Find all rule version IDs matching the query and filter.
aggregates_rule_versions_post_v1
Get rules aggregates as specified via json in the request body.
PEP8 method name
aggregate_rule_versions
Endpoint
Method
Route
/correlation-rules/aggregates/rule-versions/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload provided as a dictionary.
filter
query
string
FQL query specifying the filter parameters.
ids
query
string or list of strings
Correlation rule IDs.
parameters
query
dictionary
Full query parameters payload as a dictionary, not required when using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpy.correlation_rulesimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload= { }
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.aggregate_rule_versions(body=body_payload, filter="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload= { }
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.aggregates_rule_versions_post_v1(body=body_payload, filter="string", ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload= { }
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("aggregates_rule_versions_post_v1", body=body_payload, filter="string", ids=id_list)
print(response)
combined_rules_get_v1
Find all rules matching the query and filter.
PEP8 method name
get_rules_combined
Endpoint
Method
Route
/correlation-rules/combined/rules/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL query specifying the filter parameters. Available filters:
customer_id
user_id
user_uuid
status
name
created_on
last_updated_on
Ranged filters:
created_on
last_updated_on
q
query
string
Match query criteria, which includes all the filter string fields.
sort
query
string
Rule property to sort on.
offset
query
integer
Starting index of overall result set from which to return IDs.
limit
query
integer
Number of IDs to return.
parameters
query
dictionary
Full query parameters payload as a dictionary, not required when using other keywords.
Full query parameters payload as a dictionary, not required when using other keywords.
rule_ids
query
string or list of strings
The rule IDs to retrieve.
Usage
Service class example (PEP8 syntax)
fromfalconpy.correlation_rulesimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_latest_rule_versions(rule_ids=rule_id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.entities_latest_rules_get_v1(rule_ids=rule_id_list)
print(response)
Full query parameters payload as a dictionary, not required when using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpy.correlation_rulesimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_rule_versions(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.entities_rule_versions_delete_v1(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("entities_rule_versions_delete_v1", ids=id_list)
print(response)
entities_rules_get_v1
Retrieve rules by IDs.
PEP8 method name
get_rules
Endpoint
Method
Route
/correlation-rules/entities/rules/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The rule IDs to be retrieved.
parameters
query
dictionary
Full query parameters payload as a dictionary, not required when using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_rules(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.entities_rules_get_v1(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("entities_rules_get_v1", ids=id_list)
print(response)
entities_rules_get_v2
Retrieve rule versions by IDs
PEP8 method name
get_rules_v2
Endpoint
Method
Route
/correlation-rules/entities/rules/v2
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The rule IDs to be retrieved.
parameters
query
dictionary
Full query parameters payload as a dictionary, not required when using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpy.correlation_rulesimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_rules_v2(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.entities_rules_get_v2(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("entities_rules_get_v2", ids=id_list)
print(response)
Full query parameters payload as a dictionary, not required when using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_rules(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCorrelationRulesfalcon=CorrelationRules(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.entities_rules_delete_v1(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("entities_rules_delete_v1", ids=id_list)
print(response)