Cloud AWS Registration - CrowdStrike/falconpy GitHub Wiki

CrowdStrike Falcon CrowdStrike Subreddit

Using the Cloud AWS Registration service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
cloud_registration_aws_get_accounts
PEP8 get_accounts
Retrieve existing AWS accounts by account IDs.
cloud_registration_aws_create_account
PEP8 create_account
Creates a new account in our system for a customer.
cloud_registration_aws_delete_account
PEP8 delete_account
Deletes an existing AWS account or organization in our system.
cloud_registration_aws_update_account
PEP8 update_account
Patches a existing account in our system for a customer.
cloud_registration_aws_query_accounts
PEP8 query_accounts
Retrieve existing AWS accounts by account IDs.

cloud_registration_aws_get_accounts

Retrieve existing AWS accounts by account IDs.

PEP8 method name

get_accounts

Endpoint

Method Route
GET /cloud-security-registration-aws/entities/account/v1

Required Scope

cloud-aws-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids Service Class Support Uber Class Support query string or list of strings AWS account IDs to filter.
parameters Service Class Support Uber Class Support query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudAWSRegistration

falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_accounts(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CloudAWSRegistration

falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.cloud_registration_aws_get_accounts(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("cloud_registration_aws_get_accounts", ids=id_list)

print(response)

cloud_registration_aws_create_account

Creates a new account in our system for a customer.

PEP8 method name

create_account

Endpoint

Method Route
POST /cloud-security-registration-aws/entities/account/v1

Required Scope

cloud-aws-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
account_id Service Class Support Uber Class Support body string AWS account ID.
account_type Service Class Support Uber Class Support body string AWS account type.
body Service Class Support Uber Class Support body dictionary Full body payload in JSON format.
csp_events Service Class Support Uber Class Support body boolean Flag indicating if CSP events should be included.
is_master Service Class Support Uber Class Support body boolean Flag indicating if this is a master account.
organization_id Service Class Support Uber Class Support body string AWS organization ID.
products Service Class Support Uber Class Support body list_of_dictionaries List of included products and features.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudAWSRegistration

falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

# Can also pass a list here: ['PRODUCT_ID1', 'PRODUCT_ID2', 'PRODUCT_ID3']
products = [
    {
        "features": [
            "string"
        ],
        "product": "string"
    }
]

response = falcon.create_account(account_id="string",
                                 account_type="string",
                                 csp_events=boolean,
                                 is_master=boolean,
                                 organization_id="string",
                                 products=products
                                 )
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudAWSRegistration

falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

products = [
    {
        "features": [
            "string"
        ],
        "product": "string"
    }
]

response = falcon.cloud_registration_aws_create_account(account_id="string",
                                                        account_type="string",
                                                        csp_events=boolean,
                                                        is_master=boolean,
                                                        organization_id="string",
                                                        products=products
                                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
  "resources": [
    {
      "account_id": "string",
      "account_type": "string",
      "csp_events": boolean,
      "is_master": boolean,
      "organization_id": "string",
      "products": [
        {
          "features": [
            "string"
          ],
          "product": "string"
        }
      ]
    }
  ]
}

response = falcon.command("cloud_registration_aws_create_account", body=body_payload)

print(response)

cloud_registration_aws_delete_account

Deletes an existing AWS account or organization in our system.

PEP8 method name

delete_account

Endpoint

Method Route
DELETE /cloud-security-registration-aws/entities/account/v1

Required Scope

cloud-aws-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids Service Class Support Uber Class Support query string or list of strings AWS account IDs to filter.
organization_ids Service Class Support Uber Class Support query string or list of strings AWS organization IDs to remove
parameters Service Class Support Uber Class Support query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudAWSRegistration

falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_account(organization_ids=organization_id_list, ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CloudAWSRegistration

falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.cloud_registration_aws_delete_account(organization_ids=organization_id_list, ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

organization_id_list = 'ORG_ID1,ORG_ID2,ORG_ID3'  # Can also pass a list here: ['ORG_ID1', 'ORG_ID2', 'ORG_ID3']

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("cloud_registration_aws_delete_account", organization_ids=organization_id_list, ids=id_list)

print(response)

cloud_registration_aws_update_account

Patches a existing account in our system for a customer.

PEP8 method name

update_account

Endpoint

Method Route
PATCH /cloud-security-registration-aws/entities/account/v1

Required Scope

cloud-aws-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
account_id Service Class Support Uber Class Support body string AWS account ID.
account_type Service Class Support Uber Class Support body string AWS account type.
body Service Class Support Uber Class Support body dictionary Full body payload in JSON format.
csp_events Service Class Support Uber Class Support body boolean Flag indicating if CSP events should be included.
is_master Service Class Support Uber Class Support body boolean Flag indicating if this is a master account.
organization_id Service Class Support Uber Class Support body string AWS organization ID.
products Service Class Support Uber Class Support body list_of_dictionaries List of included products and features.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudAWSRegistration

falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )
products = [
    {
        "features": [
            "string"
        ],
        "product": "string"
    }
]

response = falcon.update_account(account_id="string",
                                 account_type="string",
                                 csp_events=boolean,
                                 is_master=boolean,
                                 organization_id="string",
                                 products=products
                                 )
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudAWSRegistration

falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

products = [
    {
        "features": [
            "string"
        ],
        "product": "string"
    }
]

response = falcon.cloud_registration_aws_update_account(account_id="string",
                                                        account_type="string",
                                                        csp_events=boolean,
                                                        is_master=boolean,
                                                        organization_id="string",
                                                        products=products
                                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
        "account_id": "string",
        "account_type": "string",
        "csp_events": boolean,
        "is_master": boolean,
        "organization_id": "string",
        "products": [
            {
                "features": [
                    "string"
                ],
                "product": "string"
            }
        ]
        }
    ]
}

response = falcon.command("cloud_registration_aws_update_account", body=body_payload)

print(response)

cloud_registration_aws_query_accounts

Retrieve existing AWS accounts by account IDs

PEP8 method name

query_accounts

Endpoint

Method Route
GET /cloud-security-registration-aws/queries/account/v1

Required Scope

cloud-aws-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
organization_ids Service Class Support Uber Class Support query array (string) Organization IDs used to filter accounts.
products Service Class Support Uber Class Support query array (string) Products registered for an account.
features Service Class Support Uber Class Support query array (string) Features registered for an account.
account_status Service Class Support Uber Class Support query string Account status to filter results by.
limit Service Class Support Uber Class Support query integer The maximum number of items to return. When not specified or 0, 100 is used. When larger than 500, 500 is used.
offset Service Class Support Uber Class Support query integer The offset to start retrieving records from.
group_by Service Class Support Uber Class Support query string Field to group by.
parameters Service Class Support Uber Class Support query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudAWSRegistration

falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.query_accounts(organization_ids="string",  # or ["string", "string"]
                                 products="string",  # or ["string", "string"]
                                 features="string",  # or ["string", "string"]
                                 account_status="string",
                                 limit=integer,
                                 offset=integer,
                                 group_by="string"
                                 )
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudAWSRegistration

falcon = CloudAWSRegistration(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.cloud_registration_aws_query_accounts(organization_ids="string",  # or ["string", "string"]
                                                        products="string",  # or ["string", "string"]
                                                        features="string",  # or ["string", "string"]
                                                        account_status="string",
                                                        limit=integer,
                                                        offset=integer,
                                                        group_by="string"
                                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("cloud_registration_aws_query_accounts",
                          organization_ids="string",  # or ["string", "string"]
                          products="string",  # or ["string", "string"]
                          features="string",  # or ["string", "string"]
                          account_status="string",
                          limit=integer,
                          offset=integer,
                          group_by="string"
                          )
print(response)

⚠️ **GitHub.com Fallback** ⚠️