IOA Exclusions - CrowdStrike/falconpy GitHub Wiki
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Get a set of IOA Exclusions by specifying their IDs. | ||||
|
Create the IOA exclusions. | ||||
|
Delete the IOA exclusions by ID. | ||||
|
Update the IOA exclusions. | ||||
|
Search for IOA exclusions. | ||||
|
Get Self Service IOA Exclusion aggregates as specified via json in the request body. | ||||
|
Create a report of Self Service IOA Exclusions scoped by the given filters. | ||||
|
Get the Self Service IOA Exclusions rules by id. | ||||
|
Create new Self Service IOA Exclusions. | ||||
|
Update the Self Service IOA Exclusions rule by id. | ||||
|
Delete the Self Service IOA Exclusions rule by id. | ||||
|
Get Self Service IOA Exclusions rules for matched IFN/CLI for child, parent and grandparent. | ||||
|
Get defaults for Self Service IOA Exclusions based on provided IFN/CLI for child, parent and grandparent. | ||||
|
Search for Self Service IOA Exclusions. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Get a set of IOA Exclusions by specifying their IDs
get_exclusions
| Method | Route |
|---|---|
 |
/policy/entities/ioa-exclusions/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
 |
|
query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_exclusions(ids=id_list)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getIOAExclusionsV1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getIOAExclusionsV1", ids=id_list)
print(response)Back to Table of Contents
Create the IOA exclusions
create_exclusions
| Method | Route |
|---|---|
 |
/policy/entities/ioa-exclusions/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
 |
body | dictionary | Full body payload in JSON format. |
| cl_regex |
|
 |
body | string | Command line regular expression. |
| comment |
|
|
body | string | String comment describing why the exclusions was created. |
| description |
|
|
body | string | Exclusion description. |
| detection_json |
|
|
body | string | JSON formatted detection template. |
| groups |
|
|
body | list of strings | Group ID(s) impacted by the exclusion. |
| ifn_regex |
|
|
body | string | Indicator file name regular expression. |
| name |
|
|
body | string | Name of the exclusion. |
| pattern_id |
|
|
body | string | ID of the pattern to use for the exclusion. |
| pattern_name |
|
|
body | string | Name of the pattern to use for the exclusion. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.create_exclusions(cl_regex="string",
comment="string",
description="string",
detection_json="string",
groups=group_list,
ifn_regex="string",
name="string",
pattern_id="string",
pattern_name="string"
)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.createIOAExclusionsV1(cl_regex="string",
comment="string",
description="string",
detection_json="string",
groups=group_list,
ifn_regex="string",
name="string",
pattern_id="string",
pattern_name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
BODY = {
"cl_regex": "string",
"comment": "string",
"description": "string",
"detection_json": "string",
"groups": group_list,
"ifn_regex": "string",
"name": "string",
"pattern_id": "string",
"pattern_name": "string"
}
response = falcon.command("createIOAExclusionsV1", body=BODY)
print(response)Back to Table of Contents
Delete the IOA exclusions by id
delete_exclusions
| Method | Route |
|---|---|
 |
/policy/entities/ioa-exclusions/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comment |
|
|
query | string | Explains why this exclusion was deleted. |
| ids |
|
|
query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_exclusions(comment="string", ids=id_list)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteIOAExclusionsV1(comment="string", ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteIOAExclusionsV1", comment="string", ids=id_list)
print(response)Back to Table of Contents
Update the IOA exclusions
update_exclusions
| Method | Route |
|---|---|
 |
/policy/entities/ioa-exclusions/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| cl_regex |
|
|
body | string | Command line regular expression. |
| comment |
|
|
body | string | String comment describing why the exclusions was created. |
| description |
|
|
body | string | Exclusion description. |
| detection_json |
|
|
body | string | JSON formatted detection template. |
| groups |
|
|
body | list of strings | Group ID(s) impacted by the exclusion. |
| id |
|
|
body | string | ID of the exclusion to update. |
| ifn_regex |
|
|
body | string | Indicator file name regular expression. |
| name |
|
|
body | string | Name of the exclusion. |
| pattern_id |
|
|
body | string | ID of the pattern to use for the exclusion. |
| pattern_name |
|
|
body | string | Name of the pattern to use for the exclusion. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.update_exclusions(cl_regex="string",
comment="string",
description="string",
detection_json="string",
groups=group_list,
id="string",
ifn_regex="string",
name="string",
pattern_id="string",
pattern_name="string"
)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.updateIOAExclusionsV1(cl_regex="string",
comment="string",
description="string",
detection_json="string",
groups=group_list,
id="string",
ifn_regex="string",
name="string",
pattern_id="string",
pattern_name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
BODY = {
"cl_regex": "string",
"comment": "string",
"description": "string",
"detection_json": "string",
"groups": group_list,
"id": "string",
"ifn_regex": "string",
"name": "string",
"pattern_id": "string",
"pattern_name": "string"
}
response = falcon.command("updateIOAExclusionsV1", body=BODY)
print(response)Back to Table of Contents
Search for IOA exclusions.
query_exclusions
| Method | Route |
|---|---|
|
/policy/queries/ioa-exclusions/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cl_regex |
|
|
query | string | Command line regular expression. |
| filter |
|
|
query | string | The filter expression that should be used to limit the results. FQL syntax. Available filters:
|
| ifn_regex |
|
|
query | string | Indicator file name regular expression. |
| limit |
|
|
query | integer | The maximum number of records to return. [1-500] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | The property to sort by. FQL syntax. (e.g. last_behavior.asc) Available sort fields:
|
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_exclusions(cl_regex="string",
filter="string",
offset=integer,
ifn_regex="string",
limit=integer,
sort="string"
)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryIOAExclusionsV1(cl_regex="string",
filter="string",
offset=integer,
ifn_regex="string",
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryIOAExclusionsV1",
cl_regex="string",
filter="string",
offset=integer,
ifn_regex="string",
limit=integer,
sort="string"
)
print(response)Back to Table of Contents
Get Self Service IOA Exclusion aggregates as specified via json in the request body.
get_ss_exclusion_aggregates
| Method | Route |
|---|---|
|
/exclusions/aggregates/ss-ioa-exclusions/GET/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| cl_regex |
|
|
query | string | The cl_regex expression to filter exclusion aggregations by. |
| date_ranges |
|
|
body | list of dictionaries | Date range specifications. |
| exclude |
|
|
body | string | Exclusion string. |
| extended_bounds |
|
|
body | dictionary | Extended bounds specification. |
| field |
|
|
body | string | Field to aggregate on. |
| filter |
|
|
body | string | FQL filter expression. |
| filters_spec |
|
|
body | dictionary | Filter specification. |
| from |
|
|
body | integer | Starting position. |
| grandparent_cl_regex |
|
|
query | string | The grandparent_cl_regex expression to filter exclusion aggregations by. |
| grandparent_ifn_regex |
|
|
query | string | The grandparent_ifn_regex expression to filter exclusion aggregations by. |
| ifn_regex |
|
|
query | string | The ifn_regex expression to filter exclusion aggregations by. |
| include |
|
|
body | string | Include string. |
| interval |
|
|
body | string | Time interval for date histogram aggregations. |
| max_doc_count |
|
|
body | integer | Maximum document count. |
| min_doc_count |
|
|
body | integer | Minimum document count. |
| missing |
|
|
body | string | Missing value. |
| name |
|
|
body | string | Aggregation name. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| parent_cl_regex |
|
|
query | string | The parent_cl_regex expression to filter exclusion aggregations by. |
| parent_ifn_regex |
|
|
query | string | The parent_ifn_regex expression to filter exclusion aggregations by. |
| percents |
|
|
body | list of integers | Percentile values. |
| q |
|
|
body | string | FQL syntax query. |
| ranges |
|
|
body | list of dictionaries | Range specifications. |
| size |
|
|
body | integer | Maximum number of results to return. |
| sort |
|
|
body | string | Sort expression. |
| sub_aggregates |
|
|
body | list | Sub-aggregation specifications. |
| time_zone |
|
|
body | string | Time zone for date aggregations. |
| type |
|
|
body | string | Aggregation type. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_ss_exclusion_aggregates(field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string",
ifn_regex="string",
cl_regex="string",
parent_ifn_regex="string",
parent_cl_regex="string",
grandparent_ifn_regex="string",
grandparent_cl_regex="string"
)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ss_ioa_exclusions_aggregates_v2(field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string",
ifn_regex="string",
cl_regex="string",
parent_ifn_regex="string",
parent_cl_regex="string",
grandparent_ifn_regex="string",
grandparent_cl_regex="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"field": "string",
"filter": "string",
"name": "string",
"size": integer,
"sort": "string",
"type": "string"
}
response = falcon.command("ss_ioa_exclusions_aggregates_v2",
ifn_regex="string",
cl_regex="string",
parent_ifn_regex="string",
parent_cl_regex="string",
grandparent_ifn_regex="string",
grandparent_cl_regex="string",
body=BODY
)
print(response)Back to Table of Contents
Create a report of Self Service IOA Exclusions scoped by the given filters.
get_ss_exclusion_reports_v2
| Method | Route |
|---|---|
|
/exclusions/entities/ss-ioa-exclusions/reports/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| report_format |
|
|
body | string | Report format. |
| search |
|
|
body | dictionary | Search filter and sort specification. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
search = {
"filter": "string",
"sort": "string"
}
response = falcon.get_ss_exclusion_reports_v2(report_format="string",
search=search
)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
search = {
"filter": "string",
"sort": "string"
}
response = falcon.ss_ioa_exclusions_get_reports_v2(report_format="string",
search=search
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"report_format": "string",
"search": {
"filter": "string",
"sort": "string"
}
}
response = falcon.command("ss_ioa_exclusions_get_reports_v2", body=BODY)
print(response)Back to Table of Contents
Get the Self Service IOA Exclusions rules by id.
get_ss_exclusion_rules_v2
| Method | Route |
|---|---|
|
/exclusions/entities/ss-ioa-exclusions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_ss_exclusion_rules_v2(ids=id_list)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ss_ioa_exclusions_get_v2(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ss_ioa_exclusions_get_v2", ids=id_list)
print(response)Back to Table of Contents
Create new Self Service IOA Exclusions.
create_ss_exclusions
| Method | Route |
|---|---|
|
/exclusions/entities/ss-ioa-exclusions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| exclusions |
|
|
body | list of dictionaries | List of exclusion definitions. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
exclusions = [
{
"cl_regex": "string",
"comment": "string",
"description": "string",
"detection_json": "string",
"grandparent_cl_regex": "string",
"grandparent_ifn_regex": "string",
"host_groups": ["string"],
"ifn_regex": "string",
"name": "string",
"parent_cl_regex": "string",
"parent_ifn_regex": "string",
"pattern_id": "string",
"pattern_name": "string"
}
]
response = falcon.create_ss_exclusions(exclusions=exclusions)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
exclusions = [
{
"cl_regex": "string",
"comment": "string",
"description": "string",
"detection_json": "string",
"grandparent_cl_regex": "string",
"grandparent_ifn_regex": "string",
"host_groups": ["string"],
"ifn_regex": "string",
"name": "string",
"parent_cl_regex": "string",
"parent_ifn_regex": "string",
"pattern_id": "string",
"pattern_name": "string"
}
]
response = falcon.ss_ioa_exclusions_create_v2(exclusions=exclusions)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"exclusions": [
{
"cl_regex": "string",
"comment": "string",
"description": "string",
"detection_json": "string",
"grandparent_cl_regex": "string",
"grandparent_ifn_regex": "string",
"host_groups": ["string"],
"ifn_regex": "string",
"name": "string",
"parent_cl_regex": "string",
"parent_ifn_regex": "string",
"pattern_id": "string",
"pattern_name": "string"
}
]
}
response = falcon.command("ss_ioa_exclusions_create_v2", body=BODY)
print(response)Back to Table of Contents
Update the Self Service IOA Exclusions rule by id.
update_ss_exclusions
| Method | Route |
|---|---|
|
/exclusions/entities/ss-ioa-exclusions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| exclusions |
|
|
body | list of dictionaries | List of exclusion definitions. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
exclusions = [
{
"cl_regex": "string",
"comment": "string",
"description": "string",
"detection_json": "string",
"grandparent_cl_regex": "string",
"grandparent_ifn_regex": "string",
"host_groups": ["string"],
"id": "string",
"ifn_regex": "string",
"name": "string",
"parent_cl_regex": "string",
"parent_ifn_regex": "string",
"pattern_id": "string",
"pattern_name": "string"
}
]
response = falcon.update_ss_exclusions(exclusions=exclusions)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
exclusions = [
{
"cl_regex": "string",
"comment": "string",
"description": "string",
"detection_json": "string",
"grandparent_cl_regex": "string",
"grandparent_ifn_regex": "string",
"host_groups": ["string"],
"id": "string",
"ifn_regex": "string",
"name": "string",
"parent_cl_regex": "string",
"parent_ifn_regex": "string",
"pattern_id": "string",
"pattern_name": "string"
}
]
response = falcon.ss_ioa_exclusions_update_v2(exclusions=exclusions)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"exclusions": [
{
"cl_regex": "string",
"comment": "string",
"description": "string",
"detection_json": "string",
"grandparent_cl_regex": "string",
"grandparent_ifn_regex": "string",
"host_groups": ["string"],
"id": "string",
"ifn_regex": "string",
"name": "string",
"parent_cl_regex": "string",
"parent_ifn_regex": "string",
"pattern_id": "string",
"pattern_name": "string"
}
]
}
response = falcon.command("ss_ioa_exclusions_update_v2", body=BODY)
print(response)Back to Table of Contents
Delete the Self Service IOA Exclusions rule by id.
delete_ss_exclusions
| Method | Route |
|---|---|
|
/exclusions/entities/ss-ioa-exclusions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comment |
|
|
query | string | The comment why these ss ioa exclusions were deleted. |
| ids |
|
|
query | string or list of strings | The IDs of the exclusions to delete. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_ss_exclusions(comment="string", ids=id_list)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ss_ioa_exclusions_delete_v2(comment="string", ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ss_ioa_exclusions_delete_v2", comment="string", ids=id_list)
print(response)Back to Table of Contents
Get Self Service IOA Exclusions rules for matched IFN/CLI for child, parent and grandparent.
get_ss_exclusion_matched_rules
| Method | Route |
|---|---|
|
/exclusions/entities/ss-ioa-matched-rules/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| aid |
|
|
body | string | Agent ID. |
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| command_line |
|
|
body | string | Command line. |
| grandparent_command_line |
|
|
body | string | Grandparent command line. |
| grandparent_image_file_name |
|
|
body | string | Grandparent image file name. |
| image_file_name |
|
|
body | string | Image file name. |
| parent_command_line |
|
|
body | string | Parent command line. |
| parent_image_file_name |
|
|
body | string | Parent image file name. |
| pattern_ids |
|
|
body | list of strings | Pattern IDs. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_ss_exclusion_matched_rules(aid="string",
command_line="string",
grandparent_command_line="string",
grandparent_image_file_name="string",
image_file_name="string",
parent_command_line="string",
parent_image_file_name="string",
pattern_ids=["string"]
)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ss_ioa_exclusions_matched_rule_v2(aid="string",
command_line="string",
grandparent_command_line="string",
grandparent_image_file_name="string",
image_file_name="string",
parent_command_line="string",
parent_image_file_name="string",
pattern_ids=["string"]
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"aid": "string",
"command_line": "string",
"grandparent_command_line": "string",
"grandparent_image_file_name": "string",
"image_file_name": "string",
"parent_command_line": "string",
"parent_image_file_name": "string",
"pattern_ids": ["string"]
}
response = falcon.command("ss_ioa_exclusions_matched_rule_v2", body=BODY)
print(response)Back to Table of Contents
Get defaults for Self Service IOA Exclusions based on provided IFN/CLI for child, parent and grandparent.
get_default_ss_exclusions
| Method | Route |
|---|---|
|
/exclusions/entities/ss-ioa-new-rules/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| aid |
|
|
body | string | Agent ID. |
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| command_line |
|
|
body | string | Command line. |
| grandparent_command_line |
|
|
body | string | Grandparent command line. |
| grandparent_image_file_name |
|
|
body | string | Grandparent image file name. |
| image_file_name |
|
|
body | string | Image file name. |
| parent_command_line |
|
|
body | string | Parent command line. |
| parent_image_file_name |
|
|
body | string | Parent image file name. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_default_ss_exclusions(aid="string",
command_line="string",
grandparent_command_line="string",
grandparent_image_file_name="string",
image_file_name="string",
parent_command_line="string",
parent_image_file_name="string"
)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ss_ioa_exclusions_new_rules_v2(aid="string",
command_line="string",
grandparent_command_line="string",
grandparent_image_file_name="string",
image_file_name="string",
parent_command_line="string",
parent_image_file_name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"aid": "string",
"command_line": "string",
"grandparent_command_line": "string",
"grandparent_image_file_name": "string",
"image_file_name": "string",
"parent_command_line": "string",
"parent_image_file_name": "string"
}
response = falcon.command("ss_ioa_exclusions_new_rules_v2", body=BODY)
print(response)Back to Table of Contents
Search for Self Service IOA Exclusions.
query_ss_exclusions
| Method | Route |
|---|---|
|
/exclusions/queries/ss-ioa-exclusions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cl_regex |
|
|
query | string | The cl_regex expression to filter exclusions by. |
| filter |
|
|
query | string | The filter expression that should be used to limit the results. |
| grandparent_cl_regex |
|
|
query | string | The grandparent_cl_regex expression to filter exclusions by. |
| grandparent_ifn_regex |
|
|
query | string | The grandparent_ifn_regex expression to filter exclusions by. |
| ifn_regex |
|
|
query | string | The ifn_regex expression to filter exclusions by. |
| limit |
|
|
query | integer | The maximum records to return. [1-500] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| parent_cl_regex |
|
|
query | string | The parent_cl_regex expression to filter exclusions by. |
| parent_ifn_regex |
|
|
query | string | The parent_ifn_regex expression to filter exclusions by. |
| sort |
|
|
query | string | The sort expression that should be used to sort the results. |
from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_ss_exclusions(filter="string",
ifn_regex="string",
cl_regex="string",
parent_ifn_regex="string",
parent_cl_regex="string",
grandparent_ifn_regex="string",
grandparent_cl_regex="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import IOAExclusions
# Do not hardcode API credentials!
falcon = IOAExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ss_ioa_exclusions_search_v2(filter="string",
ifn_regex="string",
cl_regex="string",
parent_ifn_regex="string",
parent_cl_regex="string",
grandparent_ifn_regex="string",
grandparent_cl_regex="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ss_ioa_exclusions_search_v2",
filter="string",
ifn_regex="string",
cl_regex="string",
parent_ifn_regex="string",
parent_cl_regex="string",
grandparent_ifn_regex="string",
grandparent_cl_regex="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)Back to Table of Contents
