Using the IT Automation service collection

Uber class support Service class support Documentation Version Page Updated

Operation ID

Description

ITAutomationGetAssociatedTasks
PEP 8	get_associated_tasks

Retrieve tasks associated with the provided file ID

ITAutomationCombinedScheduledTasks
PEP 8	scheduled_task_details

Returns full details of scheduled tasks matching the filter query parameter

ITAutomationRunLiveQuery
PEP 8	run_live_query

Run a live query

ITAutomationGetPolicies
PEP 8	get_policies

Retrieve policies

ITAutomationCreatePolicy
PEP 8	create_policy

Create a policy

ITAutomationUpdatePolicies
PEP 8	update_policy

Update policies

ITAutomationDeletePolicy
PEP 8	delete_policy

Delete a policy

ITAutomationGetScheduledTasks
PEP 8	get_scheduled_task

Retrieve scheduled tasks

ITAutomationCreateScheduledTask
PEP 8	create_scheduled_task

Create a scheduled task

ITAutomationUpdateScheduledTask
PEP 8	update_scheduled_task

Update a scheduled task

ITAutomationDeleteScheduledTasks
PEP 8	delete_scheduled_task

Delete scheduled tasks

ITAutomationGetTaskExecution
PEP 8	get_execution

Retrieve a task execution

ITAutomationStartTaskExecution
PEP 8	start_execution

Start a task execution

ITAutomationCancelTaskExecution
PEP 8	cancel_execution

Cancel a task execution

ITAutomationRerunTaskExecution
PEP 8	rerun_execution

Rerun a task execution

ITAutomationGetTaskExecutionHostStatus
PEP 8	get_execution_host_status

Retrieve task execution host status

ITAutomationGetExecutionResultsSearchStatus
PEP 8	get_execution_results_search_status

Retrieve execution results search status

ITAutomationStartExecutionResultsSearch
PEP 8	execution_results_search

Start an execution results search

ITAutomationGetExecutionResults
PEP 8	get_execution_results

Retrieve execution results

ITAutomationGetTaskExecutionsByQuery
PEP 8	get_executions_by_query

Retrieve task executions by query

ITAutomationGetTaskGroupsByQuery
PEP 8	get_task_groups_by_query

Retrieve task groups by query

ITAutomationGetTasksByQuery
PEP 8	get_tasks_by_query

Retrieve tasks by query

ITAutomationUpdatePolicyHostGroups
PEP 8	update_policy_host_groups

Update policy host groups

ITAutomationUpdatePoliciesPrecedence
PEP 8	update_policies_precedence

Update policies precedence

ITAutomationGetTaskGroups
PEP 8	get_task_group

Retrieve task groups

ITAutomationCreateTaskGroup
PEP 8	create_task_group

Create a task group

ITAutomationUpdateTaskGroup
PEP 8	update_task_group

Update a task group

ITAutomationDeleteTaskGroups
PEP 8	delete_task_groups

Delete task groups

ITAutomationGetTasks
PEP 8	get_tasks

Retrieve tasks

ITAutomationGetUserGroup
PEP 8	get_user_group

Returns user groups for each provided id

ITAutomationCreateTask
PEP 8	create_task

Create a task

ITAutomationCreateUserGroup
PEP 8	create_user_group

Creates a user group from the given request

ITAutomationUpdateTask
PEP 8	update_task

Update a task

ITAutomationUpdateUserGroup
PEP 8	update_user_group

Update a user group for a given id

ITAutomationDeleteTask
PEP 8	delete_task

Delete a task

ITAutomationDeleteUserGroup
PEP 8	delete_user_groups

Deletes user groups for each provided ids

ITAutomationQueryPolicies
PEP 8	query_policies

Query policies

ITAutomationSearchScheduledTasks
PEP 8	search_scheduled_tasks

Search scheduled tasks

ITAutomationSearchTaskExecutions
PEP 8	search_task_executions

Search task executions

ITAutomationSearchTaskGroups
PEP 8	search_task_groups

Search task groups

ITAutomationSearchTasks
PEP 8	search_tasks

Search tasks

ITAutomationSearchUserGroup
PEP 8	search_user_groups

Returns the list of user group ids matching the filter query parameter. It can be used together with the entities endpoint to retrieve full information on user groups

Passing credentials

ITAutomationGetAssociatedTasks

Retrieve tasks associated with the provided file ID

PEP8 method name

get_associated_tasks

Endpoint

Method	Route
	`/it-automation/combined/associated-tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
id	query	string	The ID of the file to fetch associated tasks for
filter	query	string	The filter expression that should be used to limit the results
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_associated_tasks(id="string",
                                       filter="string",
                                       sort="string",
                                       offset=integer,
                                       limit=integer
                                       )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetAssociatedTasks(id="string",
                                                 filter="string",
                                                 sort="string",
                                                 offset=integer,
                                                 limit=integer
                                                 )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetAssociatedTasks",
                           id="string",
                           filter="string",
                           sort="string",
                           offset=integer,
                           limit=integer
                           )
print(response)

ITAutomationCombinedScheduledTasks

Returns full details of scheduled tasks matching the filter query parameter

PEP8 method name

scheduled_task_details

Endpoint

Method	Route
	`/it-automation/combined/scheduled-tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.scheduled_task_details(filter="string",
                                           sort="string",
                                           offset=integer,
                                           limit=integer
                                           )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationCombinedScheduledTasks(filter="string",
                                                     sort="string",
                                                     offset=integer,
                                                     limit=integer
                                                     )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationCombinedScheduledTasks",
                           filter="string",
                           sort="string",
                           offset=integer,
                           limit=integer
                           )
print(response)

ITAutomationRunLiveQuery

Start a new task execution from the provided query data in the request and return the initiated task executions

PEP8 method name

run_live_query

Endpoint

Method	Route
	`/it-automation/entities/live-query-execution/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload provided as a dictionary
discover_new_hosts	body	boolean	Flag indicating if this task can discover new hosts
discover_offline_hosts	body	boolean	Flag indicating if this task can discover offline hosts
distribute	body	boolean	Flag indicating if this task is distributed
expiration_interval	body	string	Task expiration interval
guardrails	body	dictionary	Task guardrails (limiters)
osquery	body	string	OS Query content
output_parser_config	body	dictionary	Output parser configuration
queries	body	dictionary	Queries to perform
target	body	string	Execution target
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

output_parser_config = {
    "columns": [
        {
            "name": "string"
        }
    ],
    "default_group_by": boolean,
    "delimiter": "string"
}

queries = {
    "linux": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    },
    "mac": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    },
    "windows": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    }
}

response = falcon.run_live_query(discover_new_hosts=boolean,
                                 discover_offline_hosts=boolean,
                                 distribute=boolean,
                                 expiration_interval="string",
                                 guardrails={"run_time_limit_millis": integer},
                                 osquery="string",
                                 output_parser_config=output_parser_config,
                                 queries=queries,
                                 target="string"
                                 )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )


output_parser_config = {
    "columns": [
        {
            "name": "string"
        }
    ],
    "default_group_by": boolean,
    "delimiter": "string"
}

queries = {
    "linux": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    },
    "mac": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    },
    "windows": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    }
}

response = falcon.ITAutomationRunLiveQuery(discover_new_hosts=boolean,
                                           discover_offline_hosts=boolean,
                                           distribute=boolean,
                                           expiration_interval="string",
                                           guardrails={"run_time_limit_millis": integer},
                                           osquery="string",
                                           output_parser_config=output_parser_config,
                                           queries=queries,
                                           target="string"
                                           )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "discover_new_hosts": boolean,
    "discover_offline_hosts": boolean,
    "distribute": boolean,
    "expiration_interval": "string",
    "guardrails": {
        "run_time_limit_millis": integer
    },
    "osquery": "string",
    "output_parser_config": {
        "columns": [
            {
                "name": "string"
            }
        ],
        "default_group_by": boolean,
        "delimiter": "string"
    },
    "queries": {
        "linux": {
            "action_type": "string",
            "args": "string",
            "content": "string",
            "file_ids": ["string"],
            "language": "string",
            "script_file_id": "string"
        },
        "mac": {
            "action_type": "string",
            "args": "string",
            "content": "string",
            "file_ids": ["string"],
            "language": "string",
            "script_file_id": "string"
        },
        "windows": {
            "action_type": "string",
            "args": "string",
            "content": "string",
            "file_ids": ["string"],
            "language": "string",
            "script_file_id": "string"
        }
    },
    "target": "string"
}

response = falcon.command("ITAutomationRunLiveQuery", body=body)
print(response)

ITAutomationGetTaskExecutionsByQuery

Retrieve task executions by query

PEP8 method name

get_executions_by_query

Endpoint

Method	Route
	`/it-automation/combined/task-executions/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_executions_by_query(filter="string",
                                               sort="string",
                                               offset=integer,
                                               limit=integer
                                               )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetTaskExecutionsByQuery(filter="string",
                                                       sort="string",
                                                       offset=integer,
                                                       limit=integer
                                                       )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetTaskExecutionsByQuery",
                           filter="string",
                           sort="string",
                           offset=integer,
                           limit=integer
                           )
print(response)

ITAutomationGetTaskGroupsByQuery

Retrieve task groups by query

PEP8 method name

get_task_groups_by_query

Endpoint

Method	Route
	`/it-automation/combined/task-groups/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_task_groups_by_query(filter="string",
                                           sort="string",
                                           offset=integer,
                                           limit=integer
                                           )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetTaskGroupsByQuery(filter="string",
                                                   sort="string",
                                                   offset=integer,
                                                   limit=integer
                                                   )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetTaskGroupsByQuery",
                           filter="string",
                           sort="string",
                           offset=integer,
                           limit=integer
                           )
print(response)

ITAutomationGetTasksByQuery

Retrieve tasks by query

PEP8 method name

get_tasks_by_query

Endpoint

Method	Route
	`/it-automation/combined/tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_tasks_by_query(filter="string",
                                     sort="string",
                                     offset=integer,
                                     limit=integer
                                     )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetTasksByQuery(filter="string",
                                              sort="string",
                                              offset=integer,
                                              limit=integer
                                              )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetTasksByQuery",
                           filter="string",
                           sort="string",
                           offset=integer,
                           limit=integer
                           )
print(response)

ITAutomationGetPolicies

Retrieve policies

PEP8 method name

get_policies

Endpoint

Method	Route
	`/it-automation/entities/policies/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more policy IDs
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_policies(ids="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetPolicies(ids="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetPolicies", ids="string")
print(response)

ITAutomationCreatePolicy

Create a new policy of the specified type

New policies are always added at the end of the precedence list for the provided policy type.

PEP8 method name

create_policy

Endpoint

Method	Route
	`/it-automation/entities/policies/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload provided as a dictionary. Not required if using other keywords
name	body	string	Policy name. Max: 100 characters
description	body	string	Policy description. Max: 500 characters
platform	body	string	Execution host platform. Allowed values: Windows, Linux, Mac
enable_script_execution	body	boolean	Enable or disable script execution
enable_python_execution	body	boolean	Enable or disable Python execution
enable_os_query	body	boolean	Enable or disable OS Query
execution_timeout	body	integer	Specifies the timeout value for executions
execution_timeout_unit	body	string	Execution timeout unit. Allowed values: Hours, Minutes
cpu_throttle	body	integer	Specifies the CPU throttle value
cpu_scheduling	body	string	Sets priority to determine the order in which a query process will run on a host's CPU
memory_pressure_level	body	string	Sets memory pressure level to control system resource allocation during task execution
memory_allocation	body	integer	Specifies the memory allocation value
memory_allocation_unit	body	string	Memory allocation unit. Allowed values: MB, GB
concurrent_host_limit	body	integer	Specifies the maximum number of concurrent hosts
concurrent_task_limit	body	integer	Specifies the maximum number of concurrent tasks
concurrent_host_file_transfer_limit	body	integer	Specifies the maximum number of concurrent file transfers
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.create_policy(name="string",
                                description="string",
                                platform="string",
                                enable_script_execution=boolean,
                                enable_python_execution=boolean,
                                enable_os_query=boolean,
                                execution_timeout=integer,
                                execution_timeout_unit="string",
                                cpu_throttle=integer,
                                cpu_scheduling="string",
                                memory_pressure_level="string",
                                memory_allocation=integer,
                                memory_allocation_unit="string",
                                concurrent_host_limit=integer,
                                concurrent_task_limit=integer,
                                concurrent_host_file_transfer_limit=integer
                                )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationCreatePolicy(name="string",
                                          description="string",
                                          platform="string",
                                          enable_script_execution=boolean,
                                          enable_python_execution=boolean,
                                          enable_os_query=boolean,
                                          execution_timeout=integer,
                                          execution_timeout_unit="string",
                                          cpu_throttle=integer,
                                          cpu_scheduling="string",
                                          memory_pressure_level="string",
                                          memory_allocation=integer,
                                          memory_allocation_unit="string",
                                          concurrent_host_limit=integer,
                                          concurrent_task_limit=integer,
                                          concurrent_host_file_transfer_limit=integer
                                          )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "config": {
        "concurrency": {
            "concurrent_host_file_transfer_limit": integer,
            "concurrent_host_limit": integer,
            "concurrent_task_limit": integer
        },
        "execution": {
            "enable_os_query": boolean,
            "enable_python_execution": boolean,
            "enable_script_execution": boolean,
            "execution_timeout": integer,
            "execution_timeout_unit": "string"
        },
        "resources": {
            "cpu_scheduling": "string",
            "cpu_throttle": integer,
            "memory_allocation": integer,
            "memory_allocation_unit": "string",
            "memory_pressure_level": "string"
        }
    },
    "description": "string",
    "name": "string",
    "platform": "string"
}

response = falcon.command("ITAutomationCreatePolicy", body=body)
print(response)

ITAutomationUpdatePolicies

Update a new policy of the specified type

PEP8 method name

update_policy

Endpoint

Method	Route
	`/it-automation/entities/policies/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload provided as a dictionary. Not required if using other keywords
id	body	string	A valid policy ID representing the policy to be updated. Required
name	body	string	Policy name. Max: 100 characters
description	body	string	Policy description. Max: 500 characters
is_enabled	body	boolean	Flag controlling whether the policy is active
enable_script_execution	body	boolean	Enable or disable script execution
enable_python_execution	body	boolean	Enable or disable Python execution
enable_os_query	body	boolean	Enable or disable OS Query
execution_timeout	body	integer	Specifies the timeout value for executions
execution_timeout_unit	body	string	Execution timeout unit. Allowed values: Hours, Minutes
cpu_throttle	body	integer	Specifies the CPU throttle value
cpu_scheduling	body	string	Sets priority to determine the order in which a query process will run on a host's CPU
memory_pressure_level	body	string	Sets memory pressure level to control system resource allocation during task execution
memory_allocation	body	integer	Specifies the memory allocation value
memory_allocation_unit	body	string	Memory allocation unit. Allowed values: MB, GB
concurrent_host_limit	body	integer	Specifies the maximum number of concurrent hosts
concurrent_task_limit	body	integer	Specifies the maximum number of concurrent tasks
concurrent_host_file_transfer_limit	body	integer	Specifies the maximum number of concurrent file transfers
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.update_policy(id="string",
                                  name="string",
                                  description="string",
                                  is_enabled=boolean,
                                  enable_script_execution=boolean,
                                  enable_python_execution=boolean,
                                  enable_os_query=boolean,
                                  execution_timeout=integer,
                                  execution_timeout_unit="string",
                                  cpu_throttle=integer,
                                  cpu_scheduling="string",
                                  memory_pressure_level="string",
                                  memory_allocation=integer,
                                  memory_allocation_unit="string",
                                  concurrent_host_limit=integer,
                                  concurrent_task_limit=integer,
                                  concurrent_host_file_transfer_limit=integer
                                  )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationUpdatePolicies(id="string",
                                             name="string",
                                             description="string",
                                             is_enabled=boolean,
                                             enable_script_execution=boolean,
                                             enable_python_execution=boolean,
                                             enable_os_query=boolean,
                                             execution_timeout=integer,
                                             execution_timeout_unit="string",
                                             cpu_throttle=integer,
                                             cpu_scheduling="string",
                                             memory_pressure_level="string",
                                             memory_allocation=integer,
                                             memory_allocation_unit="string",
                                             concurrent_host_limit=integer,
                                             concurrent_task_limit=integer,
                                             concurrent_host_file_transfer_limit=integer
                                             )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "config": {
        "concurrency": {
            "concurrent_host_file_transfer_limit": integer,
            "concurrent_host_limit": integer,
            "concurrent_task_limit": integer
        },
        "execution": {
            "enable_os_query": boolean,
            "enable_python_execution": boolean,
            "enable_script_execution": boolean,
            "execution_timeout": integer,
            "execution_timeout_unit": "string"
        },
        "resources": {
            "cpu_scheduling": "string",
            "cpu_throttle": integer,
            "memory_allocation": integer,
            "memory_allocation_unit": "string",
            "memory_pressure_level": "string"
        }
    },
    "id": "string",
    "is_enabled": boolean,
    "name": "string",
    "description": "string"
}

response = falcon.command("ITAutomationUpdatePolicies", body=body)
print(response)

ITAutomationDeletePolicy

Delete a policy

PEP8 method name

delete_policy

Endpoint

Method	Route
	`/it-automation/entities/policies/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more policy IDs to delete
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.delete_policy(ids="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationDeletePolicy(ids="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationDeletePolicy", ids="string")
print(response)

ITAutomationUpdatePolicyHostGroups

Update policy host groups

PEP8 method name

update_policy_host_groups

Endpoint

Method	Route
	`/it-automation/entities/policies-host-groups/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format
policy_id	body	string	Policy ID
host_group_ids	body	array	List of host group IDs
action	body	string	Action to perform
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.update_policy_host_groups(policy_id="string",
                                            host_group_ids=["string"],
                                            action="string"
                                            )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationUpdatePolicyHostGroups(policy_id="string",
                                                     host_group_ids=["string"],
                                                     action="string"
                                                     )

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body =  {
            "action": "string",
            "host_group_ids": [
                "string"
            ],
            "policy_id": "string"
        }

response = falcon.command("ITAutomationUpdatePolicyHostGroups", body=body)
print(response)

ITAutomationUpdatePoliciesPrecedence

Update policies precedence

PEP8 method name

update_policies_precedence

Endpoint

Method	Route
	`/it-automation/entities/policies-precedence/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format
ids	body	array	List of policy IDs in precedence order
parameters	query	dictionary	Full query string parameters payload in JSON format
platform	query	string	The policy platform for which to set the precedence order

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.update_policies_precedence(ids=["string"],
                                             platform="string"
                                             )

print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationUpdatePoliciesPrecedence(ids=["string"],
                                                       platform="string"
                                                       )

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "ids": ["string"],
    "platform": "string
}

response = falcon.command("ITAutomationUpdatePoliciesPrecedence", body=body)
print(response)

ITAutomationGetScheduledTasks

Retrieve scheduled tasks

PEP8 method name

get_scheduled_task

Endpoint

Method	Route
	`/it-automation/entities/scheduled-tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more scheduled task IDs
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_scheduled_task(ids="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetScheduledTasks(ids="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetScheduledTasks", ids="string")
print(response)

ITAutomationCreateScheduledTask

Create a scheduled task from the given request

PEP8 method name

create_scheduled_task

Endpoint

Method	Route
	`/it-automation/entities/scheduled-tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload provided as a dictionary
execution_args	body	dictionary	Arguments to provide to the task when executed
discover_new_hosts	body	boolean	Allow the task to discover new hosts
discover_offline_hosts	body	boolean	Allow the task to discover offline hosts
distribute	body	boolean	Distribute the task
expiration_interval	body	string	Task expiration interval
guardrails	body	dictionary	Task execution guardrails (limiters)
id	body	string	The id of the scheduled task to update
is_active	body	boolean	Flag indicating if the task is active
schedule	body	dictionary	Task schedule
target	body	string	Task target
task_id	body	string	Task ID
trigger_condition	body	list of dictionaries	Task trigger conditions
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

arguments = {
    "additionalProp1": "string",
    "additionalProp2": "string",
    "additionalProp3": "string"
}
guardrails = {
    "run_time_limit_millis": integer
}
schedule = {
    "day_of_month": integer,
    "days_of_week": ["string"],
    "end_time": "string",
    "frequency": "string",
    "interval": integer,
    "start_time": "string",
    "time": "string",
    "timezone": "string"
}
trigger_conditions = [
    {
        "groups": [None],
        "operator": "string",
        "statements": [
            {
                "data_comparator": "string",
                "data_type": "string",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]

response = falcon.create_scheduled_task(execution_args=arguments,
                                        discover_new_hosts=boolean,
                                        discover_offline_hosts=boolean,
                                        distribute=boolean,
                                        expiration_interval="string",
                                        guardrails=guardrails,
                                        is_active=boolean,
                                        schedule=schedule,
                                        target="string",
                                        task_id="string",
                                        trigger_conditions=trigger_conditions
                                        )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

arguments = {
    "additionalProp1": "string",
    "additionalProp2": "string",
    "additionalProp3": "string"
}
guardrails = {
    "run_time_limit_millis": integer
}
schedule = {
    "day_of_month": integer,
    "days_of_week": ["string"],
    "end_time": "string",
    "frequency": "string",
    "interval": integer,
    "start_time": "string",
    "time": "string",
    "timezone": "string"
}
trigger_conditions = [
    {
        "groups": [None],
        "operator": "string",
        "statements": [
            {
                "data_comparator": "string",
                "data_type": "string",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]

response = falcon.ITAutomationCreateScheduledTask(execution_args=arguments,
                                                  discover_new_hosts=boolean,
                                                  discover_offline_hosts=boolean,
                                                  distribute=boolean,
                                                  expiration_interval="string",
                                                  guardrails=guardrails,
                                                  is_active=boolean,
                                                  schedule=schedule,
                                                  target="string",
                                                  task_id="string",
                                                  trigger_conditions=trigger_conditions
                                                  )

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "execution_args": {
        "additionalProp1": "string",
        "additionalProp2": "string",
        "additionalProp3": "string"
    },
    "discover_new_hosts": boolean,
    "discover_offline_hosts": boolean,
    "distribute": boolean,
    "expiration_interval": "string",
    "guardrails": {
        "run_time_limit_millis": integer
    },
    "is_active": boolean,
    "schedule": {
        "day_of_month": integer,
        "days_of_week": ["string"],
        "end_time": "string",
        "frequency": "string",
        "interval": integer,
        "start_time": "string",
        "time": "string",
        "timezone": "string"
    },
    "target": "string",
    "task_id": "string",
    "trigger_condition": [
        {
            "groups": [null],
            "operator": "string",
            "statements": [
                {
                    "data_comparator": "string",
                    "data_type": "string",
                    "key": "string",
                    "task_id": "string",
                    "value": "string"
                }
            ]
        }
    ]
}

response = falcon.command("ITAutomationCreateScheduledTask", body=body)
print(response)

ITAutomationUpdateScheduledTask

Update an existing scheduled task with the supplied info

PEP8 method name

update_scheduled_task

Endpoint

Method	Route
	`/it-automation/entities/scheduled-tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload provided as a dictionary. Not required if using other keywords
discover_new_hosts	body	boolean	Allow the task to discover new hosts
discover_offline_hosts	body	boolean	Allow the task to discover offline hosts
distribute	body	boolean	Distribute the task
execution_args	body	dictionary	Arguments to provide to the task when executed
expiration_interval	body	string	Task expiration interval
guardrails	body	dictionary	Task execution guardrails (limiters)
id	query	string	The id of the scheduled task to update
is_active	body	boolean	Flag indicating if the task is active
parameters	query	dictionary	Full query string parameters payload in JSON format
schedule	body	dictionary	Task schedule
target	body	string	Task target
task_id	body	string	Task ID
trigger_condition	body	list of dictionaries	Task trigger conditions

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

execution_args = {
    "additionalProp1": "string",
    "additionalProp2": "string",
    "additionalProp3": "string"
}
guardrails = {
    "run_time_limit_millis": integer
}
schedule = {
    "day_of_month": integer,
    "days_of_week": ["string"],
    "end_time": "string",
    "frequency": "string",
    "interval": integer,
    "start_time": "string",
    "time": "string",
    "timezone": "string"
}
trigger_conditions = [
    {
        "groups": [None],
        "operator": "string",
        "statements": [
            {
                "data_comparator": "string",
                "data_type": "string",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]

response = falcon.update_scheduled_task(id="string",
                                        execution_args=execution_args,
                                        discover_new_hosts=boolean,
                                        discover_offline_hosts=boolean,
                                        distribute=boolean,
                                        expiration_interval="string",
                                        guardrails=guardrails,
                                        is_active=boolean,
                                        schedule=schedule,
                                        target="string",
                                        task_id="string",
                                        trigger_conditions=trigger_conditions
                                        )

print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

execution_args = {
    "additionalProp1": "string",
    "additionalProp2": "string",
    "additionalProp3": "string"
}
guardrails = {
    "run_time_limit_millis": integer
}
schedule = {
    "day_of_month": integer,
    "days_of_week": ["string"],
    "end_time": "string",
    "frequency": "string",
    "interval": integer,
    "start_time": "string",
    "time": "string",
    "timezone": "string"
}
trigger_conditions = [
    {
        "groups": [None],
        "operator": "string",
        "statements": [
            {
                "data_comparator": "string",
                "data_type": "string",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]

response = falcon.ITAutomationUpdateScheduledTask(id="string",
                                                  execution_args=execution_args,
                                                  discover_new_hosts=boolean,
                                                  discover_offline_hosts=boolean,
                                                  distribute=boolean,
                                                  expiration_interval="string",
                                                  guardrails=guardrails,
                                                  is_active=boolean,
                                                  schedule=schedule,
                                                  target="string",
                                                  task_id="string",
                                                  trigger_conditions=trigger_conditions
                                                  )

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "id": "string",
    "discover_new_hosts": boolean,
    "discover_offline_hosts": boolean,
    "distribute": boolean,
    "execution_args": {
        "additionalProp1": "string",
        "additionalProp2": "string",
        "additionalProp3": "string"
    },
    "expiration_interval": "string",
    "guardrails": {
        "run_time_limit_millis": integer
    },
    "is_active": boolean,
    "schedule": {
        "day_of_month": integer,
        "days_of_week": ["string"],
        "end_time": "string",
        "frequency": "string",
        "interval": integer,
        "start_time": "string",
        "time": "string",
        "timezone": "string"
    },
    "target": "string",
    "task_id": "string",
    "trigger_condition": [
        {
            "groups": [null],
            "operator": "string",
            "statements": [
                {
                    "data_comparator": "string",
                    "data_type": "string",
                    "key": "string",
                    "task_id": "string",
                    "value": "string"
                }
            ]
        }
    ]
}

response = falcon.command("ITAutomationUpdateScheduledTask", body=body)
print(response)

ITAutomationDeleteScheduledTasks

Delete scheduled tasks

PEP8 method name

delete_scheduled_task

Endpoint

Method	Route
	`/it-automation/entities/scheduled-tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more scheduled task IDs to delete
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.delete_scheduled_task(ids="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationDeleteScheduledTasks(ids="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationDeleteScheduledTasks", ids="string")
print(response)

ITAutomationCancelTaskExecution

Cancel a task execution

PEP8 method name

cancel_execution

Endpoint

Method	Route
	`/it-automation/entities/task-execution-cancel/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
body			body	dictionary	Full body payload in JSON format
task_execution_id			body	string	Task execution ID

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.cancel_execution(task_execution_id="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationCancelTaskExecution(task_execution_id="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
        "id"="string"
       }

response = falcon.command("ITAutomationCancelTaskExecution", body=body)
print(response)

ITAutomationGetTaskExecutionHostStatus

Retrieve task execution host status

PEP8 method name

get_execution_host_status

Endpoint

Method	Route
	`/it-automation/entities/task-execution-host-status/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
ids	query	string or list of strings	Task execution ID
filter	query	string	The filter expression that should be used to limit the results
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_execution_host_status(id="string",
                                                 filter="string",
                                                 sort="string",
                                                 offset=integer,
                                                 limit=integer
                                                 )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetTaskExecutionHostStatus(id="string",
                                                         filter="string",
                                                         sort="string",
                                                         offset=integer,
                                                         limit=integer
                                                         )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetTaskExecutionHostStatus",
                           id="string",
                           filter="string",
                           sort="string",
                           offset=integer,
                           limit=integer
                           )
print(response)

ITAutomationRerunTaskExecution

Rerun the task execution specified in the request

PEP8 method name

rerun_execution

Endpoint

Method	Route
	`/it-automation/entities/task-execution-rerun/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload provided as a dictionary. Not required if using other keywords
run_type	body	string	Task run type
task_execution_id	body	string	Task execution ID
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.rerun_execution(run_type="string",
                                       task_execution_id="string"
                                       )

print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationRerunTaskExecution(run_type="string",
                                                 task_execution_id="string"
                                                 )

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "run_type": "string",
    "task_execution_id": "string"
}

response = falcon.command("ITAutomationRerunTaskExecution", body=body)
print(response)

ITAutomationGetExecutionResultsSearchStatus

Retrieve execution results search status

PEP8 method name

get_execution_results_search_status

Endpoint

Method	Route
	`/it-automation/entities/task-execution-results-search/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
id			query	string	Search ID
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_execution_results_search_status(id="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetExecutionResultsSearchStatus(id="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetExecutionResultsSearchStatus", id="string")
print(response)

ITAutomationStartExecutionResultsSearch

Start an asynchronous task execution results search

Poll ITAutomationGetExecutionResultsSearchStatus to determine when the search is complete.

PEP8 method name

execution_results_search

Endpoint

Method	Route
	`/it-automation/entities/task-execution-results-search/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload provided as a dictionary. Not required if using other keywords
end	body	string	Task end
filter_expressions	body	string or list of strings	Filter expressions to apply
group_by_fields	body	string or list of strings	Fields to use to group results
start	body	string	Task start
task_execution_id	body	string	Task execution ID
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

filter_expressions = ["string"]
group_by_fields = ["string"]

response = falcon.execution_results_search(end="string",
                                           filter_expressions=filter_expressions,
                                           group_by_fields=group_by_fields,
                                           start="string",
                                           task_execution_id="string"
                                           )

print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

filter_expressions = ["string"]
group_by_fields = ["string"]

response = falcon.ITAutomationStartExecutionResultsSearch(end="string",
                                                          filter_expressions=filter_expressions,
                                                          group_by_fields=group_by_fields,
                                                          start="string",
                                                          task_execution_id="string"
                                                          )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "end": "string",
    "filter_expressions": [
        "string"
    ],
    "group_by_fields": [
        "string"
    ],
    "start": "string",
    "task_execution_id": "string"
}

response = falcon.command("ITAutomationStartExecutionResultsSearch", body=body)
print(response)

ITAutomationGetExecutionResults

Retrieve execution results

PEP8 method name

get_execution_results

Endpoint

Method	Route
	`/it-automation/entities/task-execution-results/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
id	query	string	Search ID
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
sort	query	string	Sort results by one of the fields in the event results, either asc (ascending) or desc (descending)
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_execution_results(id="string",
                                        offset=integer,
                                        limit=integer,
                                        sort="string"
                                        )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetExecutionResults(id="string",
                                                  offset=integer,
                                                  limit=integer,
                                                  sort="string"
                                                  )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetExecutionResults",
                           id="string",
                           offset=integer,
                           limit=integer,
                           sort="string"
                           )
print(response)

ITAutomationGetTaskExecution

Retrieve a task execution

PEP8 method name

get_execution

Endpoint

Method	Route
	`/it-automation/entities/task-executions/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	Task execution ID
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_execution(id="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetTaskExecution(id="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetTaskExecution", id="string")
print(response)

ITAutomationStartTaskExecution

Start a new task execution from an existing task provided in the request and returns the initiated task executions

PEP8 method name

start_execution

Endpoint

Method	Route
	`/it-automation/entities/task-executions/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
arguments	body	dictionary	Arguments to pass to the execution
body	body	dictionary	Full body payload provided as a dictionary. Not required if using other keywords
discover_new_hosts	body	boolean	Allow the task execution to discover new hosts
discover_offline_hosts	body	boolean	Allow the task execution to discover offline hosts
distribute	body	boolean	Distribute this task
expiration_interval	body	string	Task expiration interval
guardrails	body	dictionary	Task execution guardrails (limiters)
target	body	string	Task target
task_id	body	string	Task ID
trigger_conditions	body	list of dictionaries	List of task triggers
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

arguments = {
    "additionalProp1": "string",
    "additionalProp2": "string",
    "additionalProp3": "string"
}
guardrails = {
    "run_time_limit_millis": integer
}
schedule = {
    "day_of_month": integer,
    "days_of_week": ["string"],
    "end_time": "string",
    "frequency": "string",
    "interval": integer,
    "start_time": "string",
    "time": "string",
    "timezone": "string"
}
trigger_conditions = [
    {
        "groups": [None],
        "operator": "string",
        "statements": [
            {
                "data_comparator": "string",
                "data_type": "string",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]

response = falcon.start_execution(arguments=arguments,
                                       discover_new_hosts=boolean,
                                       discover_offline_hosts=boolean,
                                       distribute=boolean,
                                       expiration_interval="string",
                                       guardrails=guardrails,
                                       is_active=boolean,
                                       schedule=schedule,
                                       target="string",
                                       task_id="string",
                                       trigger_conditions=trigger_conditions
                                       )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

arguments = {
    "additionalProp1": "string",
    "additionalProp2": "string",
    "additionalProp3": "string"
}
guardrails = {
    "run_time_limit_millis": integer
}
schedule = {
    "day_of_month": integer,
    "days_of_week": ["string"],
    "end_time": "string",
    "frequency": "string",
    "interval": integer,
    "start_time": "string",
    "time": "string",
    "timezone": "string"
}
trigger_conditions = [
    {
        "groups": [None],
        "operator": "string",
        "statements": [
            {
                "data_comparator": "string",
                "data_type": "string",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]

response = falcon.ITAutomationStartTaskExecution(arguments=arguments,
                                                 discover_new_hosts=boolean,
                                                 discover_offline_hosts=boolean,
                                                 distribute=boolean,
                                                 expiration_interval="string",
                                                 guardrails=guardrails,
                                                 is_active=boolean,
                                                 schedule=schedule,
                                                 target="string",
                                                 task_id="string",
                                                 trigger_conditions=trigger_conditions
                                                 )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "arguments": {
        "additionalProp1": "string",
        "additionalProp2": "string",
        "additionalProp3": "string"
    },
    "discover_new_hosts": boolean,
    "discover_offline_hosts": boolean,
    "distribute": boolean,
    "expiration_interval": "string",
    "guardrails": {
        "run_time_limit_millis": integer
    },
    "target": "string",
    "task_id": "string",
    "trigger_condition": [
        {
            "groups": [
                null
            ],
            "operator": "string",
            "statements": [
                {
                    "data_comparator": "string",
                    "data_type": "string",
                    "key": "string",
                    "task_id": "string",
                    "value": "string"
                }
            ]
        }
    ]
}

response = falcon.command("ITAutomationStartTaskExecution", body=body)
print(response)

ITAutomationGetTaskGroups

Retrieve task groups

PEP8 method name

get_task_group

Endpoint

Method	Route
	`/it-automation/entities/task-groups/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more task group IDs
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_task_group(ids="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetTaskGroups(ids="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetTaskGroups", ids="string")
print(response)

ITAutomationCreateTaskGroup

Create a task group

PEP8 method name

create_task_group

Endpoint

Method	Route
	`/it-automation/entities/task-groups/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format
access_type	body	string	Access type for the task group
assigned_user_group_ids	body	string or list of strings	Assigned user group IDs
assigned_user_ids	body	string or list of strings	Assigned user IDs
name	body	string	Task group name
description	body	string	Task group description
task_ids	body	string	Task IDs to add to the group. String or list of strings.

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.create_task_group(name="string",
                                    description="string",
                                    task_ids="string",
                                    access_type="string",
                                    assigned_user_group_ids=["string"],
                                    assigned_user_ids=["string"]
                                    )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )


response = falcon.ITAutomationCreateTaskGroup(name="string",
                                              description="string",
                                              task_ids="string",
                                              access_type="string",
                                              assigned_user_group_ids=["string"],
                                              assigned_user_ids=["string"]
                                              )

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
            "access_type": "Public",
            "assigned_user_group_ids": [
                "string"
            ],
            "assigned_user_ids": [
                "string"
            ],
            "description": "string",
            "name": "string",
            "task_ids": [
                "string"
            ]
        }

response = falcon.command("ITAutomationCreateTaskGroup", body=body)
print(response)

ITAutomationUpdateTaskGroup

Update a task group for a given ID

PEP8 method name

update_task_group

Endpoint

Method	Route
	`/it-automation/entities/task-groups/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
access_type	body	string	Task group access type
add_assigned_user_group_ids	body	string or list of strings	User group IDs to add
add_assigned_user_ids	body	string or list of strings	User IDs to add
add_task_ids	body	string or list of strings	Task IDs to add to the group
body	body	dictionary	Full body payload provided as a dictionary. Not required if using other keywords
description	body	string	Task group description
id	query	string	The ID of the task group to update
name	body	string	Task group name
parameters	query	dictionary	Full query string parameters payload in JSON format
remove_assigned_user_group_ids	body	string or list of strings	User group IDs to be removed
remove_assigned_user_ids	body	string or list of strings	User IDs to be removed
remove_task_ids	body	string or list of strings	Task IDs to be removed

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

add_assigned_user_ids = ["string"]
add_assigned_user_group_ids = ["string"]
add_task_ids = ["string"]
remove_assigned_user_ids = ["string"]
remove_assigned_user_group_ids = ["string"]
remove_task_ids = ["string"]

response = falcon.update_task_group(id="string",
                                    name="string",
                                    description="string",
                                    access_type="string",
                                    add_assigned_user_ids=add_assigned_user_ids,
                                    add_assigned_user_group_ids=add_assigned_user_group_ids,
                                    add_task_ids=add_task_ids,
                                    remove_assigned_user_ids=remove_assigned_user_ids,
                                    remove_assigned_user_group_ids=remove_assigned_user_group_ids,
                                    remove_task_ids=remove_task_ids
                                    )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

add_assigned_user_ids = ["string"]
add_assigned_user_group_ids = ["string"]
add_task_ids = ["string"]
remove_assigned_user_ids = ["string"]
remove_assigned_user_group_ids = ["string"]
remove_task_ids = ["string"]

response = falcon.ITAutomationUpdateTaskGroup(id="string",
                                              name="string",
                                              description="string",
                                              access_type="string",
                                              add_assigned_user_ids=add_assigned_user_ids,
                                              add_assigned_user_group_ids=add_assigned_user_group_ids,
                                              add_task_ids=add_task_ids,
                                              remove_assigned_user_ids=remove_assigned_user_ids,
                                              remove_assigned_user_group_ids=remove_assigned_user_group_ids,
                                              remove_task_ids=remove_task_ids
                                              )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "access_type": "string",
    "add_assigned_user_group_ids": [
        "string"
    ],
    "add_assigned_user_ids": [
        "string"
    ],
    "add_task_ids": [
        "string"
    ],
    "description": "string",
    "id": "string",
    "name": "string",
    "remove_assigned_user_group_ids": [
        "string"
    ],
    "remove_assigned_user_ids": [
        "string"
    ],
    "remove_task_ids": [
        "string"
    ]
}

response = falcon.command("ITAutomationUpdateTaskGroup", body=body)
print(response)

ITAutomationDeleteTaskGroups

Delete task groups

PEP8 method name

delete_task_groups

Endpoint

Method	Route
	`/it-automation/entities/task-groups/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more task group IDs to delete
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.delete_task_groups(ids="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationDeleteTaskGroups(ids="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationDeleteTaskGroups", ids="string")
print(response)

ITAutomationGetTasks

Retrieve tasks

PEP8 method name

get_tasks

Endpoint

Method	Route
	`/it-automation/entities/tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more task IDs
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_tasks(ids="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetTasks(ids="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetTasks", ids="string")
print(response)

ITAutomationCreateTask

Create a task with details from the given request

PEP8 method name

create_task

Endpoint

Method	Route
	`/it-automation/entities/tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
access_type	body	string	Task access type
add_assigned_user_group_ids	body	string or list of strings	User group IDs to add
add_assigned_user_ids	body	string or list of strings	User IDs to add
body	body	dictionary	Full body payload provided as a dictionary. Not required if using other keywords
description	body	string	Task description
name	body	string	Task name
os_query	body	string	OS query detail
output_parser_config	body	dictionary	Parser output configuration
queries	body	dictionary	Queries to perform (by OS)
remediations	body	dictionary	Remediations to perform (by OS)
remove_assigned_user_group_ids	body	string or list of strings	User group IDs to be removed
remove_assigned_user_ids	body	string or list of strings	User IDs to be removed
target	body	string	Task target
task_group_id	body	string	Task group ID
task_parameters	body	list of dictionaries	Task parameters
task_type	body	string	Task type
trigger_condition	body	list of dictionaries	Trigger conditions
verification_condition	body	list of dictionaries	Verification conditions
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

add_assigned_user_ids = ["string"]
add_assigned_user_group_ids = ["string"]
output_parser_config = {
    "columns": [{"name": "string"}],
    "default_group_by": boolean,
    "delimiter": "string"
}
queries = {
    "linux": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    },
    "mac": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    },
    "windows": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    }
}
task_parameters = [
    {
        "custom_validation_message": "string",
        "custom_validation_regex": "string",
        "default_value": "string",
        "input_type": "string",
        "key": "string",
        "label": "string",
        "options": [{"key": "string", "value": "string"}],
        "validation_type": "string"
    }
]
trigger_condition = [
    {
        "groups": [None],
        "operator": "string",
        "statements": [
            {
                "data_comparator": "string",
                "data_type": "string",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]

response = falcon.create_task(name="string",
                              description="string",
                              access_type="string",
                              task_type="string",
                              target="string",
                              os_query="string",
                              add_assigned_user_ids=add_assigned_user_ids,
                              add_assigned_user_group_ids=add_assigned_user_group_ids,
                              task_group_id="string",
                              output_parser_config=output_parser_config,
                              queries=queries,
                              task_parameters=task_parameters,
                              trigger_condition=trigger_condition
                              )
print(response)

Service class example (Operation ID Syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

add_assigned_user_ids = ["string"]
add_assigned_user_group_ids = ["string"]
output_parser_config = {
    "columns": [{"name": "string"}],
    "default_group_by": boolean,
    "delimiter": "string"
}
queries = {
    "linux": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    },
    "mac": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    },
    "windows": {
        "action_type": "string",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "string",
        "script_file_id": "string"
    }
}
task_parameters = [
    {
        "custom_validation_message": "string",
        "custom_validation_regex": "string",
        "default_value": "string",
        "input_type": "string",
        "key": "string",
        "label": "string",
        "options": [{"key": "string", "value": "string"}],
        "validation_type": "string"
    }
]
trigger_condition = [
    {
        "groups": [None],
        "operator": "string",
        "statements": [
            {
                "data_comparator": "string",
                "data_type": "string",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]

response = falcon.ITAutomationCreateTask(name="string",
                                         description="string",
                                         access_type="string",
                                         task_type="string",
                                         target="string",
                                         os_query="string",
                                         add_assigned_user_ids=add_assigned_user_ids,
                                         add_assigned_user_group_ids=add_assigned_user_group_ids,
                                         task_group_id="string",
                                         output_parser_config=output_parser_config,
                                         queries=queries,
                                         task_parameters=task_parameters,
                                         trigger_condition=trigger_condition
                                         )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "access_type": "string",
    "add_assigned_user_group_ids": ["string"],
    "add_assigned_user_ids": ["string"],
    "description": "string",
    "name": "string",
    "os_query": "string",
    "output_parser_config": {
        "columns": [{"name": "string"}],
        "default_group_by": boolean,
        "delimiter": "string"
    },
    "queries": {
        "linux": {
            "action_type": "string",
            "args": "string",
            "content": "string",
            "file_ids": ["string"],
            "language": "string",
            "script_file_id": "string"
        },
        "mac": {
            "action_type": "string",
            "args": "string",
            "content": "string",
            "file_ids": ["string"],
            "language": "string",
            "script_file_id": "string"
        },
        "windows": {
            "action_type": "string",
            "args": "string",
            "content": "string",
            "file_ids": ["string"],
            "language": "string",
            "script_file_id": "string"
        }
    },
    "remediations": {
        "linux": {
            "action_type": "string",
            "args": "string",
            "content": "string",
            "file_ids": ["string"],
            "language": "string",
            "script_file_id": "string"
        },
        "mac": {
            "action_type": "string",
            "args": "string",
            "content": "string",
            "file_ids": ["string"],
            "language": "string",
            "script_file_id": "string"
        },
        "windows": {
            "action_type": "string",
            "args": "string",
            "content": "string",
            "file_ids": ["string"],
            "language": "string",
            "script_file_id": "string"
        }
    },
    "remove_assigned_user_group_ids": ["string"],
    "remove_assigned_user_ids": ["string"],
    "target": "string",
    "task_group_id": "string",
    "task_parameters": [
        {
            "custom_validation_message": "string",
            "custom_validation_regex": "string",
            "default_value": "string",
            "input_type": "string",
            "key": "string",
            "label": "string",
            "options": [{"key": "string", "value": "string"}],
            "validation_type": "string"
        }
    ],
    "task_type": "string",
    "trigger_condition": [
        {
            "groups": [null],
            "operator": "string",
            "statements": [
                {
                    "data_comparator": "string",
                    "data_type": "string",
                    "key": "string",
                    "task_id": "string",
                    "value": "string"
                }
            ]
        }
    ],
    "verification_condition": [
        {
            "groups": [null],
            "operator": "string",
            "statements": [
                {
                    "data_comparator": "string",
                    "data_type": "string",
                    "key": "string",
                    "task_id": "string",
                    "value": "string"
                }
            ]
        }
    ]
}

response = falcon.command("ITAutomationCreateTask", body=body)
print(response)

ITAutomationUpdateTask

Update a task with details from the given request

PEP8 method name

update_task

Endpoint

Method	Route
	`/it-automation/entities/tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
access_type	body	string	Task access type
add_assigned_user_group_ids	body	string or list of strings	User group IDs to add
add_assigned_user_ids	body	string or list of strings	User IDs to add
body	body	dictionary	Full body payload provided as a dictionary. Not required if using other keywords
description	body	string	Task description
id	query	string	ID of the task to update. Use ITAutomationSearchTasks to fetch IDs
name	body	string	Task name
os_query	body	string	OS query detail
output_parser_config	body	dictionary	Parser output configuration
parameters	query	dictionary	Full query string parameters payload in JSON format
queries	body	dictionary	Queries to perform (by OS)
remediations	body	dictionary	Remediations to perform (by OS)
remove_assigned_user_group_ids	body	string or list of strings	User group IDs to be removed
remove_assigned_user_ids	body	string or list of strings	User IDs to be removed
target	body	string	Task target
task_group_id	body	string	Task group ID
task_parameters	body	list of dictionaries	Task parameters
task_type	body	string	Task type
trigger_condition	body	list of dictionaries	Trigger conditions
verification_condition	body	list of dictionaries	Verification conditions

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

add_assigned_user_group_ids = ["string"]
add_assigned_user_ids = ["string"]
output_parser_config = {
    "columns": [
        {
            "name": "string"
        }
    ],
    "default_group_by": boolean,
    "delimiter": "string"
}
queries = {
    "linux": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    },
    "mac": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    },
    "windows": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    }
}
remediations = {
    "linux": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    },
    "mac": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    },
    "windows": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    }
}
remove_assigned_user_group_ids = ["string"]
remove_assigned_user_ids = ["string"]
task_parameters = [
    {
        "custom_validation_message": "string",
        "custom_validation_regex": "string",
        "default_value": "string",
        "input_type": "text",
        "key": "string",
        "label": "string",
        "options": [
            {
                "key": "string",
                "value": "string"
            }
        ],
        "validation_type": "text"
    }
]
trigger_condition = [
    {
        "groups": [None],
        "operator": "AND",
        "statements": [
            {
                "data_comparator": "LessThan",
                "data_type": "StringType",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]
verification_condition = [
    {
        "groups": [None],
        "operator": "AND",
        "statements": [
            {
                "data_comparator": "LessThan",
                "data_type": "StringType",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]

response = falcon.update_task(access_type="string",
                              add_assigned_user_group_ids=add_assigned_user_group_ids,
                              add_assigned_user_ids=add_assigned_user_ids,
                              description="string",
                              name="string",
                              os_query="string",
                              output_parser_config=output_parser_config,
                              queries=queries,
                              remediations=remediations,
                              remove_assigned_user_group_ids=remove_assigned_user_group_ids,
                              remove_assigned_user_ids=remove_assigned_user_ids,
                              target="string",
                              task_group_id="string",
                              task_parameters=task_parameters,
                              task_type="string",
                              trigger_condition=trigger_condition,
                              verification_condition=verification_condition
                              )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

add_assigned_user_group_ids = ["string"]
add_assigned_user_ids = ["string"]
output_parser_config = {
    "columns": [
        {
            "name": "string"
        }
    ],
    "default_group_by": boolean,
    "delimiter": "string"
}
queries = {
    "linux": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    },
    "mac": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    },
    "windows": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    }
}
remediations = {
    "linux": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    },
    "mac": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    },
    "windows": {
        "action_type": "script",
        "args": "string",
        "content": "string",
        "file_ids": ["string"],
        "language": "bash",
        "script_file_id": "string"
    }
}
remove_assigned_user_group_ids = ["string"]
remove_assigned_user_ids = ["string"]
task_parameters = [
    {
        "custom_validation_message": "string",
        "custom_validation_regex": "string",
        "default_value": "string",
        "input_type": "text",
        "key": "string",
        "label": "string",
        "options": [
            {
                "key": "string",
                "value": "string"
            }
        ],
        "validation_type": "text"
    }
]
trigger_condition = [
    {
        "groups": [None],
        "operator": "AND",
        "statements": [
            {
                "data_comparator": "LessThan",
                "data_type": "StringType",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]
verification_condition = [
    {
        "groups": [None],
        "operator": "AND",
        "statements": [
            {
                "data_comparator": "LessThan",
                "data_type": "StringType",
                "key": "string",
                "task_id": "string",
                "value": "string"
            }
        ]
    }
]

response = falcon.ITAutomationUpdateTask(access_type="string",
                                         add_assigned_user_group_ids=add_assigned_user_group_ids,
                                         add_assigned_user_ids=add_assigned_user_ids,
                                         description="string",
                                         name="string",
                                         os_query="string",
                                         output_parser_config=output_parser_config,
                                         queries=queries,
                                         remediations=remediations,
                                         remove_assigned_user_group_ids=remove_assigned_user_group_ids,
                                         remove_assigned_user_ids=remove_assigned_user_ids,
                                         target="string",
                                         task_group_id="string",
                                         task_parameters=task_parameters,
                                         task_type="string",
                                         trigger_condition=trigger_condition,
                                         verification_condition=verification_condition
                                         )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
            "access_type": "Public",
            "add_assigned_user_group_ids": [
                "string"
            ],
            "add_assigned_user_ids": [
                "string"
            ],
            "description": "string",
            "name": "string",
            "os_query": "string",
            "output_parser_config": {
                "columns": [
                    {
                        "name": "string"
                    }
                ],
                "default_group_by": boolean,
                "delimiter": "string"
            },
            "queries": {
                "linux": {
                    "action_type": "script",
                    "args": "string",
                    "content": "string",
                    "file_ids": [
                        "string"
                    ],
                    "language": "bash",
                    "script_file_id": "string"
                },
                "mac": {
                    "action_type": "script",
                    "args": "string",
                    "content": "string",
                    "file_ids": [
                        "string"
                    ],
                    "language": "bash",
                    "script_file_id": "string"
                },
                "windows": {
                    "action_type": "script",
                    "args": "string",
                    "content": "string",
                    "file_ids": [
                        "string"
                    ],
                    "language": "bash",
                    "script_file_id": "string"
                }
            },
            "remediations": {
                "linux": {
                    "action_type": "script",
                    "args": "string",
                    "content": "string",
                    "file_ids": [
                        "string"
                    ],
                    "language": "bash",
                    "script_file_id": "string"
                },
                "mac": {
                    "action_type": "script",
                    "args": "string",
                    "content": "string",
                    "file_ids": [
                        "string"
                    ],
                    "language": "bash",
                    "script_file_id": "string"
                },
                "windows": {
                    "action_type": "script",
                    "args": "string",
                    "content": "string",
                    "file_ids": [
                        "string"
                    ],
                    "language": "bash",
                    "script_file_id": "string"
                }
            },
            "remove_assigned_user_group_ids": [
                "string"
            ],
            "remove_assigned_user_ids": [
                "string"
            ],
            "target": "string",
            "task_group_id": "string",
            "task_parameters": [
                {
                    "custom_validation_message": "string",
                    "custom_validation_regex": "string",
                    "default_value": "string",
                    "input_type": "text",
                    "key": "string",
                    "label": "string",
                    "options": [
                        {
                            "key": "string",
                            "value": "string"
                        }
                    ],
                    "validation_type": "text"
                }
            ],
            "task_type": "query",
            "trigger_condition": [
                {
                    "groups": [
                        null
                    ],
                    "operator": "AND",
                    "statements": [
                        {
                            "data_comparator": "LessThan",
                            "data_type": "StringType",
                            "key": "string",
                            "task_id": "string",
                            "value": "string"
                        }
                    ]
                }
            ],
            "verification_condition": [
                {
                    "groups": [
                        null
                    ],
                    "operator": "AND",
                    "statements": [
                        {
                            "data_comparator": "LessThan",
                            "data_type": "StringType",
                            "key": "string",
                            "task_id": "string",
                            "value": "string"
                        }
                    ]
                }
            ]
        }

response = falcon.command("ITAutomationUpdateTask", body=body)
print(response)

ITAutomationDeleteTask

Delete a task

PEP8 method name

delete_task

Endpoint

Method	Route
	`/it-automation/entities/tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	One or more task IDs to delete
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.delete_task(ids="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationDeleteTask(ids="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationDeleteTask", ids="string")
print(response)

ITAutomationQueryPolicies

Query policies

PEP8 method name

query_policies

Endpoint

Method	Route
	`/it-automation/queries/policies/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
platform	query	string	Required. The platform of policies to retrieve. Allowed values: Windows, Mac, Linux
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.query_policies(sort="string",
                                 offset=integer,
                                 limit=integer,
                                 platform="Windows"
                                 )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationQueryPolicies(sort="string",
                                            offset=integer,
                                            limit=integer,
                                            platform="Windows"
                                            )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationQueryPolicies",
                           sort="string",
                           offset=integer,
                           limit=integer,
                           platform="Windows"
                           )
print(response)

ITAutomationSearchScheduledTasks

Search scheduled tasks

PEP8 method name

search_scheduled_tasks

Endpoint

Method	Route
	`/it-automation/queries/scheduled-tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.search_scheduled_tasks(filter="string",
                                         sort="string",
                                         offset=integer,
                                         limit=integer
                                         )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationSearchScheduledTasks(filter="string",
                                                   sort="string",
                                                   offset=integer,
                                                   limit=integer
                                                   )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationSearchScheduledTasks",
                           filter="string",
                           sort="string",
                           offset=integer,
                           limit=integer
                           )
print(response)

ITAutomationSearchTaskExecutions

Search task executions

PEP8 method name

search_task_executions

Endpoint

Method	Route
	`/it-automation/queries/task-executions/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.search_task_executions(filter="string",
                                         sort="string",
                                         offset=integer,
                                         limit=integer
                                         )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationSearchTaskExecutions(filter="string",
                                                   sort="string",
                                                   offset=integer,
                                                   limit=integer
                                                   )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationSearchTaskExecutions",
                           filter="string",
                           sort="string",
                           offset=integer,
                           limit=integer
                           )
print(response)

ITAutomationSearchTaskGroups

Search task groups

PEP8 method name

search_task_groups

Endpoint

Method	Route
	`/it-automation/queries/task-groups/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.search_task_groups(filter="string",
                                     sort="string",
                                     offset=integer,
                                     limit=integer
                                     )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationSearchTaskGroups(filter="string",
                                               sort="string",
                                               offset=integer,
                                               limit=integer
                                               )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationSearchTaskGroups",
                           filter="string",
                           sort="string",
                           offset=integer,
                           limit=integer
                           )
print(response)

ITAutomationSearchTasks

Search tasks

PEP8 method name

search_tasks

Endpoint

Method	Route
	`/it-automation/queries/tasks/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.search_tasks(filter="string",
                               sort="string",
                               offset=integer,
                               limit=integer
                               )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationSearchTasks(filter="string",
                                          sort="string",
                                          offset=integer,
                                          limit=integer
                                          )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationSearchTasks",
                           filter="string",
                           sort="string",
                           offset=integer,
                           limit=integer
                           )
print(response)

ITAutomationGetUserGroup

Returns user groups for each provided id

PEP8 method name

get_user_group

Endpoint

Method	Route
	`/it-automation/entities/it-user-groups/v1`

Required Scope

it_automation

Content-Type

Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	list of strings	User group IDs
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_user_group(ids=["string", "string"])
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationGetUserGroup(ids=["string", "string"])
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationGetUserGroup",
                           ids=["string", "string"]
                           )
print(response)

ITAutomationCreateUserGroup

Creates a user group from the given request

PEP8 method name

create_user_group

Endpoint

Method	Route
	`/it-automation/entities/it-user-groups/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Required parameter. Full body payload in JSON format
description	body	string	Description of the user group.
name	body	string	Name of the user group.

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.create_user_group(description="string",
                                    name="string"
                                    )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationCreateUserGroup(description="string",
                                              name="string"
                                              )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "description": "string",
    "name": "string"
}

response = falcon.command("ITAutomationCreateUserGroup",
                           body=body
                           )
print(response)

ITAutomationUpdateUserGroup

Update a user group for a given id

PEP8 method name

update_user_group

Endpoint

Method	Route
	`/it-automation/entities/it-user-groups/v1`

Required Scope

it_automation

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format. Not required if using other keywords.
add_user_ids	body	list of strings	List of user IDs to add.
description	body	string	The updated user group description.
id	query	string	The ID of the user group to update.
name	body	string	The updated user group name.
remove_user_ids	body	list of strings	List of user IDs to remove.

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.update_user_group(add_user_ids=["string"],
                                    description="string",
                                    name="string",
                                    remove_user_ids=["string"]
                                    )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationUpdateUserGroup(add_user_ids=["string"],
                                              description="string",
                                              name="string",
                                              remove_user_ids=["string"]
                                              )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body = {
    "add_user_ids": [
        "string"
    ],
    "description": "string",
    "name": "string",
    "remove_user_ids": [
        "string"
    ]
}

response = falcon.command("ITAutomationUpdateUserGroup",
                           id="string",
                           body=body
                           )
print(response)

ITAutomationDeleteUserGroup

Deletes user groups for each provided ids

PEP8 method name

delete_user_groups

Endpoint

Method	Route
	`/it-automation/entities/it-user-groups/v1`

Required Scope

it_automation

Content-Type

Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	list of strings	User group IDs
parameters			query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.delete_user_groups(ids=["string", "string"])
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationDeleteUserGroup(ids=["string", "string"])
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationDeleteUserGroup",
                           ids=["string", "string"]
                           )
print(response)

ITAutomationSearchUserGroup

Returns the list of user group ids matching the filter query parameter. It can be used together with the entities endpoint to retrieve full information on user groups

PEP8 method name

search_user_groups

Endpoint

Method	Route
	`/it-automation/queries/it-user-groups/v1`

Required Scope

it_automation

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results
sort	query	string	The sort expression that should be used to sort the results
offset	query	integer	Starting index for record retrieval
limit	query	integer	The maximum records to return
parameters	query	dictionary	Full query string parameters payload in JSON format

Usage

Service class example (PEP8 syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.search_user_groups(filter="string",
                                     sort="string",
                                     offset=integer,
                                     limit=integer
                                     )
print(response)

Service class example (Operation ID syntax)

from falconpy import ITAutomation

# Do not hardcode API credentials!
falcon = ITAutomation(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.ITAutomationSearchUserGroup(filter="string",
                                              sort="string",
                                              offset=integer,
                                              limit=integer
                                              )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ITAutomationSearchUserGroup",
                           filter="string",
                           sort="string",
                           offset=integer,
                           limit=integer
                           )
print(response)

IT Automation - CrowdStrike/falconpy GitHub Wiki

Using the IT Automation service collection

Table of Contents

Passing credentials

ITAutomationGetAssociatedTasks

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

ITAutomationCombinedScheduledTasks

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

ITAutomationRunLiveQuery

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

ITAutomationGetTaskExecutionsByQuery

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

ITAutomationGetTaskGroupsByQuery

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

ITAutomationGetTasksByQuery

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

ITAutomationGetPolicies

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

ITAutomationCreatePolicy

PEP8 method name

Endpoint

Required Scope

Content-Type

Keyword Arguments