Search for members of a Prevention Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria
Sets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
Search for members of a Prevention Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria
Passing credentials
WARNING
client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
queryCombinedPreventionPolicyMembers
Search for members of a Prevention Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
PEP8 method name
query_combined_policy_members
Endpoint
Method
Route
/policy/combined/prevention-members/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL query expression that should be used to limit the results.
limit
query
integer
Maximum number of records to return. Max: 5000.
offset
query
string
Starting index of overall result set from which to return ids.
id
query
string
The ID of the Prevention Policy to search for members of.
sort
query
string
The property to sort by.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_combined_policy_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.queryCombinedPreventionPolicyMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("queryCombinedPreventionPolicyMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
queryCombinedPreventionPolicies
Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria
PEP8 method name
query_combined_policies
Endpoint
Method
Route
/policy/combined/prevention/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL query expression that should be used to limit the results.
limit
query
integer
Maximum number of records to return. Max: 5000.
offset
query
string
Starting index of overall result set from which to return ids.
sort
query
string
The property to sort by.
Available fields:
created_by
modified_timestamp
created_timestamp
name
enabled
platform_name
modified_by
precedence
Example: created_timestamp.desc
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_combined_policies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.queryCombinedPreventionPolicies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("queryCombinedPreventionPolicies",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
performPreventionPoliciesAction
Perform the specified action on the Prevention Policies specified in the request
PEP8 method name
perform_policies_action
Endpoint
Method
Route
/policy/entities/prevention-actions/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
action_name
query
string
The action to perform. Allowed values:
add-host-group
add-rule-group
disable
enable
remove-host-group
remove-rule-group
action_parameters
body
list of dictionaries
List of name / value pairs in JSON format.
body
body
dictionary
Full body payload in JSON format.
rule_group_id
body action_parameters
string
Host Group ID to apply the policy to. String. Overridden if action_parameters is specified.
ids
body
string or list of strings
Prevention Policy ID(s) to perform actions against.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.perform_policies_action(action_name="string",
rule_group_id="HOST_GROUP_ID",
ids="ID_TO_UPDATE"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Can also be provided as the keyword `rule_group_id`act_params= [{
"name": "rule_group_id",
"value": "HOST_GROUP_ID"
}]
response=falcon.performPreventionPoliciesAction(action_name="string",
action_parameters=act_params,
ids="ID_TO_UPDATE"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS= {
"action_name": "string"# Can also pass action_name using a keyword
}
act_params= [{
"name": "rule_group_id",
"value": "HOST_GROUP_ID"
}]
# Only one ID may be updated at a timeBODY= {
"action_parameters": act_params,
"ids": ["ID_TO_UPDATE"]
}
response=falcon.command("performPreventionPoliciesAction", parameters=PARAMS, body=BODY)
print(response)
setPreventionPoliciesPrecedence
Sets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
PEP8 method name
set_policies_precedence
Endpoint
Method
Route
/policy/entities/prevention-precedence/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
ids
body
string or list of strings
Prevention Policy ID(s) to adjust precedence.
platform_name
body
string
OS platform name.
Linux
Mac
Windows
iOS
Android
Usage
Service class example (PEP8 syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.set_policies_precedence(ids=id_list, platform_name="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list="ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.setPreventionPoliciesPrecedence(ids=id_list, platform_name="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list= ['ID1', 'ID2', 'ID3']
BODY= {
"ids": id_list,
"platform_name": "string"
}
response=falcon.command("setPreventionPoliciesPrecedence", body=BODY)
print(response)
getPreventionPolicies
Retrieve a set of Prevention Policies by specifying their IDs
PEP8 method name
get_policies
Endpoint
Method
Route
/policy/entities/prevention/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The ID(s) of the Prevention Policies to return.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.getPreventionPolicies(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("getPreventionPolicies", ids=id_list)
print(response)
createPreventionPolicies
Create Prevention Policies by specifying details about the policy to create
PEP8 method name
create_policies
Endpoint
Method
Route
/policy/entities/prevention/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
clone_id
body
string
Prevention Policy ID to clone.
description
body
string
Prevention Policy description.
name
body
string
Prevention Policy name.
platform_name
body
string
Operating system platform name.
Linux
Mac
Windows
iOS
Android
settings
body
list of dictionaries
List of policy-specific settings to apply to the newly created policy. Multiple settings can be applied by passing a list containing multiple entries.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
policy_settings= [{
"id": "string",
"value": {}
}]
response=falcon.create_policies(clone_id="string",
description="string",
name="string",
platform_name="string",
settings=policy_settings
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
policy_settings= [{
"id": "string",
"value": {}
}]
response=falcon.createPreventionPolicies(clone_id="string",
description="string",
name="string",
platform_name="string",
settings=policy_settings
)
print(response)
Delete a set of Prevention Policies by specifying their IDs
PEP8 method name
delete_policies
Endpoint
Method
Route
/policy/entities/prevention/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
The ID(s) of the Prevention Policies to delete.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.delete_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.deletePreventionPolicies(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("deletePreventionPolicies", ids=id_list)
print(response)
updatePreventionPolicies
Update Prevention Policies by specifying the ID of the policy and details to update
PEP8 method name
update_policies
Endpoint
Method
Route
/policy/entities/prevention/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
description
body
string
Prevention Policy description.
id
body
string
Prevention Policy ID to update.
name
body
string
Prevention Policy name.
settings
body
list of dictionaries
List of policy-specific settings to apply to the newly created policy. Multiple settings can be applied by passing a list containing multiple entries.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
policy_settings= [{
"id": "string",
"value": "string"
}]
response=falcon.update_policies(id="string",
description="string",
name="string",
settings=policy_settings
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
policy_settings= [{
"id": "string",
"value": "string"
}]
response=falcon.updatePreventionPolicies(id="string",
description="string",
name="string",
settings=policy_settings
)
print(response)
Search for members of a Prevention Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
PEP8 method name
query_policy_members
Endpoint
Method
Route
/policy/queries/prevention-members/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL query expression that should be used to limit the results.
limit
query
integer
Maximum number of records to return. Max: 5000.
offset
query
string
Starting index of overall result set from which to return ids.
id
query
string
The ID of the Prevention Policy to search for members of.
sort
query
string
The property to sort by.
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_policy_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.queryPreventionPolicyMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("queryPreventionPolicyMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
queryPreventionPolicies
Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria
PEP8 method name
query_policies
Endpoint
Method
Route
/policy/queries/prevention/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
FQL query expression that should be used to limit the results.
limit
query
integer
Maximum number of records to return. Max: 5000.
offset
query
string
Starting index of overall result set from which to return ids.
sort
query
string
The property to sort by.
Available fields:
created_by
modified_timestamp
created_timestamp
name
enabled
platform_name
modified_by
precedence
Example: created_timestamp.desc
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.query_policies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportPreventionPolicy# Do not hardcode API credentials!falcon=PreventionPolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.queryPreventionPolicies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("queryPreventionPolicies",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
