job is complete, use the job ID to download the file(s) associated with it using GET entities/export-files/v1. |
| GetFileContentForExportJobsV1 | Recon | Download the file associated with a job ID. |
| getFirewallPolicies | Firewall Policies | Retrieve a set of Firewall Policies by specifying their IDs |
| GetGroupHierarchy | ASPM | Get group hierarchy. |
| GetGroupsV2 | ASPM | Get groups V2. |
| GetGroupV2 | ASPM | Get group details. |
| GetHelmValuesYaml | Kubernetes Protection | Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart |
| GetHorizonD4CScripts | D4C Registration | Returns static install scripts for Horizon. |
| getHostGroups | Host Group | Retrieve a set of Host Groups by specifying their IDs |
| GetHostMigrationIDsV1 | Host Migration | Query host migration IDs. |
| GetHostMigrationsV1 | Host Migration | Get host migration details. |
| GetHuntingGuides | CAO Hunting | Get hunting guides. |
| GetImageAssessmentReport | Falcon Container | Retrieve an assessment report for an image by specifying repository and tag. |
| GetIncidents | Incidents | Get details on incidents by providing incident IDs |
| GetIndicatorAggregates | Intelligence Indicator Graph | Get indicator aggregates as specified via json in request body. |
| GetIndicatorsReport | IOC | Launch an indicators report creation job |
| GetIntegrations | ASPM | Get a list of all the integrations |
| GetIntegrationsV2 | ASPM | Get a list of all the integrations. |
| GetIntegrationsV3 | SaaS Security | Get integrations. |
| GetIntegrationTasks | ASPM | Get all the integration tasks |
| GetIntegrationTasksMetadata | ASPM | Get metadata about all integration tasks. |
| GetIntegrationTasksV2 | ASPM | Get all the integration tasks. |
| GetIntegrationTypes | ASPM | Get all the integration types |
| GetIntelActorEntities | Intel | Retrieve specific actors using their actor IDs. |
| GetIntelIndicatorEntities | Intel | Retrieve specific indicators using their indicator IDs. |
| GetIntelligenceQueries | CAO Hunting | Retrieves a list of Intelligence queries. |
| GetIntelReportEntities | Intel | Retrieve specific reports using their report IDs. |
| GetIntelReportPDF | Intel | Return a Report PDF attachment |
| GetIntelRuleEntities | Intel | Retrieve details for rule sets for the specified ids. |
| GetIntelRuleFile | Intel | Download earlier rule sets. |
| GetIOAEvents | CSPM Registration | For CSPM IOA events, gets list of IOA events. |
| getIOAExclusionsV1 | IOA Exclusions | Get a set of IOA Exclusions by specifying their IDs |
| GetIOAUsers | CSPM Registration | For CSPM IOA users, gets list of IOA users. |
| GetIOC | IOCs | This operation has been superseded by the IOC.indicator_get_v1 operation and is no longer used. |
| GetLatestIntelRuleFile | Intel | Download the latest rule set. |
| GetLocations | Kubernetes Protection | Provides the cloud locations acknowledged by the Kubernetes Protection service |
| GetLookupFile | NGSIEM | Get a lookup file. |
| GetLookupFromPackageV1 | NGSIEM | Download lookup file in package from NGSIEM. |
| GetLookupFromPackageWithNamespaceV1 | NGSIEM | Download lookup file in namespaced package from NGSIEM. |
| GetLookupV1 | NGSIEM | Download lookup file from NGSIEM. |
| GetMalQueryDownloadV1 | MalQuery | Download a file indexed by MalQuery. Specify the file using its SHA256. Only one file is supported at this time |
| GetMalQueryEntitiesSamplesFetchV1 | MalQuery | Fetch a zip archive with password 'infected' containing the samples. Call this once the /entities/samples-multidownload request has finished processing |
| GetMalQueryMetadataV1 | MalQuery | Retrieve indexed files metadata by their hash |
| GetMalQueryQuotasV1 | MalQuery | Get information about search and download quotas in your environment |
| GetMalQueryRequestV1 | MalQuery | Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time. |
| GetMalwareEntities | Intel | Get malware entities for specified IDs. |
| GetMalwareMitreReport | Intel | Export Mitre ATT&CK information for a given malware family. |
| GetMemoryDump | Falcon Intelligence Sandbox | Get memory dump content, as binary |
| GetMemoryDumpExtractedStrings | Falcon Intelligence Sandbox | Get extracted strings from a memory dump |
| GetMemoryDumpHexDump | Falcon Intelligence Sandbox | Get hex view of a memory dump |
| GetMetricsV3 | SaaS Security | Get metrics. |
| GetMigrationDestinationsV1 | Host Migration | Get destinations for a migration. |
| GetMigrationIDsV1 | Host Migration | Query migration jobs. |
| GetMigrationsV1 | Host Migration | Get migration job details. |
| GetMitreReport | Intel | Export Mitre ATT&CK information for a given actor. |
| getMLExclusionsV1 | ML Exclusions | Get a set of ML Exclusions by specifying their IDs |
| GetNotificationsDetailedTranslatedV1 | Recon | Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match.This endpoint will return translated notification content. The only target language available is English. A single notification can be translated per request |
| GetNotificationsDetailedV1 | Recon | Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match. |
| GetNotificationsExposedDataRecordsV1 | Recon | Get notifications exposed data records based on their IDs. IDs can be retrieved using the GET /queries/notifications-exposed-data-records/v1 endpoint. The associate notification can be fetched using the /entities/notifications/v* endpoints |
| GetNotificationsTranslatedV1 | Recon | Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint. This endpoint will return translated notification content. The only target language available is English. |
| GetNotificationsV1 | Recon | Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint. |
| GetObject | Custom Storage | Get the bytes for the specified object |
| GetObjectMetadata | Custom Storage | Get the metadata for the specified object |
| GetOnlineState_V1 | Hosts | Get the online status for one or more hosts by specifying each host’s unique ID. Successful requests return an HTTP 200 response and the status for each host identified by a state of online, offline, or unknown for each host, identified by host id.Make a GET request to /devices/queries/devices/v1 to get a list of host IDs. |
| GetParser | NGSIEM | Get a parser. |
| GetParserTemplate | NGSIEM | Get a parser template. |
| getPolicies | FileVantage | Retrieves the configuration for 1 or more policies. |
| getPreventionPolicies | Prevention Policy | Retrieve a set of Prevention Policies by specifying their IDs |
| GetQuarantineFiles | Quarantine | Get quarantine file metadata for specified ids. |
| GetQueriesAlertsV1 | Alerts | retrieves all Alerts ids that match a given query |
| GetQueriesAlertsV2 | Alerts | retrieves all Alerts ids that match a given query |
| getRemediationsV2 | Spotlight Vulnerabilities | Get details on remediation by providing one or more IDs |
| GetReportByReference | Falcon Container | Get a report by reference ID. |
| GetReportByScanID | Falcon Container | Get a report by scan ID. |
| GetReports | Falcon Intelligence Sandbox | Get a full sandbox report. |
| GetRoles | User Management | Deprecated : Please use GET /user-management/entities/roles/v1. Get info about a role |
| getRolesByID | MSSP (Flight Control) | Get link between user group and CID group by ID. Link ID is a string consisting of multiple components, but should be treated as opaque. |
| getRTResponsePolicies | Response Policies | Retrieve a set of Response Policies by specifying their IDs |
| GetRule | Cloud Policies | Get a rule by id. |
| getRuleDetails | Configuration Assessment | Get rules details for provided one or more rule IDs |
| getRuleGroups | FileVantage | Retrieves the rule group details for 1 or more rule groups. |
| GetRuleInputSchema | Cloud Policies | Get rule input schema for given resource type. |
| GetRuleOverride | Cloud Policies | Get a rule override. |
| getRules | FileVantage | Retrieves the configuration for 1 or more rules. |
| GetRulesEntities | Tailored Intelligence | Get rules entities for specified ids. |
| getRulesMetadataByID | Kubernetes Container Compliance | Retrieve detailed compliance rule information by ID. Includes descriptions, remediation steps, and audit procedures by specifying rule identifiers. |
| GetRulesV1 | Recon | Get monitoring rules based on their IDs. IDs can be retrieved using the GET /queries/rules/v1 endpoint. |
| GetRuntimeDetectionsCombinedV2 | Container Detections | Retrieve image assessment detections identified by the provided filter criteria. |
| GetSampleV2 | Falcon Intelligence Sandbox | Retrieves the file associated with the given ID (SHA256) |
| GetSampleV3 | Sample Uploads | Retrieves the file associated with the given ID (SHA256) |
| GetSavedQueryTemplate | NGSIEM | Get a saved query template. |
| GetSavedSearchesExecuteAltV1 | Foundry LogScale | Get the results of a saved search |
| GetSavedSearchesExecuteV1 | Foundry LogScale | Get the results of a saved search |
| GetSavedSearchesJobResultsDownloadAltV1 | Foundry LogScale | Get the results of a saved search as a file |
| GetSavedSearchesJobResultsDownloadV1 | Foundry LogScale | Get the results of a saved search as a file |
| GetScanReport | Cloud Snapshots | Retrieve the scan report for an instance. |
| GetScanResult | Quick Scan Pro | Gets the result of an QuickScan Pro scan. |
| GetScans | Quick Scan | Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute |
| GetScansAggregates | Quick Scan | Get scans aggregations as specified via json in request body. |
| getScheduledExclusions | FileVantage | Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id. |
| GetSchema | Custom Storage | Get the bytes of the specified schema of the requested collection. |
| GetSchemaMetadata | Custom Storage | Get the metadata for the specified schema of the requested collection. |
| GetSearchStatusV1 | NGSIEM | Get status of a NGSIEM search. |
| GetSecurityCheckAffectedV3 | SaaS Security | Get affected resources for security checks. |
| GetSecurityCheckComplianceV3 | SaaS Security | Get security check compliance. |
| GetSecurityChecksV3 | SaaS Security | Get security checks. |
| GetSensorAggregates | Identity Entities | Get sensor aggregates as specified via json in request body. |
| GetSensorDetails | Identity Entities | Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs. |
| GetSensorInstallersByQuery | Sensor Download | Get sensor installer IDs by provided query |
| GetSensorInstallersByQueryV2 | Sensor Download | Get sensor installer IDs by provided query |
| GetSensorInstallersByQueryV3 | Sensor Download | Get sensor installer IDs by provided query. |
| GetSensorInstallersCCIDByQuery | Sensor Download | Get CCID to use with sensor installers |
| GetSensorInstallersEntities | Sensor Download | Get sensor installer details by provided SHA256 IDs |
| GetSensorInstallersEntitiesV2 | Sensor Download | Get sensor installer details by provided SHA256 IDs |
| GetSensorInstallersEntitiesV3 | Sensor Download | Get sensor installer details by provided SHA256 IDs. |
| getSensorUpdatePolicies | Sensor Update Policy | Retrieve a set of Sensor Update Policies by specifying their IDs |
| getSensorUpdatePoliciesV2 | Sensor Update Policy | Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs |
| GetSensorUsageHourly | Sensor Usage | Fetches hourly average. Each data point represents the average of how many unique AIDs were seen per hour. |
| GetSensorUsageWeekly | Sensor Usage | Fetches weekly average. Each data point represents the average of how many unique AIDs were seen per week for the previous 28 days. |
| getSensorVisibilityExclusionsV1 | Sensor Visibility Exclusions | Get a set of Sensor Visibility Exclusions by specifying their IDs |
| getServiceArtifacts | ASPM | Retrieve service artifacts. |
| GetServicesCount | ASPM | Get the total amount of existing services |
| GetServiceViolationTypes | ASPM | Get the different types of violation |
| GetStaticScripts | Kubernetes Protection | Gets static bash scripts that are used during registration |
| GetSubmissions | Falcon Intelligence Sandbox | Check the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes. |
| GetSummaryReports | Falcon Intelligence Sandbox | Get a short summary version of a sandbox report. |
| GetSupportedSaasV3 | SaaS Security | Get supported SaaS applications. |
| GetSuppressionRules | Cloud Policies | Get Suppression Rules by ID. |
| GetSystemLogsV3 | SaaS Security | Get system logs. |
| GetSystemUsersV3 | SaaS Security | Get system users. |
| GetTags | ASPM | Get all tags |
| getUserGroupMembersByID | MSSP (Flight Control) | Deprecated : Please use GET /mssp/entities/user-group-members/v2. Get user group members by user group ID. |
| getUserGroupMembersByIDV2 | MSSP (Flight Control) | Get user group members by user group ID. |
| getUserGroupsByID | MSSP (Flight Control) | Deprecated : Please use GET /entities/user-groups/v2. Get user groups by ID. |
| getUserGroupsByIDV2 | MSSP (Flight Control) | Get user groups by ID. |
| GetUserInventoryV3 | SaaS Security | Get user inventory. |
| GetUserRoleIds | User Management | Deprecated : Please use GET /user-management/combined/user-roles/v1. Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to /customer/entities/roles/v1. |
| GetUsersV2 | ASPM | List users. |
| GetVersionedObject | Custom Storage | Get the bytes for the specified object. |
| GetVersionedObjectMetadata | Custom Storage | Get the metadata for the specified object. |
| GetVulnerabilities | Intel | Get vulnerabilities |
| getVulnerabilities | Spotlight Vulnerabilities | Get details on vulnerabilities by providing one or more IDs |
| GrantUserRoleIds | User Management | Deprecated : Please use POST /user-management/entities/user-role-actions/v1. Assign one or more roles to a user |
| GroupContainersByManaged | Kubernetes Protection | Group the containers by Managed |
| handle | DataScanner | Produces the input message into the corresponding Kafka topic. |
| HeadImageScanInventory | Falcon Container | Get headers for POST request for image scan inventory |
| highVolumeQueryChanges | FileVantage | Returns 1 or more change ids |
| HostMigrationAggregatesV1 | Host Migration | Get host migration aggregates as specified via json in request body. |
| HostMigrationsActionsV1 | Host Migration | Perform an action on host migrations. |
| ImageMatchesPolicy | Falcon Container | Check if an image matches a policy by specifying repository and tag. |
| indicator_aggregate_v1 | IOC | Get Indicators aggregates as specified via json in the request body. |
| indicator_combined_v1 | IOC | Get Combined for Indicators. |
| indicator_create_v1 | IOC | Create Indicators. |
| indicator_delete_v1 | IOC | Delete Indicators by ids. |
| indicator_get_device_count_v1 | IOC | Get the number of devices the indicator has run on |
| indicator_get_devices_ran_on_v1 | IOC | Get the IDs of devices the indicator has run on |
| indicator_get_processes_ran_on_v1 | IOC | Get the number of processes the indicator has run on |
| indicator_get_v1 | IOC | Get Indicators by ids. |
| indicator_search_v1 | IOC | Search for Indicators. |
| indicator_update_v1 | IOC | Update Indicators. |
| IngestDataAsyncV1 | Foundry LogScale | Ingest data into the application repository asynchronously |
| IngestDataV1 | Foundry LogScale | Ingest data into the application repository |
| InstallParser | NGSIEM | Install a CrowdStrike-managed out-of-the-box (OOTB) parser. |
| IntegrationBuilderEndTransactionV3 | SaaS Security | End integration builder transaction. |
| IntegrationBuilderGetStatusV3 | SaaS Security | Get integration builder status. |
| IntegrationBuilderResetV3 | SaaS Security | Reset integration builder. |
| IntegrationBuilderUploadV3 | SaaS Security | Upload integration builder. |
| ioc_type_query_v1 | IOC | Query IOC Types. |
| ITAutomationCancelTaskExecution | IT Automation | Cancel a task execution |
| ITAutomationCombinedScheduledTasks | IT Automation | Returns full details of scheduled tasks matching the filter query parameter |
| ITAutomationCreatePolicy | IT Automation | Create a policy |
| ITAutomationCreateScheduledTask | IT Automation | Create a scheduled task |
| ITAutomationCreateTask | IT Automation | Create a task |
| ITAutomationCreateTaskGroup | IT Automation | Create a task group |
| ITAutomationCreateUserGroup | IT Automation | Create a user group |
| ITAutomationDeletePolicy | IT Automation | Delete a policy |
| ITAutomationDeleteScheduledTasks | IT Automation | Delete scheduled tasks |
| ITAutomationDeleteTask | IT Automation | Delete a task |
| ITAutomationDeleteTaskGroups | IT Automation | Delete task groups |
| ITAutomationDeleteUserGroup | IT Automation | Delete a user group |
| ITAutomationGetAssociatedTasks | IT Automation | Retrieve tasks associated with the provided file ID |
| ITAutomationGetExecutionResults | IT Automation | Retrieve execution results |
| ITAutomationGetExecutionResultsSearchStatus | IT Automation | Retrieve execution results search status |
| ITAutomationGetPolicies | IT Automation | Retrieve policies |
| ITAutomationGetScheduledTasks | IT Automation | Retrieve scheduled tasks |
| ITAutomationGetTaskExecution | IT Automation | Retrieve a task execution |
| ITAutomationGetTaskExecutionHostStatus | IT Automation | Retrieve task execution host status |
| ITAutomationGetTaskExecutionsByQuery | IT Automation | Retrieve task executions by query |
| ITAutomationGetTaskGroups | IT Automation | Retrieve task groups |
| ITAutomationGetTaskGroupsByQuery | IT Automation | Retrieve task groups by query |
| ITAutomationGetTasks | IT Automation | Retrieve tasks |
| ITAutomationGetTasksByQuery | IT Automation | Retrieve tasks by query |
| ITAutomationGetUserGroup | IT Automation | Retrieve a user group |
| ITAutomationQueryPolicies | IT Automation | Query policies |
| ITAutomationRerunTaskExecution | IT Automation | Rerun a task execution |
| ITAutomationRunLiveQuery | IT Automation | Run a live query |
| ITAutomationSearchScheduledTasks | IT Automation | Search scheduled tasks |
| ITAutomationSearchTaskExecutions | IT Automation | Search task executions |
| ITAutomationSearchTaskGroups | IT Automation | Search task groups |
| ITAutomationSearchTasks | IT Automation | Search tasks |
| ITAutomationSearchUserGroup | IT Automation | Search user groups |
| ITAutomationStartExecutionResultsSearch | IT Automation | Start an execution results search |
| ITAutomationStartTaskExecution | IT Automation | Start a task execution |
| ITAutomationUpdatePolicies | IT Automation | Update policies |
| ITAutomationUpdatePoliciesPrecedence | IT Automation | Update policies precedence |
| ITAutomationUpdatePolicyHostGroups | IT Automation | Update policy host groups |
| ITAutomationUpdateScheduledTask | IT Automation | Update a scheduled task |
| ITAutomationUpdateTask | IT Automation | Update a task |
| ITAutomationUpdateTaskGroup | IT Automation | Update a task group |
| ITAutomationUpdateUserGroup | IT Automation | Update a user group |
| LaunchExportJob | Falcon Container | Launch an export job of a Container Security resource. Maximum of 1 job in progress per resource. |
| LaunchExportJobMixin0 | Serverless Exports | Launch an export job of a Lambda Security resource. |
| LaunchScan | Quick Scan Pro | Starts scanning a file uploaded through UploadFileQuickScanPro. |
| listAvailableStreamsOAuth2 | Event Streams | Discover all event streams in your environment |
| ListAzureAccounts | Kubernetes Protection | Provides the azure subscriptions registered to Kubernetes Protection |
| ListCloudGroupIDsExternal | Cloud Security | Query Cloud Groups and return only their IDs. |
| ListCloudGroupsByIDExternal | Cloud Security | Retrieve Cloud Groups by their UUIDs. |
| ListCloudGroupsExternal | Cloud Security | Query Cloud Groups and return entities with full details. |
| ListCollections | Custom Storage | List available collection names in alphabetical order. |
| ListDashboards | NGSIEM | List all dashboards. |
| ListFeedTypes | Intelligence Feeds | Lists the accessible feeds for a given customer. |
| ListLookupFiles | NGSIEM | List all lookup files. |
| ListObjects | Custom Storage | List the object keys in the specified collection in alphabetical order |
| ListObjectsByVersion | Custom Storage | List the object keys in the specified collection in alphabetical order. |
| ListParsers | NGSIEM | List all parsers. |
| ListReposV1 | Foundry LogScale | Lists available repositories and views |
| ListSavedQueries | NGSIEM | List all saved queries. |
| ListSchemas | Custom Storage | Get the list of schemas for the requested collection in reverse version order (latest first). |
| ListViewV1 | Foundry LogScale | List views |
| LookupIndicators | Intelligence Indicator Graph | Get indicators based on their value. |
| MigrationAggregatesV1 | Host Migration | Get migration aggregates as specified via json in request body. |
| MigrationsActionsV1 | Host Migration | Perform an action on a migration job. |
| oauth2AccessToken | OAuth2 | Generate an OAuth2 access token |
| oauth2RevokeToken | OAuth2 | Revoke a previously issued OAuth2 access token before the end of its standard 30-minute lifespan. |
| patch_external_assets | Exposure Management | Update the details of external assets. |
| PatchAzureServicePrincipal | Kubernetes Protection | Adds the client ID for the given tenant ID to our system |
| PatchCSPMAwsAccount | CSPM Registration | Patches a existing account in our system for a customer. |
| patchDeviceControlPoliciesClassesV1 | Device Control Policies | Update device control policy's classes (USB and Bluetooth). |
| patchDeviceControlPoliciesV2 | Device Control Policies | Update Device Control Policies by specifying the ID of the policy and details to update |
| PatchEntitiesAlertsV2 | Alerts | Perform actions on detections identified by detection ID(s) in request. Each action has a name and a description which describes what the action does. If a request adds and removes tag in a single request, the order of processing would be to remove tags before adding new ones in. |
| PatchEntitiesAlertsV3 | Alerts | Perform actions on detections identified by detection ID(s) in request. Each action has a name and a description which describes what the action does. If a request adds and removes tag in a single request, the order of processing would be to remove tags before adding new ones in. |
| PerformActionV2 | Hosts | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
| performContentUpdatePoliciesAction | Content Update Policies | Perform the specified action on the Content Update Policies specified in the request. |
| performDeviceControlPoliciesAction | Device Control Policies | Perform the specified action on the Device Control Policies specified in the request |
| performFirewallPoliciesAction | Firewall Policies | Perform the specified action on the Firewall Policies specified in the request |
| performGroupAction | Host Group | Perform the specified action on the Host Groups specified in the request |
| PerformIncidentAction | Incidents | Perform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description |
| performPreventionPoliciesAction | Prevention Policy | Perform the specified action on the Prevention Policies specified in the request |
| performRTResponsePoliciesAction | Response Policies | Perform the specified action on the Response Policies specified in the request |
| performSensorUpdatePoliciesAction | Sensor Update Policy | Perform the specified action on the Sensor Update Policies specified in the request |
| platform_query_v1 | IOC | Query Platforms. |
| PolicyChecks | Falcon Container | Check if an image matches policy requirements. |
| post_external_assets_inventory_v1 | Exposure Management | Add external assets for external asset scanning. |
| post_policy_rules | Identity Protection | Create policy rules. |
| PostAggregatesAlertsV1 | Alerts | retrieves aggregate values for Alerts across all CIDs |
| PostAggregatesAlertsV2 | Alerts | retrieves aggregate values for Alerts across all CIDs |
| PostCombinedAlertsV1 | Alerts | Retrieves all Alerts that match a particular FQL filter. This API is intended for retrieval of large amounts of Alerts(>10k) using a pagination based on a after token. |
| PostDeliverySettings | Delivery Settings | Create Delivery Settings. |
| postDeviceControlPoliciesV2 | Device Control Policies | Create Device Control Policies by specifying details about the policy to create. |
| PostDeviceDetailsV2 | Hosts | Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs. |
| PostEntitiesAlertsV1 | Alerts | retrieves all Alerts given their ids |
| PostEntitiesAlertsV2 | Alerts | retrieves all Alerts given their composite ids |
| PostGroupV2 | ASPM | Create group. |
| PostImageScanInventory | Falcon Container | Post image scan inventory |
| PostMalQueryEntitiesSamplesMultidownloadV1 | MalQuery | Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip |
| PostMalQueryExactSearchV1 | MalQuery | Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. You can filter results on criteria such as file type, file size and first seen date. Returns a request id which can be used with the /request endpoint |
| PostMalQueryFuzzySearchV1 | MalQuery | Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. |
| PostMalQueryHuntV1 | MalQuery | Schedule a YARA-based search for execution. Returns a request id which can be used with the /request endpoint |
| PostMitreAttacks | Intel | Retrieves report and observable IDs associated with the given actor and attacks |
| PostSearchKubernetesIOMEntities | Kubernetes Protection | Search for Kubernetes IOM entities using POST request with filter criteria. |
| PreviewRuleV1 | Recon | Preview rules notification count and distribution. This will return aggregations on: channel, count, site. |
| ProcessesRanOn | IOCs | Search for processes associated with a custom IOC |
| ProvisionAWSAccounts | Cloud Connect AWS | Provision AWS Accounts by specifying details about the accounts to provision |
| PutObject | Custom Storage | Put the specified new object at the given key or overwrite an existing object at the given key |
| PutObjectByVersion | Custom Storage | Put the specified new object at the given key or overwrite an existing object at the given key. |
| queries_access_tags_get_v1 | Case Management | Query access tags. |
| queries_cases_get_v1 | Case Management | Query cases. |
| queries_classification_get_v2 | Data Protection Configuration | Search for classifications that match the provided criteria. |
| queries_cloud_application_get_v2 | Data Protection Configuration | Get all cloud-application IDs matching the query with filter. |
| queries_content_pattern_get_v2 | Data Protection Configuration | Get all content-pattern IDs matching the query with filter. |
| queries_edgetypes_get | ThreatGraph | Show all available edge types |
| queries_enterprise_account_get_v2 | Data Protection Configuration | Get all enterprise-account IDs matching the query with filter. |
| queries_fields_get_v1 | Case Management | Query fields. |
| queries_file_details_get_v1 | Case Management | Query file details. |
| queries_file_type_get_v2 | Data Protection Configuration | Get all file-type IDs matching the query with filter. |
| queries_local_application_get | Data Protection Configuration | Get all local application IDs matching the query with filter. |
| queries_local_application_group_get | Data Protection Configuration | Get all local application group IDs matching the query with filter. |
| queries_notification_groups_get_v1 | Case Management | Query notification groups. |
| queries_notification_groups_get_v2 | Case Management | Query notification groups (v2). |
| queries_policy_get_v2 | Data Protection Configuration | Search for policies that match the provided criteria. |
| queries_rules_get_v1 | Correlation Rules | Find all rule IDs matching the query and filter. |
| queries_rules_get_v2 | Correlation Rules | Find all rule version IDs matching the query and filter. |
| queries_sensitivity_label_get_v2 | Data Protection Configuration | Get all sensitivity label IDs matching the query with filter. |
| queries_slas_get_v1 | Case Management | Query SLAs. |
| queries_states_v1 | Device Content | Query for the content state of the host. |
| queries_template_snapshots_get_v1 | Case Management | Query template snapshots. |
| queries_templates_get_v1 | Case Management | Query templates. |
| queries_templates_get_v1Mixin0 | Correlation Rules | Search rule template IDs matching the filter. |
| queries_web_location_get_v2 | Data Protection Configuration | Get web-location IDs matching the query with filter. |
| queriesRolesV1 | User Management | Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to /user-management/entities/roles/v1. |
| query_accounts | Discover | Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria. |
| query_applications | Discover | Search for applications in your environment by providing a FQL filter and paging details. returns a set of application IDs which match the filter criteria. |
| query_ecosystem_subsidiaries | Exposure Management | Retrieves a list of IDs for ecosystem subsidiaries. |
| query_events | Firewall Management | Find all event IDs matching the query with filter |
| query_external_assets | Exposure Management | Get a list of external asset IDs that match the provided filter conditions. Use these IDs with the blob_download_external_assets, blob_preview_external_assets and get_external_assets endpoints |
| query_external_assets_V2 | Exposure Management | Query external assets (v2). |
| query_firewall_fields | Firewall Management | Get the firewall field specification IDs for the provided platform |
| query_hosts | Discover | Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria. |
| query_iot_hosts | Discover | Search for IoT assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria. |
| query_iot_hosts_v2 | Discover | Search for IoT assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria. |
| query_logins | Discover | Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria. |
| query_malicious_files | ODS | Query malicious files. |
| query_network_locations | Firewall Management | Get a list of network location IDs |
| query_patterns | Custom IOA | Get all pattern severity IDs. |
| query_platforms | Firewall Management | Get the list of platform names |
| query_platformsMixin0 | Custom IOA | Get all platform IDs. |
| query_policy_rules | Firewall Management | Find all firewall rule IDs matching the query with filter, and return them in precedence order |
| query_rule_groups | Firewall Management | Find all rule group IDs matching the query with filter |
| query_rule_groups_full | Custom IOA | Find all rule groups matching the query with optional filter. |
| query_rule_groupsMixin0 | Custom IOA | Finds all rule group IDs matching the query with optional filter. |
| query_rule_types | Custom IOA | Get all rule type IDs. |
| query_rules | Firewall Management | Find all rule IDs matching the query with filter |
| query_rulesMixin0 | Custom IOA | Finds all rule IDs matching the query with optional filter. |
| query_scan_host_metadata | ODS | Query scan hosts. |
| query_scans | ODS | Query Scans. |
| query_scheduled_scans | ODS | Query ScheduledScans. |
| queryActionsMixin0 | FileVantage | Returns one or more action IDs. |
| QueryActionsV1 | Recon | Query actions based on provided criteria. Use the IDs from this response to get the action entities on GET /entities/actions/v1. |
| QueryActivityByCaseID | Message Center | Retrieve activities id's for a case |
| QueryAlertIdsByFilter | Falcon Complete Dashboard | Retrieve Alerts Ids that match the provided FQL filter criteria with scrolling enabled |
| QueryAlertIdsByFilterV2 | Falcon Complete Dashboard | Retrieve Alert IDs that match the provided FQL filter criteria with scrolling enabled |
| QueryAllowListFilter | Falcon Complete Dashboard | Retrieve allowlist tickets that match the provided filter criteria with scrolling enabled |
| QueryAWSAccounts | Cloud Connect AWS | Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria |
| QueryAWSAccountsForIDs | Cloud Connect AWS | Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria |
| QueryBehaviors | Incidents | Search for behaviors by providing a FQL filter, sorting, and paging details |
| QueryBlockListFilter | Falcon Complete Dashboard | Retrieve block listtickets that match the provided filter criteria with scrolling enabled |
| QueryCasesIdsByFilter | Message Center | Retrieve case id's that match the provided filter criteria |
| queryChanges | FileVantage | Returns 1 or more change ids |
| queryChildren | MSSP (Flight Control) | Query for customers linked as children |
| queryCIDGroupMembers | MSSP (Flight Control) | Query a CID groups members by associated CID. |
| queryCIDGroups | MSSP (Flight Control) | Query CID groups. |
| queryCombinedContentUpdatePolicies | Content Update Policies | Search for Content Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Content Update Policies which match the filter criteria. |
| queryCombinedContentUpdatePolicyMembers | Content Update Policies | Search for members of a Content Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria. |
| queryCombinedDeviceControlPolicies | Device Control Policies | Search for Device Control Policies in your environment by providing a FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria |
| queryCombinedDeviceControlPolicyMembers | Device Control Policies | Search for members of a Device Control Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria |
| queryCombinedFirewallPolicies | Firewall Policies | Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policies which match the filter criteria |
| queryCombinedFirewallPolicyMembers | Firewall Policies | Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria |
| queryCombinedGroupMembers | Host Group | Search for members of a Host Group in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria |
| queryCombinedHostGroups | Host Group | Search for Host Groups in your environment by providing a FQL filter and paging details. Returns a set of Host Groups which match the filter criteria |
| queryCombinedPreventionPolicies | Prevention Policy | Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria |
| queryCombinedPreventionPolicyMembers | Prevention Policy | Search for members of a Prevention Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria |
| queryCombinedRTResponsePolicies | Response Policies | Search for Response Policies in your environment by providing a FQL filter and paging details. Returns a set of Response Policies which match the filter criteria |
| queryCombinedRTResponsePolicyMembers | Response Policies | Search for members of a Response policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria |
| queryCombinedSensorUpdateBuilds | Sensor Update Policy | Retrieve available builds for use with Sensor Update Policies |
| queryCombinedSensorUpdateKernels | Sensor Update Policy | Retrieve kernel compatibility info for Sensor Update Builds |
| queryCombinedSensorUpdatePolicies | Sensor Update Policy | Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria |
| queryCombinedSensorUpdatePoliciesV2 | Sensor Update Policy | Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria |
| queryCombinedSensorUpdatePolicyMembers | Sensor Update Policy | Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria |
| QueryComplianceControls | Cloud Policies | Query for compliance controls by various parameters. |
| QueryComplianceFrameworks | Cloud Policies | Query for compliance frameworks by various parameters. |
| queryContentUpdatePolicies | Content Update Policies | Search for Content Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Content Update Policy IDs which match the filter criteria. |
| queryContentUpdatePolicyMembers | Content Update Policies | Search for members of a Content Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria. |
| QueryDetects | Detects | Search for detection IDs that match a given query |
| queryDeviceControlPolicies | Device Control Policies | Search for Device Control Policies in your environment by providing a FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria |
| queryDeviceControlPolicyMembers | Device Control Policies | Search for members of a Device Control Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria |
| QueryDeviceLoginHistory | Hosts | Retrieve details about recent login sessions for a set of devices. |
| QueryDeviceLoginHistoryV2 | Hosts | Retrieve details about recent interactive login sessions for a set of devices powered by the Host Timeline. A max of 10 device ids can be specified |
| QueryDevicesByFilter | Hosts | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
| QueryDevicesByFilterScroll | Hosts | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit) |
| QueryEscalationsFilter | Falcon Complete Dashboard | Retrieve escalation tickets that match the provided filter criteria with scrolling enabled |
| queryEvaluationLogic | Spotlight Evaluation Logic | Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria. |
| QueryEvents | Tailored Intelligence | Get events ids that match the provided filter criteria. |
| QueryExportJobs | Falcon Container | Query export jobs entities. |
| QueryExportJobsMixin0 | Serverless Exports | Query export jobs entities. |
| QueryFeedArchives | Intelligence Feeds | Queries the accessible feeds for a customer. Returns a list of feed IDs which can be later downloaded. |
| queryFirewallPolicies | Firewall Policies | Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policy IDs which match the filter criteria |
| queryFirewallPolicyMembers | Firewall Policies | Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria |
| QueryGetNetworkAddressHistoryV1 | Hosts | Retrieve history of IP and MAC addresses of devices. |
| queryGroupMembers | Host Group | Search for members of a Host Group in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria |
| QueryHiddenDevices | Hosts | Retrieve hidden hosts that match the provided filter criteria. |
| queryHostGroups | Host Group | Search for Host Groups in your environment by providing a FQL filter and paging details. Returns a set of Host Group IDs which match the filter criteria |
| QueryIncidentIdsByFilter | Falcon Complete Dashboard | Retrieve incidents that match the provided filter criteria with scrolling enabled |
| QueryIncidents | Incidents | Search for incidents by providing a FQL filter, sorting, and paging details |
| QueryIntelActorEntities | Intel | Get info about actors that match provided FQL filters. |
| QueryIntelActorIds | Intel | Get actor IDs that match provided FQL filters. |
| QueryIntelIndicatorEntities | Intel | Get info about indicators that match provided FQL filters. |
| QueryIntelIndicatorIds | Intel | Get indicators IDs that match provided FQL filters. |
| QueryIntelReportEntities | Intel | Get info about reports that match provided FQL filters. |
| QueryIntelReportIds | Intel | Get report IDs that match provided FQL filters. |
| QueryIntelRuleIds | Intel | Search for rule IDs that match provided filter criteria. |
| queryIOAExclusionsV1 | IOA Exclusions | Search for IOA exclusions. |
| QueryIOCs | IOCs | This operation has been superseded by the IOC.indicator_search_v1 operation and is no longer used. |
| QueryMalware | Intel | Get malware family names that match provided FQL filters. |
| QueryMalwareEntities | Intel | Get malware entities that match provided FQL filters. |
| QueryMitreAttacks | Intel | Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071 |
| QueryMitreAttacksForMalware | Intel | Gets MITRE tactics and techniques for the given malware. |
| queryMLExclusionsV1 | ML Exclusions | Search for ML exclusions. |
| QueryNotificationsExposedDataRecordsV1 | Recon | Query notifications exposed data records based on provided criteria. Use the IDs from this response to get the notification +entities on GET /entities/notifications-exposed-data-records/v1 |
| QueryNotificationsV1 | Recon | Query notifications based on provided criteria. Use the IDs from this response to get the notification +entities on GET /entities/notifications/v1, GET /entities/notifications-detailed/v1, +GET /entities/notifications-translated/v1 or GET /entities/notifications-detailed-translated/v1. |
| queryPinnableContentVersions | Content Update Policies | Search for content versions available for pinning given the category. |
| queryPolicies | FileVantage | Retrieve the ids of all policies that are assigned the provided policy type. |
| queryPreventionPolicies | Prevention Policy | Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria |
| queryPreventionPolicyMembers | Prevention Policy | Search for members of a Prevention Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria |
| QueryQuarantineFiles | Quarantine | Get quarantine file ids that match the provided filter criteria. |
| QueryReleaseNotesV1 | Deployments | Queries for release-notes resources and returns IDs. |
| QueryRemediationsFilter | Falcon Complete Dashboard | Retrieve remediation tickets that match the provided filter criteria with scrolling enabled |
| QueryReports | Falcon Intelligence Sandbox | Find sandbox reports by providing a FQL filter and paging details. Returns a set of report IDs that match your criteria. |
| queryRoles | MSSP (Flight Control) | Query links between user groups and CID groups. At least one of CID group ID or user group ID should also be provided. Role ID is optional. |
| queryRTResponsePolicies | Response Policies | Search for Response Policies in your environment by providing a FQL filter with sort and/or paging details. This returns a set of Response Policy IDs that match the given criteria. |
| queryRTResponsePolicyMembers | Response Policies | Search for members of a Response policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria |
| QueryRule | Cloud Policies | Query for rules by various parameters. |
| QueryRules | Tailored Intelligence | Get rules ids that match the provided filter criteria. |
| queryRulesGroups | FileVantage | Retrieve the IDs of all rule groups that are of the provided rule group type. |
| QueryRulesV1 | Recon | Query monitoring rules based on provided criteria. Use the IDs from this response to fetch the rules on /entities/rules/v1. |
| QuerySampleV1 | Falcon Intelligence Sandbox | Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200 |
| QueryScanResults | Quick Scan Pro | Gets QuickScan Pro scan jobs for a given FQL filter. |
| queryScheduledExclusions | FileVantage | Retrieve the ids of all scheduled exclusions contained within the provided policy id. |
| QuerySensorsByFilter | Identity Entities | Search for sensors in your environment by hostname, IP, and other criteria. |
| querySensorUpdateKernelsDistinct | Sensor Update Policy | Retrieve kernel compatibility info for Sensor Update Builds |
| querySensorUpdatePolicies | Sensor Update Policy | Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria |
| querySensorUpdatePolicyMembers | Sensor Update Policy | Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria |
| querySensorVisibilityExclusionsV1 | Sensor Visibility Exclusions | Search for sensor visibility exclusions. |
| QuerySubmissions | Falcon Intelligence Sandbox | Find submission IDs for uploaded files by providing a FQL filter and paging details. Returns a set of submission IDs that match your criteria. |
| QuerySubmissions | Quick Scan | Find IDs for submitted scans by providing a FQL filter and paging details. Returns a set of volume IDs that match your criteria. |
| QuerySuppressionRules | Cloud Policies | Query suppression rules with filtering, sorting and pagination. |
| queryUserGroupMembers | MSSP (Flight Control) | Query user group member by user UUID. |
| queryUserGroups | MSSP (Flight Control) | Query user groups. |
| queryUserV1 | User Management | List user IDs for all users in your customer account. For more information on each user, provide the user ID to /user-management/entities/users/GET/v1. |
| QueryVulnerabilities | Intel | Get vulnerabilities IDs |
| queryVulnerabilities | Spotlight Vulnerabilities | Search for Vulnerabilities in your environment by providing a FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria |
| ReadClusterCombined | Kubernetes Protection | Retrieve kubernetes clusters identified by the provided filter criteria |
| ReadClusterCombinedV2 | Kubernetes Protection | Retrieve kubernetes clusters identified by the provided filter criteria |
| ReadClusterCount | Kubernetes Protection | Retrieve cluster counts |
| ReadClusterEnrichment | Kubernetes Protection | Retrieve cluster enrichment data |
| ReadClustersByDateRangeCount | Kubernetes Protection | Retrieve clusters by date range counts |
| ReadClustersByKubernetesVersionCount | Kubernetes Protection | Bucket clusters by kubernetes version |
| ReadClustersByStatusCount | Kubernetes Protection | Bucket clusters by status |
| ReadCombinedDetections | Container Detections | Retrieve image assessment detections identified by the provided filter criteria |
| ReadCombinedImagesExport | Container Images | Retrieve images with an option to expand aggregated vulnerabilities/detections |
| ReadCombinedVulnerabilities | Container Vulnerabilities | Retrieve vulnerability and aggregate data filtered by the provided FQL |
| ReadCombinedVulnerabilitiesDetails | Container Vulnerabilities | Retrieve vulnerability details related to an image |
| ReadCombinedVulnerabilitiesInfo | Container Vulnerabilities | Retrieve vulnerability and package related info for this customer |
| ReadContainerAlertsCount | Container Alerts | Search Container Alerts by the provided search criteria |
| ReadContainerAlertsCountBySeverity | Container Alerts | Get Container Alert counts by severity |
| ReadContainerCombined | Kubernetes Protection | Retrieve containers identified by the provided filter criteria |
| ReadContainerCount | Kubernetes Protection | Retrieve container counts |
| ReadContainerCountByRegistry | Kubernetes Protection | Retrieve top container image registries |
| ReadContainerEnrichment | Kubernetes Protection | Retrieve container enrichment data |
| ReadContainerImageDetectionsCountByDate | Kubernetes Protection | Retrieve count of image assessment detections on running containers over a period of time |
| ReadContainerImagesByMostUsed | Kubernetes Protection | Bucket container by image-digest |
| ReadContainerImagesByState | Kubernetes Protection | Retrieve count of image states running on containers |
| ReadContainersByDateRangeCount | Kubernetes Protection | Retrieve containers by date range counts |
| ReadContainersSensorCoverage | Kubernetes Protection | Bucket containers by agent type and calculate sensor coverage |
| ReadContainerVulnerabilitiesBySeverityCount | Kubernetes Protection | Retrieve container vulnerabilities by severity counts |
| ReadDeploymentCombined | Kubernetes Protection | Retrieve kubernetes deployments identified by the provided filter criteria |
| ReadDeploymentCount | Kubernetes Protection | Retrieve deployment counts |
| ReadDeploymentEnrichment | Kubernetes Protection | Retrieve deployment enrichment data |
| ReadDeploymentsByDateRangeCount | Kubernetes Protection | Retrieve deployments by date range counts |
| ReadDeploymentsCombined | Cloud Snapshots | Search for snapshot jobs identified by the provided filter. |
| ReadDeploymentsEntities | Cloud Snapshots | Retrieve snapshot jobs identified by the provided IDs. |
| ReadDetections | Container Detections | Retrieve image assessment detection entities identified by the provided filter criteria |
| ReadDetectionsCount | Container Detections | Aggregate count of detections |
| ReadDetectionsCountBySeverity | Container Detections | Aggregate counts of detections by severity |
| ReadDetectionsCountByType | Container Detections | Aggregate counts of detections by detection type |
| ReadDistinctContainerImageCount | Kubernetes Protection | Retrieve count of distinct images running on containers |
| ReadDriftIndicatorEntities | Drift Indicators | Retrieve Drift Indicator entities identified by the provided IDs |
| ReadDriftIndicatorsCount | Drift Indicators | Returns the total count of Drift indicators over a time period |
| ReadExportJobs | Falcon Container | Read export jobs entities. |
| ReadExportJobsMixin0 | Serverless Exports | Read export jobs entities. |
| ReadImageVulnerabilities | Falcon Container | Retrieve known vulnerabilities for the provided image |
| ReadKubernetesIomByDateRange | Kubernetes Protection | Returns the count of Kubernetes IOMs by the date. by default it's for 7 days. |
| ReadKubernetesIomCount | Kubernetes Protection | Returns the total count of Kubernetes IOMs over the past seven days |
| ReadKubernetesIomEntities | Kubernetes Protection | Retrieve Kubernetes IOM entities identified by the provided IDs |
| ReadNamespaceCount | Kubernetes Protection | Retrieve namespace counts |
| ReadNamespacesByDateRangeCount | Kubernetes Protection | Retrieve namespaces by date range counts |
| ReadNodeCombined | Kubernetes Protection | Retrieve kubernetes nodes identified by the provided filter criteria |
| ReadNodeCount | Kubernetes Protection | Retrieve node counts |
| ReadNodeEnrichment | Kubernetes Protection | Retrieve node enrichment data |
| ReadNodesByCloudCount | Kubernetes Protection | Bucket nodes by cloud providers |
| ReadNodesByContainerEngineVersionCount | Kubernetes Protection | Bucket nodes by their container engine version |
| ReadNodesByDateRangeCount | Kubernetes Protection | Retrieve nodes by date range counts |
| ReadPackagesByFixableVulnCount | Container Packages | Retrieve top x app packages with the most fixable vulnerabilities |
| ReadPackagesByImageCount | Container Packages | Retrieves the N most frequently used packages across images. |
| ReadPackagesByVulnCount | Container Packages | Retrieve top x packages with the most vulnerabilities |
| ReadPackagesCombined | Container Packages | Retrieve packages identified by the provided filter criteria |
| ReadPackagesCombinedExport | Container Packages | Retrieve packages identified by the provided filter criteria for the purpose of export |
| ReadPackagesCombinedV2 | Container Packages | Retrieve packages identified by the provided filter criteria. |
| ReadPackagesCountByZeroDay | Container Packages | Retrieve packages count affected by zero day vulnerabilities |
| ReadPodCombined | Kubernetes Protection | Retrieve kubernetes pods identified by the provided filter criteria |
| ReadPodCount | Kubernetes Protection | Retrieve pod counts |
| ReadPodEnrichment | Kubernetes Protection | Retrieve pod enrichment data |
| ReadPodsByDateRangeCount | Kubernetes Protection | Retrieve pods by date range counts |
| ReadPolicies | Image Assessment Policies | Get all Image Assessment policies |
| ReadPolicyExclusions | Image Assessment Policies | Retrieve Image Assessment Policy Exclusion entities |
| ReadPolicyGroups | Image Assessment Policies | Retrieve Image Assessment Policy Group entities |
| ReadRegistryEntities | Falcon Container | Retrieve registry entities identified by the customer id |
| ReadRegistryEntitiesByUUID | Falcon Container | Retrieve the registry entity identified by the entity UUID |
| ReadRequestBody | FaaS Execution | Retrieve a large request body, such as a file, that has spilled into object storage. |
| ReadRunningContainerImages | Kubernetes Protection | Retrieve images on running containers |
| ReadUnidentifiedContainersByDateRangeCount | Unidentified Containers | Returns the count of Unidentified Containers over the last 7 days |
| ReadUnidentifiedContainersCount | Unidentified Containers | Returns the total count of Unidentified Containers over a time period |
| ReadVulnerabilitiesByImageCount | Container Vulnerabilities | Retrieve top x vulnerabilities with the most impacted images |
| ReadVulnerabilitiesPublicationDate | Container Vulnerabilities | Retrieve top x vulnerabilities with the most recent publication date |
| ReadVulnerabilityCount | Container Vulnerabilities | Aggregate count of vulnerabilities |
| ReadVulnerabilityCountByActivelyExploited | Container Vulnerabilities | Aggregate count of vulnerabilities grouped by actively exploited |
| ReadVulnerabilityCountByCPSRating | Container Vulnerabilities | Aggregate count of vulnerabilities grouped by csp_rating |
| ReadVulnerabilityCountByCVSSScore | Container Vulnerabilities | Aggregate count of vulnerabilities grouped by cvss score |
| ReadVulnerabilityCountBySeverity | Container Vulnerabilities | Aggregate count of vulnerabilities grouped by severity |
| ReadVulnerableContainerImageCount | Kubernetes Protection | Retrieve count of vulnerable images running on containers |
| refreshActiveStreamSession | Event Streams | Refresh an active event stream. Use the URL shown in a GET /sensors/entities/datafeed/v2 response. |
| RegenerateAPIKey | Kubernetes Protection | Regenerate API key for docker registry integrations |
| RegisterCspmSnapshotAccount | Cloud Snapshots | Register an account for snapshot scanning. |
| RenameSectionComplianceFramework | Cloud Policies | Rename a section in a custom compliance framework. |
| ReplaceControlRules | Cloud Policies | Assign rules to a compliance control (full replace). |
| report_executions_download_get | Report Executions | Get report entity download |
| report_executions_get | Report Executions | Retrieve report details for the provided report IDs. |
| report_executions_query | Report Executions | Find all report execution IDs matching the query with filter |
| report_executions_retry | Report Executions | This endpoint will be used to retry report executions |
| RequestDeviceEnrollmentV3 | Mobile Enrollment | Trigger on-boarding process for a mobile device |
| RequestDeviceEnrollmentV4 | Mobile Enrollment | Trigger on-boarding process for a mobile device. |
| RetrieveEmailsByCID | User Management | Deprecated : Please use POST /user-management/entities/users/GET/v1. List the usernames (usually an email address) for all users in your customer account |
| RetrieveRelayInstances | ASPM | Retrieve the relay instances in CSV format. |
| retrieveUser | User Management | Deprecated : Please use POST /user-management/entities/users/GET/v1. Get info about a user |
| retrieveUsersGETV1 | User Management | Get info about users including their name, UID and CID by providing user UUIDs |
| RetrieveUserUUID | User Management | Deprecated : Please use GET /user-management/queries/users/v1. Get a user's ID by providing a username (usually an email address) |
| RetrieveUserUUIDsByCID | User Management | Deprecated : Please use GET /user-management/queries/users/v1. List user IDs for all users in your customer account. For more information on each user, provide the user ID to /users/entities/user/v1. |
| revealUninstallToken | Sensor Update Policy | Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id' |
| RevokeUserRoleIds | User Management | Deprecated : Please use POST /user-management/entities/user-role-actions/v1. Revoke one or more roles from a user |
| RTR_AggregateSessions | Real Time Response | Get aggregates on session data. |
| RTR_CheckActiveResponderCommandStatus | Real Time Response | Get status of an executed active-responder command on a single host. |
| RTR_CheckAdminCommandStatus | Real Time Response Admin | Get status of an executed RTR administrator command on a single host. |
| RTR_CheckCommandStatus | Real Time Response | Get status of an executed command on a single host. |
| RTR_CreatePut_Files | Real Time Response Admin | Upload a new put-file to use for the RTR put command. |
| RTR_CreatePut_FilesV2 | Real Time Response Admin | Upload a new put-file to use for the RTR put command. |
| RTR_CreateScripts | Real Time Response Admin | Upload a new custom-script to use for the RTR runscript command. |
| RTR_CreateScriptsV2 | Real Time Response Admin | Upload a new custom-script to use for the RTR runscript command. |
| RTR_DeleteFile | Real Time Response | Delete a RTR session file. |
| RTR_DeleteFileV2 | Real Time Response | Delete a RTR session file. |
| RTR_DeletePut_Files | Real Time Response Admin | Delete a put-file based on the ID given. Can only delete one file at a time. |
| RTR_DeleteQueuedSession | Real Time Response | Delete a queued session command |
| RTR_DeleteScripts | Real Time Response Admin | Delete a custom-script based on the ID given. Can only delete one script at a time. |
| RTR_DeleteSession | Real Time Response | Delete a session. |
| RTR_ExecuteActiveResponderCommand | Real Time Response | Execute an active responder command on a single host. |
| RTR_ExecuteAdminCommand | Real Time Response Admin | Execute a RTR administrator command on a single host. |
| RTR_ExecuteCommand | Real Time Response | Execute a command on a single host. |
| RTR_GetExtractedFileContents | Real Time Response | Get RTR extracted file contents for specified session and sha256. |
| RTR_GetFalconScripts | Real Time Response Admin | Get Falcon scripts with metadata and content of script |
| RTR_GetPut_Files | Real Time Response Admin | Get put-files based on the ID's given. These are used for the RTR put command. |
| RTR_GetPut_FilesV2 | Real Time Response Admin | Get put-files based on the ID's given. These are used for the RTR put command. |
| RTR_GetPutFileContents | Real Time Response Admin | Get the contents of a put-file based on the ID given. |
| RTR_GetScripts | Real Time Response Admin | Get custom-scripts based on the ID's given. These are used for the RTR runscript command. |
| RTR_GetScriptsV2 | Real Time Response Admin | Get custom-scripts based on the ID's given. These are used for the RTR runscript command. |
| RTR_InitSession | Real Time Response | Initialize a new session with the RTR cloud. |
| RTR_ListAllSessions | Real Time Response | Get a list of session_ids. |
| RTR_ListFalconScripts | Real Time Response Admin | Get a list of Falcon script IDs available to the user to run |
| RTR_ListFiles | Real Time Response | Get a list of files for the specified RTR session. |
| RTR_ListFilesV2 | Real Time Response | Get a list of files for the specified RTR session. |
| RTR_ListPut_Files | Real Time Response Admin | Get a list of put-file ID's that are available to the user for the put command. |
| RTR_ListQueuedSessions | Real Time Response | Get queued session metadata by session ID. |
| RTR_ListScripts | Real Time Response Admin | Get a list of custom-script ID's that are available to the user for the runscript command. |
| RTR_ListSessions | Real Time Response | Get session metadata by session id. |
| RTR_PulseSession | Real Time Response | Refresh a session timeout on a single host. |
| RTR_UpdateScripts | Real Time Response Admin | Upload a new scripts to replace an existing one. |
| RTR_UpdateScriptsV2 | Real Time Response Admin | Upload a new scripts to replace an existing one. |
| RTRAuditSessions | Real Time Response Audit | Get all the RTR sessions created for a customer in a specified duration |
| RunIntegrationTask | ASPM | Run an integration task by its ID |
| RunIntegrationTaskAdmin | ASPM | Run an integration task by its ID with admin scope |
| RunIntegrationTaskV2 | ASPM | Run an integration task by its ID |
| ScanSamples | Quick Scan | Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute |
| schedule_scan | ODS | Create ODS scan and start or schedule scan for the given scan request. |
| scheduled_reports_get | Scheduled Reports | Retrieve scheduled reports for the provided report IDs. |
| scheduled_reports_launch | Scheduled Reports | Launch scheduled reports executions for the provided report IDs. |
| scheduled_reports_query | Scheduled Reports | Find all report IDs matching the query with filter |
| SearchAndReadContainerAlerts | Container Alerts | Search Container Alerts by the provided search criteria |
| SearchAndReadDriftIndicatorEntities | Drift Indicators | Retrieve Drift Indicators by the provided search criteria |
| SearchAndReadKubernetesIomEntities | Kubernetes Protection | Search Kubernetes IOM by the provided search criteria |
| SearchAndReadUnidentifiedContainers | Unidentified Containers | Search Unidentified Containers by the provided search criteria |
| SearchDetections | Container Detections | Retrieve image assessment detection entities identified by the provided filter criteria |
| SearchDriftIndicators | Drift Indicators | Retrieve all drift indicators that match the given query |
| SearchHuntingGuides | CAO Hunting | Search hunting guides. |
| SearchIndicators | Intelligence Indicator Graph | Search indicators based on FQL filter. |
| SearchIntelligenceQueries | CAO Hunting | Search intelligence queries that match the provided conditions. |
| SearchKubernetesIoms | Kubernetes Protection | Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query |
| SearchObjects | Custom Storage | Search for objects that match the specified filter criteria (returns metadata, not actual objects) |
| SearchObjectsByVersion | Custom Storage | Search for objects that match the specified filter criteria (returns metadata, not actual objects). |
| ServiceNowGetDeployments | ASPM | Get ServiceNow deployments. |
| ServiceNowGetServices | ASPM | Get ServiceNow services. |
| SetCloudSecurityIntegrationState | ASPM | Set Cloud Security integration state. |
| setContentUpdatePoliciesPrecedence | Content Update Policies | Sets the precedence of Content Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies when updating precedence. |
| setDeviceControlPoliciesPrecedence | Device Control Policies | Sets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence |
| setFirewallPoliciesPrecedence | Firewall Policies | Sets the precedence of Firewall Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence |
| setPreventionPoliciesPrecedence | Prevention Policy | Sets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence |
| setRTResponsePoliciesPrecedence | Response Policies | Sets the precedence of Response Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence |
| setSensorUpdatePoliciesPrecedence | Sensor Update Policy | Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence |
| severity_query_v1 | IOC | Query Severities. |
| signalChangesExternal | FileVantage | Initiates workflows for the provided change IDs. |
| ss_ioa_exclusions_aggregates_v2 | IOA Exclusions | Get Self Service IOA Exclusion aggregates as specified via json in the request body. |
| ss_ioa_exclusions_create_v2 | IOA Exclusions | Create new Self Service IOA Exclusions. |
| ss_ioa_exclusions_delete_v2 | IOA Exclusions | Delete the Self Service IOA Exclusions rule by id. |
| ss_ioa_exclusions_get_reports_v2 | IOA Exclusions | Create a report of Self Service IOA Exclusions scoped by the given filters. |
| ss_ioa_exclusions_get_v2 | IOA Exclusions | Get the Self Service IOA Exclusions rules by id. |
| ss_ioa_exclusions_matched_rule_v2 | IOA Exclusions | Get Self Service IOA Exclusions rules for matched IFN/CLI for child, parent and grandparent. |
| ss_ioa_exclusions_new_rules_v2 | IOA Exclusions | Get defaults for Self Service IOA Exclusions based on provided IFN/CLI for child, parent and grandparent. |
| ss_ioa_exclusions_search_v2 | IOA Exclusions | Search for Self Service IOA Exclusions. |
| ss_ioa_exclusions_update_v2 | IOA Exclusions | Update the Self Service IOA Exclusions rule by id. |
| startActions | FileVantage | Initiates the specified action on the provided change IDs. |
| StartSearchV1 | NGSIEM | Initiate a NGSIEM search. |
| StopSearchV1 | NGSIEM | Stop a NGSIEM search. |
| Submit | Falcon Intelligence Sandbox | Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes. |
| tokens_create | Installation Tokens | Creates a token. |
| tokens_delete | Installation Tokens | Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead. |
| tokens_query | Installation Tokens | Search for tokens by providing a FQL filter and paging details. |
| tokens_read | Installation Tokens | Gets the details of one or more tokens by id. |
| tokens_update | Installation Tokens | Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore. |
| TriggerScan | Kubernetes Protection | Triggers a dry run or a full scan of a customer's kubernetes footprint |
| update_data_scanner_tasks | DataScanner | Reports back on task status. |
| update_network_locations | Firewall Management | Updates the network locations provided, and return the ID. |
| update_network_locations_metadata | Firewall Management | Updates the network locations metadata such as polling_intervals for the cid |
| update_network_locations_precedence | Firewall Management | Updates the network locations precedence according to the list of ids provided. |
| update_policy_container | Firewall Management | Update an identified policy container, including local logging functionality. |
| update_policy_container_v1 | Firewall Management | Update an identified policy container. WARNING: This endpoint is deprecated in favor of v2, using this endpoint could disable your local logging setting. |
| update_rule_group | Firewall Management | Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules |
| update_rule_group_validation | Firewall Management | Validates the request of updating name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules |
| update_rule_groupMixin0 | Custom IOA | Update a rule group. The following properties can be modified: name, description, enabled. |
| update_rules | Custom IOA | Update rules within a rule group. Return the updated rules. |
| update_rules_v2 | Custom IOA | Update name, description, enabled or field_values for individual rules within a rule group. The v1 flavor of this call requires the caller to specify the complete state for all the rules in the rule group, instead the v2 flavor will accept the subset of rules in the rule group and apply the attribute updates to the subset of rules in the rule group. Returns the updated rules. |
| UpdateActionV1 | Recon | Update an action for a monitoring rule. |
| UpdateAWSAccount | Kubernetes Protection | Updates the AWS account per the query parameters provided |
| UpdateAWSAccounts | Cloud Connect AWS | Update AWS Accounts by specifying the ID of the account and details to update |
| UpdateCase | Message Center | update an existing case |
| updateCIDGroups | MSSP (Flight Control) | Update existing CID groups. CID group ID is expected for each CID group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. CID group member(s) remain unaffected. |
| UpdateCloudGroupExternal | Cloud Security | Update an existing Cloud Group's properties. |
| UpdateComplianceControl | Cloud Policies | Update a custom compliance control. |
| UpdateComplianceFramework | Cloud Policies | Update a custom compliance framework. |
| updateContentUpdatePolicies | Content Update Policies | Update Content Update Policies by specifying the ID of the policy and details to update. |
| UpdateCSPMAzureAccountClientID | CSPM Registration | Update an Azure service account in our system by with the user-created client_id created with the public key we've provided |
| UpdateCSPMAzureTenantDefaultSubscriptionID | CSPM Registration | Update an Azure default subscription_id in our system for given tenant_id |
| UpdateCSPMGCPAccount | CSPM Registration | Patches a existing account in our system for a customer. |
| UpdateCSPMGCPServiceAccountsExt | CSPM Registration | Updates an existing GCP service account. |
| UpdateCSPMPolicySettings | CSPM Registration | Updates a policy setting - can be used to override policy severity or to disable a policy entirely. |
| UpdateCSPMScanSchedule | CSPM Registration | Updates scan schedule configuration for one or more cloud platforms. |
| UpdateD4CCPServiceAccountsExt | D4C Registration | Updates an existing GCP service account. |
| UpdateDashboardFromTemplate | NGSIEM | Update a dashboard from a template. |
| updateDefaultDeviceControlPolicies | Device Control Policies | Update the configuration for a Default Device Control Policy |
| updateDefaultDeviceControlSettings | Device Control Policies | Update the configuration for Default Device Control Settings. |
| UpdateDefaultGroup | ASPM | Update default group. |
| UpdateDetectsByIdsV2 | Detects | Modify the state, assignee, and visibility of detections |
| updateDeviceControlPolicies | Device Control Policies | Update Device Control Policies by specifying the ID of the policy and details to update |
| UpdateDeviceTags | Hosts | Append or remove one or more Falcon Grouping Tags on one or more hosts. Tags must be of the form FalconGroupingTags/ |
| UpdateDiscoverCloudAzureAccountClientID | D4C Registration | Update an Azure service account in our system by with the user-created client_id created with the public key we've provided |
| UpdateExecutorNode | ASPM | Update an existing relay node |
| UpdateFileV1 | Foundry LogScale | Updates a lookup file. |
| updateFirewallPolicies | Firewall Policies | Update Firewall Policies by specifying the ID of the policy and details to update |
| UpdateGroup | ASPM | Update group. |
| updateHostGroups | Host Group | Update Host Groups by specifying the ID of the group and details to update |
| UpdateIntegration | ASPM | Update an existing integration by its ID |
| UpdateIntegrationTask | ASPM | Update an existing integration task by its ID |
| updateIOAExclusionsV1 | IOA Exclusions | Update the IOA exclusions |
| UpdateIOC | IOCs | This operation has been superseded by the IOC.indicator_update_v1 operation and is no longer used. |
| UpdateLookupFile | NGSIEM | Update a lookup file. |
| UpdateLookupFileEntries | NGSIEM | Update entries in an existing Lookup File in NGSIEM. |
| updateMLExclusionsV1 | ML Exclusions | Update the ML exclusions |
| UpdateNotificationsV1 | Recon | Update notification status or assignee. Accepts bulk requests |
| UpdateParser | NGSIEM | Update a parser. |
| UpdateParserAutoUpdatePolicy | NGSIEM | Update a parser auto update policy. |
| updatePolicies | FileVantage | Updates the general information of the provided policy. |
| UpdatePolicies | Image Assessment Policies | Update Image Assessment Policy entities |
| UpdatePolicyExclusions | Image Assessment Policies | Update Image Assessment Policy Exclusion entities |
| UpdatePolicyGroups | Image Assessment Policies | Update Image Assessment Policy Group entities |
| updatePolicyHostGroups | FileVantage | Manage host groups assigned to a policy. |
| updatePolicyPrecedence | FileVantage | Updates the policy precedence for all policies of a specific type. |
| UpdatePolicyPrecedence | Image Assessment Policies | Update Image Assessment Policy precedence |
| updatePolicyRuleGroups | FileVantage | Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy. |
| updatePreventionPolicies | Prevention Policy | Update Prevention Policies by specifying the ID of the policy and details to update |
| UpdateQfByQuery | Quarantine | Apply quarantine file actions by query. |
| UpdateQuarantinedDetectsByIds | Quarantine | Apply action by quarantine file ids |
| UpdateRegistryEntities | Falcon Container | Update the registry entity, as identified by the entity UUID, using the provided details |
| updateRTResponsePolicies | Response Policies | Update Response Policies by specifying the ID of the policy and details to update |
| UpdateRule | Cloud Policies | Update a rule. |
| updateRuleGroupPrecedence | FileVantage | Updates the rule precedence for all rules in the identified rule group. |
| updateRuleGroups | FileVantage | Updates the provided rule group. |
| UpdateRuleOverride | Cloud Policies | Update a rule override. |
| updateRules | FileVantage | Updates the provided rule configuration within the specified rule group. |
| UpdateRulesV1 | Recon | Update monitoring rules. |
| UpdateSavedQueryFromTemplate | NGSIEM | Update a saved query from a template. |
| updateScheduledExclusions | FileVantage | Updates the provided scheduled exclusion configuration within the provided policy. |
| updateSensorUpdatePolicies | Sensor Update Policy | Update Sensor Update Policies by specifying the ID of the policy and details to update |
| updateSensorUpdatePoliciesV2 | Sensor Update Policy | Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection |
| updateSensorVisibilityExclusionsV1 | Sensor Visibility Exclusions | Update the sensor visibility exclusions |
| UpdateSuppressionRule | Cloud Policies | Update a suppression rule. |
| UpdateUser | User Management | Deprecated : Please use PATCH /user-management/entities/users/v1. Modify an existing user's first or last name |
| updateUserGroups | MSSP (Flight Control) | Update existing user group(s). User group ID is expected for each user group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. User group member(s) remain unaffected. |
| updateUserV1 | User Management | Modify an existing user's first or last name. |
| UploadFileMixin0Mixin93 | Quick Scan Pro | Uploads a file to be further analyzed with QuickScan Pro. The samples expire after 90 days. |
| UploadFileQuickScanPro | Quick Scan Pro | Uploads a file to be further analyzed with QuickScan Pro. The samples expire after 90 days. |
| UploadLookupV1 | NGSIEM | Upload a lookup file to NGSIEM. |
| UploadSampleV2 | Falcon Intelligence Sandbox | Upload a file for sandbox analysis. After uploading, use /falconx/entities/submissions/v1 to start analyzing the file. |
| UploadSampleV3 | Sample Uploads | Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. |
| upsert_network_locations | Firewall Management | Updates the network locations provided, and return the ID. |
| UpsertBusinessApplications | ASPM | Create or Update Business Applications |
| UpsertTags | ASPM | Create new or update existing tag. You can update unique tags table or regular tags table. |
| userActionV1 | User Management | Apply actions to one or more User. Available action names: reset_2fa, reset_password. User UUIDs can be provided in ids param as part of request payload. |
| userRolesActionV1 | User Management | Grant or Revoke one or more role(s) to a user against a CID. User UUID, CID and Role ID(s) can be provided in request payload. Available Action(s) : grant, revoke |
| v1_child_executions_query | Workflows | Search for child executions by providing a FQL filter and paging details. |
| validate | Custom IOA | Validates field values and checks for matches if a test string is provided. |
| validate_filepath_pattern | Firewall Management | Validates that the test pattern matches the executable filepath glob pattern. |
| ValidateCSPMGCPServiceAccountExt | CSPM Registration | Validates credentials for a service account |
| VerifyAWSAccountAccess | Cloud Connect AWS | Performs an Access Verification check on the specified AWS Account IDs |
| WorkflowActivitiesCombined | Workflows | Search workflow activities based on the provided filter |
| WorkflowActivitiesContentCombined | Workflows | Search for activities by name. Returns all supported activities if no filter is specified. |
| WorkflowDefinitionsCombined | Workflows | Search workflow definitions based on the provided filter |
| WorkflowDefinitionsExport | Workflows | Exports a workflow definition for the given definition ID |
| WorkflowDefinitionsImport | Workflows | Imports a workflow definition based on the provided model |
| WorkflowDefinitionsStatus | Workflows | Get the status of a workflow definition. |
| WorkflowDefinitionsUpdate | Workflows | Updates a workflow definition based on the provided model. |
| WorkflowExecute | Workflows | Executes an on-demand Workflow, the body is JSON used to trigger the execution, the response the execution ID(s) |
| WorkflowExecuteInternal | Workflows | Executes an on-demand Workflow, the body is JSON used to trigger the execution, the response the execution ID(s). |
| WorkflowExecuteSingleNodeV1 | Workflows | Executes a single activity node. |
| WorkflowExecutionResults | Workflows | Get execution result of a given execution |
| WorkflowExecutionsAction | Workflows | Allows a user to resume/retry a failed workflow execution. |
| WorkflowExecutionsCombined | Workflows | Search workflow executions based on the provided filter |
| WorkflowGetHumanInputV1 | Workflows | Gets one or more specific human inputs by their IDs. |
| WorkflowMockExecute | Workflows | Executes an on-demand Workflow with mocks. |
| WorkflowSystemDefinitionsDeProvision | Workflows | Deprovisions a system definition that was previously provisioned on the target CID |
| WorkflowSystemDefinitionsPromote | Workflows | Promotes a version of a system definition for a customer. The customer must already have been provisioned. This allows the caller to apply an updated template version to a specific cid and expects all parameters to be supplied. If the template supports multi-instance the customer scope definition ID must be supplied to determine which customer workflow should be updated. |
| WorkflowSystemDefinitionsProvision | Workflows | Provisions a system definition onto the target CID by using the template and provided parameters |
| WorkflowTriggersCombined | Workflows | Search workflow triggers based on the provided filter |
| WorkflowUpdateHumanInputV1 | Workflows | Provides an input in response to a human input action. Depending on action configuration, one or more of Approve, Decline, and/or Escalate are permitted. |
