Using the Sensor Visibility Exclusions service collection

Uber class support Service class support Documentation Version Page Updated

Operation ID

Description

getSensorVisibilityExclusionsV1
PEP 8	get_exclusions

Get a set of Sensor Visibility Exclusions by specifying their IDs.

createSVExclusionsV1
PEP 8	create_exclusions

Create a sensor visibility exclusion.

deleteSensorVisibilityExclusionsV1
PEP 8	delete_exclusions

Delete the sensor visibility exclusions by ID.

updateSensorVisibilityExclusionsV1
PEP 8	update_exclusions

Update a sensor visibility exclusion.

querySensorVisibilityExclusionsV1
PEP 8	query_exclusions

Search for sensor visibility exclusions.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

getSensorVisibilityExclusionsV1

Get a set of Sensor Visibility Exclusions by specifying their IDs

PEP8 method name

get_exclusions

Endpoint

Method	Route
	`/policy/entities/sv-exclusions/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	The IDs of the exclusions to retrieve.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_exclusions(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getSensorVisibilityExclusionsV1(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getSensorVisibilityExclusionsV1", ids=id_list)
print(response)

createSVExclusionsV1

Create the sensor visibility exclusions

PEP8 method name

create_exclusions

Endpoint

Method	Route
	`/policy/entities/sv-exclusions/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format.
comment	body	string	String comment describing why the exclusions was created.
groups	body	list of strings	Group ID(s) impacted by the exclusion.
value	body	string	Value to match for the exclusion.

Usage

Service class example (PEP8 syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )
group_list = ['ID1', 'ID2', 'ID3']

response = falcon.create_exclusions(comment="string",
                                    groups=group_list,
                                    value="string"
                                    )
print(response)

Service class example (Operation ID syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

group_list = ['ID1', 'ID2', 'ID3']

response = falcon.createSVExclusionsV1(comment="string",
                                       groups=group_list,
                                       value="string"
                                       )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

group_list = ['ID1', 'ID2', 'ID3']

BODY = {
    "comment": "string",
    "groups": [
        "string"
    ],
    "value": "string"
}

response = falcon.command("createSVExclusionsV1", body=BODY)
print(response)

deleteSensorVisibilityExclusionsV1

Delete the sensor visibility exclusions by id

PEP8 method name

delete_exclusions

Endpoint

Method	Route
	`/policy/entities/sv-exclusions/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
comment	query	string	Explains why this exclusion was deleted.
ids	query	string or list of strings	The IDs of the exclusions to retrieve.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_exclusions(comment="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteSensorVisibilityExclusionsV1(comment="string", ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "comment": "string"
}

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteSensorVisibilityExclusionsV1", parameters=PARAMS, ids=id_list)
print(response)

updateSensorVisibilityExclusionsV1

Update the sensor visibility exclusions

PEP8 method name

update_exclusions

Endpoint

Method	Route
	`/policy/entities/sv-exclusions/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format.
comment	body	string	String comment describing why the exclusions was created.
groups	body	list of strings	Group ID(s) impacted by the exclusion.
id	body	string	The ID of the exclusion to update.
is_descendent_process	body	boolean	Flag to determine if an exclusion should apply to all descendant processes.
value	body	string	Value to match for the exclusion.

Usage

Service class example (PEP8 syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

group_list = ['ID1', 'ID2', 'ID3']

response = falcon.update_exclusions(comment="string",
                                    groups=group_list,
                                    value="string",
                                    id="string",
                                    is_descendent_process=boolean
                                    )
print(response)

Service class example (Operation ID syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

group_list = ['ID1', 'ID2', 'ID3']

response = falcon.updateSensorVisibilityExclusionsV1(comment="string",
                                                     groups=group_list,
                                                     value="string",
                                                     id="string",
                                                     is_descendent_process=boolean
                                                     )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

group_list = ['ID1', 'ID2', 'ID3']

BODY = {
    "comment": "string",
    "groups": group_list,
    "id": "string",
    "is_descendent_process": boolean
    "value": "string"
}

response = falcon.command("updateSensorVisibilityExclusionsV1", body=BODY)
print(response)

querySensorVisibilityExclusionsV1

Search for sensor visibility exclusions.

PEP8 method name

query_exclusions

Endpoint

Method	Route
	`/policy/queries/sv-exclusions/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results. FQL syntax. Available filters: applied_globally created_by created_on last_modified modified_by value
limit	query	integer	The maximum number of records to return. [1-500]
offset	query	integer	The offset to start retrieving records from.
parameters	query	dictionary	Full query string parameters payload in JSON format.
sort	query	string	The property to sort by. FQL syntax. (e.g. last_behavior\|asc) Available sort fields: applied_globally created_by created_on last_modified modified_by value

Usage

Service class example (PEP8 syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.query_exclusions(filter="string",
                                   offset=integer,
                                   limit=integer,
                                   sort="string"
                                   )
print(response)

Service class example (Operation ID syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.querySensorVisibilityExclusionsV1(filter="string",
                                                    offset=integer,
                                                    limit=integer,
                                                    sort="string"
                                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("querySensorVisibilityExclusionsV1",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

Sensor Visibility Exclusions - CrowdStrike/falconpy GitHub Wiki

Using the Sensor Visibility Exclusions service collection

Table of Contents

Passing credentials

getSensorVisibilityExclusionsV1

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

createSVExclusionsV1

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

deleteSensorVisibilityExclusionsV1

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

updateSensorVisibilityExclusionsV1

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

querySensorVisibilityExclusionsV1

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️