Cloud Security - CrowdStrike/falconpy GitHub Wiki
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Get cloud risks with full details based on filters and sort criteria. | ||||
|
Query Cloud Groups and return entities with full details. | ||||
|
Retrieve Cloud Groups by their UUIDs. | ||||
|
Create a new Cloud Group with specified properties and selectors. | ||||
|
Update an existing Cloud Group's properties. | ||||
|
Delete Cloud Groups in batch by their UUIDs. | ||||
|
Query Cloud Groups and return only their IDs. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Get cloud risks with full details based on filters and sort criteria.
combined_cloud_risks
| Method | Route |
|---|---|
 |
/cloud-security-risks/combined/cloud-risks/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  |
|
query | string | FQL string to filter results in Falcon Query Language (FQL). Supported fields: account_id, account_name, asset_gcrn, asset_id, asset_name, asset_region, asset_type, cloud_group, cloud_provider, first_seen, last_seen, resolved_at, risk_factor, rule_id, rule_name, service_category, severity, status, suppressed_by, suppressed_reason, tags |
| sort | |
|
query | string | The field to sort on. Use |asc or |desc suffix to specify sort direction. Supported fields: account_id, account_name, asset_id, asset_name, asset_region, asset_type, cloud_provider, first_seen, last_seen, resolved_at, rule_name, service_category, severity, status |
| limit | |
|
query | integer | The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used. |
| offset | |
|
query | integer | Offset returned risks |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combined_cloud_risks(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combined_cloud_risks(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("combined_cloud_risks",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
Query Cloud Groups and return entities with full details.
list_cloud_groups
| Method | Route |
|---|---|
|
/cloud-security/combined/cloud-groups/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | A valid FQL filter. Supports filtering groups by: Group properties: name, description, created_at, updated_at. Selector properties: cloud_provider, account_id, region, cloud_provider_tag, image_registry, image_repository, image_tag. Group tags: business_unit, business_impact, environment |
| sort | |
|
query | string | A valid sort string. |
| offset | |
|
query | string | The starting position of the list operation. |
| limit | |
|
query | string | The maximum number of cloud groups to retrieve. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_cloud_groups(filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ListCloudGroupsExternal(filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ListCloudGroupsExternal",
filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
Back to Table of Contents
Retrieve Cloud Groups by their UUIDs.
list_cloud_groups_by_id
| Method | Route |
|---|---|
|
/cloud-security/entities/cloud-groups/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Cloud Groups UUIDs to retrieve |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.list_cloud_groups_by_id(ids=id_list)
print(response)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ListCloudGroupsByIDExternal(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ListCloudGroupsByIDExternal", ids=id_list)
print(response)
Back to Table of Contents
Create a new Cloud Group with specified properties and selectors.
create_cloud_group
| Method | Route |
|---|---|
 |
/cloud-security/entities/cloud-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
 |
body | dictionary | Full body payload in JSON format. Not required if using other keywords. |
| business_impact | |
 |
body | string | Business impact. |
| business_unit | |
|
body | string | Business unit. |
| description | |
|
body | string | Description. |
| environment | |
|
body | string | Environment. |
| name | |
|
body | string | Name. |
| owners | |
|
body | list of strings | Owners. |
| selectors | |
|
body | dictionary | Selectors. |
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
selectors = {
"cloud_resources": [
{
"account_ids": ["string"],
"cloud_provider": "aws",
"filters": {
"region": ["string"],
"tags": ["string"]
}
}
],
"images": [
{
"filters": {
"repository": ["string"],
"tag": ["string"]
},
"registry": "string"
}
]
}
response = falcon.create_cloud_group(business_impact="high",
business_unit="string",
description="string",
environment="dev",
name="string",
owners=["string"],
selectors=selectors
)
print(response)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
selectors = {
"cloud_resources": [
{
"account_ids": ["string"],
"cloud_provider": "aws",
"filters": {
"region": ["string"],
"tags": ["string"]
}
}
],
"images": [
{
"filters": {
"repository": ["string"],
"tag": ["string"]
},
"registry": "string"
}
]
}
response = falcon.CreateCloudGroupExternal(business_impact="high",
business_unit="string",
description="string",
environment="dev",
name="string",
owners=["string"],
selectors=selectors
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"business_impact": "high",
"business_unit": "string",
"description": "string",
"environment": "dev",
"name": "string",
"owners": [
"string"
],
"selectors": {
"cloud_resources": [
{
"account_ids": [
"string"
],
"cloud_provider": "aws",
"filters": {
"region": [
"string"
],
"tags": [
"string"
]
}
}
],
"images": [
{
"filters": {
"repository": [
"string"
],
"tag": [
"string"
]
},
"registry": "string"
}
]
}
}
response = falcon.command("CreateCloudGroupExternal", body=body_payload)
print(response)
Back to Table of Contents
Update an existing Cloud Group's properties.
update_cloud_group
| Method | Route |
|---|---|
 |
/cloud-security/entities/cloud-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| group | |
|
body | dictionary | Complete group payload to update. |
| business_impact | |
|
body | string | Business impact. |
| business_unit | |
|
body | string | Business unit. |
| description | |
|
body | string | Description. |
| environment | |
|
body | string | Environment. |
| name | |
|
body | string | Name. |
| owners | |
|
body | list of strings | Owners. |
| selectors | |
|
body | dictionary | Selectors. |
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_payload = {
"business_impact": "high",
"business_unit": "string",
"description": "string",
"environment": "dev",
"name": "string",
"owners": [
"string"
],
"selectors": {
"cloud_resources": [
{
"account_ids": [
"string"
],
"cloud_provider": "aws",
"filters": {
"region": [
"string"
],
"tags": [
"string"
]
}
}
],
"images": [
{
"filters": {
"repository": [
"string"
],
"tag": [
"string"
]
},
"registry": "string"
}
]
}
}
response = falcon.update_cloud_group(group=group_payload)
print(response)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_payload = {
"business_impact": "high",
"business_unit": "string",
"description": "string",
"environment": "dev",
"name": "string",
"owners": [
"string"
],
"selectors": {
"cloud_resources": [
{
"account_ids": [
"string"
],
"cloud_provider": "aws",
"filters": {
"region": [
"string"
],
"tags": [
"string"
]
}
}
],
"images": [
{
"filters": {
"repository": [
"string"
],
"tag": [
"string"
]
},
"registry": "string"
}
]
}
}
response = falcon.UpdateCloudGroupExternal(group=group_payload)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_payload = {
"business_impact": "high",
"business_unit": "string",
"description": "string",
"environment": "dev",
"name": "string",
"owners": [
"string"
],
"selectors": {
"cloud_resources": [
{
"account_ids": [
"string"
],
"cloud_provider": "aws",
"filters": {
"region": [
"string"
],
"tags": [
"string"
]
}
}
],
"images": [
{
"filters": {
"repository": [
"string"
],
"tag": [
"string"
]
},
"registry": "string"
}
]
}
}
response = falcon.command("UpdateCloudGroupExternal", group=group_payload)
print(response)
Back to Table of Contents
Delete Cloud Groups in batch by their UUIDs.
delete_cloud_groups
| Method | Route |
|---|---|
 |
/cloud-security/entities/cloud-groups/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Cloud Groups UUIDs to delete |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_cloud_groups(ids=id_list)
print(response)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteCloudGroupsExternal(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteCloudGroupsExternal", ids=id_list)
print(response)
Back to Table of Contents
Query Cloud Groups and return only their IDs.
list_group_ids
| Method | Route |
|---|---|
|
/cloud-security/queries/cloud-groups/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | A valid FQL filter. Supports filtering groups by: Group properties: name, description, created_at, updated_at. Selector properties: cloud_provider, account_id, region, cloud_provider_tag, image_registry, image_repository, image_tag. Group tags: business_unit, business_impact, environment |
| sort | |
|
query | string | A valid sort string. |
| offset | |
|
query | string | The starting position of the list operation. |
| limit | |
|
query | string | The maximum number of cloud groups to retrieve. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_group_ids(filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ListCloudGroupIDsExternal(filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ListCloudGroupIDsExternal",
filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
Back to Table of Contents
