Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policies which match the filter criteria
Sets the precedence of Firewall Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policy IDs which match the filter criteria
Passing credentials
WARNING
client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
queryCombinedFirewallPolicyMembers
Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
PEP8 method name
query_combined_policy_members
Endpoint
Method
Route
/policy/combined/firewall-members/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL Syntax formatted string used to limit the results.
id
query
integer
The ID of the Firewall Policy to search for members of.
limit
query
integer
Maximum number of records to return.
(Max: 5000)
offset
query
integer
Starting index of overall result set from which to return ids.
sort
query
string
The property to sort by. (Ex: modified_timestamp.desc)
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_combined_policy_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.queryCombinedFirewallPolicyMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("queryCombinedFirewallPolicyMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
queryCombinedFirewallPolicies
Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policies which match the filter criteria
PEP8 method name
query_combined_policies
Endpoint
Method
Route
/policy/combined/firewall/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL Syntax formatted string used to limit the results.
limit
query
integer
Maximum number of records to return.
(Max: 5000)
offset
query
integer
Starting index of overall result set from which to return ids.
sort
query
string
The property to sort by. (Ex: modified_timestamp.desc)
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_combined_policies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.queryCombinedFirewallPolicies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("queryCombinedFirewallPolicies",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
performFirewallPoliciesAction
Perform the specified action on the Firewall Policies specified in the request
PEP8 method name
perform_policies_action
Endpoint
Method
Route
/policy/entities/firewall-actions/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
action_name
query
string
The action to perform. Allowed values:
add-host-group
disable
enable
remove-host-group
action_parameters
body
list of dictionaries
List of name / value pairs in JSON format.
body
body
dictionary
Full body payload in JSON format.
group_id
body action_parameters
string
Host Group ID to apply the policy to. String. Overridden if action_parameters is specified.
ids
body
string or list of strings
Response Policy ID(s) to perform actions against.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.perform_policies_action(action_name="string",
group_id="HOST_GROUP_ID",
ids="ID_TO_UPDATE"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Can also be provided using the keyword `group_id`act_params= [{
"name": "group_id",
"value": "HOST_GROUP_ID"
}]
response=falcon.performFirewallPoliciesAction(action_name="string",
action_parameters=act_params,
ids="ID_TO_UPDATE"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS= {
"action_name": "string"# Can also pass this using the keyword 'action_name'
}
act_params= [{
"name": "group_id",
"value": "HOST_GROUP_ID"
}]
# You can only update one ID at a timeBODY= {
"action_parameters": act_params,
"ids": ["ID_TO_UPDATE"]
}
response=falcon.command("performFirewallPoliciesAction", parameters=PARAMS, body=BODY)
print(response)
setFirewallPoliciesPrecedence
Sets the precedence of Firewall Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
PEP8 method name
set_policies_precedence
Endpoint
Method
Route
/policy/entities/firewall-precedence/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
ids
body
string or list of strings
Firewall Policy ID(s) to adjust precedence.
platform_name
body
string
OS platform name. (Linux, Mac, Windows)
Usage
Service class example (PEP8 syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.set_policies_precedence(ids=id_list, platform_name="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.setFirewallPoliciesPrecedence(ids=id_list, platform_name="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list= ['ID1', 'ID2', 'ID3']
BODY= {
"ids": id_list,
"platform_name": "string"
}
response=falcon.command("setFirewallPoliciesPrecedence", body=BODY)
print(response)
getFirewallPolicies
Retrieve a set of Firewall Policies by specifying their IDs
PEP8 method name
get_policies
Endpoint
Method
Route
/policy/entities/firewall/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The ID(s) of the Firewall Policies to return.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.getFirewallPolicies(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("getFirewallPolicies", ids=id_list)
print(response)
createFirewallPolicies
Create Firewall Policies by specifying details about the policy to create
PEP8 method name
create_policies
Endpoint
Method
Route
/policy/entities/firewall/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
description
body
string
Firewall Policy description.
clone_id
body
string
Firewall Policy ID to clone.
name
body
string
Firewall Policy name.
platform_name
body
string
Firewall Policy platform.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.create_policies(clone_id="string",
description="string",
name="string",
platform_name="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.createFirewallPolicies(clone_id="string",
description="string",
name="string",
platform_name="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY= {
"resources": [
{
"clone_id": "string",
"description": "string",
"name": "string",
"platform_name": "Windows",
}
]
}
response=falcon.command("createFirewallPolicies", body=BODY)
print(response)
deleteFirewallPolicies
Delete a set of Firewall Policies by specifying their IDs
PEP8 method name
delete_policies
Endpoint
Method
Route
/policy/entities/firewall/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The ID(s) of the Firewall Policies to delete.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.deleteFirewallPolicies(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("deleteFirewallPolicies", ids=id_list)
print(response)
updateFirewallPolicies
Update Firewall Policies by specifying the ID of the policy and details to update
PEP8 method name
update_policies
Endpoint
Method
Route
/policy/entities/firewall/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
description
body
string
Firewall Policy description.
id
body
string
Firewall Policy ID to update.
name
body
string
Firewall Policy name.
platform_name
body
string
Firewall Policy platform.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.update_policies(description="string",
id="string",
name="string",
platform_name="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.updateFirewallPolicies(description="string",
id="string",
name="string",
platform_name="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY= {
"resources": [
{
"id": "string",
"description": "string",
"name": "string",
"platform_name": "Windows"
}
]
}
response=falcon.command("updateFirewallPolicies", body=BODY)
print(response)
queryFirewallPolicyMembers
Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
PEP8 method name
query_policy_members
Endpoint
Method
Route
/policy/queries/firewall-members/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL Syntax formatted string used to limit the results.
id
query
integer
The ID of the Firewall Policy to search for members of.
limit
query
integer
Maximum number of records to return.
(Max: 5000)
offset
query
integer
Starting index of overall result set from which to return ids.
sort
query
string
The property to sort by. (Ex: modified_timestamp.desc)
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_policy_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.queryFirewallPolicyMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("queryFirewallPolicyMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
queryFirewallPolicies
Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policy IDs which match the filter criteria
PEP8 method name
query_policies
Endpoint
Method
Route
/policy/queries/firewall/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL Syntax formatted string used to limit the results.
limit
query
integer
Maximum number of records to return.
(Max: 5000)
offset
query
integer
Starting index of overall result set from which to return ids.
sort
query
string
The property to sort by. (Ex: modified_timestamp.desc)
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_policies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportFirewallPolicies# Do not hardcode API credentials!falcon=FirewallPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.queryFirewallPolicies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("queryFirewallPolicies",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)