ML Exclusions - CrowdStrike/falconpy GitHub Wiki
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Get a set of ML Exclusions by specifying their IDs. | ||||
|
Create the ML exclusions. | ||||
|
Delete the ML exclusions by ID. | ||||
|
Update the ML exclusions. | ||||
|
Search for ML exclusions. | ||||
|
Get exclusion aggregates as specified via json in request body. | ||||
|
Get all exclusions. | ||||
|
Actions used to manipulate the content of exclusions, with ancestor fields. | ||||
|
Create a report of ML exclusions scoped by the given filters. | ||||
|
Get the exclusions by id, with ancestor fields. | ||||
|
Create the exclusions, with ancestor fields. | ||||
|
Update the exclusions by id, with ancestor fields. | ||||
|
Delete the exclusions by id, with ancestor fields. | ||||
|
Search for exclusions, with ancestor fields. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Get a set of ML Exclusions by specifying their IDs
get_exclusions
| Method | Route |
|---|---|
 |
/policy/entities/ml-exclusions/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
 |
|
query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_exclusions(ids=id_list)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getMLExclusionsV1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getMLExclusionsV1", ids=id_list)
print(response)Back to Table of Contents
Create the ML exclusions
create_exclusions
| Method | Route |
|---|---|
 |
/policy/entities/ml-exclusions/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
 |
body | dictionary | Full body payload in JSON format. |
| comment |
|
 |
body | string | String comment describing why the exclusions was created. |
| excluded_from |
|
|
body | list of strings | Group ID(s) explicitly excluded from the exclusion. |
| groups |
|
|
body | list of strings | Group ID(s) impacted by the exclusion. Defaults to ["all"] when not specified while using a Service Class. This default must be provided by the developer when using the Uber Class. |
| value |
|
|
body | string | Value to match for the exclusion. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.create_exclusions(comment="string",
groups=group_list,
excluded_from=exclude_list,
value="string"
)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.createMLExclusionsV1(comment="string",
groups=group_list,
excluded_from=exclude_list,
value="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3'] # If not specifying a group ID, you must submit ["all"].
exclude_list = ['EX1', 'EX2', 'EX3']
BODY = {
"comment": "string",
"excluded_from": exclude_list,
"groups": group_list,
"value": "string"
}
response = falcon.command("createMLExclusionsV1", body=BODY)
print(response)Back to Table of Contents
Delete the ML exclusions by id
delete_exclusions
| Method | Route |
|---|---|
 |
/policy/entities/ml-exclusions/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comment |
|
|
query | string | Explains why this exclusion was deleted. |
| ids |
|
|
query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_exclusions(comment="string", ids=id_list)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteMLExclusionsV1(comment="string", ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteMLExclusionsV1", comment="string", ids=id_list)
print(response)Back to Table of Contents
Update the ML exclusions
update_exclusions
| Method | Route |
|---|---|
 |
/policy/entities/ml-exclusions/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| comment |
|
|
body | string | String comment describing why the exclusions was created. |
| groups |
|
|
body | list of strings | Group ID(s) impacted by the exclusion. |
| id |
|
|
body | string | The ID of the exclusion to update. |
| value |
|
|
body | string | Value to match for the exclusion. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.update_exclusions(comment="string",
groups=group_list,
value="string",
id="string"
)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.updateMLExclusionsV1(comment="string",
groups=group_list,
value="string",
id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
BODY = {
"comment": "string",
"groups": group_list,
"id": "string",
"value": "string"
}
response = falcon.command("updateMLExclusionsV1", body=BODY)
print(response)Back to Table of Contents
Search for ML exclusions.
query_exclusions
| Method | Route |
|---|---|
|
/policy/queries/ml-exclusions/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | The filter expression that should be used to limit the results. FQL syntax. Available filters:
|
| limit |
|
|
query | integer | The maximum number of records to return. [1-500] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | The property to sort by. FQL syntax. (e.g. last_behavior|asc) Available sort fields:
|
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_exclusions(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryMLExclusionsV1(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryMLExclusionsV1",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)Back to Table of Contents
Get exclusion aggregates as specified via json in request body.
get_exclusion_aggregates
| Method | Route |
|---|---|
|
/exclusions/aggregates/exclusions/GET/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | list of dictionaries | Full body payload as a JSON formatted list. |
| date_ranges |
|
|
body | list of dictionaries | List of date ranges for the aggregate. |
| exclude |
|
|
body | string | Exclusion string for the aggregate query. |
| extended_bounds |
|
|
body | dictionary | Extended bounds for the aggregate. |
| field |
|
|
body | string | The field to aggregate on. |
| filter |
|
|
body | string | FQL filter to limit aggregation results. |
| filters_spec |
|
|
body | dictionary | Specification for additional filters. |
| from |
|
|
body | integer | Starting position for pagination. |
| include |
|
|
body | string | Inclusion string for the aggregate query. |
| interval |
|
|
body | string | Time interval for date histogram aggregates. |
| max_doc_count |
|
|
body | integer | Maximum number of documents per bucket. |
| min_doc_count |
|
|
body | integer | Minimum number of documents per bucket. |
| missing |
|
|
body | string | Value for documents missing the field. |
| name |
|
|
body | string | The name of the aggregate query. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| percents |
|
|
body | list of numbers | List of percentiles to calculate. |
| q |
|
|
body | string | Full text query string. |
| ranges |
|
|
body | list of dictionaries | List of range specifications. |
| size |
|
|
body | integer | Maximum number of results to return per aggregate. |
| sort |
|
|
body | string | The field to sort results on. |
| sub_aggregates |
|
|
body | list of dictionaries | Nested sub-aggregation definitions. |
| time_zone |
|
|
body | string | The time zone for date operations. |
| type |
|
|
body | string | The type of aggregate query to perform. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_range_list = [{"from": "string", "to": "string"}]
range_list = [{"From": 1, "To": 2}]
response = falcon.get_exclusion_aggregates(date_ranges=date_range_list,
exclude="string",
field="string",
filter="string",
include="string",
interval="string",
max_doc_count=integer,
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=range_list,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_range_list = [{"from": "string", "to": "string"}]
range_list = [{"From": 1, "To": 2}]
response = falcon.exclusions_aggregates_v2(date_ranges=date_range_list,
exclude="string",
field="string",
filter="string",
include="string",
interval="string",
max_doc_count=integer,
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=range_list,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_range_list = [{"from": "string", "to": "string"}]
range_list = [{"From": 1, "To": 2}]
BODY = [
{
"date_ranges": date_range_list,
"exclude": "string",
"field": "string",
"filter": "string",
"include": "string",
"interval": "string",
"max_doc_count": integer,
"min_doc_count": integer,
"missing": "string",
"name": "string",
"q": "string",
"ranges": range_list,
"size": integer,
"sort": "string",
"time_zone": "string",
"type": "string"
}
]
response = falcon.command("exclusions_aggregates_v2", body=BODY)
print(response)Back to Table of Contents
Get all exclusions.
get_all_exclusions
| Method | Route |
|---|---|
|
/exclusions/entities/all-exclusions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_all_exclusions()
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.exclusions_get_all_v2()
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("exclusions_get_all_v2")
print(response)Back to Table of Contents
Actions used to manipulate the content of exclusions, with ancestor fields.
perform_exclusion_action
| Method | Route |
|---|---|
|
/exclusions/entities/exclusion-actions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| action_name |
|
|
query | string | The action to perform. Available values: add_item, remove_item, validate_filepath. |
| action_parameters |
|
|
body | list of dictionaries | List of action parameter name/value pairs. |
| available |
|
|
body | boolean | Flag indicating if the action is available. |
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| description |
|
|
body | string | Description of the action to perform. |
| group |
|
|
body | string | The group associated with this action. |
| label |
|
|
body | string | The label associated with this action. |
| name |
|
|
body | string | The name associated with this action. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
action_param_list = [{"name": "string", "value": "string"}]
response = falcon.perform_exclusion_action(action_name="string",
action_parameters=action_param_list,
available=boolean,
description="string",
group="string",
label="string",
name="string"
)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
action_param_list = [{"name": "string", "value": "string"}]
response = falcon.exclusions_perform_action_v2(action_name="string",
action_parameters=action_param_list,
available=boolean,
description="string",
group="string",
label="string",
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"action_parameters": [
{
"name": "string",
"value": "string"
}
],
"available": boolean,
"description": "string",
"group": "string",
"label": "string",
"name": "string"
}
response = falcon.command("exclusions_perform_action_v2",
action_name="string",
body=BODY
)
print(response)Back to Table of Contents
Create a report of ML exclusions scoped by the given filters.
get_exclusion_reports
| Method | Route |
|---|---|
|
/exclusions/entities/exclusions/reports/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| filter |
|
|
body | string | FQL filter to limit the report results. |
| report_format |
|
|
body | string | The format for the report output. |
| search |
|
|
body | dictionary | Search criteria for the report. |
| sort |
|
|
body | string | The field to sort report results on. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_exclusion_reports(report_format="string",
filter="string",
sort="string"
)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.exclusions_get_reports_v2(report_format="string",
filter="string",
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"report_format": "string",
"search": {
"filter": "string",
"sort": "string"
}
}
response = falcon.command("exclusions_get_reports_v2", body=BODY)
print(response)Back to Table of Contents
Get the exclusions by id, with ancestor fields.
get_exclusions_v2
| Method | Route |
|---|---|
|
/exclusions/entities/exclusions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_exclusions_v2(ids=id_list)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.exclusions_get_v2(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("exclusions_get_v2", ids=id_list)
print(response)Back to Table of Contents
Create the exclusions, with ancestor fields.
create_exclusions_v2
| Method | Route |
|---|---|
|
/exclusions/entities/exclusions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| comment |
|
|
body | string | Descriptive comment for the exclusion. |
| excluded_from |
|
|
body | string or list of strings | Sources to exclude from. |
| exclusions |
|
|
body | list of dictionaries | List of exclusion definition dictionaries. |
| grandparent_value |
|
|
body | string | The grandparent value for the exclusion. |
| groups |
|
|
body | string or list of strings | Group IDs to apply this exclusion to. |
| parent_value |
|
|
body | string | The parent value for the exclusion. |
| value |
|
|
body | string | The value to exclude. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.create_exclusions_v2(comment="string",
excluded_from=exclude_list,
grandparent_value="string",
groups=group_list,
parent_value="string",
value="string"
)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.exclusions_create_v2(comment="string",
excluded_from=exclude_list,
grandparent_value="string",
groups=group_list,
parent_value="string",
value="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
BODY = {
"exclusions": [
{
"comment": "string",
"excluded_from": exclude_list,
"grandparent_value": "string",
"groups": group_list,
"parent_value": "string",
"value": "string"
}
]
}
response = falcon.command("exclusions_create_v2", body=BODY)
print(response)Back to Table of Contents
Update the exclusions by id, with ancestor fields.
update_exclusions_v2
| Method | Route |
|---|---|
|
/exclusions/entities/exclusions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| comment |
|
|
body | string | Descriptive comment for the exclusion update. |
| excluded_from |
|
|
body | string or list of strings | Sources to exclude from. |
| grandparent_value |
|
|
body | string | The grandparent value for the exclusion. |
| groups |
|
|
body | string or list of strings | Group IDs to apply this exclusion to. |
| id |
|
|
body | string | The ID of the exclusion to update. |
| parent_value |
|
|
body | string | The parent value for the exclusion. |
| value |
|
|
body | string | The value to exclude. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.update_exclusions_v2(comment="string",
excluded_from=exclude_list,
grandparent_value="string",
groups=group_list,
id="string",
parent_value="string",
value="string"
)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.exclusions_update_v2(comment="string",
excluded_from=exclude_list,
grandparent_value="string",
groups=group_list,
id="string",
parent_value="string",
value="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
BODY = {
"comment": "string",
"excluded_from": exclude_list,
"grandparent_value": "string",
"groups": group_list,
"id": "string",
"parent_value": "string",
"value": "string"
}
response = falcon.command("exclusions_update_v2", body=BODY)
print(response)Back to Table of Contents
Delete the exclusions by id, with ancestor fields.
delete_exclusions_v2
| Method | Route |
|---|---|
|
/exclusions/entities/exclusions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comment |
|
|
query | string | The comment why these exclusions were deleted. |
| ids |
|
|
query | string or list of strings | The IDs of the exclusions to delete. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_exclusions_v2(comment="string", ids=id_list)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.exclusions_delete_v2(comment="string", ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("exclusions_delete_v2", comment="string", ids=id_list)
print(response)Back to Table of Contents
Search for exclusions, with ancestor fields.
search_exclusions
| Method | Route |
|---|---|
|
/exclusions/queries/exclusions/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | The filter expression that should be used to limit the results. FQL syntax. |
| limit |
|
|
query | integer | The maximum records to return. [1-500] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | The sort expression that should be used to sort the results. Available sort fields:
|
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_exclusions(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.exclusions_search_v2(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("exclusions_search_v2",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)Back to Table of Contents
