Firewall Policies - CrowdStrike/falconpy GitHub Wiki

CrowdStrike Falcon CrowdStrike Subreddit

Using the Firewall Policies service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
queryCombinedFirewallPolicyMembers
PEP 8 query_combined_policy_members
Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
queryCombinedFirewallPolicies
PEP 8 query_combined_policies
Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policies which match the filter criteria
performFirewallPoliciesAction
PEP 8 perform_policies_action
Perform the specified action on the Firewall Policies specified in the request
setFirewallPoliciesPrecedence
PEP 8 set_policies_precedence
Sets the precedence of Firewall Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
getFirewallPolicies
PEP 8 get_policies
Retrieve a set of Firewall Policies by specifying their IDs
createFirewallPolicies
PEP 8 create_policies
Create Firewall Policies by specifying details about the policy to create
deleteFirewallPolicies
PEP 8 delete_policies
Delete a set of Firewall Policies by specifying their IDs
updateFirewallPolicies
PEP 8 update_policies
Update Firewall Policies by specifying the ID of the policy and details to update
queryFirewallPolicyMembers
PEP 8 query_policy_members
Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
queryFirewallPolicies
PEP 8 query_policies
Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policy IDs which match the filter criteria

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

queryCombinedFirewallPolicyMembers

Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria

PEP8 method name

query_combined_policy_members

Endpoint

Method Route
GET /policy/combined/firewall-members/v1

Required Scope

firewall-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string FQL Syntax formatted string used to limit the results.
id
Service Class Support

Uber Class Support
query integer The ID of the Firewall Policy to search for members of.
limit
Service Class Support

Uber Class Support
query integer Maximum number of records to return.

(Max: 5000)
offset
Service Class Support

Uber Class Support
query integer Starting index of overall result set from which to return ids.
sort
Service Class Support

Uber Class Support
query string The property to sort by. (Ex: modified_timestamp.desc)
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.query_combined_policy_members(id="string",
                                                filter="string",
                                                offset=integer,
                                                limit=integer,
                                                sort="string"
                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.queryCombinedFirewallPolicyMembers(id="string",
                                                     filter="string",
                                                     offset=integer,
                                                     limit=integer,
                                                     sort="string"
                                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedFirewallPolicyMembers",
                          id="string",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

queryCombinedFirewallPolicies

Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policies which match the filter criteria

PEP8 method name

query_combined_policies

Endpoint

Method Route
GET /policy/combined/firewall/v1

Required Scope

firewall-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string FQL Syntax formatted string used to limit the results.
limit
Service Class Support

Uber Class Support
query integer Maximum number of records to return.

(Max: 5000)
offset
Service Class Support

Uber Class Support
query integer Starting index of overall result set from which to return ids.
sort
Service Class Support

Uber Class Support
query string The property to sort by. (Ex: modified_timestamp.desc)
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.query_combined_policies(filter="string",
                                          offset=integer,
                                          limit=integer,
                                          sort="string"
                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.queryCombinedFirewallPolicies(filter="string",
                                                offset=integer,
                                                limit=integer,
                                                sort="string"
                                                )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedFirewallPolicies",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

performFirewallPoliciesAction

Perform the specified action on the Firewall Policies specified in the request

PEP8 method name

perform_policies_action

Endpoint

Method Route
POST /policy/entities/firewall-actions/v1

firewall-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
action_name
Service Class Support

Uber Class Support
query string The action to perform. Allowed values:
  • add-host-group
  • disable
  • enable
  • remove-host-group
action_parameters
Service Class Support

Uber Class Support
body list of dictionaries List of name / value pairs in JSON format.
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
group_id
Service Class Support

Uber Class Support
body
action_parameters
string Host Group ID to apply the policy to. String. Overridden if action_parameters is specified.
ids
Service Class Support

Uber Class Support
body string or list of strings Response Policy ID(s) to perform actions against.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.perform_policies_action(action_name="string",
                                          group_id="HOST_GROUP_ID",
                                          ids="ID_TO_UPDATE"
                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

# Can also be provided using the keyword `group_id`
act_params = [{
    "name": "group_id",
    "value": "HOST_GROUP_ID"
}]

response = falcon.performFirewallPoliciesAction(action_name="string",
                                                action_parameters=act_params,
                                                ids="ID_TO_UPDATE"
                                                )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "action_name": "string"     # Can also pass this using the keyword 'action_name'
}

act_params = [{
    "name": "group_id",
    "value": "HOST_GROUP_ID"
}]

# You can only update one ID at a time
BODY = {
    "action_parameters": act_params,
    "ids": ["ID_TO_UPDATE"]
}

response = falcon.command("performFirewallPoliciesAction", parameters=PARAMS, body=BODY)
print(response)

setFirewallPoliciesPrecedence

Sets the precedence of Firewall Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence

PEP8 method name

set_policies_precedence

Endpoint

Method Route
POST /policy/entities/firewall-precedence/v1

firewall-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
ids
Service Class Support

Uber Class Support
body string or list of strings Firewall Policy ID(s) to adjust precedence.
platform_name
Service Class Support

Uber Class Support
body string OS platform name. (Linux, Mac, Windows)

Usage

Service class example (PEP8 syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.set_policies_precedence(ids=id_list, platform_name="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.setFirewallPoliciesPrecedence(ids=id_list, platform_name="string")
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = ['ID1', 'ID2', 'ID3']

BODY = {
    "ids": id_list,
    "platform_name": "string"
}

response = falcon.command("setFirewallPoliciesPrecedence", body=BODY)
print(response)

getFirewallPolicies

Retrieve a set of Firewall Policies by specifying their IDs

PEP8 method name

get_policies

Endpoint

Method Route
GET /policy/entities/firewall/v1

Required Scope

firewall-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings The ID(s) of the Firewall Policies to return.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getFirewallPolicies(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getFirewallPolicies", ids=id_list)
print(response)

createFirewallPolicies

Create Firewall Policies by specifying details about the policy to create

PEP8 method name

create_policies

Endpoint

Method Route
POST /policy/entities/firewall/v1

firewall-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
description
Service Class Support

Uber Class Support
body string Firewall Policy description.
clone_id
Service Class Support

Uber Class Support
body string Firewall Policy ID to clone.
name
Service Class Support

Uber Class Support
body string Firewall Policy name.
platform_name
Service Class Support

Uber Class Support
body string Firewall Policy platform.

Usage

Service class example (PEP8 syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.create_policies(clone_id="string",
                                  description="string",
                                  name="string",
                                  platform_name="string"
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.createFirewallPolicies(clone_id="string",
                                         description="string",
                                         name="string",
                                         platform_name="string"
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "clone_id": "string",
            "description": "string",
            "name": "string",
            "platform_name": "Windows",
        }
    ]
}

response = falcon.command("createFirewallPolicies", body=BODY)
print(response)

deleteFirewallPolicies

Delete a set of Firewall Policies by specifying their IDs

PEP8 method name

delete_policies

Endpoint

Method Route
DELETE /policy/entities/firewall/v1

firewall-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings The ID(s) of the Firewall Policies to delete.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteFirewallPolicies(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteFirewallPolicies", ids=id_list)
print(response)

updateFirewallPolicies

Update Firewall Policies by specifying the ID of the policy and details to update

PEP8 method name

update_policies

Endpoint

Method Route
PATCH /policy/entities/firewall/v1

firewall-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
description
Service Class Support

Uber Class Support
body string Firewall Policy description.
id
Service Class Support

Uber Class Support
body string Firewall Policy ID to update.
name
Service Class Support

Uber Class Support
body string Firewall Policy name.
platform_name
Service Class Support

Uber Class Support
body string Firewall Policy platform.

Usage

Service class example (PEP8 syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.update_policies(description="string",
                                  id="string",
                                  name="string",
                                  platform_name="string"
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.updateFirewallPolicies(description="string",
                                         id="string",
                                         name="string",
                                         platform_name="string"
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "id": "string",
            "description": "string",
            "name": "string",
            "platform_name": "Windows"
        }
    ]
}

response = falcon.command("updateFirewallPolicies", body=BODY)
print(response)

queryFirewallPolicyMembers

Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria

PEP8 method name

query_policy_members

Endpoint

Method Route
GET /policy/queries/firewall-members/v1

Required Scope

firewall-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string FQL Syntax formatted string used to limit the results.
id
Service Class Support

Uber Class Support
query integer The ID of the Firewall Policy to search for members of.
limit
Service Class Support

Uber Class Support
query integer Maximum number of records to return.

(Max: 5000)
offset
Service Class Support

Uber Class Support
query integer Starting index of overall result set from which to return ids.
sort
Service Class Support

Uber Class Support
query string The property to sort by. (Ex: modified_timestamp.desc)
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.query_policy_members(id="string",
                                       filter="string",
                                       offset=integer,
                                       limit=integer,
                                       sort="string"
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.queryFirewallPolicyMembers(id="string",
                                             filter="string",
                                             offset=integer,
                                             limit=integer,
                                             sort="string"
                                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryFirewallPolicyMembers",
                          id="string",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

queryFirewallPolicies

Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policy IDs which match the filter criteria

PEP8 method name

query_policies

Endpoint

Method Route
GET /policy/queries/firewall/v1

Required Scope

firewall-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string FQL Syntax formatted string used to limit the results.
limit
Service Class Support

Uber Class Support
query integer Maximum number of records to return.

(Max: 5000)
offset
Service Class Support

Uber Class Support
query integer Starting index of overall result set from which to return ids.
sort
Service Class Support

Uber Class Support
query string The property to sort by. (Ex: modified_timestamp.desc)
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.query_policies(filter="string",
                                 offset=integer,
                                 limit=integer,
                                 sort="string"
                                 )
print(response)
Service class example (Operation ID syntax)
from falconpy import FirewallPolicies

# Do not hardcode API credentials!
falcon = FirewallPolicies(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.queryFirewallPolicies(filter="string",
                                        offset=integer,
                                        limit=integer,
                                        sort="string"
                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryFirewallPolicies",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)
⚠️ **GitHub.com Fallback** ⚠️