Cloud Security Detections - CrowdStrike/falconpy GitHub Wiki
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Return IOMs grouped by rule. | ||||
|
Gets IOMs based on the provided IDs | ||||
|
Gets a list of IOM IDs for the given parameters, filters and sort criteria. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Return IOMs grouped by rule.
get_combined_iom_by_rule
| Method | Route |
|---|---|
 |
/cloud-security-evaluations/combined/ioms-by-rule/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  |
|
query | string | FQL string to filter results in Falcon Query Language (FQL). Supported fields: account_id account_name applicable_profile attack_type benchmark_name benchmark_version business_impact cid cloud_group cloud_label cloud_label_id cloud_provider cloud_scope created_at environment extension_status first_detected framework last_detected policy_id policy_name region requirement resource_gcrn resource_id resource_parent resource_status resource_type resource_type_name rule_group rule_id rule_name rule_origin section service service_category severity status suppressed_by tactic_id tactic_name tag_key tag_value tags tags_string technique_id technique_name zone |
| limit | |
|
query | integer | The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used. |
| offset | |
|
query | integer | Offset returned assets. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| sort | |
|
query | string | The field to sort on. Sortable fields include: assessed_assets cloud_provider misconfigurations rule_id severity. Use |asc or |desc suffix to specify sort direction. |
from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_iom_by_rule(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.cspm_evaluations_combined_iom_by_rule(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("cspm_evaluations_combined_iom_by_rule",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Gets IOMs based on the provided IDs
get_iom_entities
| Method | Route |
|---|---|
|
/cloud-security-evaluations/entities/ioms/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | array (string) | List of IOMs to return (maximum 100 IDs allowed). Use POST method with same path if more entities are required. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_iom_entities(ids=id_list)
print(response)from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.cspm_evaluations_iom_entities(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("cspm_evaluations_iom_entities", ids=id_list)
print(response)Back to Table of Contents
Gets a list of IOM IDs for the given parameters, filters and sort criteria.
query_iom_entities
| Method | Route |
|---|---|
|
/cloud-security-evaluations/queries/ioms/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | |
|
query | string | token-based pagination. Use for paginating through an entire result set. Use only one of 'offset' and 'after' parameters for paginating |
| filter | |
|
query | string | FQL string to filter results in Falcon Query Language (FQL). Supported fields: account_id account_name applicable_profile attack_type benchmark_name benchmark_version business_impact cid cloud_group cloud_label cloud_label_id cloud_provider cloud_scope created_at environment extension_status first_detected framework last_detected policy_id policy_name policy_uuid region requirement requirement_name resource_gcrn resource_id resource_parent resource_status resource_type resource_type_name rule_group rule_id rule_name rule_origin rule_remediation section service service_category severity status suppressed_by suppression_reason tactic_id tactic_name tag_key tag_value tags tags_string technique_id technique_name |
| limit | |
|
query | integer | The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used. |
| offset | |
|
query | integer | Offset returned assets |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| sort | |
|
query | string | The field to sort on. Use |asc or |desc suffix to specify sort direction.Supported fields: account_id account_name applicable_profile attack_type benchmark_name benchmark_version business_impact cid cloud_group cloud_label cloud_label_id cloud_provider cloud_scope created_at environment extension_status first_detected framework last_detected policy_id policy_name policy_uuid region requirement requirement_name resource_gcrn resource_id resource_parent resource_status resource_type resource_type_name rule_group rule_id rule_name rule_origin rule_remediation section service service_category severity status suppressed_by suppression_reason tactic_id tactic_name tag_key tag_value tags tags_string technique_id technique_name |
from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_iom_entities(filter="string",
sort="string",
limit=integer,
offset=integer,
after="string"
)
print(response)from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.cspm_evaluations_iom_queries(filter="string",
sort="string",
limit=integer,
offset=integer,
after="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("cspm_evaluations_iom_queries",
filter="string",
sort="string",
limit=integer,
offset=integer,
after="string"
)
print(response)Back to Table of Contents
