Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id
client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
GetCSPMAwsAccount
Returns information about the current status of an AWS account.
PEP8 method name
get_aws_account
Endpoint
Method
Route
/cloud-connect-cspm-aws/entities/account/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
cspm_lite
query
boolean
Only return CSPM lite accounts.
group_by
query
string
The field to group by.
ids
query
string or list of strings
AWS Account ID(s).
limit
query
integer
Maximum number of results to return. (Default: 100)
offset
query
integer
Starting record position.
iam_role_arns
query
string or list of strings
AWS IAM role ARN(s).
migrated
query
string
Only return migrated D4C accounts (true or false).
organization_ids
query
string or list of strings
AWS Organization ID(s).
parameters
query
dictionary
Full query string parameters payload in JSON format.
scan_type
query
string
Type of scan to perform, dry or full.
status
query
string
Account status to filter results by.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']orgs='ORG1,ORG2,ORG3'# Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']arns='ARN1,ARN2,ARN3'# Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']response=falcon.get_aws_account(cspm_lite=boolean,
scan_type="string",
organization_ids=orgs,
iam_role_arns=arns,
status="string",
limit=integer,
migrated="boolean string",
offset=integer,
group_by="string",
ids=id_list
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']orgs='ORG1,ORG2,ORG3'# Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']arns='ARN1,ARN2,ARN3'# Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']response=falcon.GetCSPMAwsAccount(cspm_lite=boolean,
scan_type="string",
organization_ids=orgs,
iam_role_arns=arns,
status="string",
limit=integer,
migrated="boolean string",
offset=integer,
group_by="string",
ids=id_list
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']orgs='ORG1,ORG2,ORG3'# Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']arns='ARN1,ARN2,ARN3'# Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']response=falcon.command("GetCSPMAwsAccount",
cspm_lite=boolean,
scan_type="string",
organization_ids=orgs,
iam_role_arns=arns,
status="string",
limit=integer,
migrated="boolean string",
offset=integer,
group_by="string",
ids=id_list
)
print(response)
Deletes an existing AWS account or organization in our system.
PEP8 method name
delete_aws_account
Endpoint
Method
Route
/cloud-connect-cspm-aws/entities/account/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The AWS account IDs to remove.
organization_ids
query
string or list of strings
The AWS organization ID(s) to delete.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']orgs='ORG1,ORG2,ORG3'# Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']response=falcon.delete_aws_account(organization_ids=orgs, ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']orgs='ORG1,ORG2,ORG3'# Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']response=falcon.DeleteCSPMAwsAccount(organization_ids=orgs, ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS= {
"organization-ids": [
"string",
"string"
]
}
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']orgs='ORG1,ORG2,ORG3'# Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']response=falcon.command("DeleteCSPMAwsAccount", organization_ids=orgs, ids=id_list)
print(response)
Full query string parameters payload in JSON format.
region
query
string
Region
template
query
string
Template to be rendered. Available values: aws-url, aws-iom-url, aws-ioa-url, aws-sensor-management-url, aws-dspm-url, aws-idp-url
use_existing_cloudtrail
query
string
Boolean flag indicating if the CloudTrail be used. (Accepted values: true or false)
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_aws_console_setup_urls(ids=id_list,
region="string",
template="string",
use_existing_cloudtrail="boolean string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetCSPMAwsConsoleSetupURLs(ids=id_list,
region="string",
template="string",
use_existing_cloudtrail="boolean string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetCSPMAwsConsoleSetupURLs",
ids=id_list,
region="string",
template="string",
use_existing_cloudtrail="boolean string"
)
print(response)
Enable behavior assessment. Allowed values: true or false
custom_role_name
query
string
The custom IAM role to be used during registration.
dspm_enabled
query
string
Enable DSPM. Allowed values: true or false
dspm_regions
query
string or list of strings
DSPM regions.
dspm_role
query
string
DSPM role.
ids
query
string or list of strings
The AWS account ID(s) to retrieve script attachments.
organization_id
query
string or list of strings
The AWS organization ID to be registered.
parameters
query
dictionary
Full query string parameters payload as a dictionary.
sensor_management_enabled
query
string
Enable sensor management. Allowed values: true or false
template
query
string
Template to be rendered. Allowed values: aws-bash or aws-terraform
use_existing_cloudtrail
query
string
Use the existing cloudtrail log. Allowed values: true or false
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list="AC1,AC2,AC3"# Can also pass a list here: ["AC1", "AC2", "AC3"]id_list="ID1,ID2,ID3"# Can also pass a list here: ["ID1", "ID2", "ID3"]org_id_list="ORG1"# Can also pass a list or comma delimited string here.dspm_region_list="REGION1"# Can also pass a list or comma delimited string here.response=falcon.get_aws_account_scripts_attachment(accounts=account_list,
account_type="string",
aws_profile="string",
behavior_assessment_enabled="string",
custom_role_name="string",
dspm_enabled="string",
dspm_regions=dspm_region_list,
dspm_role="string",
ids=id_list,
organization_id=org_id_list,
sensor_management_enabled="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list="AC1,AC2,AC3"# Can also pass a list here: ["AC1", "AC2", "AC3"]id_list="ID1,ID2,ID3"# Can also pass a list here: ["ID1", "ID2", "ID3"]org_id_list="ORG1"# Can also pass a list or comma delimited string here.dspm_region_list="REGION1"# Can also pass a list or comma delimited string here.response=falcon.GetCSPMAwsAccountScriptsAttachment(accounts=account_list,
account_type="string",
aws_profile="string",
behavior_assessment_enabled="string",
custom_role_name="string",
dspm_enabled="string",
dspm_regions=dspm_region_list,
dspm_role="string",
ids=id_list,
organization_id=org_id_list,
sensor_management_enabled="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list="AC1,AC2,AC3"# Can also pass a list here: ["AC1", "AC2", "AC3"]id_list="ID1,ID2,ID3"# Can also pass a list here: ["ID1", "ID2", "ID3"]org_id_list="ORG1"# Can also pass a list or comma delimited string here.dspm_region_list="REGION1"# Can also pass a list or comma delimited string here.response=falcon.command("GetCSPMAwsAccountScriptsAttachment",
accounts=account_list,
account_type="string",
aws_profile="string",
behavior_assessment_enabled="string",
custom_role_name="string",
dspm_enabled="string",
dspm_regions=dspm_region_list,
dspm_role="string",
ids=id_list,
organization_id=org_id_list,
sensor_management_enabled="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)
Return information about Azure account registration
PEP8 method name
get_azure_account
Endpoint
Method
Route
/cloud-connect-azure/entities/account/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
cspm_lite
query
boolean
Only return CSPM lite accounts.
ids
query
string or list of strings
Subscription ID(s). When empty, all accounts are returned.
limit
query
integer
Maximum number of results to return. (Default: 100)
offset
query
integer
Starting record position.
parameters
query
dictionary
Full query string parameters payload in JSON format.
scan_type
query
string
Type of scan to perform, dry or full.
status
query
string
Account status to filter results by. Allowed values:
Event_DiscoverAccountStatusProvisioned
Event_DiscoverAccountStatusOperational
tenant_ids
query
string or list of strings
Tenant ID(s) used to filter Azure accounts returned.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']tenants='TENANT1,TENANT2,TENANT3'# Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']response=falcon.get_azure_account(scan_type="string",
cspm_lite=boolean,
status="string",
limit=integer,
offset=integer,
ids=id_list,
tenant_ids=tenants
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']tenants='TENANT1,TENANT2,TENANT3'# Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']response=falcon.GetCSPMAzureAccount(scan_type="string",
cspm_lite=boolean,
status="string",
limit=integer,
offset=integer,
ids=id_list,
tenant_ids=tenants
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']tenants='TENANT1,TENANT2,TENANT3'# Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']response=falcon.command("GetCSPMAzureAccount",
cspm_lite=boolean,
scan_type="string",
status="string",
limit=integer,
offset=integer,
ids=id_list,
tenant_ids=tenants
)
print(response)
Full query string parameters payload in JSON format.
retain_tenant
query
string
Retain tenant.
tenant_ids
query
string or list of strings
Tenant IDs to remove.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']tenants='TENANT1,TENANT2,TENANT3'# Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']response=falcon.delete_azure_account(ids=id_list, retain_tenant="string", tenant_ids=tenants)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']tenants='TENANT1,TENANT2,TENANT3'# Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']response=falcon.DeleteCSPMAzureAccount(ids=id_list, retain_tenants="string", tenant_ids=tenants)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']tenants='TENANT1,TENANT2,TENANT3'# Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']response=falcon.command("DeleteCSPMAzureAccount",
ids=id_list,
retain_tenant="string",
tenant_ids=tenants
)
print(response)
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
PEP8 method name
update_azure_account_client_id
Endpoint
Method
Route
/cloud-connect-azure/entities/client-id/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
string
This field is not used. Ignore.
id
query
string or list of strings
The Azure Client ID to use for the Service Principal associated with the Azure account.
tenant_id
query
string or list of strings
The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.update_azure_account_client_id(id="string", tenant_id="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.UpdateCSPMAzureAccountClientID(id="string", tenant_id="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("UpdateCSPMAzureAccountClientID", id="string", tenant_id="string")
print(response)
The Azure subscription ID to use as a default for all subscriptions within the tenant.
tenant_id
query
string or list of strings
The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.update_azure_tenant_default_subscription_id(tenant_id="string",
subscription_id="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.UpdateCSPMAzureTenantDefaultSubscriptionID(tenant_id="string",
subscription_id="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("UpdateCSPMAzureTenantDefaultSubscriptionID",
tenant_id="string",
subscription_id="string"
)
print(response)
Full query string parameters payload in JSON format.
refresh
query
boolean
Force a refresh of the certificate. Defaults to False.
tenant_id
query
string or list of strings
The Azure Client ID to generate script for. Defaults to the most recently registered tenant.
years_valid
query
string
The number of years the certificate should be valid (only used when refresh=True).
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.azure_download_certificate(refresh=boolean,
tenant_id="string",
years_valid="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.AzureDownloadCertificate(refresh=boolean,
tenant_id="string",
years_valid="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("AzureDownloadCertificate",
refresh=boolean,
tenant_id="string",
years_valid="string"
)
print(response)
Full query string parameters payload in JSON format.
subscription_ids
query
string or list of strings
Subscription IDs to generate scripts for. Defaults to all.
template
query
string or list of strings
Template to be rendered.
tenant_id
query
string
The Azure tenant ID to generate scripts for. Defaults to the most recently registered tenant.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions='SUB1,SUB2,SUB3'# Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']response=falcon.get_azure_user_scripts_attachment(account_type="string",
azure_management_group=boolean,
subscription_ids=subscriptions,
template="string",
tenant_id="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions='SUB1,SUB2,SUB3'# Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']response=falcon.GetCSPMAzureUserScriptsAttachment(account_type="string",
azure_management_group=boolean,
subscription_ids=subscriptions,
template="string",
tenant_id="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("GetCSPMAzureUserScriptsAttachment",
account_type="string",
azure_management_group=boolean,
subscription_ids=subscriptions,
template="string",
tenant_id="string"
)
print(response)
Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID).
aws_account_id
query
string
AWS Account ID.
azure_subscription_id
query
string
Azure Subscription ID.
azure_tenant_id
query
string
Azure Tenant ID.
cloud_provider
query
string
Cloud Provider (azure, aws, gcp).
date_time_since
query
string
Filter to retrieve all events after specified date. RFC3339 format. Example: 2006-01-01T12:00:01Z07:00.
limit
query
integer
Maximum number of results to return. (Max: 500)
next_token
query
string
String to get next page of results, associated with the previous execution. Must include all filters from previous execution.
resource_id
query
string or list of strings
Resource ID.
resource_uuid
query
string or list of strings
Resource UUID.
service
query
string
Filter by Cloud Service. A list of available services can be found here.
severity
query
string
Filter by severity. Example: High, Medium or Informational.
state
query
string
Filter by state. Example: open or closed.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Available Services
ACM
Identity
ACR
KMS
Any
KeyVault
App Engine
Kinesis
BigQuery
Kubernetes
Cloud Load Balancing
Lambda
Cloud Logging
LoadBalancer
Cloud SQL
Monitor
Cloud Storage
NLB/ALB
CloudFormation
NetworkSecurityGroup
CloudTrail
PostgreSQL
CloudWatch Logs
RDS
Cloudfront
Redshift
Compute Engine
S3
Config
SES
Disk
SNS
DynamoDB
SQLDatabase
EBS
SQLServer
EC2
SQS
ECR
SSM
EFS
Serverless Application Repository
EKS
StorageAccount
ELB
Subscriptions
EMR
VPC
Elasticache
VirtualMachine
GuardDuty
VirtualNetwork
IAM
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
res_ids='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']res_uuids='UUID1,UUID2,UUID3'# Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']response=falcon.get_behavior_detections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
resource_id=res_ids,
resource_uuid=res_uuids,
service="string",
severity="string",
state="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
res_ids='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']res_uuids='UUID1,UUID2,UUID3'# Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']response=falcon.GetBehaviorDetections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
resource_id=res_ids,
resource_uuid=res_uuids,
service="string",
severity="string",
state="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
res_ids='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']res_uuids='UUID1,UUID2,UUID3'# Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']response=falcon.command("GetBehaviorDetections",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
resource_id=res_ids,
resource_uuid=res_uuids,
service="string",
severity="string",
state="string"
)
print(response)
Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.
PEP8 method name
get_configuration_detection_entities
Endpoint
Method
Route
/detects/entities/iom/v2
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
Detection IDs to retrieve.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_configuration_detection_entities(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetConfigurationDetectionEntities(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetConfigurationDetectionEntities", ids=id_list)
print(response)
Get list of active misconfiguration ids - including custom policy detections in addition to default policy detections.
PEP8 method name
get_configuration_detection_ids_v2
Endpoint
Method
Route
/detects/queries/iom/v2
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
offset
query
integer
The offset to start retrieving detections from
parameters
query
dictionary
Full query string parameters payload in JSON format.
limit
query
integer
The maximum number of detections to return. [1-1000]
sort
query
string
The property to sort by (e.g. timestamp|desc or policy_id|asc)
Default: timestamp|desc
Available fields:
account_name
account_id
attack_types
azure_subscription_id
cloud_provider
cloud_service_keyword
status
is_managed
policy_id
policy_type
resource_id
region
scan_time
severity
severity_string
timestamp
filter
query
string
The FQL filter expression that should be used to limit the results.
Available filters:
use_current_scan_ids (use this to get records for latest scans)
account_name
account_id
agent_id
attack_types
azure_subscription_id
cloud_provider
cloud_service_keyword
custom_policy_id
is_managed
policy_id
policy_type
resource_id
region
status
scan_time
severity
severity_string
next_token
query
string
String to get next page of results. Cannot be combined with any other keyword except limit.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_configuration_detection_ids_v2(offset=integer,
limit=integer,
sort="string",
filter="string",
next_token="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.GetConfigurationDetectionIDsV2(offset=integer,
limit=integer,
sort="string",
filter="string",
next_token="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("GetConfigurationDetectionIDsV2",
offset=integer,
limit=integer,
sort="string",
filter="string",
next_token="string"
)
print(response)
Given a policy ID, returns detailed policy information.
PEP8 method name
get_policy
Endpoint
Method
Route
/settings/entities/policy-details/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
Policy IDs to retrieve.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_policy(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetCSPMPolicy(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetCSPMPolicy", ids=id_list)
print(response)
Given an array of policy IDs, returns detailed policies information.
PEP8 method name
get_policy_details
Endpoint
Method
Route
/settings/entities/policy-details/v2
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
Detection IDs to retrieve.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_policy_details(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetPoliciesDetails(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetPoliciesDetails", ids=id_list)
print(response)
Returns information about current policy settings.
PEP8 method name
get_policy_settings
Endpoint
Method
Route
/settings/entities/policy/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
cloud_platform
query
string
Cloud Provider (azure, aws, gcp).
parameters
query
dictionary
Full query string parameters payload in JSON format.
policy_id
query
string
IOA Policy ID.
service
query
string
Filter by Service type.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_policy_settings(service="string",
policy_id="string",
cloud_platform="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.GetCSPMPolicySettings(service="string",
policy_id="string",
cloud_platform="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("GetCSPMPolicySettings",
service="string",
policy_id="string",
cloud_platform="string"
)
print(response)
Updates a policy setting - can be used to override policy severity or to disable a policy entirely.
PEP8 method name
update_policy_settings
Endpoint
Method
Route
/settings/entities/policy/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
account_id
body
string
Cloud Account ID to impact.
body
body
dictionary
Full body payload in JSON format.
enabled
body
boolean
Flag indicating if this policy is enabled.
policy_id
body
integer
Policy ID to be updated.
regions
body
string or list of strings
List of regions where this policy is enforced.
severity
body
string
Policy severity value.
tag_excluded
body
boolean
Tag exclusion flag.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
region_list='REG1,REG2,REG3'# Can also pass a list here: ['REG1', 'REG2', 'REG3']response=falcon.update_policy_settings(account_id="string",
enabled=boolean,
policy_id=integer,
regions=region_listseverity="string",
tag_excluded=boolean
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
region_list='REG1,REG2,REG3'# Can also pass a list here: ['REG1', 'REG2', 'REG3']response=falcon.UpdateCSPMPolicySettings(account_id="string",
enabled=boolean,
policy_id=integer,
regions=region_listseverity="string",
tag_excluded=boolean
)
print(response)
Returns scan schedule configuration for one or more cloud platforms.
PEP8 method name
get_scan_schedule
Endpoint
Method
Route
/settings/scan-schedule/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
cloud_platform
query
string or list of strings
The Cloud Platform. (azure, aws, gcp)
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clouds='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_scan_schedule(cloud_platform=clouds)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clouds='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetCSPMScanSchedule(cloud_platform=clouds)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clouds='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetCSPMScanSchedule", cloud_platform=clouds)
print(response)
Updates scan schedule configuration for one or more cloud platforms.
PEP8 method name
update_scan_schedule
Endpoint
Method
Route
/settings/scan-schedule/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
cloud_platform
body
string
Cloud platform (Azure, AWS, GCP).
next_scan_timestamp
body
string
UTC formatted string.
scan_schedule
body
string
Scan schedule type.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.update_scan_schedule(cloud_platform="string",
next_scan_timestampt="string",
scan_schedule="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.UpdateCSPMScanSchedule(cloud_platform="string",
next_scan_timestampt="string",
scan_schedule="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY= {
"resources": [
{
"cloud_platform": "string",
"next_scan_timestamp": "2021-10-25T05:22:27.365Z",
"scan_schedule": "string"
}
]
}
response=falcon.command("UpdateCSPMScanSchedule", body=BODY)
print(response)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_azure_management_group(tenant_ids=id_list,
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetCSPMAzureManagementGroup(tenant_ids=id_list,
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetCSPMAzureManagementGroup",
tenant_ids=id_list,
limit=integer,
offset=integer
)
print(response)
Full query string parameters payload in JSON format.
tenant_ids
query
string or list of strings
Tenant IDs to remove.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_azure_management_group(tenant_ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.DeleteCSPMAzureManagementGroup(tenant_ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("DeleteCSPMAzureManagementGroup", tenant_ids=id_list)
print(response)
CreateCSPMAzureManagementGroup
Creates a new management group in our system for a customer.
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.create_azure_management_group(default_subscription_id="string",
tenant_id="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CreateCSPMAzureManagementGroup(default_subscription_id="string",
tenant_id="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload= {
"resources": [
{
"default_subscription_id": "string""tenant_id": "string",
}
]
}
response=falcon.command("CreateCSPMAzureManagementGroup", body=body_payload)
print(response)
GetCSPMCGPAccount
Returns information about the current status of an GCP account.
PEP8 method name
get_gcp_account
Endpoint
Method
Route
/cloud-connect-cspm-gcp/entities/account/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
Hierarchical Resource IDs of accounts.
limit
query
integer
Maximum number of results to return. (Default: 100)
offset
query
integer
Starting record position.
parameters
query
dictionary
Full query string parameters payload in JSON format.
parent_type
query
string
GCP Hierarchy Parent Type in organization/folder/project format.
scan_type
query
string
Type of scan to perform, dry or full.
status
query
string
Account status to filter results by.
sort
query
string
Order fields in ascending or descending order. Example: parent_type|asc
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_gcp_account(parent_type="string",
scan_type="string",
status="string",
limit=integer,
offset=integer,
sort="string",
ids=id_list
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetCSPMCGPAccount(parent_type="string",
scan_type="string",
status="string",
limit=integer,
offset=integer,
sort="string",
ids=id_list
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetCSPMCGPAccount",
parent_type="string",
scan_type="string",
status="string",
limit=integer,
offset=integer,
sort="string",
ids=id_list
)
print(response)
CreateCSPMGCPAccount
Creates a new account and generates a new service account to add access to your GCP environment.
PEP8 method name
create_gcp_account
Endpoint
Method
Route
/cloud-connect-cspm-gcp/entities/account/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
parent_id
body
string
Parent ID.
parent_type
body
string
Parent Type.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.create_gcp_account(parent_id="string", parent_type="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CreateCSPMGCPAccount(parent_id="string", parent_type="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload= {
"resources": [
{
"parent_id": "string",
"parent_type": "string"
}
]
}
response=falcon.command("CreateCSPMGCPAccount", body=body_payload)
print(response)
DeleteCSPMGCPAccount
Deletes a GCP account from the system.
PEP8 method name
delete_gcp_account
Endpoint
Method
Route
/cloud-connect-cspm-gcp/entities/account/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
Hierarchical Resource IDs of accounts to delete.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_gcp_account(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.DeleteCSPMGCPAccount(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("DeleteCSPMGCPAccount", ids=id_list)
print(response)
UpdateCSPMGCPAccount
Updates an existing GCP account.
PEP8 method name
update_gcp_account
Endpoint
Method
Route
/cloud-connect-cspm-gcp/entities/account/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
environment
body
string
Environment.
parent_id
body
string
Parent ID.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.update_gcp_account(environment="string", parent_id="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.UpdateCSPMGCPAccount(environment="string", parent_id="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload= {
"resources": [
{
"environment": "string",
"parent_id": "string"
}
]
}
response=falcon.command("UpdateCSPMGCPAccount", body=body_payload)
print(response)
ConnectCSPMGCPAccount
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id.
PEP8 method name
connect_gcp_account
Endpoint
Method
Route
/cloud-connect-cspm-gcp/entities/account/v2
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
client_email
body
string
GCP client email.
client_id
body
string
GCP client ID.
parent_id
body
string
Parent ID.
parent_type
body
string
Parent type.
private_key
body
string
GCP private key.
private_key_id
body
string
GCP private key ID.
project_id
body
string
GCP project ID.
service_account_id
body
integer
GCP service account ID.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.connect_gcp_account(client_email="string",
client_id="string",
parent_id="string",
parent_type="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_id=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ConnectCSPMGCPAccount(client_email="string",
client_id="string",
parent_id="string",
parent_type="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_id=integer
)
print(response)
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_gcp_service_account(id="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.GetCSPMGCPServiceAccountsExt(id="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("GetCSPMGCPServiceAccountsExt", id="string")
print(response)
Full query string parameters payload in JSON format.
parent_type
query
string
GCP Hierarchy Parent Type. Allowed values: organization, folder or project
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_gcp_user_scripts_attachment(parent_type="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetCSPMGCPUserScriptsAttachment(parent_type="string", ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarness# Do not hardcode API credentials!falcon=APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("GetCSPMGCPUserScriptsAttachment", parent_type="string", ids=id_list)
print(response)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.validate_gcp_account(resources=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCSPMRegistration# Do not hardcode API credentials!falcon=CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.GetCSPMGCPValidateAccountsExt(resources=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']body_payload= {
"resources": id_list
}
response=falcon.command("GetCSPMGCPValidateAccountsExt", body=body_payload)
print(response)