Sample Uploads - CrowdStrike/falconpy GitHub Wiki
This service collection has code examples posted to the repository.
Operation ID | Description | ||||
---|---|---|---|---|---|
|
Retrieves the archives files in chunks. | ||||
|
Retrieves the archives upload operation statuses. Status done means that archive was processed successfully. Status error means that archive was not processed successfully. |
||||
|
Uploads an archive and extracts files list from it. Operation is asynchronous use ArchiveGet to check the status. After uploading, use ExtractionCreateV1 to copy the file to internal storage making it available for content analysis. |
||||
|
Delete an archive that was uploaded previously | ||||
|
Uploads an archive and extracts files list from it. Operation is asynchronous use ArchiveGet to check the status. After uploading, use ExtractionCreateV1 to copy the file to internal storage making it available for content analysis. |
||||
|
Retrieves the files extractions in chunks. Status done means that all files were processed successfully. Status error means that at least one of the file could not be processed. |
||||
|
Retrieves the files extraction operation statuses. Status done means that all files were processed successfully. Status error means that at least one of the file could not be processed. |
||||
|
Extracts files from an uploaded archive and copies them to internal storage making it available for content analysis. | ||||
|
Retrieves the file associated with the given ID (SHA256). | ||||
|
Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. | ||||
|
Removes a sample, including file, meta and submissions from the collection. |
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Retrieves the archives files in chunks.
list_archive
Method | Route |
---|---|
/archives/entities/archive-files/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | The archive SHA256. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
limit |
|
|
query | integer | Maximum number of files to retrieve. (Default: 100) |
offset |
|
|
query | string | Offset from where to retrieve files. |
from falconpy.sample_uploads import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_archive(id="string",
limit=integer,
offset="string"
)
print(response)
from falconpy import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ArchiveListV1(id="string",
limit=integer,
offset="string"
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ArchiveListV1",
id="string",
limit=integer,
offset="string"
)
print(response)
Back to Table of Contents
Retrieves the archives upload operation statuses. Status done
means that archive was processed successfully. Status error
means that archive was not processed successfully.
get_archive
Method | Route |
---|---|
/archives/entities/archives/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | The archive SHA256. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
include_files |
|
|
query | boolean | If true includes processed archive files in response. |
from falconpy.sample_uploads import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_archive(id="string", include_files=boolean)
print(response)
from falconpy import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ArchiveGetV1(id="string", include_files=boolean)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ArchiveGetV1", id="string", include_files="string")
print(response)
Back to Table of Contents
Uploads an archive and extracts files list from it. Operation is asynchronous use ArchiveGetV1
to check the status. After uploading, use ExtractionCreateV1
to copy the file to internal storage making it available for content analysis.
This method is deprecated in favor of ArchiveUploadV2
.
archive_upload_v1
Method | Route |
---|---|
/archives/entities/archives/v1 |
- Consumes: application/octet-stream
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Content of the uploaded archive in binary format. The keywords file_data , sample , and upfile will also be accepted for this argument. Max file size: 100 MB. Accepted file formats:
|
comment |
|
|
query | string | A descriptive comment to identify the file for other users. |
is_confidential |
|
|
query | boolean | Defines visbility of this file, either via the API or the Falcon console.
true . |
name |
|
|
query | string | Name of the archive. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
password |
|
|
query | string | Archive password. |
from falconpy.sample_uploads import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
FILENAME = 'test_file.ext'
PAYLOAD = open(FILENAME, 'rb').read()
response = falcon.ArchiveUploadV1(name="string",
password="string",
is_confidential=boolean,
comment="string",
file_data=PAYLOAD
)
print(response)
from falconpy import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
FILENAME = 'test_file.ext'
PAYLOAD = open(FILENAME, 'rb').read()
response = falcon.ArchiveUploadV1(name="string",
password="string",
is_confidential=boolean,
comment="string",
file_data=PAYLOAD
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
FILENAME = 'test_file.ext'
PAYLOAD = open(FILENAME, 'rb').read()
response = falcon.command("ArchiveUploadV1",
name="string",
password="string",
is_confidential=boolean,
comment="string",
file_data=PAYLOAD
)
print(response)
Back to Table of Contents
Delete an archive that was uploaded previously
delete_archive
Method | Route |
---|---|
/archives/entities/archives/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | The archive SHA256. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy.sample_uploads import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_archive(id="string")
print(response)
from falconpy import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ArchiveDeleteV1(id="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ArchiveDeleteV1", id="string")
print(response)
Back to Table of Contents
Uploads an archive and extracts files list from it. Operation is asynchronous use ArchiveGet
to check the status. After uploading, use ExtractionCreateV1
to copy the file to internal storage making it available for content analysis.
upload_archive
Method | Route |
---|---|
/archives/entities/archives/v2 |
- Consumes: multipart/form-data
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
file_data |
|
|
formData | dictionary | Content of the uploaded archive in binary format. The keywords archive and file will also be accepted for this argument. Max file size: 100 MB. Accepted file formats:
|
comment |
|
|
formData | string | A descriptive comment to identify the file for other users. |
is_confidential |
|
|
formData | boolean | Defines visbility of this file, either via the API or the Falcon console.
true . |
file_type |
|
|
query | string | Archive format, either zip or 7zip . Defaults to zip . |
name |
|
|
formData | string | Name of the archive. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
password |
|
|
formData | string | Archive password. |
from falconpy.sample_uploads import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
FILENAME = "archive.ext"
with open(FILENAME, "rb") as archive_payload:
PAYLOAD = archive_payload.read()
response = falcon.upload_archive(file_data=PAYLOAD,
comment="string",
is_confidential=boolean,
file_type="string",
name="string",
password="string"
)
print(response)
from falconpy import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
FILENAME = "archive.ext"
with open(FILENAME, "rb") as archive_payload:
PAYLOAD = archive_payload.read()
response = falcon.ArchiveUploadV2(file_data=PAYLOAD,
comment="string",
is_confidential=boolean,
file_type="string",
name="string",
password="string"
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
FILENAME = "archive.ext"
with open(FILENAME, "rb") as archive_payload:
PAYLOAD = archive_payload.read()
response = falcon.command("ArchiveUploadV2",
file_data=PAYLOAD,
comment="string",
is_confidential=boolean,
file_type="string",
name="string",
password="string"
)
print(response)
Back to Table of Contents
Retrieves the files extractions in chunks. Status done
means that all files were processed successfully. Status error
means that at least one of the file could not be processed.
list_extraction
Method | Route |
---|---|
/archives/entities/extraction-files/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | The extraction operation ID. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
limit |
|
|
query | integer | Maximum number of files to retrieve. (Default: 100) |
offset |
|
|
query | string | Offset from where to retrieve files. |
from falconpy.sample_uploads import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_extraction(id="string",
limit=integer,
offset="string"
)
print(response)
from falconpy import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExtractionListV1(id="string",
limit=integer,
offset="string"
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ExtractionListV1",
id="string",
limit=integer,
offset="string"
)
print(response)
Back to Table of Contents
Retrieves the files extraction operation statuses. Status done
means that all files were processed successfully. Status error
means that at least one of the file could not be processed.
get_extraction
Method | Route |
---|---|
/archives/entities/extractions/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | The extraction operation ID. |
include_files |
|
|
query | boolean | If true , includes processed archive files in response. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy.sample_uploads import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_extraction(id="string", include_files=boolean)
print(response)
from falconpy import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExtractionGetV1(id="string", include_files=boolean)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ExtractionGetV1", id="string", include_files=boolean)
print(response)
Back to Table of Contents
Extracts files from an uploaded archive and copies them to internal storage making it available for content analysis.
create_extraction
Method | Route |
---|---|
/archives/entities/extractions/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
extract_all |
|
|
body | boolean | Flag indicating if all files should be extracted. |
files |
|
|
body | list of dictionaries | List of files to be extracted from the archive. Each dictionary will contain three keys, comment (string), is_confidential (boolean), and name (string). |
sha256 |
|
|
body | string | SHA256 of the archive. |
from falconpy.sample_uploads import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
file_list = [{
"comment": "string",
"is_confidential": boolean,
"name": "string"
}]
response = falcon.create_extraction(extract_all=boolean,
files=file_list,
sha256="string"
)
print(response)
from falconpy import SampleUploads
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
file_list = [{
"comment": "string",
"is_confidential": boolean,
"name": "string"
}]
response = falcon.ExtractionCreateV1(extract_all=boolean,
files=file_list,
sha256="string"
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
file_list = [{
"comment": "string",
"is_confidential": boolean,
"name": "string"
}]
BODY = {
"extract_all": boolean,
"files": file_list,
"sha256": "string"
}
response = falcon.command("ExtractionCreateV1", body=BODY)
print(response)
Back to Table of Contents
Retrieves the file associated with the given ID (SHA256)
get_sample
Method | Route |
---|---|
/samples/entities/samples/v3 |
- Produces: application/octet-stream
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string | The file SHA256. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
password_protected |
|
|
query | boolean | Flag whether the sample should be zipped and password protected with the password infected . |
from falconpy import SampleUploads
# Do not hardcode API credentials!
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"
save_file = "some_file.ext"
response = falcon.get_sample(password_protected=boolean, ids=file_sha)
open(save_file, 'wb').write(response)
from falconpy import SampleUploads
# Do not hardcode API credentials!
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"
save_file = "some_file.ext"
response = falcon.GetSampleV3(password_protected=boolean, ids=file_sha)
open(save_file, 'wb').write(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"
save_file = "some_file.ext"
response = falcon.command("GetSampleV3", password_protected=boolean, ids=file_sha)
open(save_file, 'wb').write(response)
Back to Table of Contents
Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint.
upload_sample
Method | Route |
---|---|
/samples/entities/samples/v3 |
- Consumes: multipart/form-data
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
comment |
|
|
formData | string | A descriptive comment to identify the file for other users. |
data |
|
|
formData | file | Content of the uploaded sample in binary format. Max file size: 256 MB. Accepted file formats:
|
is_confidential |
|
|
formData | boolean | Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console.
true . |
file_data or sample or upfile |
|
|
formData | file | Content of the uploaded sample in binary format. Max file size: 256 MB. Accepted file formats:
|
file_name |
|
|
formData | string | Name to use for the file. Uses current file name if not specified. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SampleUploads
# Do not hardcode API credentials!
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
FILENAME = 'test_file.ext'
PAYLOAD = open(FILENAME, 'rb').read()
response = falcon.upload_sample(sample=PAYLOAD,
file_name="string",
comment='string',
is_confidential=boolean
)
print(response)
from falconpy import SampleUploads
# Do not hardcode API credentials!
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
FILENAME = 'test_file.ext'
PAYLOAD = open(FILENAME, 'rb').read()
response = falcon.UploadSampleV3(file_data=PAYLOAD,
file_name="string",
comment='string',
is_confidential=boolean
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
FILENAME = 'test_file.ext'
PAYLOAD = open(FILENAME, 'rb').read()
response = falcon.command("UploadSampleV3",
data=PAYLOAD,
file_name="string",
comment="string",
is_confidential=boolean,
content_type="application/octet-stream"
)
print(response)
Back to Table of Contents
Removes a sample, including file, meta and submissions from the collection
delete_sample
Method | Route |
---|---|
/samples/entities/samples/v3 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string | The file SHA256 of the file to delete. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SampleUploads
# Do not hardcode API credentials!
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"
response = falcon.delete_sample(ids=file_sha)
print(response)
from falconpy import SampleUploads
# Do not hardcode API credentials!
falcon = SampleUploads(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"
response = falcon.DeleteSampleV3(ids=file_sha)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"
response = falcon.command("DeleteSampleV3", ids=file_sha)
print(response)
Back to Table of Contents