Installation Tokens - CrowdStrike/falconpy GitHub Wiki
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Gets the details of one or more audit events by id. | ||||
|
Check current installation token settings. | ||||
|
Update installation token settings. | ||||
|
Gets the details of one or more tokens by id. | ||||
|
Creates a token. | ||||
|
Deletes a token immediately. To revoke a token, use tokens_update instead. | ||||
|
Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore. | ||||
|
Search for audit events by providing a FQL filter and paging details. | ||||
|
Search for tokens by providing a FQL filter and paging details. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Gets the details of one or more audit events by id.
audit_events_read
| Method | Route |
|---|---|
 |
/installation-tokens/entities/audit-events/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
 |
|
query | string or list of strings | ID(s) of the audit events to retrieve details for. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.audit_events_read(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("audit_events_read", ids=id_list)
print(response)Back to Table of Contents
Check current installation token settings.
customer_settings_read
| Method | Route |
|---|---|
|
/installation-tokens/entities/customer-settings/v1 |
- Consumes: application/json
- Produces: application/json
No keywords or arguments accepted.
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.customer_settings_read()
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("customer_settings_read")
print(response)Back to Table of Contents
Update installation token settings.
customer-settings-update
| Method | Route |
|---|---|
 |
/installation-tokens/entities/customer-settings/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
 |
body | dictionary | Full body payload in JSON format. |
| max_active_tokens |
|
 |
body | integer | Maximum number of active tokens. |
| tokens_required |
|
|
body | boolean | Flag indicating if tokens are required. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.customer_settings_update(max_active_tokens=integer,
tokens_required=boolean
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"max_active_tokens": integer,
"tokens_required": boolean
}
response = falcon.command("customer_settings_update", body=BODY)
print(response)Back to Table of Contents
Gets the details of one or more tokens by id.
tokens_read
| Method | Route |
|---|---|
|
/installation-tokens/entities/tokens/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | ID(s) of the tokens to retrieve details for. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_read(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("tokens_read", ids=id_list)
print(response)Back to Table of Contents
Creates a token.
tokens_create
| Method | Route |
|---|---|
 |
/installation-tokens/entities/tokens/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| expires_timestamp |
|
|
body | string | Expiration timestamp. UTC format. |
| label |
|
|
body | string | Installation token label. |
| revoked |
|
|
body | boolean | Flag indicating if the token is revoked. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.tokens_create(expires_timestamp="string",
label="string",
revoked=boolean
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"expires_timestamp": "2021-09-22T02:28:11.762Z",
"label": "string",
"revoked": boolean
}
response = falcon.command("tokens_create", body=BODY)
print(response)Back to Table of Contents
Deletes a token immediately. To revoke a token, use tokens_update instead.
tokens_delete
| Method | Route |
|---|---|
 |
/installation-tokens/entities/tokens/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | ID(s) of the tokens to delete. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_delete(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("tokens_delete", ids=id_list)
print(response)Back to Table of Contents
Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.
tokens_update
| Method | Route |
|---|---|
|
/installation-tokens/entities/tokens/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| expires_timestamp |
|
|
body | string | Expiration timestamp. UTC format. |
| label |
|
|
body | string | Installation token label. |
| ids |
|
|
query | string or list of strings | ID(s) of the tokens to update. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| revoked |
|
|
body | boolean | Flag indicating if the token is revoked. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_update(expires_timestamp="string",
label="string",
ids=id_list,
revoked=boolean
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"expires_timestamp": "2021-09-22T02:28:11.762Z",
"label": "string",
"revoked": boolean
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("tokens_update", body=BODY, ids=id_list)
print(response)Back to Table of Contents
Search for audit events by providing a FQL filter and paging details.
audit_events_query
| Method | Route |
|---|---|
|
/installation-tokens/queries/audit-events/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | FQL Syntax formatted string used to limit the results. |
| limit |
|
|
query | integer | Maximum number of records to return. (Max: 1000, Default: 10) |
| offset |
|
|
query | integer | Starting index of overall result set from which to return ids. |
| sort |
|
|
query | string | The property to sort by. (Ex: timestamp.desc) |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.audit_events_query(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("audit_events_query",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)Back to Table of Contents
Search for tokens by providing a FQL filter and paging details.
tokens_query
| Method | Route |
|---|---|
|
/installation-tokens/queries/tokens/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | FQL Syntax formatted string used to limit the results. |
| limit |
|
|
query | integer | Maximum number of records to return. (Max: 1000, Default: 10) |
| offset |
|
|
query | integer | Starting index of overall result set from which to return ids. |
| sort |
|
|
query | string | The property to sort by. (Ex: created_timestamp.desc) |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.tokens_query(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("tokens_query",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)Back to Table of Contents
