Cloud Policies - CrowdStrike/falconpy GitHub Wiki
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Get rule input schema for given resource type. | ||||
|
Assign rules to a compliance control (full replace). | ||||
|
Get compliance controls by ID. | ||||
|
Create a new custom compliance control. | ||||
|
Update a custom compliance control. | ||||
|
Delete custom compliance controls. | ||||
|
Query for compliance controls by various parameters. | ||||
|
Get a rule by id. | ||||
|
Rename a section in a custom compliance framework. | ||||
|
Get compliance frameworks by ID. | ||||
|
Create a new custom compliance framework. | ||||
|
Update a custom compliance framework. | ||||
|
Delete a custom compliance framework and all associated controls and rule assignments. | ||||
|
Get enriched assets that combine a primary resource with all its related resources. | ||||
|
Get evaluation results based on the provided rule. | ||||
|
Get a rule override. | ||||
|
Create a new rule override. | ||||
|
Update a rule override. | ||||
|
Delete a rule override. | ||||
|
Create a new rule. | ||||
|
Update a rule. | ||||
|
Delete a rule. | ||||
|
Query for compliance frameworks by various parameters. | ||||
|
Query for rules by various parameters. | ||||
|
Get Suppression Rules by ID. | ||||
|
Create a new suppression rule. | ||||
|
Update a suppression rule. | ||||
|
Delete Suppression Rules by ID. | ||||
|
Query suppression rules with filtering, sorting and pagination. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Get rule input schema for given resource type.
get_rule_input_schema
| Method | Route |
|---|---|
 |
/cloud-policies/combined/rules/input-schema/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| domain |  |
|
query | string | Domain. |
| subdomain | |
|
query | string | Subdomain. |
| cloud_provider | |
|
query | string | Cloud service provider for the resource type. Allowed values: aws, azure, gcp, oci. |
| resource_type | |
|
query | string | Selects the resource type for which to retrieve the rule input schema. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_rule_input_schema(domain="string",
subdomain="string",
cloud_provider="string",
resource_type="string"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetRuleInputSchema(domain="string",
subdomain="string",
cloud_provider="string",
resource_type="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetRuleInputSchema",
domain="string",
subdomain="string",
cloud_provider="string",
resource_type="string"
)
print(response)Back to Table of Contents
Assign rules to a compliance control (full replace).
replace_control_rules
| Method | Route |
|---|---|
 |
/cloud-policies/entities/compliance/control-rule-assignments/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string | The UUID of the compliance control to assign rules to. |
| rule_ids | |
 |
body | list of strings | The Rule ID. |
| body | |
 |
body | dictionary | Full body payload in JSON format. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.replace_control_rules(ids="string",
rule_ids=["string"]
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReplaceControlRules(ids="string",
rule_ids=["string"]
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
'rule_ids': [
'string'
]
}
response = falcon.command("ReplaceControlRules",
ids="string",
body=BODY
)
print(response)Back to Table of Contents
Get compliance controls by ID.
get_compliance_controls
| Method | Route |
|---|---|
|
/cloud-policies/entities/compliance/controls/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuids of compliance controls to retrieve. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_compliance_controls(ids=id_list)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetComplianceControls(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetComplianceControls", ids=id_list)
print(response)Back to Table of Contents
Create a new custom compliance control.
create_compliance_control
| Method | Route |
|---|---|
 |
/cloud-policies/entities/compliance/controls/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| description | |
|
body | string | The description of hte custom compliance control. |
| name | |
|
body | string | The name of the custom compliance control. |
| framework_id | |
|
body | string | The framework ID of the custom compliance control. |
| section_name | |
|
body | string | The section name of the custom compliance control. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_compliance_control(description="string",
framework_id="string",
name="string",
section_name="string"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateComplianceControl(description="string",
framework_id="string",
name="string",
section_name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "string",
"framework_id": "string",
"name": "string",
"section_name": "string"
}
response = falcon.command("CreateComplianceControl", body=BODY)
print(response)Back to Table of Contents
Update a custom compliance control.
update_compliance_control
| Method | Route |
|---|---|
 |
/cloud-policies/entities/compliance/controls/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string | The uuid of compliance control to update. |
| body | |
|
body | dictionary | Full body payload in JSON format. |
| description | |
|
body | string | The description of hte custom compliance control. |
| name | |
|
body | string | The name of the custom compliance control. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_compliance_control(ids="string",
description="string",
name="string"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateComplianceControl(ids="string",
description="string",
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "string",
"name": "string"
}
response = falcon.command("UpdateComplianceControl",
ids="string",
body=BODY
)
print(response)Back to Table of Contents
Delete custom compliance controls.
delete_compliance_control
| Method | Route |
|---|---|
 |
/cloud-policies/entities/compliance/controls/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuids of compliance control to delete. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_compliance_control(ids=id_list)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteComplianceControl(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteComplianceControl", ids=id_list)
print(response)Back to Table of Contents
Query for compliance controls by various parameters.
query_compliance_controls
| Method | Route |
|---|---|
|
/cloud-policies/queries/compliance/controls/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL filter, allowed props: compliance_control_name, compliance_control_authority, compliance_control_type, compliance_control_section, compliance_control_requirement, compliance_control_benchmark_name, compliance_control_benchmark_version. |
| limit | |
|
query | integer | The maximum number of resources to return. The maximum allowed is 500. Default: 100. |
| offset | |
|
query | integer | The number of results to skip before starting to return results. Default: 0. |
| sort | |
|
query | string | Field to sort on. Sortable fields: compliance_control_name, compliance_control_authority, compliance_control_type, compliance_control_section, compliance_control_requirement, compliance_control_benchmark_name, compliance_control_benchmark_version. Use the |asc or |desc suffix to specify sort direction. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_compliance_controls(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QueryComplianceControls(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QueryComplianceControls",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)Back to Table of Contents
Get a rule by id.
get_rule
| Method | Route |
|---|---|
|
/cloud-policies/entities/rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuids of rules to retrieve. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule(ids=id_list)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetRule(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetRule", ids=id_list)
print(response)Back to Table of Contents
Rename a section in a custom compliance framework.
rename_section_compliance_framework
| Method | Route |
|---|---|
|
/cloud-policies/entities/compliance/frameworks/section/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuid of compliance framework containing the section to rename. |
| sectionName | |
|
query | string | The current name of the section to rename. |
| body | |
|
body | dictionary | Full body payload in JSON format. |
| section_name | |
|
body | string | The new section name of the custom compliance control. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.rename_section_compliance_framework(ids="framework_uuid",
sectionName="Old Section Name",
section_name="New Section Name"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RenameSectionComplianceFramework(ids="framework_uuid",
sectionName="Old Section Name",
section_name="New Section Name"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"section_name": "New Section Name"
}
response = falcon.command("RenameSectionComplianceFramework",
ids="framework_uuid",
sectionName="Old Section Name",
body=BODY
)
print(response)Back to Table of Contents
Get compliance frameworks by ID.
get_compliance_frameworks
| Method | Route |
|---|---|
|
/cloud-policies/entities/compliance/frameworks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuids of compliance frameworks to retrieve. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_compliance_frameworks(ids=id_list)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetComplianceFrameworks(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetComplianceFrameworks", ids=id_list)
print(response)Back to Table of Contents
Create a new custom compliance framework.
create_compliance_framework
| Method | Route |
|---|---|
|
/cloud-policies/entities/compliance/frameworks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| active | |
|
body | boolean | Value to determine if the compliance framework will be active. |
| description | |
|
body | string | The description of the new compliance framework. |
| name | |
|
body | string | The name of the new compliance framework. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_compliance_framework(active=boolean,
description="Custom compliance framework description",
name="My Custom Framework"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateComplianceFramework(active=boolean,
description="Custom compliance framework description",
name="My Custom Framework"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"active": boolean,
"description": "Custom compliance framework description",
"name": "My Custom Framework"
}
response = falcon.command("CreateComplianceFramework", body=BODY)
print(response)Back to Table of Contents
Update a custom compliance framework.
update_compliance_framework
| Method | Route |
|---|---|
|
/cloud-policies/entities/compliance/frameworks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuids of compliance framework to update. |
| body | |
|
body | dictionary | Full body payload in JSON format. |
| active | |
|
body | boolean | Value to determine if the compliance framework will be active. |
| description | |
|
body | string | The description of the new compliance framework. |
| name | |
|
body | string | The name of the new compliance framework. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_compliance_framework(ids="framework_uuid",
active=boolean,
description="Updated compliance framework description",
name="Updated Framework Name"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateComplianceFramework(ids="framework_uuid",
active=boolean,
description="Updated compliance framework description",
name="Updated Framework Name"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"active": boolean,
"description": "Updated compliance framework description",
"name": "Updated Framework Name"
}
response = falcon.command("UpdateComplianceFramework",
ids="framework_uuid",
body=BODY
)
print(response)Back to Table of Contents
Delete a custom compliance framework and all associated controls and rule assignments.
delete_compliance_framework
| Method | Route |
|---|---|
|
/cloud-policies/entities/compliance/frameworks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuids of compliance framework to delete. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_compliance_framework(ids=id_list)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteComplianceFramework(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteComplianceFramework", ids=id_list)
print(response)Back to Table of Contents
Get enriched assets that combine a primary resource with all its related resources.
get_enriched_asset
| Method | Route |
|---|---|
|
/cloud-policies/entities/enriched-resources/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | List of asset IDs (maximum 100 IDs allowed). |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_enriched_asset(ids=id_list)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetEnrichedAsset(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetEnrichedAsset", ids=id_list)
print(response)Back to Table of Contents
Get evaluation results based on the provided rule.
get_evaluation_result
| Method | Route |
|---|---|
|
/cloud-policies/entities/evaluation/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cloud_provider | |
|
query | string | Cloud Service Provider of the provided IDs. |
| resource_type | |
|
query | string | Resource Type of the provided IDs. |
| ids | |
|
query | string or list of strings | List of assets to evaluate (maximum 100 IDs allowed). |
| body | |
|
body | dictionary | Full body payload in JSON format. |
| input | |
|
body | dictionary | The input for the provided rule. |
| logic | |
|
body | string | The logic of the provided rule. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_evaluation_result(cloud_provider="aws",
resource_type="ec2-instance",
ids=["asset_id_1", "asset_id_2"],
input={"key": "value"},
logic="resource.key == 'value'"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetEvaluationResult(cloud_provider="aws",
resource_type="ec2-instance",
ids=["asset_id_1", "asset_id_2"],
input={"key": "value"},
logic="resource.key == 'value'"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"input": {"key": "value"},
"logic": "resource.key == 'value'"
}
response = falcon.command("GetEvaluationResult",
cloud_provider="aws",
resource_type="ec2-instance",
ids=["asset_id_1", "asset_id_2"],
body=BODY
)
print(response)Back to Table of Contents
Get a rule override by ID.
get_rule_override
| Method | Route |
|---|---|
|
/cloud-policies/entities/rule-overrides/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuids of rule overrides to retrieve. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
ids = "random_id"
response = falcon.get_rule_override(ids=ids)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
ids = "random_id"
response = falcon.GetRuleOverride(ids=ids)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
ids = "random_id"
response = falcon.command("GetRuleOverride", ids=ids)
print(response)Back to Table of Contents
Create a new rule override.
create_rule_override
| Method | Route |
|---|---|
|
/cloud-policies/entities/rule-overrides/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| overrides | |
|
body | list of dictionaries | The new rule override. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_rule_override(overrides=[
{
"comment": "Override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2025-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Override details",
"reason": "Business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
])
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateRuleOverride(overrides=[
{
"comment": "Override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2025-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Override details",
"reason": "Business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"overrides": [
{
"comment": "Override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2025-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Override details",
"reason": "Business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
]
}
response = falcon.command("CreateRuleOverride", body=BODY)
print(response)Back to Table of Contents
Update a rule override.
update_rule_override
| Method | Route |
|---|---|
|
/cloud-policies/entities/rule-overrides/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| overrides | |
|
body | list of dictionaries | The updated rule override. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_rule_override(overrides=[
{
"comment": "Updated override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2026-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Updated override details",
"reason": "Updated business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
])
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateRuleOverride(overrides=[
{
"comment": "Updated override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2026-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Updated override details",
"reason": "Updated business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"overrides": [
{
"comment": "Updated override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2026-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Updated override details",
"reason": "Updated business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
]
}
response = falcon.command("UpdateRuleOverride", body=BODY)
print(response)Back to Table of Contents
Delete a rule override.
delete_rule_override
| Method | Route |
|---|---|
|
/cloud-policies/entities/rule-overrides/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuids of rule overrides to delete. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rule_override(ids=id_list)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteRuleOverride(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteRuleOverride", ids=id_list)
print(response)Back to Table of Contents
Create a new rule.
create_rule
| Method | Route |
|---|---|
|
/cloud-policies/entities/rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| alert_info | |
|
body | string | The info of the alert. |
| attack_types | |
|
body | string | The type of attacks. |
| controls | |
|
body | list of dictionaries | The authority and code of the rule. |
| description | |
|
body | string | The description of the rule. |
| domain | |
|
body | string | The domain of the rule. |
| logic | |
|
body | string | The logic for the rule. |
| name | |
|
body | string | The name of the rule. |
| parent_rule_id | |
|
body | string | The id of the parent. |
| platform | |
|
body | string | The platform covered by the rule. |
| provider | |
|
body | string | The provider for the rule. |
| remediation_info | |
|
body | string | The remediation info provided by the rule. |
| remediation_url | |
|
body | string | The URL providing the remediation. |
| resource_type | |
|
body | string | The type of the resource. |
| severity | |
|
body | integer | The severity level. |
| subdomain | |
|
body | string | The subdomain for the rule. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_rule(alert_info="Alert information",
attack_types="Privilege Escalation",
controls=[
{
"Authority": "NIST",
"Code": "AC-1"
}
],
description="Rule description",
domain="CloudSecurity",
logic="resource.tags.Environment != 'Production'",
name="Custom Rule Name",
platform="aws",
provider="aws",
remediation_info="Add Environment tag",
remediation_url="https://docs.aws.amazon.com/",
resource_type="ec2-instance",
severity=integer,
subdomain="Compute"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateRuleMixin0(alert_info="Alert information",
attack_types="Privilege Escalation",
controls=[
{
"Authority": "NIST",
"Code": "AC-1"
}
],
description="Rule description",
domain="CloudSecurity",
logic="resource.tags.Environment != 'Production'",
name="Custom Rule Name",
platform="aws",
provider="aws",
remediation_info="Add Environment tag",
remediation_url="https://docs.aws.amazon.com/",
resource_type="ec2-instance",
severity=integer,
subdomain="Compute"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"alert_info": "Alert information",
"attack_types": "Privilege Escalation",
"controls": [
{
"Authority": "NIST",
"Code": "AC-1"
}
],
"description": "Rule description",
"domain": "CloudSecurity",
"logic": "resource.tags.Environment != 'Production'",
"name": "Custom Rule Name",
"platform": "aws",
"provider": "aws",
"remediation_info": "Add Environment tag",
"remediation_url": "https://docs.aws.amazon.com/",
"resource_type": "ec2-instance",
"severity": 2,
"subdomain": "Compute"
}
response = falcon.command("CreateRuleMixin0", body=BODY)
print(response)Back to Table of Contents
Update a rule.
update_rule
| Method | Route |
|---|---|
|
/cloud-policies/entities/rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| alert_info | |
|
body | string | The info of the alert. |
| attack_types | |
|
body | list of strings | The type of attacks. |
| category | |
|
body | string | Rule category. |
| controls | |
|
body | list of dictionaries | The authority and code of the rule. |
| description | |
|
body | string | The description of the rule. |
| name | |
|
body | string | The name of the rule. |
| rule_logic_list | |
|
body | list of dictionaries | The logic list data. |
| severity | |
|
body | integer | The severity level. |
| uuid | |
|
body | string | The uuid of the rule to update. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_rule(alert_info="Updated alert information",
attack_types=["Privilege Escalation", "Data Exfiltration"],
category="string",
controls=[
{
"authority": "NIST",
"code": "AC-2"
}
],
description="Updated rule description",
name="Updated Rule Name",
rule_logic_list=[
{
"logic": "resource.tags.Environment == 'Production'",
"platform": "aws",
"remediation_info": "Ensure proper tagging",
"remediation_url": "https://docs.aws.amazon.com/tagging/"
}
],
severity=integer,
uuid="rule_uuid_here"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateRule(alert_info="Updated alert information",
attack_types=["Privilege Escalation", "Data Exfiltration"],
category="string",
controls=[
{
"authority": "NIST",
"code": "AC-2"
}
],
description="Updated rule description",
name="Updated Rule Name",
rule_logic_list=[
{
"logic": "resource.tags.Environment == 'Production'",
"platform": "aws",
"remediation_info": "Ensure proper tagging",
"remediation_url": "https://docs.aws.amazon.com/tagging/"
}
],
severity=integer,
uuid="rule_uuid_here"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"alert_info": "Updated alert information",
"attack_types": ["Privilege Escalation", "Data Exfiltration"],
"category": "string",
"controls": [
{
"authority": "NIST",
"code": "AC-2"
}
],
"description": "Updated rule description",
"name": "Updated Rule Name",
"rule_logic_list": [
{
"logic": "resource.tags.Environment == 'Production'",
"platform": "aws",
"remediation_info": "Ensure proper tagging",
"remediation_url": "https://docs.aws.amazon.com/tagging/"
}
],
"severity": 3,
"uuid": "rule_uuid_here"
}
response = falcon.command("UpdateRule", body=BODY)
print(response)Back to Table of Contents
Delete a rule.
delete_rule
| Method | Route |
|---|---|
|
/cloud-policies/entities/rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuids of rules to delete. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rule(ids=id_list)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteRuleMixin0(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteRuleMixin0", ids=id_list)
print(response)Back to Table of Contents
Query for compliance frameworks by various parameters.
query_compliance_frameworks
| Method | Route |
|---|---|
|
/cloud-policies/queries/compliance/frameworks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL filter, allowed props: compliance_framework_name, compliance_framework_version, compliance_framework_authority. |
| limit | |
|
query | integer | The maximum number of resources to return. The maximum allowed is 500. Default: 100. |
| offset | |
|
query | integer | The number of results to skip before starting to return results. Default: 0. |
| sort | |
|
query | string | Field to sort on. Sortable fields: compliance_framework_name, compliance_framework_version, compliance_framework_authority. Use the |asc or |desc suffix to specify sort direction. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_compliance_frameworks(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QueryComplianceFrameworks(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QueryComplianceFrameworks",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)Back to Table of Contents
Query for rules by various parameters.
query_rule
| Method | Route |
|---|---|
|
/cloud-policies/queries/rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL filter, allowed props: rule_auto_remediable, rule_category, rule_cloneable, rule_compliance_benchmark, rule_compliance_benchmark_uuid, rule_compliance_framework, rule_control_requirement, rule_control_section, rule_created_at, rule_description, rule_domain, rule_mitre_tactic, rule_mitre_technique, rule_name, rule_origin, rule_parent_uuid, rule_provider, rule_resource_type, rule_resource_type_name, rule_risk_factor, rule_service, rule_severity, rule_short_code, rule_status, rule_subdomain, rule_updated_at, rule_updated_by. |
| limit | |
|
query | integer | The maximum number of resources to return. The maximum allowed is 500. Default: 100. |
| offset | |
|
query | integer | The number of results to skip before starting to return results. Default: 0. |
| sort | |
|
query | string | Field to sort on. Sortable fields: rule_auto_remediable, rule_category, rule_cloneable, rule_compliance_benchmark, rule_compliance_benchmark_uuid, rule_compliance_framework, rule_control_requirement, rule_control_section, rule_created_at, rule_description, rule_domain, rule_mitre_tactic, rule_mitre_technique, rule_name, rule_origin, rule_parent_uuid, rule_provider, rule_resource_type, rule_resource_type_name, rule_risk_factor, rule_service, rule_severity, rule_short_code, rule_status, rule_subdomain, rule_updated_at, rule_updated_by. Use the |asc or |desc suffix to specify sort direction. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QueryRule(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QueryRule",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)Back to Table of Contents
Get Suppression Rules by ID.
get_suppression_rules
| Method | Route |
|---|---|
|
/cloud-policies/entities/suppression-rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuids of the suppression rules to retrieve. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_suppression_rules(ids=id_list)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetSuppressionRules(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetSuppressionRules", ids=id_list)
print(response)Back to Table of Contents
Create a new suppression rule.
create_suppression_rule
| Method | Route |
|---|---|
|
/cloud-policies/entities/suppression-rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| description | |
|
body | string | Description of the suppression rule. |
| id | |
|
body | string | The ID of the suppression rule. |
| name | |
|
body | string | Name of the suppression rule. |
| rule_selection_filter | |
|
body | dictionary | Dictionary of lists defining rule selection criteria. |
| rule_selection_type | |
|
body | string | Type of rule selection. |
| scope_asset_filter | |
|
body | dictionary | Dictionary of lists defining scope asset filter criteria. |
| scope_type | |
|
body | string | Type of scope. |
| suppression_comment | |
|
body | string | Comment for the suppression. |
| suppression_expiration_date | |
|
body | string | Expiration date for the suppression. |
| suppression_reason | |
|
body | string | Reason for the suppression. |
| domain | |
|
body | string | Domain. |
| subdomain | |
|
body | string | Subdomain. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_selection_filter = {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
}
scope_asset_filter = {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
}
response = falcon.create_suppression_rule(description="string",
id="string",
name="string",
rule_selection_filter=rule_selection_filter,
rule_selection_type="string",
scope_asset_filter=scope_asset_filter,
scope_type="string",
suppression_comment="string",
suppression_expiration_date="string",
suppression_reason="string",
domain="string",
subdomain="string"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_selection_filter = {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
}
scope_asset_filter = {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
}
response = falcon.CreateSuppressionRule(description="string",
id="string",
name="string",
rule_selection_filter=rule_selection_filter,
rule_selection_type="string",
scope_asset_filter=scope_asset_filter,
scope_type="string",
suppression_comment="string",
suppression_expiration_date="string",
suppression_reason="string",
domain="string",
subdomain="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "string",
"id": "string",
"name": "string",
"rule_selection_filter": {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
},
"rule_selection_type": "string",
"scope_asset_filter": {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
},
"scope_type": "string",
"suppression_comment": "string",
"suppression_expiration_date": "string",
"suppression_reason": "string"
}
response = falcon.command("CreateSuppressionRule", body=BODY)
print(response)Back to Table of Contents
Update a suppression rule.
update_suppression_rule
| Method | Route |
|---|---|
|
/cloud-policies/entities/suppression-rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| description | |
|
body | string | Description of the suppression rule. |
| id | |
|
body | string | The ID of the suppression rule. |
| name | |
|
body | string | Name of the suppression rule. |
| rule_selection_filter | |
|
body | dictionary | Dictionary of lists defining rule selection criteria. |
| rule_selection_type | |
|
body | string | Type of rule selection. |
| scope_asset_filter | |
|
body | dictionary | Dictionary of lists defining scope asset filter criteria. |
| scope_type | |
|
body | string | Type of scope. |
| suppression_comment | |
|
body | string | Comment for the suppression. |
| suppression_expiration_date | |
|
body | string | Expiration date for the suppression. |
| suppression_reason | |
|
body | string | Reason for the suppression. |
| domain | |
|
body | string | Domain. |
| subdomain | |
|
body | string | Subdomain. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_selection_filter = {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
}
scope_asset_filter = {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
}
response = falcon.update_suppression_rule(description="string",
id="string",
name="string",
rule_selection_filter=rule_selection_filter,
rule_selection_type="string",
scope_asset_filter=scope_asset_filter,
scope_type="string",
suppression_comment="string",
suppression_expiration_date="string",
suppression_reason="string",
domain="string",
subdomain="string"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_selection_filter = {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
}
scope_asset_filter = {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
}
response = falcon.UpdateSuppressionRule(description="string",
id="string",
name="string",
rule_selection_filter=rule_selection_filter,
rule_selection_type="string",
scope_asset_filter=scope_asset_filter,
scope_type="string",
suppression_comment="string",
suppression_expiration_date="string",
suppression_reason="string",
domain="string",
subdomain="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "string",
"id": "string",
"name": "string",
"rule_selection_filter": {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
},
"rule_selection_type": "string",
"scope_asset_filter": {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
},
"scope_type": "string",
"suppression_comment": "string",
"suppression_expiration_date": "string",
"suppression_reason": "string"
}
response = falcon.command("UpdateSuppressionRule", body=BODY)
print(response)Back to Table of Contents
Delete Suppression Rules by ID.
delete_suppression_rules
| Method | Route |
|---|---|
|
/cloud-policies/entities/suppression-rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The uuids of the suppression rules to delete. A maximum of 10 IDs can be provided. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_suppression_rules(ids=id_list)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteSuppressionRules(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteSuppressionRules", ids=id_list)
print(response)Back to Table of Contents
Query suppression rules with filtering, sorting and pagination.
query_suppression_rules
| Method | Route |
|---|---|
|
/cloud-policies/queries/suppression-rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL expression to filter suppression rules. Allowed properties: name, description, domain, subdomain, suppression_reason, suppression_expiration_date, created_by, created_at, last_modified_at, disabled, groups. |
| limit | |
|
query | integer | The maximum number of resources to return. The maximum allowed is 50. Default: 20. |
| offset | |
|
query | integer | The number of results to skip before starting to return results. Default: 0. |
| sort | |
|
query | string | Field to sort on. Sortable fields: name, description, domain, subdomain, suppression_reason, suppression_expiration_date, created_by, created_at, last_modified_at, disabled, groups. Use the .asc or .desc suffix to specify sort direction. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_suppression_rules(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QuerySuppressionRules(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QuerySuppressionRules",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)Back to Table of Contents
