Using the Filevantage service collection

Uber class support Service class support Documentation Version Page Updated

Operation ID

Description

getActionsMixin0
PEP8	get_actions

Retrieves the processing results for one or more actions.

startActions
PEP8	start_actions

Initiates the specified action on the provided change IDs.

getContents
PEP8	get_contents

Retrieves the content captured for the provided change ID.

getChanges
PEP8	get_changes

Retrieve information on changes

updatePolicyHostGroups
PEP8	update_policy_host_groups

Manage host groups assigned to a policy.

updatePolicyPrecedence
PEP8	update_policy_precedence

Updates the policy precedence for all policies of a specific type.

updatePolicyRuleGroups
PEP8	update_policy_rule_groups

Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.

getPolicies
PEP8	get_policies

Retrieves the configuration for 1 or more policies.

createPolicies
PEP8	create_policy

Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.

deletePolicies
PEP8	delete_policies

Deletes 1 or more policies.

updatePolicies
PEP8	update_policies

Updates the general information of the provided policy.

getScheduledExclusions
PEP8	get_scheduled_exclusions

Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.

createScheduledExclusions
PEP8	create_scheduled_exclusions

Creates a new scheduled exclusion configuration for the provided policy id.

deleteScheduledExclusions
PEP8	delete_scheduled_exclusions

Deletes 1 or more scheduled exclusions from the provided policy id.

updateScheduledExclusions
PEP8	update_scheduled_exclusions

Updates the provided scheduled exclusion configuration within the provided policy.

updateRuleGroupPrecedence
PEP8	update_rule_group_precedence

Updates the rule precedence for all rules in the identified rule group.

getRules
PEP8	get_rules

Retrieves the configuration for 1 or more rules.

createRules
PEP8	create_rule

Creates a new rule configuration within the specified rule group.

deleteRules
PEP8	delete_rules

Deletes 1 or more rules from the specified rule group.

updateRules
PEP8	update_rule

Updates the provided rule configuration within the specified rule group.

getRuleGroups
PEP8	get_rule_groups

Retrieves the rule group details for 1 or more rule groups.

createRuleGroups
PEP8	create_rule_group

Creates a new rule group of the specified type.

deleteRuleGroups
PEP8	delete_rule_groups

Deletes 1 or more rule groups

updateRuleGroups
PEP8	update_rule_group

Updates the provided rule group.

signalChangesExternal
PEP8	signal_changes

Initiates a workflow for the provided change IDs.

queryActionsMixin0
PEP8	query_actions

Returns 1 or more action ids

queryChanges
PEP8	query_changes

Returns 1 or more change ids

highVolumeQueryChanges
PEP8	query_changes_scroll

Returns 1 or more change ids

queryPolicies
PEP8	query_policies

Retrieve the ids of all policies that are assigned the provided policy type.

queryScheduledExclusions
PEP8	query_scheduled_exclusions

Retrieve the ids of all scheduled exclusions contained within the provided policy id.

queryRuleGroups
PEP8	query_rule_groups

Retrieve the ids of all rule groups that are of the provided rule group type.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

getActionsMixin0

Retrieves the processing results for one or more actions

PEP8 method name

get_actions

Endpoint

Method	Route
	`/filevantage/entities/actions/v1`

Required Scope

falcon-file-vantage:read

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more change ids. The maximum number of ids that can be requested at once is `500`.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_actions(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getActionsMixin0(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getActionsMixin0", ids=id_list)
print(response)

startActions

Initiates the specified action on the provided change IDs.

PEP8 method name

start_actions

Endpoint

Method	Route
	`/filevantage/entities/actions/v1`

Required Scope

falcon-file-vantage:write

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	list of dictionaries	Full body payload in JSON format.
change_ids	body	string or list of strings	The IDs of the changes the operation will perform. Maximum of 100 IDs per action.
comment	body	string	Optional comment to describe reason for action.
operation	body	string	Operation to perform. Must be one of: `suppress` `unsuppress` `purge`

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

change_id_list = "ID1,ID2,ID3"  # Can also pass a list here ["ID1", "ID2", "ID3"]

response = falcon.start_actions(change_ids=change_id_list,
                                comment="string",
                                operation="string"
                                )
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

change_id_list = "ID1,ID2,ID3"  # Can also pass a list here ["ID1", "ID2", "ID3"]

response = falcon.startActions(change_ids=change_id_list,
                               comment="string",
                               operation="string"
                               )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

change_id_list = "ID1,ID2,ID3"  # Can also pass a list here ["ID1", "ID2", "ID3"]

body_payload = {
  "change_ids": change_id_list,
  "comment": "string",
  "operation": "string"
}

response = falcon.command("startActions", body=body_payload)

print(response)

getContents

Retrieves the content captured for the provided change ID.

PEP8 method name

get_contents

Endpoint

Method	Route
	`/filevantage/entities/change-content/v1`

Required Scope

falcon-file-vantage-content:read

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
compress	query	boolean	Compress the response using gzip. Defaults to False.
id	query	string	ID of the change.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.get_contents(compress=boolean, id="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.getContents(compress=boolean, id="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("getActionsMixin0", compress=boolean, ids="string")

print(response)

getChanges

Retrieve information on changes

PEP8 method name

get_changes

Endpoint

Method	Route
	`/filevantage/entities/changes/v2`

Required Scope

falcon-file-vantage:read

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more change ids. The maximum number of ids that can be requested at once is `500`.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_changes(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getChanges(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getChanges", ids=id_list)
print(response)

updatePolicyHostGroups

Manage host groups assigned to a policy.

PEP8 method name

update_policy_host_groups

Endpoint

Method	Route
	`/filevantage/entities/policies-host-groups/v1`

Required Scope

falcon-file-vantage:write

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
policy_id	query	string	The id of the policy for which to perform the action.
action	query	string	The action to perform with the provided ids, must be one of: `assign` or `unassign`.
ids	query	string or list of strings	One or more host group ids.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_policy_host_groups(policy_id="string", action="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updatePolicyHostGroups(policy_id="string", action="string", ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updatePolicyHostGroups",
                          policy_id="string",
                          action="string",
                          ids=id_list
                          )
print(response)

updatePolicyPrecedence

Updates the policy precedence for all policies of a specific type.

PEP8 method name

update_policy_precedence

Endpoint

Method	Route
	`/filevantage/entities/policies-precedence/v1`

Required Scope

falcon-file-vantage:write

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
ids	query	string or list of strings	Precedence of the policies for the provided type. Precedence is determined by element position within the provided list.
type	query	string	The policy type for which to set the precedence order, must be one of `Windows`, `Linux` or `Mac`.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_policy_precedence(type="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updatePolicyPrecedence(type="string", ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updatePolicyPrecedence", type="string", ids=id_list)
print(response)

updatePolicyRuleGroups

Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.

PEP8 method name

update_policy_rule_groups

Endpoint

Method	Route
	`/filevantage/entities/policies-rule-groups/v1`

Required Scope

falcon-file-vantage:write

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
policy_id	query	string	The id of the policy for which to perform the action.
action	query	string	The action to perform with the provided ids, must be one of: `assign`, `unassign`, or `precedence`.
ids	query	string or list of strings	One or more rule group ids. Note, for the precedence action, precedence is controlled by the order of the ids as they are specified in the request.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_policy_rule_groups(policy_id="string", action="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updatePolicyRuleGroups(policy_id="string", action="string", ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updatePolicyRuleGroups",
                          policy_id="string",
                          action="string",
                          ids=id_list
                          )
print(response)

getPolicies

Retrieves the configuration for 1 or more policies.

PEP8 method name

get_policies

Endpoint

Method	Route
	`/filevantage/entities/policies/v1`

Required Scope

falcon-file-vantage:read

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more (up to 500) policy IDs.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policies(ids=id_list)

print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getPolicies(ids=id_list)

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getPolicies", ids=id_list)

print(response)

createPolicies

Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.

PEP8 method name

create_policy

Endpoint

Method	Route
	`/filevantage/entities/policies/v1`

Required Scope

falcon-file-vantage:write

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	list of dictionaries	Full body payload in JSON format.
description	body	string	The policy description (Max: 500 characters)
name	body	string	Name of the policy (Max: 100 characters)
platform	body	string	Policy platform. Must be one of: `Windows` `Linux` `Mac`

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.create_policy(description="string",
                                name="string",
                                platform="string"
                                )
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.createPolicies(description="string",
                                 name="string",
                                 platform="string"
                                 )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "name": "string",
    "platform": "string"
}

response = falcon.command("createPolicies", body=body_payload)

print(response)

deletePolicies

Deletes 1 or more policies.

PEP8 method name

delete_policies

Endpoint

Method	Route
	`/filevantage/entities/policies/v1`

Required Scope

falcon-file-vantage:write

Content-Type

Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more (up to 500) policy IDs.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_policies(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deletePolicies(ids=id_list)

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deletePolicies", ids=id_list)

print(response)

updatePolicies

Updates the general information of the provided policy.

PEP8 method name

update_policies

Endpoint

Method	Route
	`/filevantage/entities/policies/v1`

Required Scope

falcon-file-vantage:write

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	list of dictionaries	Full body payload in JSON format.
description	body	string	The policy description (Max: 500 characters)
id	body	string	The ID of the policy to be updated
name	body	string	Name of the policy (Max: 100 characters)
enabled	body	boolean	Policy enablement status.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.update_policies(description="string",
                                  id="string",
                                  name="string",
                                  enabled=boolean
                                  )
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.updatePolicies(description="string",
                                 id="string",
                                 name="string",
                                 enabled=boolean
                                 )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "id": "string",
    "name": "string",
    "enabled": boolean
}

response = falcon.command("updatePolicies", body=body_payload)

print(response)

getScheduledExclusions

Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.

PEP8 method name

get_scheduled_exclusions

Endpoint

Method	Route
	`/filevantage/entities/policy-scheduled-exclusions/v1`

Required Scope

falcon-file-vantage:read

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
policy_id	query	string	The id of the policy to retrieve the scheduled exclusion configurations.
ids	query	string or list of strings	One or more (up to 500) scheduled exclusion IDs.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_scheduled_exclusions(policy_id="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getScheduledExclusions(policy_id="string", ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getScheduledExclusions", policy_id="string", ids=id_list)
print(response)

createScheduledExclusions

Creates a new scheduled exclusion configuration for the provided policy id.

PEP8 method name

create_scheduled_exclusions

Endpoint

Method	Route
	`/filevantage/entities/policy-scheduled-exclusions/v1`

Required Scope

falcon-file-vantage:write

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	list of dictionaries	Full body payload in JSON format.
description	body	string	The scheduled exclusion description (Max: 500 characters)
name	body	string	Name of the scheduled exclusion (Max: 100 characters)
policy_id	body	string	ID of the policy the schedule exclusion is assigned.
users	body	string	Comma-delimited list of users to not monitor changes. (Max: 500 characters). Example: `admin` excludes changes made by all usernames that begin with admin. Supports Falcon GLOB syntax*
processes	body	string	Comma-delimited list of processes to not monitor changes. (Max: 500 characters). Example: `\RunMe.exe` or `/RunMe.sh` excludes changes made by RunMe.exe or RunMe.sh in any location.
schedule_start	body	string	Indicates the start of the schedule. (RFC3339 format)
schedule_end	body	string	Indicates the end of the schedule. (RFC3339 format)

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.create_scheduled_exclusions(description="string",
                                              name="string",
                                              policy_id="string",
                                              users="string",
                                              processes="string",
                                              schedule_start="string",
                                              schedule_end="string"
                                              )
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.createScheduledExclusions(description="string",
                                            name="string",
                                            policy_id="string",
                                            users="string",
                                            processes="string",
                                            schedule_start="string",
                                            schedule_end="string"
                                            )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
body_payload = {
    "description": "string",
    "name": "string",
    "policy_id": "string",
    "processes": "string",
    "schedule_end": "string",
    "schedule_start": "string",
    "users": "string"
}

response = falcon.command("createScheduledExclusions", body=body_payload)

print(response)

deleteScheduledExclusions

Deletes 1 or more scheduled exclusions from the provided policy id.

PEP8 method name

delete_scheduled_exclusions

Endpoint

Method	Route
	`/filevantage/entities/policy-scheduled-exclusions/v1`

Required Scope

falcon-file-vantage:write

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
policy_id	query	string	ID of the policy to delete the scheduled exclusions from.
ids	query	string or list of strings	One or more (up to 500) scheduled exclusion IDs.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_scheduled_exclusions(policy_id="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteScheduledExclusions(policy_id="string", ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteScheduledExclusions", policy_id="string", ids=id_list)
print(response)

updateScheduledExclusions

Updates the provided scheduled exclusion configuration within the provided policy.

PEP8 method name

update_scheduled_exclusions

Endpoint

Method	Route
	`/filevantage/entities/policy-scheduled-exclusions/v1`

Required Scope

falcon-file-vantage:write

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	list of dictionaries	Full body payload in JSON format.
description	body	string	The scheduled exclusion description (Max: 500 characters)
id	body	string	ID of the scheduled exclusion to update.
name	body	string	Name of the scheduled exclusion (Max: 100 characters)
policy_id	body	string	ID of the policy the schedule exclusion is assigned.
users	body	string	Comma-delimited list of users to not monitor changes. (Max: 500 characters). Example: `admin` excludes changes made by all usernames that begin with admin. Supports Falcon GLOB syntax*
processes	body	string	Comma-delimited list of processes to not monitor changes. (Max: 500 characters). Example: `\RunMe.exe` or `/RunMe.sh` excludes changes made by RunMe.exe or RunMe.sh in any location.
schedule_start	body	string	Indicates the start of the schedule. (RFC3339 format)
schedule_end	body	string	Indicates the end of the schedule. (RFC3339 format)
parameters	query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.update_scheduled_exclusions(description="string",
                                              name="string",
                                              id="string",
                                              policy_id="string",
                                              users="string",
                                              processes="string",
                                              schedule_start="string",
                                              schedule_end="string"
                                              )
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.updateScheduledExclusions(description="string",
                                            name="string",
                                            id="string",
                                            policy_id="string",
                                            users="string",
                                            processes="string",
                                            schedule_start="string",
                                            schedule_end="string"
                                            )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "id": "string",
    "name": "string",
    "policy_id": "string",
    "processes": "string",
    "schedule_end": "string",
    "schedule_start": "string",
    "users": "string"
}

response = falcon.command("updateScheduledExclusions", body=body_payload)

print(response)

updateRuleGroupPrecedence

Updates the rule precedence for all rules in the identified rule group.

PEP8 method name

update_rule_group_precedence

Endpoint

Method	Route
	`/filevantage/entities/rule-groups-rule-precedence/v1`

Required Scope

falcon-file-vantage:write

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
rule_group_id	query	string	Rule group from which to set the precedence.
ids	query	string or list of strings	One or more (up to 500) rule group IDs.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_rule_group_precedence(rule_group_id="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updateRuleGroupPrecedence(rule_group_id="string", ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updateRuleGroupPrecedence", rule_group_id="string", ids=id_list)
print(response)

getRules

Retrieves the configuration for 1 or more rules.

PEP8 method name

get_rules

Endpoint

Method	Route
	`/filevantage/entities/rule-groups-rules/v1`

Required Scope

falcon-file-vantage:read

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
rule_group_id	query	string	Rule group from which to retrieve the rule configuration.
ids	query	string or list of strings	One or more (up to 500) rule IDs.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_rules(rule_group_id="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getRules(rule_group_id="string", ids=id_list)
print(response)

Filevantage - CrowdStrike/falconpy GitHub Wiki

Using the Filevantage service collection

Table of Contents

Passing credentials

getActionsMixin0

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

startActions

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

getContents

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

getChanges

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

updatePolicyHostGroups

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

updatePolicyPrecedence

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

updatePolicyRuleGroups

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

getPolicies

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments