Quick Scan Pro - CrowdStrike/falconpy GitHub Wiki
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Uploads a file to be further analyzed with QuickScan Pro. The samples expire after 90 days. | ||||
|
Deletes file by its sha256 identifier. | ||||
|
Gets the result of an QuickScan Pro scan. | ||||
|
Starts scanning a file uploaded through UploadFileMixin0Mixin93. | ||||
|
Deletes the result of an QuickScan Pro scan. | ||||
|
Gets QuickScan Pro scan jobs for a given FQL filter. | ||||
Uploads a file to be further analyzed with QuickScan Pro. The samples expire after 90 days.
upload_file
| Method | Route |
|---|---|
 |
/quickscanpro/entities/files/v1 |
- Consumes: multipart/form-data
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| file |  |
 |
formData | file | Binary file to be uploaded. Max file size: 256 MB. |
| scan |  |
|
formData | boolean | If True, after upload, it starts scanning immediately. Default scan mode is False. |
from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
scan_file = "file_to_scan.ext"
with open(scan_file, "rb") as upload_file:
response = falcon.upload_file(file=file_upload.read(), scan=boolean)
print(response)from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
scan_file = "file_to_scan.ext"
with open(scan_file, "rb") as upload_file:
response = falcon.UploadFileMixin0Mixin93(file=upload_file.read(), scan=boolean)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
form_payload = {
"scan": boolean
}
scan_file = "file_to_scan.ext"
with open(scan_file, "rb") as upload_file:
response = falcon.command("UploadFileMixin0Mixin93",
files=[("file", ("UploadedFile", upload_file.read()))],
data=form_payload
)
print(response)Back to Table of Contents
Deletes file by its SHA256 identifier.
delete_file
| Method | Route |
|---|---|
 |
/quickscanpro/entities/files/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | File's SHA256 |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_file(ids=id_list)
print(response)from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteFile(ids=id_list)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteFile", ids=id_list)
print(response)Back to Table of Contents
Gets the result of an QuickScan Pro scan.
get_scan_result
| Method | Route |
|---|---|
 |
/quickscanpro/entities/scans/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Scan job IDs previously created by LaunchScan. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_result(ids=id_list)
print(response)from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetScanResult(ids=id_list)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetScanResult", ids=id_list)
print(response)Back to Table of Contents
Starts scanning a file uploaded through '/quickscanpro/entities/files/v1'.
launch_scan
| Method | Route |
|---|---|
|
/quickscanpro/entities/scans/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| sha256 | |
|
body | string | Full body payload in JSON format. |
from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.launch_scan(sha256="string")
print(response)from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.LaunchScan(sha256="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
"sha256": "string"
]
}
response = falcon.command("LaunchScan", body=body_payload)
print(response)Back to Table of Contents
Deletes the result of an QuickScan Pro scan.
delete_scan_result
| Method | Route |
|---|---|
|
/quickscanpro/entities/scans/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Scan job IDs previously created by LaunchScan |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_scan_result(ids=id_list)
print(response)from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteScanResult(ids=id_list)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteScanResult", ids=id_list)
print(response)Back to Table of Contents
Gets QuickScan Pro scan jobs for a given FQL filter.
query_scan_results
| Method | Route |
|---|---|
|
/quickscanpro/queries/scans/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL query which mentions the SHA256 field |
| offset | |
|
query | integer | The offset to start retrieving ids from. |
| limit | |
|
query | integer | Maximum number of IDs to return. Max: 5000. |
| sort | |
|
query | string | Sort order: asc or desc. Sort supported fields created_timestamp
|
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_scan_results(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import QuickScanPro
falcon = QuickScanPro(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QueryScanResults(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QueryScanResults",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)Back to Table of Contents
