Sensor Update Policy - CrowdStrike/falconpy GitHub Wiki
This service collection has code examples posted to the repository.
Operation ID | Description | ||||
---|---|---|---|---|---|
|
Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id' | ||||
|
Retrieve available builds for use with Sensor Update Policies | ||||
|
Retrieve kernel compatibility info for Sensor Update Builds | ||||
|
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria | ||||
|
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria | ||||
|
Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria | ||||
|
Perform the specified action on the Sensor Update Policies specified in the request | ||||
|
Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence | ||||
|
Retrieve a set of Sensor Update Policies by specifying their IDs | ||||
|
Create Sensor Update Policies by specifying details about the policy to create | ||||
|
Delete a set of Sensor Update Policies by specifying their IDs | ||||
|
Update Sensor Update Policies by specifying the ID of the policy and details to update | ||||
|
Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs | ||||
|
Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection | ||||
|
Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection | ||||
|
Retrieve kernel compatibility info for Sensor Update Builds | ||||
|
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria | ||||
|
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria |
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Reveals an uninstall token for a specific device or the bulk maintenace token.
To retrieve the bulk maintenance token pass the value MAINTENANCE as the value for device_id
.
reveal_uninstall_token
Method | Route |
---|---|
/policy/combined/reveal-uninstall-token/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
audit_message |
|
|
body | string | Message to list in the audit log for this action. |
body |
|
|
body | dictionary | Full body payload in JSON format. |
device_id |
|
|
body | string | Device ID to retrieve the uninstall token for. Pass the value MAINTENANCE here to retrieve the bulk maintenance token. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.reveal_uninstall_token(audit_message="string",
device_id="string"
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.revealUninstallToken(audit_message="string",
device_id="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"audit_message": "string",
"device_id": "string"
}
response = falcon.command("revealUninstallToken", body=BODY)
print(response)
Retrieve available builds for use with Sensor Update Policies
query_combined_builds
Method | Route |
---|---|
/policy/combined/sensor-update-builds/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
platform |
|
|
query | string | The platform to return builds for. Allowed values:
|
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
stage |
|
|
query | string or list of strings | The stages to return builds for. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
stages = 'STAGE1,STAGE2,STAGE3' # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']
response = falcon.query_combined_builds(platform="string", stage=stages)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
stages = 'STAGE1,STAGE2,STAGE3' # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']
response = falcon.queryCombinedSensorUpdateBuilds(platform="string", stage=stages)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
stages = 'STAGE1,STAGE2,STAGE3' # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']
response = falcon.command("queryCombinedSensorUpdateBuilds", platform="string", stage=stages)
print(response)
Retrieve kernel compatibility info for Sensor Update Builds
query_combined_kernels
Method | Route |
---|---|
/policy/combined/sensor-update-kernels/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. |
limit |
|
|
query | integer | The maximum number of records to return. [1-500] |
offset |
|
|
query | integer | The offset to start retrieving records from. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_kernels(filter="string",
offset=integer,
limit=integer,
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdateKernels(filter="string",
offset=integer,
limit=integer,
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdateKernels",
filter="string",
offset=integer,
limit=integer,
)
print(response)
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
query_combined_policy_members
Method | Route |
---|---|
/policy/combined/sensor-update-members/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | The ID of the Sensor Update Policy to search for members of. |
filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. |
limit |
|
|
query | integer | The maximum number of records to return. [1-5000] |
offset |
|
|
query | integer | The offset to start retrieving records from. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
sort |
|
|
query | string | The property to sort by in FQL syntax. Supports asc or desc .Available sort options:
|
The following fields can be used to filter results retrieved from the API.
Name | Description |
---|---|
created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
|
description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy'
|
enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true'
|
groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe'
|
modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an & .filter=name:'test'
|
name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy'
|
platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows'
|
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_policy_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdatePolicyMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdatePolicyMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
query_combined_policies
Method | Route |
---|---|
/policy/combined/sensor-update/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. |
limit |
|
|
query | integer | The maximum number of records to return. [1-5000] |
offset |
|
|
query | integer | The offset to start retrieving records from. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
sort |
|
|
query | string | The property to sort by in FQL syntax. Supports asc or desc .Available sort options:
|
The following fields can be used to filter results retrieved from the API.
Name | Description |
---|---|
created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
|
description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy'
|
enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true'
|
groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe'
|
modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an & .filter=name:'test'
|
name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy'
|
platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows'
|
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_policies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdatePolicies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdatePolicies",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
query_combined_policies_v2
Method | Route |
---|---|
/policy/combined/sensor-update/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. |
limit |
|
|
query | integer | The maximum number of records to return. [1-5000] |
offset |
|
|
query | integer | The offset to start retrieving records from. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
sort |
|
|
query | string | The property to sort by in FQL syntax. Supports asc or desc .Available sort options:
|
The following fields can be used to filter results retrieved from the API.
Name | Description |
---|---|
created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
|
description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy'
|
enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true'
|
groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe'
|
modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an & .filter=name:'test'
|
name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy'
|
platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows'
|
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_policies_v2(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdatePoliciesV2(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdatePoliciesV2",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Perform the specified action on the Sensor Update Policies specified in the request
perform_policies_action
Method | Route |
---|---|
/policy/entities/sensor-update-actions/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
action_name |
|
|
query | string | Specify one of these actions:
|
action_parameters |
|
|
body | list of dictionaries | Action specific parameter options. { "name": "string", "value": "string" } |
body |
|
|
body | dictionary | Full body payload in JSON format. |
group_id |
|
|
body action_parameters |
string | Host Group ID to apply the policy to. String. Overridden if action_parameters is specified. |
ids |
|
|
body | string or list of strings | The ID of the Sensor Update Policy you want to impact. If you provide IDs to the method using this keyword, you do not have to provide a body payload. (Service class usage only) |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.perform_policies_action(action_name="string",
group_id="HOST_GROUP_ID",
ids="ID_TO_UPDATE"
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Can also be provided as the keyword `group_id`
act_params = [{
"name": "group_id",
"value": "HOST_GROUP_ID"
}]
response = falcon.performSensorUpdatePoliciesAction(action_name="string",
action_parameters=act_params,
ids="ID_TO_UPDATE"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Only one ID may be updated at a time
BODY = {
"action_parameters": [
{
"name": "group_id",
"value": "HOST_GROUP_ID"
}
],
"ids": ["ID_TO_UPDATE"]
}
response = falcon.command("performSensorUpdatePoliciesAction", action_name="string", body=BODY)
print(response)
# Can also use the following syntax
response = falcon.command("performSensorUpdatePoliciesAction",
action_name="string",
parameters=PARAMS,
body=BODY
)
print(response)
Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
set_policies_precedence
Method | Route |
---|---|
/policy/entities/sensor-update-precedence/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
ids |
|
|
body | string or list of strings | The ID of the Sensor Update Policy you want to impact. If you provide IDs to the method using this keyword, you do not have to provide a body payload. (Service class usage only) |
platform_name |
|
|
body | string | Operating System platform name. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.set_policies_precedence(ids=id_list, platform_name="string")
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.setSensorUpdatePoliciesPrecedence(ids=id_list, platform_name="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = ['ID1', 'ID2', 'ID3']
BODY = {
"ids": id_list,
"platform_name": "Windows"
}
response = falcon.command("setSensorUpdatePoliciesPrecedence", body=BODY)
print(response)
Retrieve a set of Sensor Update Policies by specifying their IDs
get_policies
Method | Route |
---|---|
/policy/entities/sensor-update/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | The IDs of the Sensor Update Policy to retrieve. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policies(ids=id_list)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getSensorUpdatePolicies(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getSensorUpdatePolicies", ids=id_list)
print(response)
Create Sensor Update Policies by specifying details about the policy to create
create_policies
Method | Route |
---|---|
/policy/entities/sensor-update/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
build |
|
|
body | string | Build this Sensor update policy applies to. |
description |
|
|
body | string | Sensor update policy description. |
name |
|
|
body | string | Name of the Sensor Update policy. |
platform_name |
|
|
body | string | Name of the OS platform the Sensor Update policy applies to. |
settings |
|
|
body | dictionary | Sensor Update policy specific settings. Overrides the value of build if present.{ "build": "string" } |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_policies(build="string",
description="string",
name="string",
platform_name="string"
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.createSensorUpdatePolicies(build="string",
description="string",
name="string",
platform_name="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"name": "string",
"platform_name": "string",
"settings": {
"build": "string"
}
}
]
}
response = falcon.command("createSensorUpdatePolicies", body=BODY)
print(response)
Delete a set of Sensor Update Policies by specifying their IDs
delete_policies
Method | Route |
---|---|
/policy/entities/sensor-update/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | The IDs of the Sensor Update policies to delete. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_policies(ids=id_list)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteSensorUpdatePolicies(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteSensorUpdatePolicies", ids=id_list)
print(response)
Update Sensor Update Policies by specifying the ID of the policy and details to update
update_policies
Method | Route |
---|---|
/policy/entities/sensor-update/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
build |
|
|
body | string | Build this Sensor update policy applies to. |
description |
|
|
body | string | Sensor update policy description. |
id |
|
|
body | string | ID the Sensor Update policy to update. |
name |
|
|
body | string | Name of the Sensor Update policy. |
settings |
|
|
body | dictionary | Sensor Update policy specific settings. Overrides the value of build if present.{ "build": "string" } |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_policies(build="string",
description="string",
name="string",
id="string"
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.updateSensorUpdatePolicies(build="string",
description="string",
name="string",
id="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"id": "string",
"name": "string",
"settings": {
"build": "string"
}
}
]
}
response = falcon.command("updateSensorUpdatePolicies", body=BODY)
print(response)
Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs
get_policies_v2
Method | Route |
---|---|
/policy/entities/sensor-update/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | The IDs of the Sensor Update policies to retrieve. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policies_v2(ids=id_list)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getSensorUpdatePoliciesV2(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getSensorUpdatePoliciesV2", ids=id_list)
print(response)
Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection
create_policies_v2
Method | Route |
---|---|
/policy/entities/sensor-update/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
build |
|
|
body | string | Build this Sensor update policy applies to. Ignored if settings is provided. |
description |
|
|
body | string | Sensor update policy description. |
name |
|
|
body | string | Name of the Sensor Update policy. |
platform_name |
|
|
body | string | Name of the OS platform the Sensor Update policy applies to. |
scheduler |
|
|
body | dictionary | Dictionary containing details for the schedule. Ignored if settings is provided. |
settings |
|
|
body | dictionary | Sensor Update policy specific settings. Overrides the value of build , scheduler , show_early_adopter_builds , uninstall_protection , and variants if present. |
show_early_adopter_builds |
|
|
body | boolean | Flag indicating if early adopter builds should be shown as part of this policy. Ignored if settings is provided. |
uninstall_protection |
|
|
body | string | Boolean indicating if uninstall protection should be enabled. Ignored if settings is provided.Allowed values:
|
variants |
|
|
body | list of dictionaries | List of dictionaries containing details for variants to include in the policy. Ignored if settings is provided.[{ "build": "string", "platform": "string" }] |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.create_policies_v2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.createSensorUpdatePoliciesV2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule,
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"name": "string",
"platform_name": "string",
"settings": {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
}
]
}
response = falcon.command("createSensorUpdatePoliciesV2", body=BODY)
print(response)
Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection
update_policies_v2
Method | Route |
---|---|
/policy/entities/sensor-update/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
build |
|
|
body | string | Build this Sensor update policy applies to. Ignored if settings is provided. |
description |
|
|
body | string | Sensor update policy description. |
id |
|
|
body | string | ID of the Sensor Update policy to update. |
name |
|
|
body | string | Name of the Sensor Update policy. |
scheduler |
|
|
body | dictionary | Dictionary containing details for the schedule. Ignored if settings is provided. |
settings |
|
|
body | dictionary | Sensor Update policy specific settings. Overrides the value of build , scheduler , show_early_adopter_builds , uninstall_protection , and variants if present. |
show_early_adopter_builds |
|
|
body | boolean | Flag indicating if early adopter builds should be shown as part of this policy. Ignored if settings is provided. |
uninstall_protection |
|
|
body | string | Boolean indicating if uninstall protection should be enabled. Ignored if settings is provided.Allowed values:
|
variants |
|
|
body | list of dictionaries | List of dictionaries containing details for variants to include in the policy. Ignored if settings is provided.[{ "build": "string", "platform": "string" }] |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.update_policies_v2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule,
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.updateSensorUpdatePoliciesV2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule,
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"name": "string",
"platform_name": "string",
"settings": {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
}
]
}
response = falcon.command("updateSensorUpdatePoliciesV2", body=BODY)
print(response)
Retrieve kernel compatibility info for Sensor Update Builds
query_kernels
Method | Route |
---|---|
/policy/queries/sensor-update-kernels/{}/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
distinct_field |
|
|
path | string | The field name to get distinct values for. Default: id . |
filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. |
limit |
|
|
query | integer | The maximum number of records to return. [1-500] |
offset |
|
|
query | integer | The offset to start retrieving records from. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_kernels(distinct_field="string",
filter="string",
offset=integer,
limit=integer,
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.querySensorUpdateKernelsDistinct(distinct_field="string",
filter="string",
offset=integer,
limit=integer,
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("querySensorUpdateKernelsDistinct",
distinct_field="string",
filter="string",
offset=integer,
limit=integer,
)
print(response)
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
query_policy_members
Method | Route |
---|---|
/policy/queries/sensor-update-members/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | The ID of the Sensor Update Policy to search for members of. |
filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. |
limit |
|
|
query | integer | The maximum number of records to return. [1-5000] |
offset |
|
|
query | integer | The offset to start retrieving records from. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
sort |
|
|
query | string | The property to sort by in FQL syntax. Supports asc or desc .Available sort options:
|
The following fields can be used to filter results retrieved from the API.
Name | Description |
---|---|
created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
|
description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy'
|
enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true'
|
groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe'
|
modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an & .filter=name:'test'
|
name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy'
|
platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows'
|
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_policy_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.querySensorUpdatePolicyMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("querySensorUpdatePolicyMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria
query_policies
Method | Route |
---|---|
/policy/queries/sensor-update/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. |
limit |
|
|
query | integer | The maximum number of records to return. [1-5000] |
offset |
|
|
query | integer | The offset to start retrieving records from. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
sort |
|
|
query | string | The property to sort by in FQL syntax. Supports asc or desc .Available sort options:
|
The following fields can be used to filter results retrieved from the API.
Name | Description |
---|---|
created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
|
description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy'
|
enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true'
|
groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe'
|
modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an & .filter=name:'test'
|
name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy'
|
platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows'
|
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_policies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.querySensorUpdatePolicies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("querySensorUpdatePolicies",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)