Update name, description, enabled or field_values for individual rules within a rule group. The v1 flavor of this call requires the caller to specify the complete state for all the rules in the rule group, instead the v2 flavor will accept the subset of rules in the rule group and apply the attribute updates to the subset of rules in the rule group. Returns the updated rules.
Finds all rule IDs matching the query with optional filter.
Passing credentials
WARNING
client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
get_patterns
Get pattern severities by ID.
PEP8 method name
get_patterns
Endpoint
Method
Route
/ioarules/entities/pattern-severities/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The ID(s) of the entities to return.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_patterns(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_patterns(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("get_patterns", ids=id_list)
print(response)
get_platformsMixin0
Get platforms by ID.
PEP8 method name
get_platforms
Endpoint
Method
Route
/ioarules/entities/platforms/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The ID(s) of the entities to return.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_platforms(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_platformsMixin0(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("get_platformsMixin0", ids=id_list)
print(response)
get_rule_groupsMixin0
Get rule groups by ID.
PEP8 method name
get_rule_groups
Endpoint
Method
Route
/ioarules/entities/rule-groups/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The ID(s) of the entities to return.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_rule_groups(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_rule_groupsMixin0(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("get_rule_groupsMixin0", ids=id_list)
print(response)
create_rule_groupMixin0
Create a rule group for a platform with a name and an optional description. Returns the rule group.
PEP8 method name
create_rule_group
Endpoint
Method
Route
/ioarules/entities/rule-groups/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
description
body
string
Rule group description.
comment
body
string
Comment to associate with this rule group.
name
body
string
Rule group name.
platform
body
string
Rule group platform.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.create_rule_group(description="string",
comment="string",
name="string",
platform="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.create_rule_groupMixin0(description="string",
comment="string",
name="string",
platform="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY= {
"comment": "string",
"description": "string",
"name": "string",
"platform": "string"
}
response=falcon.command("create_rule_groupMixin0", body=BODY)
print(response)
delete_rule_groupsMixin0
Delete rule groups by ID.
PEP8 method name
delete_rule_groups
Endpoint
Method
Route
/ioarules/entities/rule-groups/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
comment
query
string
Audit log comment for this operation.
ids
query
string or list of strings
The ID(s) of the entities to return.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_rule_groups(comment="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_rule_groupsMixin0(comment="string", ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("delete_rule_groupsMixin0", comment="string", ids=id_list)
print(response)
update_rule_groupMixin0
Update a rule group. The following properties can be modified: name, description, enabled.
PEP8 method name
update_rule_group
Endpoint
Method
Route
/ioarules/entities/rule-groups/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
description
body
string
Rule group description.
comment
body
string
Comment to associate with this rule group.
enabled
body
boolean
Flag indicating if this rule group is enabled.
id
body
string
ID of the rule group to be updated.
name
body
string
Rule group name.
rulegroup_version
body
integer
Rule group version to update.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.update_rule_group(comment="string",
description="string",
enabled=boolean,
id="string",
name="string",
rulegroup_version=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.update_rule_groupMixin0(comment="string",
description="string",
enabled=boolean,
id="string",
name="string",
rulegroup_version=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY= {
"comment": "string",
"description": "string",
"enabled": boolean,
"id": "string",
"name": "string",
"rulegroup_version": integer
}
response=falcon.command("update_rule_groupMixin0", body=BODY)
print(response)
get_rule_types
Get rule types by ID.
PEP8 method name
get_rule_types
Endpoint
Method
Route
/ioarules/entities/rule-types/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The ID(s) of the entities to return.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_rule_types(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_rule_types(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("get_rule_types", ids=id_list)
print(response)
get_rules_get
Get rules by ID and optionally version in the following format: ID[:version].
PEP8 method name
get_rules_get
Endpoint
Method
Route
/ioarules/entities/rules/GET/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
ids
body
string or list of strings
Rule ID(s) to retrieve.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_rules_get(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_rules_get(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']BODY= {
"ids": id_list
}
response=falcon.command("get_rules_get", body=BODY)
print(response)
get_rulesMixin0
Get rules by ID and optionally version in the following format: ID[:version]. The max number of IDs is constrained by URL size.
PEP8 method name
get_rules
Endpoint
Method
Route
/ioarules/entities/rules/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The ID(s) of the entities to return.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_rules(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_rulesMixin0(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("get_rulesMixin0", ids=id_list)
print(response)
create_rule
Create a rule within a rule group. Returns the rule.
Full query string parameters payload in JSON format.
rule_group_id
query
string
The parent rule group ID.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_rules(rule_group_id="string", comment="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_rules(rule_group_id="string", comment="string", ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("delete_rules",
comment="string",
ids=id_list,
rule_group_id="string"
)
print(response)
update_rules
Update rules within a rule group. Return the updated rules.
PEP8 method name
update_rules
Endpoint
Method
Route
/ioarules/entities/rules/v1
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
comment
body
string
Comment to associate with this rule.
rule_updates
body
dictionary
Dictionary representing the rule updates to perfrom.
Update name, description, enabled or field_values for individual rules within a rule group. The v1 flavor of this call requires the caller to specify the complete state for all the rules in the rule group, instead the v2 flavor will accept the subset of rules in the rule group and apply the attribute updates to the subset of rules in the rule group. Returns the updated rules.
PEP8 method name
update_rules_v2
Endpoint
Method
Route
/ioarules/entities/rules/v2
Required Scope
Content-Type
Consumes: application/json
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
comment
body
string
Comment to associate with this rule.
rule_updates
body
dictionary
Dictionary representing the rule updates to perfrom.
Starting index of overall result set from which to return ids.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_patterns(offset=integer, limit=integer)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_patterns(offset=integer, limit=integer)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("query_patterns", limit=integer, offset=integer)
print(response)
query_platformsMixin0
Get all platform IDs.
PEP8 method name
query_platforms
Endpoint
Method
Route
/ioarules/queries/platforms/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
limit
query
integer
Maximum number of records to return.
offset
query
integer
Starting index of overall result set from which to return ids.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_platforms(offset=integer, limit=integer)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_platformsMixin0(offset=integer, limit=integer)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("query_platformsMixin0", offset=integer, limit=integer)
print(response)
query_rule_groups_full
Find all rule groups matching the query with optional filter.
PEP8 method name
query_rule_groups_full
Endpoint
Method
Route
/ioarules/queries/rule-groups-full/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL Syntax formatted string used to limit the results.
Available filters:
enabled
platform
name
description
rules.action_label
rules.name
rules.description
rules.pattern_severity
rules.ruletype_name
rules.enabled
Filter range criteria:
created_on
modified_on
You may use any common date format, such as 2010-05-15T14:55:21.892315096Z for date format fields.
limit
query
integer
Maximum number of records to return.
offset
query
integer
Starting index of overall result set from which to return ids.
q
query
string
Match query criteria which includes all the filter string fields.
sort
query
string
The property to sort by. (Ex: modified_on.desc)
Available sort fields:
created_by
created_on
modified_by
modified_on
enabled
name
description
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_rule_groups_full(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_rule_groups_full(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("query_rule_groups_full",
sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
query_rule_groupsMixin0
Finds all rule group IDs matching the query with optional filter.
PEP8 method name
query_rule_groups
Endpoint
Method
Route
/ioarules/queries/rule-groups/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL Syntax formatted string used to limit the results.
Available filters:
enabled
platform
name
description
rules.action_label
rules.name
rules.description
rules.pattern_severity
rules.ruletype_name
rules.enabled
Filter range criteria:
created_on
modified_on
You may use any common date format, such as 2010-05-15T14:55:21.892315096Z for date format fields.
limit
query
integer
Maximum number of records to return.
offset
query
integer
Starting index of overall result set from which to return ids.
q
query
string
Match query criteria which includes all the filter string fields.
sort
query
string
The property to sort by. (Ex: modified_on.desc)
Available sort fields:
created_by
created_on
modified_by
modified_on
enabled
name
description
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_rule_groups(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_rule_groupsMixin0(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("query_rule_groupsMixin0",
sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
query_rule_types
Get all rule type IDs.
PEP8 method name
query_rule_types
Endpoint
Method
Route
/ioarules/queries/rule-types/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
limit
query
integer
Maximum number of records to return.
offset
query
integer
Starting index of overall result set from which to return ids.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_rule_types(offset=integer, limit=integer)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_rule_types(offset=integer, limit=integer)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("query_rule_types", offset=integer, limit=integer)
print(response)
query_rulesMixin0
Finds all rule IDs matching the query with optional filter.
PEP8 method name
query_rules
Endpoint
Method
Route
/ioarules/queries/rules/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL Syntax formatted string used to limit the results.
Available filters:
enabled
platform
name
description
rules.action_label
rules.name
rules.description
rules.pattern_severity
rules.ruletype_name
rules.enabled
Filter range criteria:
created_on
modified_on
You may use any common date format, such as 2010-05-15T14:55:21.892315096Z for date format fields.
limit
query
integer
Maximum number of records to return.
offset
query
integer
Starting index of overall result set from which to return ids.
q
query
string
Match query criteria which includes all the filter string fields.
sort
query
string
The property to sort by. (Ex: rules.created_on.desc)
Available sort fields:
rules.ruletype_name
rules.enabled
rules.created_by
rules.current_version.name
rules.current_version.modified_by
rules.created_on
rules.current_version.description
rules.current_version.pattern_severity
rules.current_version.action_label
rules.current_version.modified_on
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_rules(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportCustomIOA# Do not hardcode API credentials!falcon=CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_rulesMixin0(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("query_rulesMixin0",
sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)