IT Automation - CrowdStrike/falconpy GitHub Wiki
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Retrieve tasks associated with the provided file ID
get_associated_tasks
| Method | Route |
|---|---|
 |
/it-automation/combined/associated-tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |  |
|
query | string | The ID of the file to fetch associated tasks for |
| filter | |
|
query | string | The filter expression that should be used to limit the results |
| sort | |
|
query | string | The sort expression that should be used to sort the results |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_associated_tasks(id="string",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetAssociatedTasks(id="string",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetAssociatedTasks",
id="string",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)Returns full details of scheduled tasks matching the filter query parameter
combined_scheduled_tasks
| Method | Route |
|---|---|
|
/it-automation/combined/scheduled-tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter expression that should be used to limit the results |
| sort | |
|
query | string | The sort expression that should be used to sort the results |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combined_scheduled_tasks(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationCombinedScheduledTasks(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationCombinedScheduledTasks",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)Start a new task execution from the provided query data in the request and return the initiated task executions
run_live_query
| Method | Route |
|---|---|
 |
/it-automation/entities/live-query/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
 |
body | dictionary | Full body payload provided as a dictionary |
| discover_new_hosts | |
 |
body | boolean | Flag indicating if this task can discover new hosts |
| discover_offline_hosts | |
|
body | boolean | Flag indicating if this task can discover offline hosts |
| distribute | |
|
body | boolean | Flag indicating if this task is distributed |
| expiration_interval | |
|
body | string | Task expiration interval |
| guardrails | |
|
body | dictionary | Task guardrails (limiters) |
| osquery | |
|
body | string | OS Query content |
| output_parser_config | |
|
body | dictionary | Output parser configuration |
| queries | |
|
body | dictionary | Queries to perform |
| target | |
|
body | string | Execution target |
| parameters | |
|
body | dictionary | Full body payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.run_live_query(discover_new_hosts=boolean,
discover_offline_hosts=boolean,
distribute=boolean,
expiration_interval="string",
guardrails={"key":"value"},
osquery="string",
output_parser_config={"key":"value"},
queries={"key":"value"},
target="string"
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationRunLiveQuery(discover_new_hosts=boolean,
discover_offline_hosts=boolean,
distribute=boolean,
expiration_interval="string",
guardrails={"key":"value"},
osquery="string",
output_parser_config={"key":"value"},
queries={"key":"value"},
target="string"
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"discover_new_hosts": boolean,
"discover_offline_hosts": boolean,
"distribute": boolean,
"expiration_interval": "string",
"guardrails": {
"run_time_limit_millis": integer
},
"osquery": "string",
"output_parser_config": {
"columns": [
{
"name": "string"
}
],
"default_group_by": boolean,
"delimiter": "string"
},
"queries": {
"linux": {
"action_type": "string",
"args": "string",
"content": "string",
"file_ids": ["string"],
"language": "string",
"script_file_id": "string"
},
"mac": {
"action_type": "string",
"args": "string",
"content": "string",
"file_ids": ["string"],
"language": "string",
"script_file_id": "string"
},
"windows": {
"action_type": "string",
"args": "string",
"content": "string",
"file_ids": ["string"],
"language": "string",
"script_file_id": "string"
}
},
"target": "string"
}
response = falcon.command("ITAutomationRunLiveQuery", body=body)
print(response)Retrieve task executions by query
get_task_executions_by_query
| Method | Route |
|---|---|
|
/it-automation/queries/task-executions/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter expression that should be used to limit the results |
| sort | |
|
query | string | The sort expression that should be used to sort the results |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_task_executions_by_query(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetTaskExecutionsByQuery(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetTaskExecutionsByQuery",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)Retrieve task groups by query
get_task_groups_by_query
| Method | Route |
|---|---|
|
/it-automation/queries/task-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter expression that should be used to limit the results |
| sort | |
|
query | string | The sort expression that should be used to sort the results |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_task_groups_by_query(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetTaskGroupsByQuery(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetTaskGroupsByQuery",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)Retrieve tasks by query
get_tasks_by_query
| Method | Route |
|---|---|
|
/it-automation/queries/tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter expression that should be used to limit the results |
| sort | |
|
query | string | The sort expression that should be used to sort the results |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_tasks_by_query(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetTasksByQuery(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetTasksByQuery",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)Retrieve policies
get_policies
| Method | Route |
|---|---|
|
/it-automation/entities/policies/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | One or more policy IDs |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_policies(ids="string")
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetPolicies(ids="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetPolicies", ids="string")
print(response)Create a new policy of the specified type
New policies are always added at the end of the precedence list for the provided policy type.
create_policy
| Method | Route |
|---|---|
|
/it-automation/entities/policies/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| name | |
|
body | string | Policy name. Max: 100 characters |
| description | |
|
body | string | Policy description. Max: 500 characters |
| platform | |
|
body | string | Execution host platform. Allowed values: Windows, Linux, Mac |
| enable_script_execution | |
|
body | boolean | Enable or disable script execution |
| enable_python_execution | |
|
body | boolean | Enable or disable Python execution |
| enable_os_query | |
|
body | boolean | Enable or disable OS Query |
| execution_timeout | |
|
body | integer | Specifies the timeout value for executions |
| execution_timeout_unit | |
|
body | string | Execution timeout unit. Allowed values: Hours, Minutes |
| cpu_throttle | |
|
body | integer | Specifies the CPU throttle value |
| cpu_scheduling | |
|
body | string | Sets priority to determine the order in which a query process will run on a host's CPU |
| memory_pressure_level | |
|
body | string | Sets memory pressure level to control system resource allocation during task execution |
| memory_allocation | |
|
body | integer | Specifies the memory allocation value |
| memory_allocation_unit | |
|
body | string | Memory allocation unit. Allowed values: MB, GB |
| concurrent_host_limit | |
|
body | integer | Specifies the maximum number of concurrent hosts |
| concurrent_task_limit | |
|
body | integer | Specifies the maximum number of concurrent tasks |
| concurrent_host_file_transfer_limit | |
|
body | integer | Specifies the maximum number of concurrent file transfers |
| parameters | |
|
body | dictionary | Full body payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_policy(name="string",
description="string",
platform="string",
enable_script_execution=boolean,
enable_python_execution=boolean,
enable_os_query=boolean,
execution_timeout=integer,
execution_timeout_unit="string",
cpu_throttle=integer,
cpu_scheduling="string",
memory_pressure_level="string",
memory_allocation=integer,
memory_allocation_unit="string",
concurrent_host_limit=integer,
concurrent_task_limit=integer,
concurrent_host_file_transfer_limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationCreatePolicy(name="string",
description="string",
platform="string",
enable_script_execution=boolean,
enable_python_execution=boolean,
enable_os_query=boolean,
execution_timeout=integer,
execution_timeout_unit="string",
cpu_throttle=integer,
cpu_scheduling="string",
memory_pressure_level="string",
memory_allocation=integer,
memory_allocation_unit="string",
concurrent_host_limit=integer,
concurrent_task_limit=integer,
concurrent_host_file_transfer_limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"config": {
"concurrency": {
"concurrent_host_file_transfer_limit": 3,
"concurrent_host_limit": 8,
"concurrent_task_limit": 2
},
"execution": {
"enable_os_query": False,
"enable_python_execution": True,
"enable_script_execution": True,
"execution_timeout": 60,
"execution_timeout_unit": "Minutes"
},
"resources": {
"cpu_scheduling": "Low",
"cpu_throttle": 25,
"memory_allocation": 2,
"memory_allocation_unit": "GB",
"memory_pressure_level": "High"
}
},
"description": "string",
"name": "string",
"platform": "string"
}
response = falcon.command("ITAutomationCreatePolicy", body=body)
print(response)Update a new policy of the specified type
update_policies
| Method | Route |
|---|---|
 |
/it-automation/entities/policies/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| id | |
|
body | string | A valid policy ID representing the policy to be updated. Required |
| name | |
|
body | string | Policy name. Max: 100 characters |
| description | |
|
body | string | Policy description. Max: 500 characters |
| is_enabled | |
|
body | boolean | Flag controlling whether the policy is active |
| enable_script_execution | |
|
body | boolean | Enable or disable script execution |
| enable_python_execution | |
|
body | boolean | Enable or disable Python execution |
| enable_os_query | |
|
body | boolean | Enable or disable OS Query |
| execution_timeout | |
|
body | integer | Specifies the timeout value for executions |
| execution_timeout_unit | |
|
body | string | Execution timeout unit. Allowed values: Hours, Minutes |
| cpu_throttle | |
|
body | integer | Specifies the CPU throttle value |
| cpu_scheduling | |
|
body | string | Sets priority to determine the order in which a query process will run on a host's CPU |
| memory_pressure_level | |
|
body | string | Sets memory pressure level to control system resource allocation during task execution |
| memory_allocation | |
|
body | integer | Specifies the memory allocation value |
| memory_allocation_unit | |
|
body | string | Memory allocation unit. Allowed values: MB, GB |
| concurrent_host_limit | |
|
body | integer | Specifies the maximum number of concurrent hosts |
| concurrent_task_limit | |
|
body | integer | Specifies the maximum number of concurrent tasks |
| concurrent_host_file_transfer_limit | |
|
body | integer | Specifies the maximum number of concurrent file transfers |
| parameters | |
|
body | dictionary | Full body payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_policies(id="string",
name="string",
description="string",
is_enabled=boolean,
enable_script_execution=boolean,
enable_python_execution=boolean,
enable_os_query=boolean,
execution_timeout=integer,
execution_timeout_unit="string",
cpu_throttle=integer,
cpu_scheduling="string",
memory_pressure_level="string",
memory_allocation=integer,
memory_allocation_unit="string",
concurrent_host_limit=integer,
concurrent_task_limit=integer,
concurrent_host_file_transfer_limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationUpdatePolicies(id="string",
name="string",
description="string",
is_enabled=boolean,
enable_script_execution=boolean,
enable_python_execution=boolean,
enable_os_query=boolean,
execution_timeout=integer,
execution_timeout_unit="string",
cpu_throttle=integer,
cpu_scheduling="string",
memory_pressure_level="string",
memory_allocation=integer,
memory_allocation_unit="string",
concurrent_host_limit=integer,
concurrent_task_limit=integer,
concurrent_host_file_transfer_limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"config": {
"concurrency": {
"concurrent_host_file_transfer_limit": integer,
"concurrent_host_limit": integer,
"concurrent_task_limit": integer
},
"execution": {
"enable_os_query": boolean,
"enable_python_execution": boolean,
"enable_script_execution": boolean,
"execution_timeout": integer,
"execution_timeout_unit": "string"
},
"resources": {
"cpu_scheduling": "string",
"cpu_throttle": integer,
"memory_allocation": integer,
"memory_allocation_unit": "string",
"memory_pressure_level": "string"
}
},
"id": "string",
"is_enabled": boolean,
"name": "string",
"description": "string"
}
response = falcon.command("ITAutomationUpdatePolicies", body=body)
print(response)Delete a policy
delete_policy
| Method | Route |
|---|---|
 |
/it-automation/entities/policies/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | One or more policy IDs to delete |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_policy(ids="string")
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationDeletePolicy(ids="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationDeletePolicy", ids="string")
print(response)Update policy host groups
update_policy_host_groups
| Method | Route |
|---|---|
|
/it-automation/entities/policies/host-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| policy_id | |
|
body | string | Policy ID |
| host_group_ids | |
|
body | array | List of host group IDs |
| action | |
|
body | string | Action to perform |
| parameters | |
|
body | dictionary | Full body payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_policy_host_groups(policy_id="string",
host_group_ids=["string"],
action="string"
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationUpdatePolicyHostGroups(policy_id="string",
host_group_ids=["string"],
action="string"
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"action": "string",
"host_group_ids": [
"string"
],
"policy_id": "string"
}
response = falcon.command("ITAutomationUpdatePolicyHostGroups", body=body)
print(response)Update policies precedence
update_policies_precedence
| Method | Route |
|---|---|
|
/it-automation/entities/policies/precedence/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| ids | |
|
body | array | List of policy IDs in precedence order |
| parameters | |
|
body | dictionary | Full body payload in JSON format |
| platform | |
|
body | string | The policy platform for which to set the precedence order |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_policies_precedence(ids=["string"],
platform="string"
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationUpdatePoliciesPrecedence(ids=["string"],
platform="string"
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"ids": ["string"],
"platform": "string
}
response = falcon.command("ITAutomationUpdatePoliciesPrecedence", body=body)
print(response)Retrieve scheduled tasks
get_scheduled_tasks
| Method | Route |
|---|---|
|
/it-automation/entities/scheduled-tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | One or more scheduled task IDs |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_scheduled_tasks(ids="string")
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetScheduledTasks(ids="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetScheduledTasks", ids="string")
print(response)Create a scheduled task from the given request
create_scheduled_task
| Method | Route |
|---|---|
|
/it-automation/entities/scheduled-tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload provided as a dictionary |
| arguments | |
|
body | dictionary | Arguments to provide to the task when executed |
| discover_new_hosts | |
|
body | boolean | Allow the task to discover new hosts |
| discover_offline_hosts | |
|
body | boolean | Allow the task to discover offline hosts |
| distribute | |
|
body | boolean | Distribute the task |
| expiration_interval | |
|
body | string | Task expiration interval |
| guardrails | |
|
body | dictionary | Task execution guardrails (limiters) |
| id | |
|
body | string | The id of the scheduled task to update |
| is_active | |
|
body | boolean | Flag indicating if the task is active |
| schedule | |
|
body | dictionary | Task schedule |
| target | |
|
body | string | Task target |
| task_id | |
|
body | string | Task ID |
| trigger_condition | |
|
body | list of dictionaries | Task trigger conditions |
| parameters | |
|
body | dictionary | Full parameters payload dictionary. Not required if using other keywords |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_scheduled_task(arguments=dict,
discover_new_hosts=boolean,
discover_offline_hosts=boolean,
distribute=boolean,
expiration_interval="string",
guardrails=dict,
is_active=boolean,
schedule=dict,
target="string",
task_id="string",
trigger_conditions=list
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationCreateScheduledTask(arguments=dict,
discover_new_hosts=boolean,
discover_offline_hosts=boolean,
distribute=boolean,
expiration_interval="string",
guardrails=dict,
is_active=boolean,
schedule=dict,
target="string",
task_id="string",
trigger_conditions=list
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"arguments": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"discover_new_hosts": boolean,
"discover_offline_hosts": boolean,
"distribute": boolean,
"expiration_interval": "string",
"guardrails": {
"run_time_limit_millis": integer
},
"is_active": boolean,
"schedule": {
"day_of_month": integer,
"days_of_week": ["string"],
"end_time": "string",
"frequency": "string",
"interval": integer,
"start_time": "string",
"time": "string",
"timezone": "string"
},
"target": "string",
"task_id": "string",
"trigger_condition": [
{
"groups": [null],
"operator": "string",
"statements": [
{
"data_comparator": "string",
"data_type": "string",
"key": "string",
"task_id": "string",
"value": "string"
}
]
}
]
}
response = falcon.command("ITAutomationCreateScheduledTask", body=body)
print(response)Update an existing scheduled task with the supplied info
update_scheduled_task
| Method | Route |
|---|---|
|
/it-automation/entities/scheduled-tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| discover_new_hosts | |
|
body | boolean | Allow the task to discover new hosts |
| discover_offline_hosts | |
|
body | boolean | Allow the task to discover offline hosts |
| distribute | |
|
body | boolean | Distribute the task |
| execution_args | |
|
body | dictionary | Arguments to provide to the task when executed |
| expiration_interval | |
|
body | string | Task expiration interval |
| guardrails | |
|
body | dictionary | Task execution guardrails (limiters) |
| id | |
|
body | string | The id of the scheduled task to update |
| is_active | |
|
body | boolean | Flag indicating if the task is active |
| parameters | |
|
body | dictionary | Full parameters payload dictionary. Not required if using other keywords |
| schedule | |
|
body | dictionary | Task schedule |
| target | |
|
body | string | Task target |
| task_id | |
|
body | string | Task ID |
| trigger_condition | |
|
body | list of dictionaries | Task trigger conditions |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_scheduled_task(id="string",
execution_args=dict,
discover_new_hosts=boolean,
discover_offline_hosts=boolean,
distribute=boolean,
expiration_interval="string",
guardrails=dict,
is_active=boolean,
schedule=dict,
target="string",
task_id="string",
trigger_conditions=list
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationUpdateScheduledTask(id="string",
execution_args=dict,
discover_new_hosts=boolean,
discover_offline_hosts=boolean,
distribute=boolean,
expiration_interval="string",
guardrails=dict,
is_active=boolean,
schedule=dict,
target="string",
task_id="string",
trigger_conditions=list
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"id": "string",
"discover_new_hosts": boolean,
"discover_offline_hosts": boolean,
"distribute": boolean,
"execution_args": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"expiration_interval": "string",
"guardrails": {
"run_time_limit_millis": integer
},
"is_active": boolean,
"schedule": {
"day_of_month": integer,
"days_of_week": ["string"],
"end_time": "string",
"frequency": "string",
"interval": integer,
"start_time": "string",
"time": "string",
"timezone": "string"
},
"target": "string",
"task_id": "string",
"trigger_condition": [
{
"groups": [null],
"operator": "string",
"statements": [
{
"data_comparator": "string",
"data_type": "string",
"key": "string",
"task_id": "string",
"value": "string"
}
]
}
]
}
response = falcon.command("ITAutomationUpdateScheduledTask", body=body)
print(response)Delete scheduled tasks
delete_scheduled_tasks
| Method | Route |
|---|---|
|
/it-automation/entities/scheduled-tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | One or more scheduled task IDs to delete |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_scheduled_tasks(ids="string")
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationDeleteScheduledTasks(ids="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationDeleteScheduledTasks", ids="string")
print(response)Cancel a task execution
cancel_task_execution
| Method | Route |
|---|---|
|
/it-automation/entities/task-executions/{id}/cancel/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| task_execution_id | |
|
path | string | Task execution ID |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.cancel_task_execution(task_execution_id="string")
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationCancelTaskExecution(task_execution_id="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"id"="string"
}
response = falcon.command("ITAutomationCancelTaskExecution", body=body)
print(response)Retrieve task execution host status
get_task_execution_host_status
| Method | Route |
|---|---|
|
/it-automation/entities/task-executions/{id}/host-status/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
path | string or list | Task execution ID |
| filter | |
|
query | string | The filter expression that should be used to limit the results |
| sort | |
|
query | string | The sort expression that should be used to sort the results |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_task_execution_host_status(id="string",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetTaskExecutionHostStatus(id="string",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetTaskExecutionHostStatus",
id="string",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)Rerun the task execution specified in the request
rerun_task_execution
| Method | Route |
|---|---|
|
/it-automation/entities/task-executions/{id}/rerun/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| run_type | |
|
body | string | Task run type |
| task_execution_id | |
|
body | string | Task execution ID |
| parameters | |
|
body | dictionary | Full body payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.rerun_task_execution(run_type="string",
task_execution_id="string"
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationRerunTaskExecution(run_type="string",
task_execution_id="string"
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"run_type": "string",
"task_execution_id": "string"
}
response = falcon.command("ITAutomationRerunTaskExecution", body=body)
print(response)Retrieve execution results search status
get_execution_results_search_status
| Method | Route |
|---|---|
|
/it-automation/entities/execution-results/search-status/{id}/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | |
|
path | string | Search ID |
| parameters | |
|
path | dictionary | Full path parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_execution_results_search_status(id="string")
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetExecutionResultsSearchStatus(id="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetExecutionResultsSearchStatus", id="string")
print(response)Start an asynchronous task execution results search
Poll ITAutomationGetExecutionResultsSearchStatus to determine when the search is complete.
execution_results_search
| Method | Route |
|---|---|
|
/it-automation/entities/execution-results/search/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| end | |
|
body | string | Task end |
| filter_expressions | |
|
body | string or list of strings | Filter expressions to apply |
| group_by_fields | |
|
body | string or list of strings | Fields to use to group results |
| start | |
|
body | string | Task start |
| task_execution_id | |
|
body | string | Task execution ID |
| parameters | |
|
body | dictionary | Full body payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.execution_results_search(end="string",
filter_expressions=list,
group_by_fields=list,
start="string",
task_execution_id="string"
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationStartExecutionResultsSearch(end="string",
filter_expressions=list,
group_by_fields=list,
start="string",
task_execution_id="string"
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"end": "string",
"filter_expressions": [
"string"
],
"group_by_fields": [
"string"
],
"start": "string",
"task_execution_id": "string"
}
response = falcon.command("ITAutomationStartExecutionResultsSearch", body=body)
print(response)Retrieve execution results
get_execution_results
| Method | Route |
|---|---|
|
/it-automation/entities/execution-results/{id}/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | |
|
path | string | Search ID |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| sort | |
|
query | string | Sort results by one of the fields in the event results, either asc (ascending) or desc (descending) |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_execution_results(id="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetExecutionResults(id="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetExecutionResults",
id="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)Retrieve a task execution
get_task_execution
| Method | Route |
|---|---|
|
/it-automation/entities/task-executions/{id}/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | |
|
path | string | Task execution ID |
| parameters | |
|
path | dictionary | Full path parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_task_execution(id="string")
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetTaskExecution(id="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetTaskExecution", id="string")
print(response)Start a new task execution from an existing task provided in the request and returns the initiated task executions
start_task_execution
| Method | Route |
|---|---|
|
/it-automation/entities/task-executions/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| arguments | |
|
body | dictionary | Arguments to pass to the execution |
| body | |
|
body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| discover_new_hosts | |
|
body | boolean | Allow the task execution to discover new hosts |
| discover_offline_hosts | |
|
body | boolean | Allow the task execution to discover offline hosts |
| distribute | |
|
body | boolean | Distribute this task |
| expiration_interval | |
|
body | string | Task expiration interval |
| guardrails | |
|
body | dictionary | Task execution guardrails (limiters) |
| target | |
|
body | string | Task target |
| task_id | |
|
body | string | Task ID |
| trigger_conditions | |
|
body | list of dictionaries | List of task triggers |
| parameters | |
|
body | dictionary | Full body payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.start_task_execution(arguments=dict,
discover_new_hosts=boolean,
discover_offline_hosts=boolean,
distribute=boolean,
expiration_interval="string",
guardrails=dict,
is_active=boolean,
schedule=dict,
target="string",
task_id="string",
trigger_conditions=list
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationStartTaskExecution(arguments=dict,
discover_new_hosts=boolean,
discover_offline_hosts=boolean,
distribute=boolean,
expiration_interval="string",
guardrails=dict,
is_active=boolean,
schedule=dict,
target="string",
task_id="string",
trigger_conditions=list
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"arguments": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"discover_new_hosts": boolean,
"discover_offline_hosts": boolean,
"distribute": boolean,
"expiration_interval": "string",
"guardrails": {
"run_time_limit_millis": integer
},
"target": "string",
"task_id": "string",
"trigger_condition": [
{
"groups": [
null
],
"operator": "string",
"statements": [
{
"data_comparator": "string",
"data_type": "string",
"key": "string",
"task_id": "string",
"value": "string"
}
]
}
]
}
response = falcon.command("ITAutomationStartTaskExecution", body=body)
print(response)Retrieve task groups
get_task_groups
| Method | Route |
|---|---|
|
/it-automation/entities/task-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | One or more task group IDs |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_task_groups(ids="string")
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetTaskGroups(ids="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetTaskGroups", ids="string")
print(response)Create a task group
create_task_group
| Method | Route |
|---|---|
|
/it-automation/entities/task-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| name | |
|
body | string | Task group name |
| description | |
|
body | string | Task group description |
| task_ids | |
|
body | string | Task IDs to add to the group. String or list of strings. |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"name": "string",
"description": "string",
"task_ids":"string
}
response = falcon.create_task_group(name="string",
description="string",
task_ids="string"
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationCreateTaskGroup(name="string",
description="string",
task_ids="string"
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"access_type": "Public",
"assigned_user_group_ids": [
"string"
],
"assigned_user_ids": [
"string"
],
"description": "string",
"name": "string",
"task_ids": [
"string"
]
}
response = falcon.command("ITAutomationCreateTaskGroup", body=body)
print(response)Update a task group for a given ID
update_task_group
| Method | Route |
|---|---|
|
/it-automation/entities/task-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| access_type | |
|
body | string | Task group access type |
| add_assigned_user_group_ids | |
|
body | string or list of strings | User group IDs to add |
| add_assigned_user_ids | |
|
body | string or list of strings | User IDs to add |
| add_task_ids | |
|
body | string or list of strings | Task IDs to add to the group |
| body | |
|
body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| description | |
|
body | string | Task group description |
| id | |
|
body | string | The ID of the task group to update |
| name | |
|
body | string | Task group name |
| parameters | |
|
body | dictionary | Full parameters payload dictionary. Not required if using other keywords |
| remove_assigned_user_group_ids | |
|
body | string or list of strings | User group IDs to be removed |
| remove_assigned_user_ids | |
|
body | string or list of strings | User IDs to be removed |
| remove_task_ids | |
|
body | string or list of strings | Task IDs to be removed |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_task_group(id="string",
name="string,
description="string",
access_type="string",
add_assigned_user_ids=list,
add_assigned_user_group_ids=list,
add_task_ids=list,
remove_assigned_user_ids=list,
remove_assigned_user_group_ids=list,
remove_task_ids=list
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationUpdateTaskGroup(id="string",
name="string,
description="string",
access_type="string",
add_assigned_user_ids=list,
add_assigned_user_group_ids=list,
add_task_ids=list,
remove_assigned_user_ids=list,
remove_assigned_user_group_ids=list,
remove_task_ids=list
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"access_type": "string",
"add_assigned_user_group_ids": [
"string"
],
"add_assigned_user_ids": [
"string"
],
"add_task_ids": [
"string"
],
"description": "string",
"id": "string",
"name": "string",
"remove_assigned_user_group_ids": [
"string"
],
"remove_assigned_user_ids": [
"string"
],
"remove_task_ids": [
"string"
]
}
response = falcon.command("ITAutomationUpdateTaskGroup", body=body)
print(response)Delete task groups
delete_task_groups
| Method | Route |
|---|---|
|
/it-automation/entities/task-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | One or more task group IDs to delete |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_task_groups(ids="string")
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationDeleteTaskGroups(ids="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationDeleteTaskGroups", ids="string")
print(response)Retrieve tasks
get_tasks
| Method | Route |
|---|---|
|
/it-automation/entities/tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | One or more task IDs |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_tasks(ids="string")
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationGetTasks(ids="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationGetTasks", ids="string")
print(response)Create a task with details from the given request
create_task
| Method | Route |
|---|---|
|
/it-automation/entities/tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| access_type | |
|
body | string | Task access type |
| add_assigned_user_group_ids | |
|
body | string or list of strings | User group IDs to add |
| add_assigned_user_ids | |
|
body | string or list of strings | User IDs to add |
| body | |
|
body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| description | |
|
body | string | Task description |
| name | |
|
body | string | Task name |
| os_query | |
|
body | string | OS query detail |
| output_parser_config | |
|
body | dictionary | Parser output configuration |
| queries | |
|
body | dictionary | Queries to perform (by OS) |
| remediations | |
|
body | dictionary | Remediations to perform (by OS) |
| remove_assigned_user_group_ids | |
|
body | string or list of strings | User group IDs to be removed |
| remove_assigned_user_ids | |
|
body | string or list of strings | User IDs to be removed |
| target | |
|
body | string | Task target |
| task_group_id | |
|
body | string | Task group ID |
| task_parameters | |
|
body | list of dictionaries | Task parameters |
| task_type | |
|
body | string | Task type |
| trigger_condition | |
|
body | list of dictionaries | Trigger conditions |
| verification_condition | |
|
body | list of dictionaries | Verification conditions |
| parameters | |
|
body | dictionary | Full body payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_task(name="string",
description="string",
access_type="string",
task_type="string",
target="string",
os_query="string",
add_assigned_user_ids=list,
add_assigned_user_group_ids=list,
task_group_id="string",
output_parser_config=dict,
queries=dict
task_parameters=dict
trigger_condition=list
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationCreateTask(name="string",
description="string",
access_type="string",
task_type="string",
target="string",
os_query="string",
add_assigned_user_ids=list,
add_assigned_user_group_ids=list,
task_group_id="string",
output_parser_config=dict,
queries=dict
task_parameters=dict
trigger_condition=list
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"access_type": "string",
"add_assigned_user_group_ids": ["string"],
"add_assigned_user_ids": ["string"],
"description": "string",
"name": "string",
"os_query": "string",
"output_parser_config": {
"columns": [{"name": "string"}],
"default_group_by": boolean,
"delimiter": "string"
},
"queries": {
"linux": {
"action_type": "string",
"args": "string",
"content": "string",
"file_ids": ["string"],
"language": "string",
"script_file_id": "string"
},
"mac": {
"action_type": "string",
"args": "string",
"content": "string",
"file_ids": ["string"],
"language": "string",
"script_file_id": "string"
},
"windows": {
"action_type": "string",
"args": "string",
"content": "string",
"file_ids": ["string"],
"language": "string",
"script_file_id": "string"
}
},
"remediations": {
"linux": {
"action_type": "string",
"args": "string",
"content": "string",
"file_ids": ["string"],
"language": "string",
"script_file_id": "string"
},
"mac": {
"action_type": "string",
"args": "string",
"content": "string",
"file_ids": ["string"],
"language": "string",
"script_file_id": "string"
},
"windows": {
"action_type": "string",
"args": "string",
"content": "string",
"file_ids": ["string"],
"language": "string",
"script_file_id": "string"
}
},
"remove_assigned_user_group_ids": ["string"],
"remove_assigned_user_ids": ["string"],
"target": "string",
"task_group_id": "string",
"task_parameters": [
{
"custom_validation_message": "string",
"custom_validation_regex": "string",
"default_value": "string",
"input_type": "string",
"key": "string",
"label": "string",
"options": [{"key": "string", "value": "string"}],
"validation_type": "string"
}
],
"task_type": "string",
"trigger_condition": [
{
"groups": [null],
"operator": "string",
"statements": [
{
"data_comparator": "string",
"data_type": "string",
"key": "string",
"task_id": "string",
"value": "string"
}
]
}
],
"verification_condition": [
{
"groups": [null],
"operator": "string",
"statements": [
{
"data_comparator": "string",
"data_type": "string",
"key": "string",
"task_id": "string",
"value": "string"
}
]
}
]
}
response = falcon.command("ITAutomationCreateTask", body=body)
print(response)Update a task with details from the given request
update_task
| Method | Route |
|---|---|
|
/it-automation/entities/tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| access_type | |
|
body | string | Task access type |
| add_assigned_user_group_ids | |
|
body | string or list of strings | User group IDs to add |
| add_assigned_user_ids | |
|
body | string or list of strings | User IDs to add |
| body | |
|
body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| description | |
|
body | string | Task description |
| id | |
|
body | string | ID of the task to update. Use ITAutomationSearchTasks to fetch IDs |
| name | |
|
body | string | Task name |
| os_query | |
|
body | string | OS query detail |
| output_parser_config | |
|
body | dictionary | Parser output configuration |
| parameters | |
|
body | dictionary | Full parameters payload dictionary. Not required if ID keyword is used |
| queries | |
|
body | dictionary | Queries to perform (by OS) |
| remediations | |
|
body | dictionary | Remediations to perform (by OS) |
| remove_assigned_user_group_ids | |
|
body | string or list of strings | User group IDs to be removed |
| remove_assigned_user_ids | |
|
body | string or list of strings | User IDs to be removed |
| target | |
|
body | string | Task target |
| task_group_id | |
|
body | string | Task group ID |
| task_parameters | |
|
body | list of dictionaries | Task parameters |
| task_type | |
|
body | string | Task type |
| trigger_condition | |
|
body | list of dictionaries | Trigger conditions |
| verification_condition | |
|
body | list of dictionaries | Verification conditions |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_task(access_type="string",
add_assigned_user_group_ids=list,
add_assigned_user_ids=list,
description="string",
name="string",
os_query="string",
output_parser_config=dict,
queries=dict,
remediations=dict,
remove_assigned_user_group_ids=list,
remove_assigned_user_ids=list,
target="string",
task_group_id="string",
task_parameters=list,
task_type="string",
trigger_condition=list,
verification_condition=list
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationUpdateTask(access_type="string",
add_assigned_user_group_ids=list,
add_assigned_user_ids=list,
description="string",
name="string",
os_query="string",
output_parser_config=dict,
queries=dict,
remediations=dict,
remove_assigned_user_group_ids=list,
remove_assigned_user_ids=list,
target="string",
task_group_id="string",
task_parameters=list,
task_type="string",
trigger_condition=list,
verification_condition=list
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body = {
"access_type": "Public",
"add_assigned_user_group_ids": [
"string"
],
"add_assigned_user_ids": [
"string"
],
"description": "string",
"name": "string",
"os_query": "string",
"output_parser_config": {
"columns": [
{
"name": "string"
}
],
"default_group_by": boolean,
"delimiter": "string"
},
"queries": {
"linux": {
"action_type": "script",
"args": "string",
"content": "string",
"file_ids": [
"string"
],
"language": "bash",
"script_file_id": "string"
},
"mac": {
"action_type": "script",
"args": "string",
"content": "string",
"file_ids": [
"string"
],
"language": "bash",
"script_file_id": "string"
},
"windows": {
"action_type": "script",
"args": "string",
"content": "string",
"file_ids": [
"string"
],
"language": "bash",
"script_file_id": "string"
}
},
"remediations": {
"linux": {
"action_type": "script",
"args": "string",
"content": "string",
"file_ids": [
"string"
],
"language": "bash",
"script_file_id": "string"
},
"mac": {
"action_type": "script",
"args": "string",
"content": "string",
"file_ids": [
"string"
],
"language": "bash",
"script_file_id": "string"
},
"windows": {
"action_type": "script",
"args": "string",
"content": "string",
"file_ids": [
"string"
],
"language": "bash",
"script_file_id": "string"
}
},
"remove_assigned_user_group_ids": [
"string"
],
"remove_assigned_user_ids": [
"string"
],
"target": "string",
"task_group_id": "string",
"task_parameters": [
{
"custom_validation_message": "string",
"custom_validation_regex": "string",
"default_value": "string",
"input_type": "text",
"key": "string",
"label": "string",
"options": [
{
"key": "string",
"value": "string"
}
],
"validation_type": "text"
}
],
"task_type": "query",
"trigger_condition": [
{
"groups": [
null
],
"operator": "AND",
"statements": [
{
"data_comparator": "LessThan",
"data_type": "StringType",
"key": "string",
"task_id": "string",
"value": "string"
}
]
}
],
"verification_condition": [
{
"groups": [
null
],
"operator": "AND",
"statements": [
{
"data_comparator": "LessThan",
"data_type": "StringType",
"key": "string",
"task_id": "string",
"value": "string"
}
]
}
]
}
response = falcon.command("ITAutomationUpdateTask", body=body)
print(response)Delete a task
delete_task
| Method | Route |
|---|---|
|
/it-automation/entities/tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | One or more task IDs to delete |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_task(ids="string")
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationDeleteTask(ids="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationDeleteTask", ids="string")
print(response)Query policies
query_policies
| Method | Route |
|---|---|
|
/it-automation/queries/policies/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| sort | |
|
query | string | The sort expression that should be used to sort the results |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_policies(sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationQueryPolicies(sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationQueryPolicies",
sort="string",
offset=integer,
limit=integer
)
print(response)Search scheduled tasks
search_scheduled_tasks
| Method | Route |
|---|---|
|
/it-automation/queries/scheduled-tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter expression that should be used to limit the results |
| sort | |
|
query | string | The sort expression that should be used to sort the results |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_scheduled_tasks(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationSearchScheduledTasks(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationSearchScheduledTasks",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)Search task executions
search_task_executions
| Method | Route |
|---|---|
|
/it-automation/queries/task-executions/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter expression that should be used to limit the results |
| sort | |
|
query | string | The sort expression that should be used to sort the results |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_task_executions(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationSearchTaskExecutions(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationSearchTaskExecutions",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)Search task groups
search_task_groups
| Method | Route |
|---|---|
|
/it-automation/queries/task-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter expression that should be used to limit the results |
| sort | |
|
query | string | The sort expression that should be used to sort the results |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_task_groups(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationSearchTaskGroups(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationSearchTaskGroups",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)Search tasks
search_tasks
| Method | Route |
|---|---|
|
/it-automation/queries/tasks/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter expression that should be used to limit the results |
| sort | |
|
query | string | The sort expression that should be used to sort the results |
| offset | |
|
query | integer | Starting index for record retrieval |
| limit | |
|
query | integer | The maximum records to return |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format |
from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_tasks(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ITAutomationSearchTasks(filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ITAutomationSearchTasks",
filter="string",
sort="string",
offset=integer,
limit=integer
)
print(response)