Case Management - jshcodes/falconpy GitHub Wiki
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Get file details aggregates as specified via json in the request body.
aggregates_file_details_post_v1
| Method | Route |
|---|---|
 |
/case-files/aggregates/file-details/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |  |
 |
body | dictionary | Full body payload in JSON format |
| filter | |
|
query | string | FQL filter expression. |
| ids | |
|
query | string or list of strings | Resource IDs. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.aggregates_file_details_post_v1(ids=id_list,
filter="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.aggregates_file_details_post_v1(ids=id_list,
filter="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("aggregates_file_details_post_v1",
ids="string",
filter="string",
body={}
)
print(response)Back to Table of Contents
Query file details
query_file_details
| Method | Route |
|---|---|
 |
/case-files/combined/file-details/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL filter expression. |
| limit | |
|
query | integer | Page size. Maximum value is 10. |
| offset | |
|
query | integer | Page offset. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_file_details(filter="string",
limit=10,
offset=integer
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combined_file_details_get_v1(filter="string",
limit=10,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("combined_file_details_get_v1",
filter="string",
limit=10,
offset=integer
)
print(response)Back to Table of Contents
Upload file for case
upload_file
| Method | Route |
|---|---|
|
/case-files/entities/files/upload/v1 |
- Consumes: multipart/form-data
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| case_id | |
|
formData | string | Case ID for the file. |
| description | |
|
formData | string | Description of the file. |
| file | |
|
formData | file | Local file to Upload. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.upload_file(file="path/to/file.txt",
case_id="CASE_ID",
description="File description"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_files_upload_post_v1(file="path/to/file.txt",
case_id="CASE_ID",
description="File description"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_files_upload_post_v1",
file="path/to/file.txt",
case_id="CASE_ID",
description="File description"
)
print(response)Back to Table of Contents
Update file details
update_file_details
| Method | Route |
|---|---|
 |
/case-files/entities/file-details/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| description | |
 |
body | string | File details description. |
| id | |
|
body | string | File details ID. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_file_details(id="file_id",
description="Updated file description"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_file_details_patch_v1(id="file_id",
description="Updated file description"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"id": "file_id",
"description": "Updated file description"
}
response = falcon.command("entities_file_details_patch_v1", body=body_payload)
print(response)Back to Table of Contents
Get file details by id
get_file_details
| Method | Route |
|---|---|
|
/case-files/entities/file-details/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_file_details(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_file_details_get_v1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_file_details_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Download multiple existing file from case as a ZIP
bulk_download_files
| Method | Route |
|---|---|
|
/case-files/entities/files/bulk-download/v1 |
- Consumes: application/json
- Produces: application/octet-stream
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| ids | |
|
body | string or list of strings | List of files to download. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.bulk_download_files(ids=["file_id_1", "file_id_2", "file_id_3"])
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_files_bulk_download_post_v1(ids=["file_id_1", "file_id_2", "file_id_3"])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"ids": ["file_id_1", "file_id_2", "file_id_3"]
}
response = falcon.command("entities_files_bulk_download_post_v1", body=body_payload)
print(response)Back to Table of Contents
Download existing file from case
download_existing_files
| Method | Route |
|---|---|
|
/case-files/entities/files/download/v1 |
- Produces: application/octet-stream
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | |
|
query | string | Resource ID. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.download_existing_files(id="FILE_ID")
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_files_download_get_v1(id="FILE_ID")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_files_download_get_v1",
id="FILE_ID"
)
print(response)Back to Table of Contents
Delete file details by id
delete_file_details
| Method | Route |
|---|---|
 |
/case-files/entities/files/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_file_details(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_files_delete_v1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_files_delete_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Query for ids of file details
query_file_detail_ids
| Method | Route |
|---|---|
|
/case-files/queries/file-details/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL filter expression. |
| limit | |
|
query | integer | Page size. Maximum value is 10. |
| offset | |
|
query | integer | Page offset. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_file_detail_ids(filter="string",
limit=10,
offset=integer
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_file_details_get_v1(filter="string",
limit=10,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_file_details_get_v1",
filter="string",
limit=10,
offset=integer
)
print(response)Back to Table of Contents
Get metadata for a file via RTR without retrieving it.
get_rtr_file_metadata
| Method | Route |
|---|---|
|
/case-files/entities/get-rtr-file-metadata/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| aid | |
|
body | string | The agent ID of the host to retrieve file metadata from. |
| file_path | |
|
body | string | The path to the file on the host. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_rtr_file_metadata(aid="AGENT_ID",
file_path="/path/to/file"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_get_rtr_file_metadata_post_v1(aid="AGENT_ID",
file_path="/path/to/file"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aid": "AGENT_ID",
"file_path": "/path/to/file"
}
response = falcon.command("entities_get_rtr_file_metadata_post_v1", body=body_payload)
print(response)Back to Table of Contents
Retrieve a file from host using RTR and add it to a case.
retrieve_rtr_file
| Method | Route |
|---|---|
|
/case-files/entities/retrieve-rtr-file/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| aid | |
|
body | string | The agent ID of the host to retrieve the file from. |
| case_id | |
|
body | string | The ID of the case to add the file to. |
| description | |
|
body | string | A description of the file being retrieved. |
| file_path | |
|
body | string | The path to the file on the host. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.retrieve_rtr_file(aid="AGENT_ID",
case_id="CASE_ID",
description="File description",
file_path="/path/to/file"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_retrieve_rtr_file_post_v1(aid="AGENT_ID",
case_id="CASE_ID",
description="File description",
file_path="/path/to/file"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aid": "AGENT_ID",
"case_id": "CASE_ID",
"description": "File description",
"file_path": "/path/to/file"
}
response = falcon.command("entities_retrieve_rtr_file_post_v1", body=body_payload)
print(response)Back to Table of Contents
Retrieve a recently fetched RTR file and add it to a case.
retrieve_rtr_recent_file
| Method | Route |
|---|---|
|
/case-files/entities/retrieve-rtr-recent-file/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| aid | |
|
body | string | The agent ID of the host. |
| case_id | |
|
body | string | The ID of the case to add the file to. |
| description | |
|
body | string | A description of the file being retrieved. |
| session_id | |
|
body | string | The RTR session ID for the file retrieval. |
| sha256 | |
|
body | string | The SHA256 hash of the file to retrieve. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.retrieve_rtr_recent_file(aid="AGENT_ID",
case_id="CASE_ID",
description="File description",
session_id="SESSION_ID",
sha256="SHA256_HASH"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_retrieve_rtr_recent_file_post_v1(aid="AGENT_ID",
case_id="CASE_ID",
description="File description",
session_id="SESSION_ID",
sha256="SHA256_HASH"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aid": "AGENT_ID",
"case_id": "CASE_ID",
"description": "File description",
"session_id": "SESSION_ID",
"sha256": "SHA256_HASH"
}
response = falcon.command("entities_retrieve_rtr_recent_file_post_v1", body=body_payload)
print(response)Back to Table of Contents
Get notification groups aggregations
get_notification_groups_aggregation
| Method | Route |
|---|---|
|
/casemgmt/aggregates/notification-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| date_ranges | |
|
body | dictionary or list | Date range timeframe. |
| field | |
|
body | string | Field to retrieve. |
| filter | |
|
body | string | FQL syntax. |
| from | |
|
body | integer | |
| name | |
|
body | string | |
| size | |
|
body | integer | |
| sort | |
|
body | string | Field to sort on. |
| type | |
|
body | string |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_notification_groups_aggregation(date_ranges=[
{
"from": "string",
"to": "string"
}
],
field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregates_notification_groups_post_v1(date_ranges=[
{
"from": "string",
"to": "string"
}
],
field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"date_ranges": [
{
"from": "string",
"to": "string"
}
],
"field": "string",
"filter": "string",
"from": integer,
"name": "string",
"size": integer,
"sort": "string",
"type": "string"
}
response = falcon.command("aggregates_notification_groups_post_v1", body=body_payload)
print(response)Back to Table of Contents
Get notification groups aggregations
get_notification_groups_aggregation_v2
| Method | Route |
|---|---|
|
/casemgmt/aggregates/notification-groups/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| date_ranges | |
|
body | dictionary or list | Date range timeframe. |
| field | |
|
body | string | Field to retrieve. |
| filter | |
|
body | string | FQL syntax. |
| from | |
|
body | integer | |
| name | |
|
body | string | |
| size | |
|
body | integer | |
| sort | |
|
body | string | Field to sort on. |
| type | |
|
body | string |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_notification_groups_aggregation_v2(date_ranges=[
{
"from": "string",
"to": "string"
}
],
field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregates_notification_groups_post_v2(date_ranges=[
{
"from": "string",
"to": "string"
}
],
field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"date_ranges": [
{
"from": "string",
"to": "string"
}
],
"field": "string",
"filter": "string",
"from": integer,
"name": "string",
"size": integer,
"sort": "string",
"type": "string"
}
response = falcon.command("aggregates_notification_groups_post_v2", body=body_payload)
print(response)Back to Table of Contents
Get SLA aggregations
get_sla_aggregations
| Method | Route |
|---|---|
|
/casemgmt/aggregates/slas/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| date_ranges | |
|
body | dictionary or list | Date range timeframe. |
| field | |
|
body | string | Field to retrieve. |
| filter | |
|
body | string | FQL syntax. |
| from | |
|
body | integer | |
| name | |
|
body | string | |
| size | |
|
body | integer | |
| sort | |
|
body | string | Field to sort on. |
| type | |
|
body | string |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_sla_aggregations(date_ranges=[
{
"from": "string",
"to": "string"
}
],
field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregates_slas_post_v1(date_ranges=[
{
"from": "string",
"to": "string"
}
],
field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"date_ranges": [
{
"from": "string",
"to": "string"
}
],
"field": "string",
"filter": "string",
"from": integer,
"name": "string",
"size": integer,
"sort": "string",
"type": "string"
}
response = falcon.command("aggregates_slas_post_v1", body=body_payload)
print(response)Back to Table of Contents
Get templates aggregations
get_template_aggregations
| Method | Route |
|---|---|
|
/casemgmt/aggregates/templates/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| date_ranges | |
|
body | dictionary or list | Date range timeframe. |
| field | |
|
body | string | Field to retrieve. |
| filter | |
|
body | string | FQL syntax. |
| from | |
|
body | integer | |
| name | |
|
body | string | |
| size | |
|
body | integer | |
| sort | |
|
body | string | Field to sort on. |
| type | |
|
body | string |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_template_aggregations(date_ranges=[
{
"from": "string",
"to": "string"
}
],
field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregates_templates_post_v1(date_ranges=[
{
"from": "string",
"to": "string"
}
],
field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"date_ranges": [
{
"from": "string",
"to": "string"
}
],
"field": "string",
"filter": "string",
"from": integer,
"name": "string",
"size": integer,
"sort": "string",
"type": "string"
}
response = falcon.command("aggregates_templates_post_v1", body=body_payload)
print(response)Back to Table of Contents
Get access tag aggregates.
get_access_tag_aggregations
| Method | Route |
|---|---|
|
/casemgmt/aggregates/access-tags/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| date_ranges | |
|
body | dictionary or list | Date range timeframe. |
| field | |
|
body | string | Field to retrieve. |
| filter | |
|
body | string | FQL syntax. |
| from | |
|
body | integer | |
| name | |
|
body | string | |
| size | |
|
body | integer | |
| sort | |
|
body | string | Field to sort on. |
| type | |
|
body | string |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_access_tag_aggregations(date_ranges=[
{
"from": "string",
"to": "string"
}
],
field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregates_access_tags_post_v1(date_ranges=[
{
"from": "string",
"to": "string"
}
],
field="string",
filter="string",
name="string",
size=integer,
sort="string",
type="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"date_ranges": [
{
"from": "string",
"to": "string"
}
],
"field": "string",
"filter": "string",
"from": integer,
"name": "string",
"size": integer,
"sort": "string",
"type": "string"
}
response = falcon.command("aggregates_access_tags_post_v1", body=body_payload)
print(response)Back to Table of Contents
Get access tags.
get_access_tags
| Method | Route |
|---|---|
|
/casemgmt/entities/access-tags/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_access_tags(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_access_tags_get_v1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_access_tags_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Get notification groups by ID
get_notification_groups
| Method | Route |
|---|---|
|
/casemgmt/entities/notification-groups/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_notification_groups(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_get_v1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_notification_groups_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Create notification group
create_notification_group
| Method | Route |
|---|---|
|
/casemgmt/entities/notification-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| channels | |
|
body | list of dictionaries | The notification group channel configuration parameters. |
| description | |
|
body | string | Notification group description. |
| name | |
|
body | string | Notification group name. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "string"
}
]
response = falcon.create_notification_group(channels=channels,
description="string",
name="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "string"
}
]
response = falcon.entities_notification_groups_post_v1(channels=channels,
description="string",
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"channels": [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "string"
}
],
"description": "string",
"name": "string"
}
response = falcon.command("entities_notification_groups_post_v1", body=body_payload)
print(response)Back to Table of Contents
Update notification group
update_notification_group
| Method | Route |
|---|---|
|
/casemgmt/entities/notification-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| channels | |
|
body | list of dictionaries | The notification group channel configuration parameters. |
| description | |
|
body | string | Notification group description. |
| id | |
|
body | string | The ID of the notification group. |
| name | |
|
body | string | Notification group name. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "string"
}
]
response = falcon.update_notification_group(channels=channels,
description="string",
id="string",
name="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "string"
}
]
response = falcon.entities_notification_groups_patch_v1(channels=channels,
description="string",
id="string",
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"channels": [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "string"
}
],
"description": "string",
"id": "string",
"name": "string"
}
response = falcon.command("entities_notification_groups_patch_v1", body=body_payload)
print(response)Back to Table of Contents
Delete notification groups by ID
delete_notification_group
| Method | Route |
|---|---|
|
/casemgmt/entities/notification-groups/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_notification_group(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_delete_v1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_notification_groups_delete_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Get notification groups by ID
get_notification_groups_v2
| Method | Route |
|---|---|
|
/casemgmt/entities/notification-groups/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_notification_groups_v2(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_get_v2(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_notification_groups_get_v2",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Create notification group
create_notification_group_v2
| Method | Route |
|---|---|
|
/casemgmt/entities/notification-groups/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| channels | |
|
body | list of dictionaries | The notification group channel configuration parameters. |
| description | |
|
body | string | Notification group description. |
| name | |
|
body | string | Notification group name. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "string"
}
]
response = falcon.create_notification_group_v2(channels=channels,
description="string",
name="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "string"
}
]
response = falcon.entities_notification_groups_post_v2(channels=channels,
description="string",
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"channels": [
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "string"
}
],
"description": "string",
"name": "string"
}
response = falcon.command("entities_notification_groups_post_v2", body=body_payload)
print(response)Back to Table of Contents
Update notification group
update_notification_group_v2
| Method | Route |
|---|---|
|
/casemgmt/entities/notification-groups/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| channels | |
|
body | list of dictionaries | The notification group channel configuration parameters. |
| description | |
|
body | string | Notification group description. |
| name | |
|
body | string | Notification group name. |
| id | |
|
body | string | The ID of the notification group. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels=[
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "string"
}
]
response = falcon.update_notification_group_v2(channels=channels,
description="string",
name="string",
id="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels=[
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "string"
}
]
response = falcon.entities_notification_groups_patch_v2(channels=channels,
description="string",
name="string",
id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"channels": [
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "string"
}
],
"description": "string",
"name": "string",
"id": "string"
}
response = falcon.command("entities_notification_groups_patch_v2", body=body_payload)
print(response)Back to Table of Contents
Delete notification groups by ID
delete_notification_group_v2
| Method | Route |
|---|---|
|
/casemgmt/entities/notification-groups/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_notification_group_v2(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_delete_v2(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_notification_groups_delete_v2",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Get fields by ID
get_fields
| Method | Route |
|---|---|
|
/casemgmt/entities/fields/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_fields(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_fields_get_v1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_fields_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Get SLAs by ID
get_slas
| Method | Route |
|---|---|
|
/casemgmt/entities/slas/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_slas(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_slas_get_v1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_slas_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Create SLA
create_sla
| Method | Route |
|---|---|
|
/casemgmt/entities/slas/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| description | |
|
body | string | The description of the SLA. |
| goals | |
|
body | list of dictionaries | The SLA goals. |
| name | |
|
body | string | The name of the SLA. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
goals = [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
]
response = falcon.create_sla(description="string",
goals=goals,
name="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
goals = [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
]
response = falcon.entities_slas_post_v1(description="string",
goals=goals,
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"goals": [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
],
"name": "string"
}
response = falcon.command("entities_slas_post_v1", body=body_payload)
print(response)Back to Table of Contents
Update SLA
update_sla
| Method | Route |
|---|---|
|
/casemgmt/entities/slas/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| description | |
|
body | string | The description of the SLA. |
| goals | |
|
body | list of dictionaries | The SLA goals. |
| id | |
|
body | string | The ID of the SLA to update. |
| name | |
|
body | string | The name of the SLA. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
goals = [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
]
response = falcon.update_sla(description="string",
goals=goals,
name="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
goals = [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
]
response = falcon.entities_slas_patch_v1(description="string",
goals=goals,
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"goals": [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
],
"name": "string"
}
response = falcon.command("entities_slas_patch_v1", body=body_payload)
print(response)Back to Table of Contents
Delete SLAs
delete_sla
| Method | Route |
|---|---|
|
/casemgmt/entities/slas/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_sla(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_slas_delete_v1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_slas_delete_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Get template snapshots
get_template_snapshots
| Method | Route |
|---|---|
|
/casemgmt/entities/template-snapshots/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Snapshot IDs. |
| template_ids | |
|
query | string or list of strings | Retrieves the latest snapshot for all Template IDs. |
| versions | |
|
query | integer or list of integers | Retrieve a specific version of the template from the parallel array template_ids. A value of zero will return the latest snapshot. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
snapshot_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_template_snapshots(ids=snapshot_ids)
print(response)
template_ids = ['template1', 'template2']
response = falcon.get_template_snapshots(template_ids=template_ids)
print(response)
template_ids = ['template1', 'template2']
versions = [1, 0]
response = falcon.get_template_snapshots(template_ids=template_ids,
versions=versions)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
snapshot_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_template_snapshots_get_v1(ids=snapshot_ids)
print(response)
response = falcon.entities_template_snapshots_get_v1(template_ids=['template1', 'template2'])
print(response)
response = falcon.entities_template_snapshots_get_v1(template_ids=['template1', 'template2'],
versions=[1, 0])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_template_snapshots_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
response = falcon.command("entities_template_snapshots_get_v1",
template_ids=["template1", "template2"]
)
print(response)
response = falcon.command("entities_template_snapshots_get_v1",
template_ids=["template1", "template2"],
versions=[1, 0]
)
print(response)Back to Table of Contents
Export templates to files in a zip archive
export_templates
| Method | Route |
|---|---|
|
/casemgmt/entities/templates/export/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Template IDs. |
| filter | |
|
query | string | FQL filter expression. |
| format | |
|
query | string | Export file format. Valid values: yaml, json. Default: yaml. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
template_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.export_templates(ids=template_ids, format="string")
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
template_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_templates_export_get_v1(ids=template_ids, format="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_templates_export_get_v1",
ids=["ID1", "ID2", "ID3"],
format="string"
)
print(response)Back to Table of Contents
Import a template from a file
import_template
| Method | Route |
|---|---|
|
/casemgmt/entities/templates/import/v1 |
- Consumes: multipart/form-data
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| file | |
|
formData | file | Local file to import. |
| dry_run | |
|
formData | boolean | Run validation only. |
| data | |
|
formData | dictionary | Full formData payload as a dictionary. Not required when using other keywords. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.import_template(file=("template.yaml", open("string", "rb")),
dry_run=boolean
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_templates_import_post_v1(file=("template.yaml", open("string", "rb")),
dry_run=boolean
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_templates_import_post_v1",
file=("template.yaml", open("string", "rb")),
dry_run=boolean
)
print(response)Back to Table of Contents
Get templates by ID
get_templates
| Method | Route |
|---|---|
|
/casemgmt/entities/templates/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_templates(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_templates_get_v1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_templates_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Create template
create_template
| Method | Route |
|---|---|
|
/casemgmt/entities/templates/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| description | |
|
body | string | Template description. |
| fields | |
|
body | list of dictionaries | Template fields configuration. |
| name | |
|
body | string | Template name. |
| sla_id | |
|
body | string | SLA ID for the template. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
]
response = falcon.create_template(description="string",
fields=fields,
name="string",
sla_id="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
]
response = falcon.entities_templates_post_v1(description="string",
fields=fields,
name="string",
sla_id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"fields": [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
],
"name": "string",
"sla_id": "string"
}
response = falcon.command("entities_templates_post_v1", body=body_payload)
print(response)Back to Table of Contents
Update template
update_template
| Method | Route |
|---|---|
|
/casemgmt/entities/templates/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| fields | |
|
body | list of dictionaries | The template fields configuration. |
| description | |
|
body | string | Template description. |
| id | |
|
body | string | The ID of the template to update. |
| sla_id | |
|
body | string | The ID of the SLA. |
| name | |
|
body | string | Template name. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
]
response = falcon.update_template(description="string",
fields=fields,
id="string",
name="string",
sla_id="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
]
response = falcon.entities_templates_patch_v1(description="string",
fields=fields,
id="string",
name="string",
sla_id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"fields": [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
],
"id": "string",
"name": "string",
"sla_id": "string"
}
response = falcon.command("entities_templates_patch_v1", body=body_payload)
print(response)Back to Table of Contents
Delete templates
delete_templates
| Method | Route |
|---|---|
|
/casemgmt/entities/templates/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Resource IDs. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_templates(ids=id_list)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_templates_delete_v1(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_templates_delete_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)Back to Table of Contents
Query access tags.
query_access_tags
| Method | Route |
|---|---|
|
/casemgmt/queries/access-tags/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | |
|
query | string | Pagination token. |
| filter | |
|
query | string | FQL filter expression. |
| limit | |
|
query | integer | Page size. Maximum value is 200. |
| sort | |
|
query | string | Sort expression. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_access_tags(filter="string",
sort="string",
limit=integer,
after="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_access_tags_get_v1(filter="string",
sort="string",
limit=integer,
after="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_access_tags_get_v1",
filter="string",
sort="string",
limit=integer,
after="string"
)
print(response)Back to Table of Contents
Query fields
query_fields
| Method | Route |
|---|---|
|
/casemgmt/queries/fields/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL filter expression. |
| limit | |
|
query | integer | Page size. Maximum value is 200. |
| offset | |
|
query | integer | Page offset. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_fields(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_fields_get_v1(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_fields_get_v1",
filter="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Query notification groups
query_notification_groups
| Method | Route |
|---|---|
|
/casemgmt/queries/notification-groups/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL filter expression. |
| limit | |
|
query | integer | Page size. Maximum value is 200. |
| offset | |
|
query | integer | Page offset. |
| sort | |
|
query | string | Sort expression. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_notification_groups(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_notification_groups_get_v1(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_notification_groups_get_v1",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Query notification groups
query_notification_groups_v2
| Method | Route |
|---|---|
|
/casemgmt/queries/notification-groups/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL filter expression. |
| limit | |
|
query | integer | Page size. Maximum value is 200. |
| offset | |
|
query | integer | Page offset. |
| sort | |
|
query | string | Sort expression. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_notification_groups_v2(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_notification_groups_get_v2(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_notification_groups_get_v2",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Query SLAs
query_slas
| Method | Route |
|---|---|
|
/casemgmt/queries/slas/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL filter expression. |
| limit | |
|
query | integer | Page size. Maximum value is 200. |
| offset | |
|
query | integer | Page offset. |
| sort | |
|
query | string | Sort expression. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_slas(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_slas_get_v1(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_slas_get_v1",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Query template snapshots
query_template_snapshots
| Method | Route |
|---|---|
|
/casemgmt/queries/template-snapshots/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL filter expression. |
| limit | |
|
query | integer | Page size. Maximum value is 200. |
| offset | |
|
query | integer | Page offset. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_template_snapshots(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_template_snapshots_get_v1(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_template_snapshots_get_v1",
filter="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Query templates
query_templates
| Method | Route |
|---|---|
|
/casemgmt/queries/templates/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | FQL filter expression. |
| limit | |
|
query | integer | Page size. Maximum value is 200. |
| offset | |
|
query | integer | Page offset. |
| sort | |
|
query | string | Sort expression. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_templates(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_templates_get_v1(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_templates_get_v1",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Adds the given list of alert evidence to the specified case.
add_case_alert_evidence
| Method | Route |
|---|---|
|
/cases/entities/alert-evidence/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| alerts | |
|
body | list of dictionaries | The alert IDs. |
| id | |
|
body | string | The specified case ID. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.add_case_alert_evidence(alerts=[{"id": "string"}],
id="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_alert_evidence_post_v1(alerts=[{"id": "string"}],
id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"alerts": [
{
"id": "string"
}
],
"id": "string"
}
response = falcon.command("entities_alert_evidence_post_v1", body=body_payload)
print(response)Back to Table of Contents
Adds the given list of tags to the specified case.
add_case_tags
| Method | Route |
|---|---|
|
/cases/entities/case-tags/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| tags | |
|
body | array of strings | The given list of tags. |
| id | |
|
body | string | The specified case ID. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.add_case_tags(id="string",
tags=["string"]
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_case_tags_post_v1(id="string",
tags=["string"]
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"id": "string",
"tags": [
"string"
]
}
response = falcon.command("entities_case_tags_post_v1", body=body_payload)
print(response)Back to Table of Contents
Removes the specified tags from the specified case.
delete_case_tags
| Method | Route |
|---|---|
|
/cases/entities/case-tags/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | |
|
query | string | The ID of the case to remove tags from. |
| tag | |
|
query | string or list of strings | The tag to remove from the case. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_case_tags(id="case_id_here",
tag=["tag1", "tag2"]
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_case_tags_delete_v1(id="case_id_here",
tag=["tag1", "tag2"]
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_case_tags_delete_v1",
id="case_id_here",
tag=["tag1", "tag2"]
)
print(response)Back to Table of Contents
Creates the given Case
create_case
| Method | Route |
|---|---|
 |
/cases/entities/cases/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload as a dictionary. Not required if using other keywords. |
| assigned_to_user_uuid | |
|
body | string | UUID of the user to assign the case to. |
| description | |
|
body | string | The description of the case. |
| evidence | |
|
body | dictionary | The case evidence info. |
| name | |
|
body | string | The name of the case. |
| severity | |
|
body | integer | The severity level of the case. |
| status | |
|
body | string | The current status of the case. |
| tags | |
|
body | list of strings | The tags to be attached to the case. |
| template | |
|
body | dictionary | The template case to utilize. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
evidence = {
"alerts": [
{
"id": "string"
}
],
"events": [
{
"id": "string"
}
],
"leads": [
{
"id": "string"
}
]
}
response = falcon.create_case(assigned_to_user_uuid="string",
description="string",
evidence=evidence,
name="string",
severity=integer,
status="string",
tags=["string", "string"],
template={"string": "string"}
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
evidence = {
"alerts": [
{
"id": "string"
}
],
"events": [
{
"id": "string"
}
],
"leads": [
{
"id": "string"
}
]
}
response = falcon.entities_cases_put_v2(assigned_to_user_uuid="string",
description="string",
evidence=evidence,
name="string",
severity=integer,
status="string",
tags=["string", "string"],
template={"string": "string"}
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"assigned_to_user_uuid": "string",
"description": "string",
"evidence": {
"alerts": [
{
"id": "string"
}
],
"events": [
{
"id": "string"
}
],
"leads": [
{
"id": "string"
}
]
},
"name": "string",
"severity": integer,
"status": "string",
"tags": [
"string",
"string"
],
"template": {
"id": "string"
}
}
response = falcon.command("entities_cases_put_v2", body=body_payload)
print(response)Back to Table of Contents
Retrieves all Cases given their IDs.
get_cases
| Method | Route |
|---|---|
|
/cases/entities/cases/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| ids | |
|
body | string or list of strings | The case IDs. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_cases(ids=["case_id_1", "case_id_2", "case_id_3"])
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_cases_post_v2(ids=["case_id_1", "case_id_2", "case_id_3"])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"ids": ["case_id_1", "case_id_2", "case_id_3"]
}
response = falcon.command("entities_cases_post_v2", body=body_payload)
print(response)Back to Table of Contents
Updates given fields on the specified case.
update_case_fields
| Method | Route |
|---|---|
|
/cases/entities/cases/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload as a dictionary. Not required if using other keywords. |
| expected_consistency_version | |
|
body | integer | The consistency version. |
| expected_version | |
|
body | integer | The version. |
| fields | |
|
body | dictionary | The updated given fields for the specified case. |
| id | |
|
body | string | The specified case ID. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = {
"assigned_to_user_uuid": "string",
"custom_fields": [
{
"id": "string",
"values": [
"string",
"string"
]
}
],
"description": "string",
"name": "string",
"remove_user_assignment": boolean,
"severity": integer,
"slas_active": boolean,
"status": "string",
"template": {
"id": "string"
}
}
response = falcon.update_case_fields(expected_consistency_version=integer,
expected_version=integer,
fields=fields,
id="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = {
"assigned_to_user_uuid": "string",
"custom_fields": [
{
"id": "string",
"values": [
"string",
"string"
]
}
],
"description": "string",
"name": "string",
"remove_user_assignment": boolean,
"severity": integer,
"slas_active": boolean,
"status": "string",
"template": {
"id": "string"
}
}
response = falcon.entities_cases_patch_v2(expected_consistency_version=integer,
expected_version=integer,
fields=fields,
id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"expected_consistency_version": integer,
"expected_version": integer,
fields = {
"assigned_to_user_uuid": "string",
"custom_fields": [
{
"id": "string",
"values": [
"string",
"string"
]
}
],
"description": "string",
"name": "string",
"remove_user_assignment": boolean,
"severity": integer,
"slas_active": boolean,
"status": "string",
"template": {
"id": "string"
}
},
"id": "case_id_here"
}
response = falcon.command("entities_cases_patch_v2", body=body_payload)
print(response)Back to Table of Contents
Adds the given list of event evidence to the specified case.
add_case_event_evidence
| Method | Route |
|---|---|
|
/cases/entities/event-evidence/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| events | |
|
body | list of dictionaries | The event evidence field. |
| id | |
|
body | string | The specified case id. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.add_case_event_evidence(events=[{"id": "string"}],
id="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_event_evidence_post_v1(events=[{"id": "string"}],
id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"events": [
{
"id": "string"
}
],
"id": "string"
}
response = falcon.command("entities_event_evidence_post_v1", body=body_payload)
print(response)Back to Table of Contents
Retrieves all Cases IDs that match a given query.
query_case_ids
| Method | Route |
|---|---|
|
/cases/queries/cases/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Filter Cases using a query in Falcon Query Language (FQL). Filter fields can be any keyword field that is part of #domain.Case. An asterisk wildcard * includes all results. Empty value means to not filter on anything. Most commonly used filter fields that supports exact match: cid, id. Most commonly used filter fields that supports wildcard (*): assigned_to_name, assigned_to_uuid. Most commonly filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, updated_timestamp. All filter fields and operations support negation (!). The full list of valid filter options is extensive. Review it in our documentation inside the Falcon console. |
| limit | |
|
query | integer | The maximum number of Cases to return in this response (default: 100; max: 10000). Use this parameter together with the offset parameter to manage pagination of the results. |
| offset | |
|
query | integer | The first case to return, where 0 is the latest case. Use with the offset parameter to manage pagination of results. |
| q | |
|
query | string | Search all Case metadata for the provided string. |
| sort | |
|
query | string | Sort parameter takes the form <field|direction>. Direction can be either asc (ascending) or desc (descending) order. For example: status|asc or status|desc. The sorting fields can be any keyword field that is part of #domain.Case except for the text based fields. Most commonly used fields are status, cid, created_timestamp, updated_timestamp, assigned_to_name, assigned_to_userid, assigned_to_uuid, tags. If the fields are missing from the Cases, the service will fallback to its default ordering. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_case_ids(filter="string",
limit=integer,
offset=integer,
sort="string",
q="string"
)
print(response)from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_cases_get_v1(filter="string",
limit=integer,
offset=integer,
sort="string",
q="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_cases_get_v1",
filter="string",
limit=integer,
offset=integer,
sort="string",
q="string"
)
print(response)Back to Table of Contents
