Sensor Download - CrowdStrike/falconpy GitHub Wiki
This service collection has code examples posted to the repository.
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Get sensor installer details by provided query
get_combined_sensor_installers_by_query
| Method | Route |
|---|---|
 |
/sensors/combined/installers/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit |
 |
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| filter |
|
|
query | string | Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include:
|
| offset |
|
|
query | integer | The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | Sort items using their properties. Common sort options include:
|
from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_sensor_installers_by_query(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCombinedSensorInstallersByQuery(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCombinedSensorInstallersByQuery",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)Get sensor installer details by provided query
get_combined_sensor_installers_by_query_v2
| Method | Route |
|---|---|
|
/sensors/combined/installers/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit |
|
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| filter |
|
|
query | string | Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include:
|
| offset |
|
|
query | integer | The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | Sort items using their properties. Common sort options include:
|
from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_sensor_installers_by_query_v2(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCombinedSensorInstallersByQueryV2(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCombinedSensorInstallersByQueryV2",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)Download sensor installer by SHA256 ID
download_sensor_installer
| Method | Route |
|---|---|
|
/sensors/entities/download-installer/v1 |
- Consumes: application/json
- Produces: application/octet-stream
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| download_path |
|
 |
query | string | File path to use for the saved file. Must be present to trigger a file download. |
| id |
|
|
query | string | SHA256 of the installer to download |
| file_name |
|
|
query | string | File name to use for the saved file. Must be present to trigger a file download. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Also ask the service class to go ahead and download the file for us
response = falcon.download_sensor_installer(id="string",
download_path="/tmp/",
file_name="cs_installer.bin"
)
print(response)from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Also ask the service class to go ahead and download the file for us
response = falcon.DownloadSensorInstallerById(id="string",
download_path="C:\Temp",
file_name="cs_installer.exe"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
filename = "cs_installer.exe"
response = falcon.command("DownloadSensorInstallerById", id="string")
if not isinstance(response, dict):
# If our response is a dictionary, there is an error
with open(filename, "wb") as download_file:
download_file.write(response)Download sensor installer by SHA256 ID
download_sensor_installer_v2
| Method | Route |
|---|---|
|
/sensors/entities/download-installer/v2 |
- Consumes: application/json
- Produces: application/octet-stream
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| download_path |
|
|
query | string | File path to use for the saved file. Must be present to trigger a file download. |
| id |
|
|
query | string | SHA256 of the installer to download |
| file_name |
|
|
query | string | File name to use for the saved file. Must be present to trigger a file download. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Also ask the service class to go ahead and download the file for us
response = falcon.download_sensor_installer_v2(id="string",
download_path="/tmp/",
file_name="cs_installer.bin"
)
print(response)from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Also ask the service class to go ahead and download the file for us
response = falcon.DownloadSensorInstallerByIdV2(id="string",
download_path="C:\Temp",
file_name="cs_installer.exe"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
filename = "cs_installer.exe"
response = falcon.command("DownloadSensorInstallerByIdV2", id="string")
if not isinstance(response, dict):
# If our response is a dictionary, there is an error
with open(filename, "wb") as download_file:
download_file.write(response)Get sensor installer details by provided SHA256 IDs
get_sensor_installer_entities
| Method | Route |
|---|---|
|
/sensors/entities/installers/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | The IDs of the installers to retrieve details for. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_sensor_installer_entities(ids=id_list)
print(response)from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetSensorInstallersEntities(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetSensorInstallersEntities", ids=id_list)
print(response)Get sensor installer details by provided SHA256 IDs
get_sensor_installer_entities_v2
| Method | Route |
|---|---|
|
/sensors/entities/installers/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | The IDs of the installers to retrieve details for. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_sensor_installer_entities_v2(ids=id_list)
print(response)from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetSensorInstallersEntitiesV2(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetSensorInstallersEntitiesV2", ids=id_list)
print(response)Get CCID to use with sensor installers
get_sensor_installer_ccid
| Method | Route |
|---|---|
|
/sensors/queries/installers/ccid/v1 |
- Consumes: application/json
- Produces: application/json
No keywords or arguments accepted.
from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_sensor_installer_ccid()
print(response)from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSensorInstallersCCIDByQuery()
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSensorInstallersCCIDByQuery")
print(response)Get sensor installer IDs by provided query
get_sensor_installers_by_query
| Method | Route |
|---|---|
|
/sensors/queries/installers/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include:
|
| limit |
|
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| offset |
|
|
query | integer | The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | Sort items using their properties. Common sort options include:
|
from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_sensor_installers_by_query(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSensorInstallersByQuery(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSensorInstallersByQuery",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)Get sensor installer IDs by provided query
get_sensor_installers_by_query_v2
| Method | Route |
|---|---|
|
/sensors/queries/installers/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include:
|
| limit |
|
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| offset |
|
|
query | integer | The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | Sort items using their properties. Common sort options include:
|
from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_sensor_installers_by_query_v2(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import SensorDownload
# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSensorInstallersByQueryV2(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSensorInstallersByQueryV2",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)