SaaS Security - jshcodes/falconpy GitHub Wiki
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Dismiss affected entity for a security check.
dismiss_affected_entity
| Method | Route |
|---|---|
 |
/saas-security/entities/check-dismiss-affected/v3 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
 |
 |
body | dictionary | Full body payload in JSON format. Not required if using other keywords. |
| entities |
|
 |
body | string | Entities. |
| id |
|
|
query | string | Security Check ID. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
| reason |
|
|
body | string | Reason for dismiss. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.dismiss_affected_entity(entities="string",
id="string",
reason="string"
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DismissAffectedEntityV3(entities="string",
id="string",
reason="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"entities": "string",
"reason": "string"
}
response = falcon.command("DismissAffectedEntityV3",
body=body_payload,
id="string"
)
print(response)Back to Table of Contents
Dismiss security check by ID.
dismiss_security_check
| Method | Route |
|---|---|
|
/saas-security/entities/check-dismiss/v3 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. Not required if using other keywords. |
| id |
|
|
query | string | Security Check ID. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
| reason |
|
|
body | string | Reason for dismissal. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.dismiss_security_check(id="string",
reason="string"
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DismissSecurityCheckV3(id="string",
reason="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"reason": "string"
}
response = falcon.command("DismissSecurityCheckV3",
body=body_payload,
id="string"
)
print(response)Back to Table of Contents
Get activity monitor data for SaaS security monitoring.
get_activity_monitor
| Method | Route |
|---|---|
 |
/saas-security/entities/monitor/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| actor |
|
|
query | string | Actor. |
| category |
|
|
query | string | Comma separated list of categories. |
| from_date |
|
|
query | string | From Date. |
| integration_id |
|
|
query | string | Integration ID. |
| limit |
|
|
query | integer | Max number of logs to fetch. |
| projection |
|
|
query | string | Comma separated list of projections. |
| skip |
|
|
query | integer | Number of logs to skip. |
| to_date |
|
|
query | string | To Date. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_activity_monitor(integration_id="string",
actor="string",
category="string",
projection="string",
from_date="2023-01-01T00:00:00Z",
to_date="2023-01-31T23:59:59Z",
limit=integer,
skip=integer
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetActivityMonitorV3(integration_id="string",
actor="string",
category="string",
projection="string",
from_date="2023-01-01T00:00:00Z",
to_date="2023-01-31T23:59:59Z",
limit=integer,
skip=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetActivityMonitorV3",
integration_id="string",
actor="string",
category="string",
projection="string",
from_date="2023-01-01T00:00:00Z",
to_date="2023-01-31T23:59:59Z",
limit=integer,
skip=integer
)
print(response)Back to Table of Contents
Get alerts for SaaS security monitoring.
get_alerts
| Method | Route |
|---|---|
|
/saas-security/entities/alerts/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ascending |
|
|
query | boolean | Sort in ascending order. |
| from_date |
|
|
query | string | The start date of the alert you want to get (in YYYY-MM-DD format). |
| id |
|
|
query | string | Alert ID. |
| integration_id |
|
|
query | string | Comma separated list of integration ID's of the alert you want to get. |
| last_id |
|
|
query | string | The last id of the alert you want to get. |
| limit |
|
|
query | integer | The maximum number of objects to return. |
| offset |
|
|
query | integer | The starting index of the results. |
| to_date |
|
|
query | string | The end date of the alert you want to get (in YYYY-MM-DD format). |
| type |
|
|
query | string | The type of alert you want to get. Allowed values: configuration_drift, check_degraded, integration_failure, Threat. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_alerts(id="string",
limit=integer,
offset=integer,
last_id="string",
type="string",
integration_id="string",
from_date="string",
to_date="string",
ascending=boolean
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetAlertsV3(id="string",
limit=integer,
offset=integer,
last_id="string",
type="string",
integration_id="string",
from_date="string",
to_date="string",
ascending=boolean
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetAlertsV3",
id="string",
limit=integer,
offset=integer,
last_id="string",
type="string",
integration_id="string",
from_date="string",
to_date="string",
ascending=boolean
)
print(response)Back to Table of Contents
Get application inventory data.
get_application_inventory
| Method | Route |
|---|---|
|
/saas-security/entities/apps/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| access_level |
|
|
query | string | Comma separated list of access levels. |
| groups |
|
|
query | string | Comma separated list of groups. |
| integration_id |
|
|
query | string | Comma separated list of integration IDs. |
| last_activity |
|
|
query | string | Last activity was within or was not within the last 'value' days. Format: 'was value' or 'was not value' or 'value' (implies 'was value'). 'value' is an integer. |
| limit |
|
|
query | integer | The maximum number of objects to return. |
| offset |
|
|
query | integer | The starting index of the results. |
| scopes |
|
|
query | string | Comma separated list of scopes. |
| status |
|
|
query | string | Comma separated list of application statuses. Allowed values: approved, in review, rejected, unclassified. |
| type |
|
|
query | string | Comma separated list of app types. |
| users |
|
|
query | string | Users. Format: 'is equal value' or 'contains value' or 'value' (implies 'is equal value'). |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_application_inventory(type="string",
limit=integer,
offset=integer,
status="string",
access_level="string",
scopes="string",
users="string",
groups="string",
last_activity="string",
integration_id="string"
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetAppInventory(type="string",
limit=integer,
offset=integer,
status="string",
access_level="string",
scopes="string",
users="string",
groups="string",
last_activity="string",
integration_id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetAppInventory",
type="string",
limit=integer,
offset=integer,
status="string",
access_level="string",
scopes="string",
users="string",
groups="string",
last_activity="string",
integration_id="string"
)
print(response)Back to Table of Contents
Get application inventory users for a specific application.
get_application_users
| Method | Route |
|---|---|
|
/saas-security/entities/app-users/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| item_id |
|
|
query | string | Item ID in format: 'integration_id|||app_id' (item_id). |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_application_users(item_id="string")
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetAppInventoryUsers(item_id="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetAppInventoryUsers",
item_id="string"
)
print(response)Back to Table of Contents
Get data inventory from SaaS security monitoring.
get_asset_inventory
| Method | Route |
|---|---|
|
/saas-security/entities/data/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| access_level |
|
|
query | string | Comma separated list of access levels. |
| integration_id |
|
|
query | string | Comma separated list of integration IDs. |
| last_accessed |
|
|
query | string | Last accessed date was within or was not within the last 'value' days. Format: 'was value' or 'was not value' or 'value' (implies 'was value'). 'value' is an integer. |
| last_modified |
|
|
query | string | Last modified date was within or was not within the last 'value' days. Format: 'was value' or 'was not value' or 'value' (implies 'was value'). 'value' is an integer. |
| limit |
|
|
query | integer | The maximum number of objects to return. |
| offset |
|
|
query | integer | The starting index of the results. |
| password_protected |
|
|
query | boolean | Password protected. |
| resource_name |
|
|
query | string | Resource name contains 'value' (case insensitive). |
| resource_owner |
|
|
query | string | Resource owner contains 'value' (case insensitive). |
| resource_owner_enabled |
|
|
query | boolean | Resource owner enabled. |
| resource_type |
|
|
query | string | Comma separated list of resource types. |
| unmanaged_domain |
|
|
query | string | Comma separated list of unmanaged domains. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_asset_inventory(integration_id="string",
limit=integer,
offset=integer,
resource_type="string",
access_level="string",
last_accessed="string",
last_modified="string",
resource_name="string",
password_protected=boolean,
resource_owner="string",
resource_owner_enabled=boolean,
unmanaged_domain="string"
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetAssetInventoryV3(integration_id="string",
limit=integer,
offset=integer,
resource_type="string",
access_level="string",
last_accessed="string",
last_modified="string",
resource_name="string",
password_protected=boolean,
resource_owner="string",
resource_owner_enabled=boolean,
unmanaged_domain="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetAssetInventoryV3",
integration_id="string",
limit=integer,
offset=integer,
resource_type="string",
access_level="string",
last_accessed="string",
last_modified="string",
resource_name="string",
password_protected=boolean,
resource_owner="string",
resource_owner_enabled=boolean,
unmanaged_domain="string"
)
print(response)Back to Table of Contents
Get device inventory from SaaS security monitoring.
get_device_inventory
| Method | Route |
|---|---|
|
/saas-security/entities/devices/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
|
|
|
query | string | Email. | |
| integration_id |
|
|
query | string | Comma separated integration ID's. |
| limit |
|
|
query | integer | The maximum number of objects to return. |
| offset |
|
|
query | integer | The starting index of the results. |
| privileged_only |
|
|
query | boolean | Privileged Only. |
| unassociated_devices |
|
|
query | boolean | Unassociated Devices. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_device_inventory(integration_id="string",
limit=integer,
offset=integer,
email="string",
privileged_only=boolean,
unassociated_devices=boolean
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDeviceInventoryV3(integration_id="string",
limit=integer,
offset=integer,
email="string",
privileged_only=boolean,
unassociated_devices=boolean
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDeviceInventoryV3",
integration_id="string",
limit=integer,
offset=integer,
email="string",
privileged_only=boolean,
unassociated_devices=boolean
)
print(response)Back to Table of Contents
Get integrations configured for SaaS security monitoring.
get_integrations
| Method | Route |
|---|---|
|
/saas-security/entities/integrations/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| saas_id |
|
|
query | string | Comma separated SaaS ID's. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_integrations(saas_id="string")
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetIntegrationsV3(saas_id="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetIntegrationsV3",
saas_id="string"
)
print(response)Back to Table of Contents
Get metrics for SaaS security checks and exposures.
get_metrics
| Method | Route |
|---|---|
|
/saas-security/aggregates/check-metrics/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| check_type |
|
|
query | string | Check Type. Allowed values: apps, devices, users, assets, permissions, Falcon Shield Security Check, custom. |
| compliance |
|
|
query | boolean | Compliance. |
| impact |
|
|
query | string | Impact. Allowed values: 1, 2, 3. |
| integration_id |
|
|
query | string | Comma separated list of integration IDs. |
| limit |
|
|
query | integer | The maximum number of objects to return. |
| offset |
|
|
query | integer | The starting index of the results. |
| status |
|
|
query | string | Exposure status. Allowed values: Passed, Failed, Dismissed, Pending, Can't Run, Stale. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_metrics(status="string",
limit=integer,
offset=integer,
integration_id="string",
impact="string",
compliance=boolean,
check_type="string"
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetMetricsV3(status="string",
limit=integer,
offset=integer,
integration_id="string",
impact="string",
compliance=boolean,
check_type="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetMetricsV3",
status="string",
limit=integer,
offset=integer,
integration_id="string",
impact="string",
compliance=boolean,
check_type="string"
)
print(response)Back to Table of Contents
Get affected resources for security checks.
get_security_check
| Method | Route |
|---|---|
|
/saas-security/entities/check-affected/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |
|
|
query | string | Security Check ID. |
| limit |
|
|
query | integer | The maximum number of objects to return. |
| offset |
|
|
query | integer | The starting index of the results. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_security_check(id="string",
limit=integer,
offset=integer
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSecurityCheckAffectedV3(id="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSecurityCheckAffectedV3",
id="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Get security check compliance information.
get_security_check_compliance
| Method | Route |
|---|---|
|
/saas-security/entities/compliance/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |
|
|
query | string | Security Check ID. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_security_check_compliance(id="string")
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSecurityCheckComplianceV3(id="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSecurityCheckComplianceV3",
id="string"
)
print(response)Back to Table of Contents
Get security checks from SaaS security monitoring.
get_security_checks
| Method | Route |
|---|---|
|
/saas-security/entities/checks/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| check_tags |
|
|
query | string | Comma separated list of check tags names or ids. |
| check_type |
|
|
query | string | Check Type. Allowed values: apps, devices, users, assets, permissions, Falcon Shield Security Check, custom. |
| compliance |
|
|
query | boolean | Compliance. |
| id |
|
|
query | string | Security Check ID. |
| impact |
|
|
query | string | Impact. Allowed values: Low, Medium, High. |
| integration_id |
|
|
query | string | Comma separated list of integration IDs. |
| limit |
|
|
query | integer | The maximum number of objects to return. |
| offset |
|
|
query | integer | The starting index of the results. |
| status |
|
|
query | string | Exposure status. Allowed values: Passed, Failed, Dismissed, Pending, Can't Run, Stale. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_security_checks(id="string",
limit=integer,
offset=integer,
status="string",
integration_id="string",
impact="string",
compliance=boolean,
check_type="string",
check_tags="string"
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSecurityChecksV3(id="string",
limit=integer,
offset=integer,
status="string",
integration_id="string",
impact="string",
compliance=boolean,
check_type="string",
check_tags="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSecurityChecksV3",
id="string",
limit=integer,
offset=integer,
status="string",
integration_id="string",
impact="string",
compliance=boolean,
check_type="string",
check_tags="string"
)
print(response)Back to Table of Contents
Get supported SaaS applications for security monitoring.
get_supported_saas
| Method | Route |
|---|---|
|
/saas-security/entities/supported-saas/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_supported_saas()
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSupportedSaasV3()
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSupportedSaasV3")
print(response)Back to Table of Contents
Get system logs from SaaS security monitoring.
get_system_logs
| Method | Route |
|---|---|
|
/saas-security/entities/system-logs/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| from_date |
|
|
query | string | From Date (in YYYY-MM-DD format). |
| limit |
|
|
query | integer | The maximum number of objects to return. |
| offset |
|
|
query | integer | The starting index of the results. |
| to_date |
|
|
query | string | To Date (in YYYY-MM-DD format). |
| total_count |
|
|
query | boolean | Fetch Total Count? |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_system_logs(from_date="string",
limit=integer,
offset=integer,
to_date="string",
total_count=boolean
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSystemLogsV3(from_date="string",
limit=integer,
offset=integer,
to_date="string",
total_count=boolean
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSystemLogsV3",
from_date="string",
limit=integer,
offset=integer,
to_date="string",
total_count=boolean
)
print(response)Back to Table of Contents
Get system users from SaaS security monitoring.
get_system_users
| Method | Route |
|---|---|
|
/saas-security/entities/system-users/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_system_users()
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSystemUsersV3()
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSystemUsersV3")
print(response)Back to Table of Contents
Get user inventory from SaaS security monitoring.
get_user_inventory
| Method | Route |
|---|---|
|
/saas-security/entities/users/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
|
|
|
query | string | Email. | |
| integration_id |
|
|
query | string | Comma separated integration ID's. |
| limit |
|
|
query | integer | The maximum number of objects to return. |
| offset |
|
|
query | integer | The starting index of the results. |
| privileged_only |
|
|
query | boolean | Privileged Only. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_user_inventory(integration_id="string",
limit=integer,
offset=integer,
email="string",
privileged_only=boolean
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetUserInventoryV3(integration_id="string",
limit=integer,
offset=integer,
email="string",
privileged_only=boolean
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetUserInventoryV3",
integration_id="string",
limit=integer,
offset=integer,
email="string",
privileged_only=boolean
)
print(response)Back to Table of Contents
End data upload transaction for custom integration.
complete_integration_upload
| Method | Route |
|---|---|
|
/saas-security/entities/custom-integration-close/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |
|
|
query | string | Integration ID. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.complete_integration_upload(id="string")
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.IntegrationBuilderEndTransactionV3(id="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("IntegrationBuilderEndTransactionV3",
id="string"
)
print(response)Back to Table of Contents
Get status of custom integration builder.
get_integration_builder_status
| Method | Route |
|---|---|
|
/saas-security/entities/custom-integration-status/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |
|
|
query | string | Integration ID. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_integration_builder_status(id="string")
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.IntegrationBuilderGetStatusV3(id="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("IntegrationBuilderGetStatusV3",
id="string"
)
print(response)Back to Table of Contents
Reset custom integration builder.
reset_integration_builder
| Method | Route |
|---|---|
|
/saas-security/entities/custom-integration-reset/v3 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |
|
|
query | string | Integration ID. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.reset_integration_builder(id="string")
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.IntegrationBuilderResetV3(id="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("IntegrationBuilderResetV3",
id="string"
)
print(response)Back to Table of Contents
Upload data for custom integration builder.
upload_integration_builder
| Method | Route |
|---|---|
|
/saas-security/entities/custom-integration-upload/v3 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| data |
|
|
body | string | Data. |
| id |
|
|
query | string | Integration ID. |
| source_id |
|
|
query | string | Source ID. |
| parameters |
|
|
query | dictionary | Full parameters payload in JSON format. |
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.upload_integration_builder(data="string",
id="string",
source_id="string"
)
print(response)from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.IntegrationBuilderUploadV3(data="string",
id="string",
source_id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"data": "string"
}
response = falcon.command("IntegrationBuilderUploadV3",
body=body_payload,
id="string",
source_id="string"
)
print(response)Back to Table of Contents
