Data Protection Configuration - jshcodes/falconpy GitHub Wiki
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Get the classifications that match the provided ids. | ||||
|
Create classifications. | ||||
|
Update classifications. | ||||
|
Delete classifications that match the provided ids. | ||||
|
Get a particular cloud-application. | ||||
|
Persist the given cloud application for the provided entity instance. | ||||
|
Update a cloud application. | ||||
|
Delete cloud application. | ||||
|
Get a particular content-pattern(s). | ||||
|
Persist the given content pattern for the provided entity instance. | ||||
|
Update a content pattern. | ||||
|
Delete content pattern. | ||||
|
Update Policy Precedence. | ||||
|
Get a particular enterprise-account(s). | ||||
|
Persist the given enterprise account for the provided entity instance. | ||||
|
Update a enterprise account. | ||||
|
Delete enterprise account. | ||||
|
Get a particular file-type. | ||||
|
Get sensitivity label matching the IDs (V2). | ||||
|
Create new sensitivity label (V2). | ||||
|
Delete sensitivity labels matching the IDs (V2). | ||||
|
Get particular local application groups. | ||||
|
Persist the given local application group for the provided entity instance. | ||||
|
Update a local application group. | ||||
|
Soft Delete local application. The application won't be visible anymore, but will still be in the database. | ||||
|
Get a particular local application. | ||||
|
Persist the given local application for the provided entity instance. | ||||
|
Update a local application. | ||||
|
Soft Delete local application. The application wont be visible anymore, but will still be in the database. | ||||
|
Get policies that match the provided ids. | ||||
|
Create policies. | ||||
|
Update policies. | ||||
|
Delete policies that match the provided ids. | ||||
|
Get web-location entities matching the provided ID(s). | ||||
|
Persist the given web-locations. | ||||
|
Update a web-location. | ||||
|
Delete web-location. | ||||
|
Search for classifications that match the provided criteria. | ||||
|
Get all cloud-application IDs matching the query with filter. | ||||
|
Get all content-pattern IDs matching the query with filter. | ||||
|
Get all enterprise-account IDs matching the query with filter. | ||||
|
Get all file-type IDs matching the query with filter. | ||||
|
Get all sensitivity label IDs matching the query with filter. | ||||
|
Get all local application group IDs matching the query with filter. | ||||
|
Get all local-application IDs matching the query with filter. | ||||
|
Search for policies that match the provided criteria. | ||||
|
Get web-location IDs matching the query with filter. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Gets the classifications that match the provided ids
get_classification
| Method | Route |
|---|---|
 |
/data-protection/entities/classifications/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |  |
|
query | list of strings | IDs of the classifications to get |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_classification(ids=['string', 'string'])
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_classification_get_v2(ids=['string', 'string'])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_classification_get_v2",
ids=['string', 'string']
)
print(response)Back to Table of Contents
Create classifications
create_classification
| Method | Route |
|---|---|
 |
/data-protection/entities/classifications/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
 |
body | dictionary | Full body payload in JSON format |
| classification_properties | |
 |
body | dictionary | The properties of the new classification. |
| name | |
|
body | string | The name of the new classification. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
classification_properties = {
"content_patterns": ["string"],
"evidence_duplication_enabled": boolean,
"file_types": ["string"],
"protection_mode": "monitor",
"rules": [
{
"ad_groups": ["string"],
"ad_users": ["string"],
"created_time_stamp": "string",
"description": "string",
"detection_severity": "informational",
"enable_printer_egress": boolean,
"enable_usb_devices": boolean,
"enable_web_locations": boolean,
"id": "string",
"modified_time_stamp": "string",
"notify_end_user": boolean,
"response_action": "allow",
"trigger_detection": boolean,
"user_scope": "all",
"web_locations": ["string"],
"web_locations_scope": "all"
}
],
"sensitivity_labels": ["string"],
"web_sources": ["string"]
}
response = falcon.create_classification(classification_properties=classification_properties,
name="string"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
classification_properties = {
"content_patterns": ["string"],
"evidence_duplication_enabled": boolean,
"file_types": ["string"],
"protection_mode": "monitor",
"rules": [
{
"ad_groups": ["string"],
"ad_users": ["string"],
"created_time_stamp": "string",
"description": "string",
"detection_severity": "informational",
"enable_printer_egress": boolean,
"enable_usb_devices": boolean,
"enable_web_locations": boolean,
"id": "string",
"modified_time_stamp": "string",
"notify_end_user": boolean,
"response_action": "allow",
"trigger_detection": boolean,
"user_scope": "all",
"web_locations": ["string"],
"web_locations_scope": "all"
}
],
"sensitivity_labels": ["string"],
"web_sources": ["string"]
}
response = falcon.entities_classification_post_v2(classification_properties=classification_properties,
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"classification_properties": {
"content_patterns": [
"string"
],
"evidence_duplication_enabled": boolean,
"file_types": [
"string"
],
"protection_mode": "monitor",
"rules": [
{
"ad_groups": [
"string"
],
"ad_users": [
"string"
],
"created_time_stamp": "string",
"description": "string",
"detection_severity": "informational",
"enable_printer_egress": boolean,
"enable_usb_devices": boolean,
"enable_web_locations": boolean,
"id": "string",
"modified_time_stamp": "string",
"notify_end_user": boolean,
"response_action": "allow",
"trigger_detection": boolean,
"user_scope": "all",
"web_locations": [
"string"
],
"web_locations_scope": "all"
}
],
"sensitivity_labels": [
"string"
],
"web_sources": [
"string"
]
},
"name": "string"
}
]
}
response = falcon.command("entities_classification_post_v2",
body=BODY
)
print(response)Back to Table of Contents
Update classifications
update_classifications
| Method | Route |
|---|---|
 |
/data-protection/entities/classifications/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| classification_properties | |
|
body | dictionary | The properties of the new classification. |
| name | |
|
body | string | The name of the new classification. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
classification_properties = {
"content_patterns": ["string"],
"evidence_duplication_enabled": boolean,
"file_types": ["string"],
"protection_mode": "monitor",
"rules": [
{
"ad_groups": ["string"],
"ad_users": ["string"],
"created_time_stamp": "string",
"description": "string",
"detection_severity": "informational",
"enable_printer_egress": boolean,
"enable_usb_devices": boolean,
"enable_web_locations": boolean,
"id": "string",
"modified_time_stamp": "string",
"notify_end_user": boolean,
"response_action": "allow",
"trigger_detection": boolean,
"user_scope": "all",
"web_locations": ["string"],
"web_locations_scope": "all"
}
],
"sensitivity_labels": ["string"],
"web_sources": ["string"]
}
response = falcon.update_classifications(classification_properties=classification_properties,
name="string"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
classification_properties = {
"content_patterns": ["string"],
"evidence_duplication_enabled": boolean,
"file_types": ["string"],
"protection_mode": "monitor",
"rules": [
{
"ad_groups": ["string"],
"ad_users": ["string"],
"created_time_stamp": "string",
"description": "string",
"detection_severity": "informational",
"enable_printer_egress": boolean,
"enable_usb_devices": boolean,
"enable_web_locations": boolean,
"id": "string",
"modified_time_stamp": "string",
"notify_end_user": boolean,
"response_action": "allow",
"trigger_detection": boolean,
"user_scope": "all",
"web_locations": ["string"],
"web_locations_scope": "all"
}
],
"sensitivity_labels": ["string"],
"web_sources": ["string"]
}
response = falcon.entities_classification_patch_v2(classification_properties=classification_properties,
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"classification_properties": {
"content_patterns": [
"string"
],
"evidence_duplication_enabled": boolean,
"file_types": [
"string"
],
"protection_mode": "monitor",
"rules": [
{
"ad_groups": [
"string"
],
"ad_users": [
"string"
],
"created_time_stamp": "string",
"description": "string",
"detection_severity": "informational",
"enable_printer_egress": boolean,
"enable_usb_devices": boolean,
"enable_web_locations": boolean,
"id": "string",
"modified_time_stamp": "string",
"notify_end_user": boolean,
"response_action": "allow",
"trigger_detection": boolean,
"user_scope": "all",
"web_locations": [
"string"
],
"web_locations_scope": "all"
}
],
"sensitivity_labels": [
"string"
],
"web_sources": [
"string"
]
},
"name": "string"
}
]
}
response = falcon.command("entities_classification_patch_v2",
body=BODY
)
print(response)Back to Table of Contents
Deletes classifications that match the provided ids
delete_classification
| Method | Route |
|---|---|
 |
/data-protection/entities/classifications/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | list of strings | IDs of the classifications to delete |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_classification(ids=['string', 'string'])
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_classification_delete_v2(ids=['string', 'string'])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_classification_delete_v2",
ids=['string', 'string']
)
print(response)Back to Table of Contents
Get a particular cloud-application
get_cloud_application
| Method | Route |
|---|---|
|
/data-protection/entities/cloud-applications/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | list of strings | The cloud application id(s) to get. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_cloud_application(ids=['string', 'string'])
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_cloud_application_get(ids=['string', 'string'])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_cloud_application_get",
ids=['string', 'string']
)
print(response)Back to Table of Contents
Persist the given cloud application for the provided entity instance
create_cloud_application
| Method | Route |
|---|---|
|
/data-protection/entities/cloud-applications/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| description | |
|
body | string | The description of the cloud application. |
| name | |
|
body | string | The name of the cloud application. |
| urls | |
|
body | list of dictionaries | The fields contain the FQDN and the path. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_cloud_application(description="string",
name="string",
urls=[
{
"fqdn": "string",
"path": "string"
}
]
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_cloud_application_create(description="string",
name="string",
urls=[
{
"fqdn": "string",
"path": "string"
}
]
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "string",
"name": "string",
"urls": [
{
"fqdn": "string",
"path": "string"
}
]
}
response = falcon.command("entities_cloud_application_create",
body=BODY
)
print(response)Back to Table of Contents
Update a cloud application.
update_cloud_application
| Method | Route |
|---|---|
|
/data-protection/entities/cloud-applications/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | |
|
query | string | The cloud app id to update. |
| body | |
|
body | dictionary | Full body payload in JSON format |
| description | |
|
body | string | The description of the cloud application. |
| name | |
|
body | string | The name of the cloud application. |
| urls | |
|
body | list of dictionaries | The fields contain the FQDN and the path. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_cloud_application(id="app_id_here",
description="Updated cloud application description",
name="Updated Cloud App Name",
urls=[
{
"fqdn": "updated-app.example.com",
"path": "/updated-path"
}
]
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_cloud_application_patch(id="app_id_here",
description="Updated cloud application description",
name="Updated Cloud App Name",
urls=[
{
"fqdn": "updated-app.example.com",
"path": "/updated-path"
}
]
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "Updated cloud application description",
"name": "Updated Cloud App Name",
"urls": [
{
"fqdn": "updated-app.example.com",
"path": "/updated-path"
}
]
}
response = falcon.command("entities_cloud_application_patch",
id="app_id_here",
body=BODY
)
print(response)Back to Table of Contents
Delete cloud application.
delete_cloud_application
| Method | Route |
|---|---|
|
/data-protection/entities/cloud-applications/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The id of the cloud application to delete. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_cloud_application(ids=id_list)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_cloud_application_delete(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_cloud_application_delete", ids=id_list)
print(response)Back to Table of Contents
Get a particular content-pattern(s).
get_content_pattern
| Method | Route |
|---|---|
|
/data-protection/entities/content-patterns/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The content-pattern id(s) to get. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_content_pattern(ids=['string', 'string'])
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_content_pattern_get(ids=['string', 'string'])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_content_pattern_get",
ids=['string', 'string']
)
print(response)Back to Table of Contents
Persist the given content pattern for the provided entity instance.
create_content_pattern
| Method | Route |
|---|---|
|
/data-protection/entities/content-patterns/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| category | |
|
body | string | The content pattern category. |
| description | |
|
body | string | The description of the content pattern. |
| example | |
|
body | string | The new content pattern demonstration. |
| min_match_threshold | |
|
body | integer | Integer. |
| name | |
|
body | string | The name of the new content pattern. |
| regexes | |
|
body | list of strings | List of strings. |
| region | |
|
body | string | The region for the content pattern. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_content_pattern(category="pii",
description="Social Security Number pattern",
example="123-45-6789",
min_match_threshold=integer,
name="SSN Pattern",
regexes=[
"\\b\\d{3}-\\d{2}-\\d{4}\\b"
],
region="us"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_content_pattern_create(category="pii",
description="Social Security Number pattern",
example="123-45-6789",
min_match_threshold=integer,
name="SSN Pattern",
regexes=[
"\\b\\d{3}-\\d{2}-\\d{4}\\b"
],
region="us"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"category": "pii",
"description": "Social Security Number pattern",
"example": "123-45-6789",
"min_match_threshold": 3,
"name": "SSN Pattern",
"regexes": [
"\\b\\d{3}-\\d{2}-\\d{4}\\b"
],
"region": "us"
}
response = falcon.command("entities_content_pattern_create", body=BODY)
print(response)Back to Table of Contents
Update a content pattern.
update_content_pattern
| Method | Route |
|---|---|
|
/data-protection/entities/content-patterns/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | |
|
query | string | The id of the content pattern to patch. |
| body | |
|
body | dictionary | Full body payload in JSON format |
| category | |
|
body | string | The content pattern category. |
| description | |
|
body | string | The description of the content pattern. |
| example | |
|
body | string | The new content pattern demonstration. |
| min_match_threshold | |
|
body | integer | Integer. |
| name | |
|
body | string | The name of the new content pattern. |
| regexes | |
|
body | list of strings | List of strings. |
| region | |
|
body | string | The region for the content pattern. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_content_pattern(id="pattern_id_here",
category="financial",
description="Updated credit card pattern",
example="4123-4567-8901-2345",
min_match_threshold=integer,
name="Updated CC Pattern",
regexes=[
"\\b\\d{4}-\\d{4}-\\d{4}-\\d{4}\\b"
],
region="global"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_content_pattern_patch(id="pattern_id_here",
category="financial",
description="Updated credit card pattern",
example="4123-4567-8901-2345",
min_match_threshold=integer,
name="Updated CC Pattern",
regexes=[
"\\b\\d{4}-\\d{4}-\\d{4}-\\d{4}\\b"
],
region="global"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"category": "financial",
"description": "Updated credit card pattern",
"example": "4123-4567-8901-2345",
"min_match_threshold": 2,
"name": "Updated CC Pattern",
"regexes": [
"\\b\\d{4}-\\d{4}-\\d{4}-\\d{4}\\b"
],
"region": "global"
}
response = falcon.command("entities_content_pattern_patch",
id="pattern_id_here",
body=BODY
)
print(response)Back to Table of Contents
Delete content pattern.
delete_content_pattern
| Method | Route |
|---|---|
|
/data-protection/entities/content-patterns/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The id(s) of the content pattern to delete. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_content_pattern(ids=id_list)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_content_pattern_delete(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_content_pattern_delete", ids=id_list)
print(response)Back to Table of Contents
Update Policy Precedence.
update_policy_precedence
| Method | Route |
|---|---|
|
/data-protection/entities/data-protection-precedence/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| platform | |
|
body | string | The platform for the policy precedence update (e.g., 'win' or 'mac'). |
| precedence | |
|
body | list of strings | Ordered list of policy IDs defining the precedence order. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_policy_precedence(platform="win",
precedence=["policy_id_1", "policy_id_2"]
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_policy_precedence_post_v1(platform="win",
precedence=["policy_id_1", "policy_id_2"]
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_policy_precedence_post_v1",
body={
"resources": [
{
"platform": "win",
"precedence": [
"policy_id_1",
"policy_id_2"
]
}
]
})
print(response)Back to Table of Contents
Get a particular enterprise-account(s).
get_enterprise_account
| Method | Route |
|---|---|
|
/data-protection/entities/enterprise-accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The enterprise-account id(s) to get. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_enterprise_account(ids=['string', 'string'])
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_enterprise_account_get(ids=['string', 'string'])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_enterprise_account_get",
ids=['string', 'string']
)
print(response)Back to Table of Contents
Persist the given enterprise account for the provided entity instance.
create_enterprise_account
| Method | Route |
|---|---|
|
/data-protection/entities/enterprise-accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| application_group_id | |
|
body | string | String. |
| domains | |
|
body | list of strings | List of strings. |
| name | |
|
body | string | The name of the enterprise account. |
| plugin_config_id | |
|
body | string | String. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_enterprise_account(application_group_id="app_group_123",
domains=[
"example.com",
"subdomain.example.com"
],
name="Enterprise Account Name",
plugin_config_id="plugin_config_456"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_enterprise_account_create(application_group_id="app_group_123",
domains=[
"example.com",
"subdomain.example.com"
],
name="Enterprise Account Name",
plugin_config_id="plugin_config_456"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"application_group_id": "app_group_123",
"domains": [
"example.com",
"subdomain.example.com"
],
"name": "Enterprise Account Name",
"plugin_config_id": "plugin_config_456"
}
response = falcon.command("entities_enterprise_account_create", body=BODY)
print(response)Back to Table of Contents
Update a enterprise account.
update_enterprise_account
| Method | Route |
|---|---|
|
/data-protection/entities/enterprise-accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | |
|
query | string | The id of the enterprise account to update. |
| body | |
|
body | dictionary | Full body payload in JSON format |
| application_group_id | |
|
body | string | String. |
| domains | |
|
body | list of strings | List of strings. |
| name | |
|
body | string | The name of the enterprise account. |
| plugin_config_id | |
|
body | string | String. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_enterprise_account(id="enterprise_account_id",
application_group_id="updated_app_group_123",
domains=[
"newdomain.com",
"updated.example.com"
],
name="Updated Enterprise Account Name",
plugin_config_id="updated_plugin_config_456"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_enterprise_account_patch(id="enterprise_account_id",
application_group_id="updated_app_group_123",
domains=[
"newdomain.com",
"updated.example.com"
],
name="Updated Enterprise Account Name",
plugin_config_id="updated_plugin_config_456"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"application_group_id": "updated_app_group_123",
"domains": [
"newdomain.com",
"updated.example.com"
],
"id": "enterprise_account_id",
"name": "Updated Enterprise Account Name",
"plugin_config_id": "updated_plugin_config_456"
}
response = falcon.command("entities_enterprise_account_patch",
id="enterprise_account_id",
body=BODY
)
print(response)Back to Table of Contents
Delete enterprise account.
delete_enterprise_account
| Method | Route |
|---|---|
|
/data-protection/entities/enterprise-accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The id of the enterprise account to delete. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_enterprise_account(ids=id_list)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_enterprise_account_delete(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_enterprise_account_delete", ids=id_list)
print(response)Back to Table of Contents
Get a particular file-type.
get_file_type
| Method | Route |
|---|---|
|
/data-protection/entities/file-types/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The file-type id(s) to get. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_file_type(ids=['string', 'string'])
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_file_type_get(ids=['string', 'string'])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_file_type_get",
ids=['string', 'string']
)
print(response)Back to Table of Contents
Get sensitivity label matching the IDs (V2).
get_sensitivity_label
| Method | Route |
|---|---|
|
/data-protection/entities/labels/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The sensitivity label entity id(s) to get. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_sensitivity_label(ids=['string', 'string'])
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_sensitivity_label_get_v2(ids=['string', 'string'])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_sensitivity_label_get_v2",
ids=['string', 'string']
)
print(response)Back to Table of Contents
Create new sensitivity label (V2).
create_sensitivity_label
| Method | Route |
|---|---|
|
/data-protection/entities/labels/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| co_authoring | |
|
body | boolean | Boolean. |
| display_name | |
|
body | string | String. |
| external_id | |
|
body | string | String. |
| label_provider | |
|
body | string | String. |
| name | |
|
body | string | The name of the new sensitivity label. |
| plugins_configuration_id | |
|
body | string | String. |
| synced | |
|
body | boolean | Boolean. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_sensitivity_label(co_authoring=boolean,
display_name="Confidential Label",
external_id="ext_id_123",
label_provider="Microsoft",
name="Confidential",
plugins_configuration_id="plugin_config_789",
synced=boolean
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_sensitivity_label_create_v2(co_authoring=boolean,
display_name="Confidential Label",
external_id="ext_id_123",
label_provider="Microsoft",
name="Confidential",
plugins_configuration_id="plugin_config_789",
synced=boolean
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"co_authoring": boolean,
"display_name": "Confidential Label",
"external_id": "ext_id_123",
"label_provider": "Microsoft",
"name": "Confidential",
"plugins_configuration_id": "plugin_config_789",
"synced": boolean
}
response = falcon.command("entities_sensitivity_label_create_v2", body=BODY)
print(response)Back to Table of Contents
Delete sensitivity labels matching the IDs (V2).
delete_sensitivity_label
| Method | Route |
|---|---|
|
/data-protection/entities/labels/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The sensitivity label entity id(s) to delete. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_sensitivity_label(ids=id_list)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_sensitivity_label_delete_v2(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_sensitivity_label_delete_v2", ids=id_list)
print(response)Back to Table of Contents
Get particular local application groups.
get_local_application_group
| Method | Route |
|---|---|
|
/data-protection/entities/local-application-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | list of strings | The local application group id(s) to get. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_local_application_group(ids=['string', 'string'])
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_local_application_group_get(ids=['string', 'string'])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_local_application_group_get",
ids=['string', 'string']
)
print(response)Back to Table of Contents
Persist the given local application group for the provided entity instance.
create_local_application_group
| Method | Route |
|---|---|
|
/data-protection/entities/local-application-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| description | |
|
body | string | The description of the local application group. |
| local_application_ids | |
|
body | list of strings | List of local application IDs to include in the group. |
| name | |
|
body | string | The name of the local application group. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_local_application_group(description="string",
local_application_ids=["string"],
name="string"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_local_application_group_create(description="string",
local_application_ids=["string"],
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "string",
"local_application_ids": [
"string"
],
"name": "string"
}
response = falcon.command("entities_local_application_group_create",
body=BODY
)
print(response)Back to Table of Contents
Update a local application group.
update_local_application_group
| Method | Route |
|---|---|
|
/data-protection/entities/local-application-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | |
|
query | string | The local app id to update. |
| body | |
|
body | dictionary | Full body payload in JSON format. |
| description | |
|
body | string | The description of the local application group. |
| local_application_ids | |
|
body | list of strings | List of local application IDs to include in the group. |
| name | |
|
body | string | The name of the local application group. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_local_application_group(id="string",
description="string",
local_application_ids=["string"],
name="string"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_local_application_group_patch(id="string",
description="string",
local_application_ids=["string"],
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "string",
"local_application_ids": [
"string"
],
"name": "string"
}
response = falcon.command("entities_local_application_group_patch",
id="string",
body=BODY
)
print(response)Back to Table of Contents
Soft Delete local application. The application won't be visible anymore, but will still be in the database.
delete_local_application_group
| Method | Route |
|---|---|
|
/data-protection/entities/local-application-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | list of strings | The id of the local application group to delete. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_local_application_group(ids=id_list)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_local_application_group_delete(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_local_application_group_delete", ids=id_list)
print(response)Back to Table of Contents
Get a particular local application.
get_local_application
| Method | Route |
|---|---|
|
/data-protection/entities/local-applications/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | list of strings | The local application id(s) to get. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_local_application(ids=['string', 'string'])
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_local_application_get(ids=['string', 'string'])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_local_application_get",
ids=['string', 'string']
)
print(response)Back to Table of Contents
Persist the given local application for the provided entity instance.
create_local_application
| Method | Route |
|---|---|
|
/data-protection/entities/local-applications/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format. |
| apply_rules_for_children_processes | |
|
body | boolean | Whether to apply rules for children processes of this application. |
| executable_name | |
|
body | string | The executable name of the local application. |
| group_ids | |
|
body | list of strings | List of group IDs to associate with this local application. |
| name | |
|
body | string | The name of the local application. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_local_application(apply_rules_for_children_processes=boolean,
executable_name="string",
group_ids=["string"],
name="string"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_local_application_create(apply_rules_for_children_processes=boolean,
executable_name="string",
group_ids=["string"],
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"apply_rules_for_children_processes": boolean,
"executable_name": "string",
"group_ids": [
"string"
],
"name": "string"
}
response = falcon.command("entities_local_application_create",
body=BODY
)
print(response)Back to Table of Contents
Update a local application.
update_local_application
| Method | Route |
|---|---|
|
/data-protection/entities/local-applications/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | |
|
query | string | The local app id to update. |
| body | |
|
body | dictionary | Full body payload in JSON format. |
| apply_rules_for_children_processes | |
|
body | boolean | Whether to apply rules for children processes of this application. |
| executable_name | |
|
body | string | The executable name of the local application. |
| group_ids | |
|
body | list of strings | List of group IDs to associate with this local application. |
| name | |
|
body | string | The name of the local application. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_local_application(id="string",
apply_rules_for_children_processes=boolean,
executable_name="string",
group_ids=["string"],
name="string"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_local_application_patch(id="string",
apply_rules_for_children_processes=boolean,
executable_name="string",
group_ids=["string"],
name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"apply_rules_for_children_processes": boolean,
"executable_name": "string",
"group_ids": [
"string"
],
"name": "string"
}
response = falcon.command("entities_local_application_patch",
id="string",
body=BODY
)
print(response)Back to Table of Contents
Soft Delete local application. The application wont be visible anymore, but will still be in the database.
delete_local_application
| Method | Route |
|---|---|
|
/data-protection/entities/local-applications/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | list of strings | The id of the local application to delete. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_local_application(ids=id_list)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_local_application_delete(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_local_application_delete", ids=id_list)
print(response)Back to Table of Contents
Get policies that match the provided ids.
get_policies
| Method | Route |
|---|---|
|
/data-protection/entities/policies/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | IDs of the policies to get. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_policies(ids=['string', 'string'])
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_policy_get_v2(ids=['string', 'string'])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_policy_get_v2",
ids=['string', 'string']
)
print(response)Back to Table of Contents
Create policies.
create_policy
| Method | Route |
|---|---|
|
/data-protection/entities/policies/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| platform_name | |
|
query | string | platform name of the policies to update, either 'win' or 'mac'. |
| body | |
|
body | dictionary | Full body payload in JSON format |
| description | |
|
body | string | The description of the new policy. |
| name | |
|
body | string | The name of the new policy. |
| policy_properties | |
|
body | dictionary | The properties of the new policy. |
| precedence | |
|
body | integer | The order of precedence. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_policy(platform_name="win",
description="Data protection policy for Windows endpoints",
name="Windows DLP Policy",
policy_properties={
"allow_notifications": "default",
"be_exclude_domains": "example.com",
"be_paste_clipboard_max_size": 1048576,
"be_paste_clipboard_max_size_unit": "Bytes",
"be_paste_clipboard_min_size": integer,
"be_paste_clipboard_min_size_unit": "Bytes",
"be_paste_clipboard_over_size_behaviour_block": boolean,
"be_paste_timeout_duration_milliseconds": 5000,
"be_paste_timeout_response": "block",
"be_splash_custom_message": "Data protection policy enforced",
"be_splash_enabled": boolean,
"be_splash_message_source": "default",
"be_upload_timeout_duration_seconds": 30,
"be_upload_timeout_response": "block",
"block_all_data_access": boolean,
"block_notifications": "default",
"browsers_without_active_extension": "allow",
"classifications": [
"classification_id_here"
],
"custom_allow_notification": "Access allowed",
"custom_block_notification": "Access blocked",
"enable_clipboard_inspection": boolean,
"enable_content_inspection": boolean,
"enable_context_inspection": boolean,
"enable_end_user_notifications_unsupported_browser": boolean,
"enable_network_inspection": boolean,
"evidence_download_enabled": boolean,
"evidence_duplication_enabled_default": boolean,
"evidence_encrypted_enabled": boolean,
"evidence_storage_free_disk_perc": 10,
"evidence_storage_max_size": 1073741824,
"inspection_depth": "balanced",
"max_file_size_to_inspect": 10485760,
"max_file_size_to_inspect_unit": "Bytes",
"min_confidence_level": "medium",
"network_inspection_files_exceeding_size_limit": "block",
"similarity_detection": boolean,
"similarity_threshold": "10",
"unsupported_browsers_action": "allow"
},
precedence=1
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_policy_post_v2(platform_name="win",
description="Data protection policy for Windows endpoints",
name="Windows DLP Policy",
policy_properties={
"allow_notifications": "default",
"enable_content_inspection": boolean,
"enable_network_inspection": boolean,
"min_confidence_level": "medium"
},
precedence=1
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "Data protection policy for Windows endpoints",
"name": "Windows DLP Policy",
"policy_properties": {
"allow_notifications": "default",
"enable_content_inspection": boolean,
"enable_network_inspection": boolean,
"min_confidence_level": "medium"
},
"precedence": 1
}
]
}
response = falcon.command("entities_policy_post_v2",
platform_name="win",
body=BODY
)
print(response)Back to Table of Contents
Update policies.
update_policies
| Method | Route |
|---|---|
|
/data-protection/entities/policies/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| platform_name | |
|
query | string | platform name of the policies to update, either 'win' or 'mac'. |
| body | |
|
body | dictionary | Full body payload in JSON format |
| description | |
|
body | string | The description of the policy. |
| name | |
|
body | string | The name of the policy. |
| policy_properties | |
|
body | dictionary | The properties of the policy. |
| precedence | |
|
body | integer | The order of precedence. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_policies(platform_name="mac",
description="Updated data protection policy for Mac endpoints",
name="Updated Mac DLP Policy",
policy_properties={
"allow_notifications": "custom",
"custom_allow_notification": "Updated: Access granted",
"custom_block_notification": "Updated: Access denied",
"enable_content_inspection": boolean,
"enable_network_inspection": boolean,
"enable_clipboard_inspection": boolean,
"min_confidence_level": "high",
"max_file_size_to_inspect": 5242880,
"max_file_size_to_inspect_unit": "Bytes",
"evidence_download_enabled": boolean,
"evidence_encrypted_enabled": boolean,
"similarity_detection": boolean,
"similarity_threshold": "15"
},
precedence=integer,
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_policy_patch_v2(platform_name="mac",
description="Updated data protection policy for Mac endpoints",
name="Updated Mac DLP Policy",
policy_properties={
"allow_notifications": "custom",
"enable_content_inspection": boolean,
"enable_network_inspection": boolean,
"min_confidence_level": "high"
},
precedence=integer,
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "Updated data protection policy for Mac endpoints",
"name": "Updated Mac DLP Policy",
"policy_properties": {
"allow_notifications": "custom",
"enable_content_inspection": boolean,
"enable_network_inspection": boolean,
"min_confidence_level": "high"
},
"precedence": 2
}
]
}
response = falcon.command("entities_policy_patch_v2",
platform_name="mac",
body=BODY
)
print(response)Back to Table of Contents
Delete policies that match the provided ids.
delete_policies
| Method | Route |
|---|---|
|
/data-protection/entities/policies/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | IDs of the policies to delete. |
| platform_name | |
|
query | string | platform name of the policies to update, either 'win' or 'mac'. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_policies(ids=id_list, platform_name="win")
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_policy_delete_v2(ids=id_list, platform_name="win")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_policy_delete_v2",
ids=id_list,
platform_name="win")
print(response)Back to Table of Contents
Get web-location entities matching the provided ID(s).
get_web_location
| Method | Route |
|---|---|
|
/data-protection/entities/web-locations/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The web-location entity id(s) to get. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_web_location(ids=['string', 'string'])
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_web_location_get_v2(ids=['string', 'string'])
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_web_location_get_v2",
ids=['string', 'string']
)
print(response)Back to Table of Contents
Persist the given web-locations.
create_web_location
| Method | Route |
|---|---|
|
/data-protection/entities/web-locations/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
|
body | dictionary | Full body payload in JSON format |
| application_id | |
|
body | string | The ID of the application. |
| deleted | |
|
body | boolean | Flag indicating if this location is deleted. |
| enterprise_account_id | |
|
body | string | Associated enterprise account ID. |
| location_type | |
|
body | string | Location type. |
| name | |
|
body | string | Location name. |
| provider_location_id | |
|
body | string | Provider location ID. |
| provider_location_name | |
|
body | string | Provider location name. |
| type | |
|
body | string | Type. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_web_location(application_id="app_123",
deleted=boolean,
enterprise_account_id="enterprise_456",
location_type="custom",
name="SharePoint Site",
provider_location_id="site_789",
provider_location_name="Corporate SharePoint",
type="sharepoint"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_web_location_create_v2(application_id="app_123",
deleted=boolean,
enterprise_account_id="enterprise_456",
location_type="custom",
name="SharePoint Site",
provider_location_id="site_789",
provider_location_name="Corporate SharePoint",
type="sharepoint"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"web_locations": [
{
"application_id": "app_123",
"deleted": boolean,
"enterprise_account_id": "enterprise_456",
"location_type": "custom",
"name": "SharePoint Site",
"provider_location_id": "site_789",
"provider_location_name": "Corporate SharePoint",
"type": "sharepoint"
}
]
}
response = falcon.command("entities_web_location_create_v2", body=BODY)
print(response)Back to Table of Contents
Update a web-location.
update_web_location
| Method | Route |
|---|---|
|
/data-protection/entities/web-locations/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | |
|
query | string | The web-location entity ID to update. |
| body | |
|
body | dictionary | Full body payload in JSON format |
| application_id | |
|
body | string | The ID of the application. |
| deleted | |
|
body | boolean | Flag indicating if this location is deleted. |
| enterprise_account_id | |
|
body | string | Associated enterprise account ID. |
| location_type | |
|
body | string | Location type. |
| name | |
|
body | string | Location name. |
| provider_location_id | |
|
body | string | Provider location ID. |
| provider_location_name | |
|
body | string | Provider location name. |
| type | |
|
body | string | Type. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_web_location(id="string",
application_id="app_123",
deleted=boolean,
enterprise_account_id="updated_enterprise_456",
location_type="predefined",
name="Updated SharePoint Site",
provider_location_id="updated_site_789",
provider_location_name="Updated Corporate SharePoint",
type="sharepoint"
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_web_location_patch_v2(id="string",
application_id="app_123",
deleted=boolean,
enterprise_account_id="updated_enterprise_456",
location_type="predefined",
name="Updated SharePoint Site",
provider_location_id="updated_site_789",
provider_location_name="Updated Corporate SharePoint",
type="sharepoint"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"web_locations": [
{
"application_id": "app_123",
"deleted": boolean,
"enterprise_account_id": "updated_enterprise_456",
"location_type": "predefined",
"name": "Updated SharePoint Site",
"provider_location_id": "updated_site_789",
"provider_location_name": "Updated Corporate SharePoint",
"type": "sharepoint"
}
]
}
response = falcon.command("entities_web_location_patch_v2",
id="string",
body=BODY
)
print(response)Back to Table of Contents
Delete web-location.
delete_web_location
| Method | Route |
|---|---|
|
/data-protection/entities/web-locations/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | The IDs of the web-location to delete. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_web_location(ids=id_list)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_web_location_delete_v2(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_web_location_delete_v2", ids=id_list)Back to Table of Contents
Search for classifications that match the provided criteria.
query_classifications
| Method | Route |
|---|---|
|
/data-protection/queries/classifications/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Filter results by specific attributes. Allowed attributes are: name, created_at, modified_at, properties.content_patterns, properties.content_patterns_operator, properties.file_types, properties.sensitivity_labels, created_by, modified_by, properties.evidence_duplication_enabled, properties.protection_mode, properties.web_sources. |
| sort | |
|
query | string | The property to sort by. Allowed fields are: name, created_at, modified_at. |
| limit | |
|
query | integer | The maximum records to return. [maximum: 500, minimum: integer, default: 100] |
| offset | |
|
query | integer | The offset to start retrieving records from. [maximum: 10000, minimum: integer] |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_classifications(filter="string",
sort="name.asc",
limit=integer,
offset=integer
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_classification_get_v2(filter="string",
sort="name.asc",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_classification_get_v2",
filter="string",
sort="name.asc",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Get all cloud-application IDs matching the query with filter.
query_cloud_applications
| Method | Route |
|---|---|
|
/data-protection/queries/cloud-applications/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Optional filter for searching cloud applications. |
| sort | |
|
query | string | The sort instructions to order by on. |
| limit | |
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| offset | |
|
query | integer | The offset to start retrieving records from. Use with the limit parameter to manage pagination of results. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_cloud_applications(filter="name:'*sharepoint*'",
sort="name.asc",
limit=integer,
offset=integer
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_cloud_application_get_v2(filter="name:'*sharepoint*'",
sort="name.asc",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_cloud_application_get_v2",
filter="name:'*sharepoint*'",
sort="name.asc",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Get all content-pattern IDs matching the query with filter.
query_content_patterns
| Method | Route |
|---|---|
|
/data-protection/queries/content-patterns/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter to use when finding content patterns. |
| sort | |
|
query | string | The sort instructions to order by on. |
| limit | |
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| offset | |
|
query | integer | The offset to start retrieving records from. Use with the limit parameter to manage pagination of results. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_content_patterns(filter="category:'pii'",
sort="created_at.desc",
limit=50
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_content_pattern_get_v2(filter="category:'pii'",
sort="created_at.desc",
limit=50
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_content_pattern_get_v2",
filter="category:'pii'",
sort="created_at.desc",
limit=50
)
print(response)Back to Table of Contents
Get all enterprise-account IDs matching the query with filter.
query_enterprise_accounts
| Method | Route |
|---|---|
|
/data-protection/queries/enterprise-accounts/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter to use when finding enterprise accounts. |
| sort | |
|
query | string | The sort instructions to order by on. |
| limit | |
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| offset | |
|
query | integer | The offset to start retrieving records from. Use with the limit parameter to manage pagination of results. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_enterprise_accounts(filter="name:'*corporate*'",
sort="created_at.desc",
limit=integer,
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_enterprise_account_get_v2(filter="name:'*corporate*'",
sort="created_at.desc",
limit=integer,
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_enterprise_account_get_v2",
filter="name:'*corporate*'",
sort="created_at.desc",
limit=integer,
)
print(response)Back to Table of Contents
Get all file-type IDs matching the query with filter.
query_file_type
| Method | Route |
|---|---|
|
/data-protection/queries/file-types/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter to use when finding file types. |
| sort | |
|
query | string | The sort instructions to order by on. |
| limit | |
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| offset | |
|
query | integer | The offset to start retrieving records from. Use with the limit parameter to manage pagination of results. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_file_type(filter="name:'*.pdf'",
sort="name.asc",
limit=integer
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_file_type_get_v2(filter="name:'*.pdf'",
sort="name.asc",
limit=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_file_type_get_v2",
filter="name:'*.pdf'",
sort="name.asc",
limit=integer
)
print(response)Back to Table of Contents
Get all sensitivity label IDs matching the query with filter.
query_sensitivity_label
| Method | Route |
|---|---|
|
/data-protection/queries/labels/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter to use when finding sensitivity labels. |
| sort | |
|
query | string | The sort instructions to order by on. |
| limit | |
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| offset | |
|
query | integer | The offset to start retrieving records from. Use with the limit parameter to manage pagination of results. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_sensitivity_label(filter="display_name:'*confidential*'",
sort="display_name.asc",
limit=integer
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_sensitivity_label_get_v2(filter="display_name:'*confidential*'",
sort="display_name.asc",
limit=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_sensitivity_label_get_v2",
filter="display_name:'*confidential*'",
sort="display_name.asc",
limit=integer
)
print(response)Back to Table of Contents
Get all local application group IDs matching the query with filter.
query_local_application_groups
| Method | Route |
|---|---|
|
/data-protection/queries/local-application-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Optional filter for searching local application groups. Allowed filters are: name (string), is_deleted (boolean), platform (string), created_at and updated_at. |
| limit | |
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| offset | |
|
query | integer | The offset to start retrieving records from. Use with the limit parameter to manage pagination of results. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_local_application_groups(filter="name:'*group*'",
limit=integer,
offset=integer
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_local_application_group_get(filter="name:'*group*'",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_local_application_group_get",
filter="name:'*group*'",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Get all local-application IDs matching the query with filter.
query_local_applications
| Method | Route |
|---|---|
|
/data-protection/queries/local-applications/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Optional filter for searching local applications. Allowed filters are: name (string), is_deleted (boolean), created_at and updated_at. |
| limit | |
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| offset | |
|
query | integer | The offset to start retrieving records from. Use with the limit parameter to manage pagination of results. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_local_applications(filter="name:'*app*'",
limit=integer,
offset=integer
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_local_application_get(filter="name:'*app*'",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_local_application_get",
filter="name:'*app*'",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Search for policies that match the provided criteria.
query_policies
| Method | Route |
|---|---|
|
/data-protection/queries/policies/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| platform_name | |
|
query | string | platform name of the policies to search, either 'win' or 'mac'. |
| filter | |
|
query | string | Filter results by specific attributes. Allowed attributes are: name, properties.enable_content_inspection, properties.be_exclude_domains, properties.be_upload_timeout_response, properties.be_paste_clipboard_max_size, properties.evidence_storage_max_size, precedence, created_at, modified_at, properties.similarity_threshold, properties.enable_clipboard_inspection, properties.evidence_encrypted_enabled, properties.enable_network_inspection, properties.besplash_message_source, properties.min_confidence_level, properties.unsupported_browsers_action, properties.similarity_detection, properties.classifications, properties.besplash_enabled, properties.be_paste_timeout_response, properties.be_paste_clipboard_min_size_unit, properties.be_paste_clipboard_over_size_behaviour_block, properties.browsers_without_active_extension, description, is_enabled, created_by, properties.max_file_size_to_inspect_unit, properties.block_all_data_access, properties.be_paste_timeout_duration_milliseconds, properties.be_paste_clipboard_min_size, is_default, modified_by, properties.enable_context_inspection, properties.inspection_depth, properties.evidence_download_enabled, properties.besplash_custom_message, properties.be_upload_timeout_duration_seconds, properties.enable_end_user_notifications_unsupported_browser, properties.custom_allow_notification, properties.custom_block_notification, properties.be_paste_clipboard_max_size_unit, properties.evidence_storage_free_disk_perc, properties.max_file_size_to_inspect, properties.allow_notifications, properties.block_notifications, properties.evidence_duplication_enabled_default, properties.network_inspection_files_exceeding_size_limit. |
| offset | |
|
query | integer | The offset to start retrieving records from. [maximum: 10000, minimum: integer] |
| limit | |
|
query | integer | The maximum records to return. [maximum: 500, minimum: integer, default: 100] |
| sort | |
|
query | string | The property to sort by. Allowed fields are: modified_at, name, precedence, created_at. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_policies(platform_name="win",
filter="name:'*production*'",
sort="precedence.asc",
limit=50
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_policy_get_v2(platform_name="win",
filter="name:'*production*'",
sort="precedence.asc",
limit=50
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_policy_get_v2",
platform_name="win",
filter="name:'*production*'",
sort="precedence.asc",
limit=50
)
print(response)Back to Table of Contents
Get web-location IDs matching the query with filter.
query_web_locations
| Method | Route |
|---|---|
|
/data-protection/queries/web-locations/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | The filter to use when finding web locations. |
| type | |
|
query | string | The type of entity to query. Allowed values are: predefined, custom. |
| limit | |
|
query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| offset | |
|
query | integer | The offset to start retrieving records from. Use with the limit parameter to manage pagination of results. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_web_locations(filter="name:'*sharepoint*'",
type="predefined",
limit=integer,
offset=integer
)
print(response)from falconpy import DataProtectionConfiguration
# Do not hardcode API credentials!
falcon = DataProtectionConfiguration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_web_location_get_v2(filter="name:'*sharepoint*'",
type="predefined",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_web_location_get_v2",
filter="name:'*sharepoint*'",
type="predefined",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
