Skip to content

CSPM Registration

Joshua Hiller edited this page Dec 9, 2024 · 45 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Using the CSPM Registration service collection

Uber class support Service class support Documentation Version Page Updated Samples Available

This service collection has code examples posted to the repository.

Table of Contents

Operation ID Description
GetCSPMAwsAccount
PEP 8 get_aws_account
Returns information about the current status of an AWS account.
CreateCSPMAwsAccount
PEP 8 create_aws_account
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
DeleteCSPMAwsAccount
PEP 8 delete_aws_account
Deletes an existing AWS account or organization in our system.
PatchCSPMAwsAccount
PEP 8 update_aws_account
Patches a existing account in our system for a customer.
GetCSPMAwsConsoleSetupURLs
PEP 8 get_aws_console_setup_urls
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
GetCSPMAwsAccountScriptsAttachment
PEP 8 get_aws_account_scripts_attachment
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
GetCSPMAzureAccount
PEP 8 get_azure_account
Return information about Azure account registration
CreateCSPMAzureAccount
PEP 8 create_azure_account
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
DeleteCSPMAzureAccount
PEP 8 delete_azure_account
Deletes an Azure subscription from the system.
UpdateCSPMAzureAccountClientID
PEP 8 update_azure_account_client_id
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
UpdateCSPMAzureTenantDefaultSubscriptionID
PEP 8 update_azure_tenant_default_subscription_id
Update an Azure default subscription_id in our system for given tenant_id
AzureDownloadCertificate
PEP 8 azure_download_certificate
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
GetCSPMAzureUserScriptsAttachment
PEP 8 get_azure_user_scripts_attachment
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
GetBehaviorDetections
PEP 8 get_behavior_detections
Retrieve a list of detected behaviors.
GetConfigurationDetections
PEP 8 get_configuration_detections
Retrieve a list of active misconfigurations.
GetConfigurationDetectionEntities
PEP 8 get_configuration_detection_entities
Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.
GetConfigurationDetectionIDsV2
PEP 8 get_configuration_detection_ids_v2
Get a list of active misconfiguration ids - including custom policy detections in addition to default policy detections.
GetCSPMPolicy
PEP 8 get_policy
Given a policy ID, returns detailed policy information.
GetCSPMPoliciesDetails
PEP 8 get_policy_details
Given an array of policy IDs, returns detailed policies information.
GetCSPMPolicySettings
PEP 8 get_policy_settings
Returns information about current policy settings.
UpdateCSPMPolicySettings
PEP 8 update_policy_settings
Updates a policy setting - can be used to override policy severity or to disable a policy entirely.
GetCSPMScanSchedule
PEP 8 get_scan_schedule
Returns scan schedule configuration for one or more cloud platforms.
UpdateCSPMScanSchedule
PEP 8 update_scan_schedule
Updates scan schedule configuration for one or more cloud platforms.
GetCSPMAzureManagementGroup
PEP8 get_azure_management_group
Return information about Azure management group registration
DeleteCSPMAzureManagementGroup
PEP8 delete_azure_management_group
Deletes Azure management groups from the system.
CreateCSPMAzureManagementGroup
PEP8 default_subscription_id--IDofthedefaultazuresubscription.String.
Creates a new management group in our system for a customer.
GetCSPMCGPAccount
PEP8 get_gcp_account
Returns information about the current status of an GCP account.
CreateCSPMGCPAccount
PEP8 create_gcp_account
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
DeleteCSPMGCPAccount
PEP8 delete_gcp_account
Deletes a GCP account from the system.
UpdateCSPMGCPAccount
PEP8 update_gcp_account
Patches a existing account in our system for a customer.
ConnectCSPMGCPAccount
PEP8 connect_gcp_account
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id
GetCSPMGCPServiceAccountsExt
PEP8 get_gcp_service_account
Returns the service account id and client email for external clients.
UpdateCSPMGCPServiceAccountsExt
PEP8 update_gcp_service_account
Updates an existing GCP service account.
GetCSPMGCPUserScriptsAttachment
PEP8 get_gcp_user_scripts_attachment
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
GetCSPMGCPValidateAccountsExt
PEP8 validate_gcp_account
Run a synchronous health check.
ValidateCSPMGCPServiceAccountExt
PEP8 validate_gcp_service_account
Validates credentials for a service account

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetCSPMAwsAccount

Returns information about the current status of an AWS account.

PEP8 method name

get_aws_account

Endpoint

Method Route
GET /cloud-connect-cspm-aws/entities/account/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cspm_lite
Service Class Support

Uber Class Support
query boolean Only return CSPM lite accounts.
group_by
Service Class Support

Uber Class Support
query string The field to group by.
ids
Service Class Support

Uber Class Support
query string or list of strings AWS Account ID(s).
limit
Service Class Support

Uber Class Support
query integer Maximum number of results to return. (Default: 100)
offset
Service Class Support

Uber Class Support
query integer Starting record position.
iam_role_arns
Service Class Support

Uber Class Support
query string or list of strings AWS IAM role ARN(s).
migrated
Service Class Support

Uber Class Support
query string Only return migrated D4C accounts (true or false).
organization_ids
Service Class Support

Uber Class Support
query string or list of strings AWS Organization ID(s).
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
scan_type
Service Class Support

Uber Class Support
query string Type of scan to perform, dry or full.
status
Service Class Support

Uber Class Support
query string Account status to filter results by.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

arns = 'ARN1,ARN2,ARN3'  # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']

response = falcon.get_aws_account(cspm_lite=boolean,
                                  scan_type="string",
                                  organization_ids=orgs,
                                  iam_role_arns=arns,
                                  status="string",
                                  limit=integer,
                                  migrated="boolean string",
                                  offset=integer,
                                  group_by="string",
                                  ids=id_list
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

arns = 'ARN1,ARN2,ARN3'  # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']

response = falcon.GetCSPMAwsAccount(cspm_lite=boolean,
                                    scan_type="string",
                                    organization_ids=orgs,
                                    iam_role_arns=arns,
                                    status="string",
                                    limit=integer,
                                    migrated="boolean string",
                                    offset=integer,
                                    group_by="string",
                                    ids=id_list
                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

arns = 'ARN1,ARN2,ARN3'  # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']

response = falcon.command("GetCSPMAwsAccount",
                          cspm_lite=boolean,
                          scan_type="string",
                          organization_ids=orgs,
                          iam_role_arns=arns,
                          status="string",
                          limit=integer,
                          migrated="boolean string",
                          offset=integer,
                          group_by="string",
                          ids=id_list
                          )
print(response)

Back to Table of Contents

CreateCSPMAwsAccount

Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.

PEP8 method name

create_aws_account

Endpoint

Method Route
POST /cloud-connect-cspm-aws/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
account_id
Service Class Support

Uber Class Support
body string AWS Account ID.
account_type
Service Class Support

Uber Class Support
body string AWS Account Type.
behavior_assessment_enabled
Service Class Support

Uber Class Support
body boolean Flag indicating if behavior assessment should be enabled.
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
cloudtrail_region
Service Class Support

Uber Class Support
body string AWS Cloudtrail Region.
iam_role_arn
Service Class Support

Uber Class Support
body string AWS IAM Role ARN.
is_master
Service Class Support

Uber Class Support
body boolean Flag indicating this is the master account.
sensor_management_enabled
Service Class Support

Uber Class Support
body boolean Flag indicating if sensor management should be enabled.
organization_id
Service Class Support

Uber Class Support
body string AWS Organization ID.
use_existing_cloudtrail
Service Class Support

Uber Class Support
body boolean Flag indicating if the existing CloudTrail log should be used.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.create_aws_account(account_id="string",
                                     account_type="string",
                                     behavior_assessment_enabled=boolean,
                                     cloudtrail_region="string",
                                     iam_role_arn="string",
                                     is_master=boolean,
                                     sensor_management_enabled=boolean,
                                     organization_id="string",
                                     use_existing_cloudtrail=boolean
                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.CreateCSPMAwsAccount(account_id="string",
                                       account_type="string",
                                       behavior_assessment_enabled=boolean,
                                       cloudtrail_region="string",
                                       iam_role_arn="string",
                                       is_master=boolean,
                                       sensor_management_enabled=boolean,
                                       organization_id="string",
                                       use_existing_cloudtrail=boolean
                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_id": "string",
            "account_type": "string",
            "behavior_assessment_enabled": boolean,
            "cloudtrail_region": "string",
            "iam_role_arn": "string",
            "is_master": boolean,
            "organization_id": "string",
            "sensor_management_enabled": boolean,
            "use_existing_cloudtrail": boolean
        }
    ]
}

response = falcon.command("CreateCSPMAwsAccount", body=BODY)
print(response)

Back to Table of Contents

DeleteCSPMAwsAccount

Deletes an existing AWS account or organization in our system.

PEP8 method name

delete_aws_account

Endpoint

Method Route
DELETE /cloud-connect-cspm-aws/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings The AWS account IDs to remove.
organization_ids
Service Class Support

Uber Class Support
query string or list of strings The AWS organization ID(s) to delete.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

response = falcon.delete_aws_account(organization_ids=orgs, ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

response = falcon.DeleteCSPMAwsAccount(organization_ids=orgs, ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "organization-ids": [
       "string",
       "string"
    ]
}

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

response = falcon.command("DeleteCSPMAwsAccount", organization_ids=orgs, ids=id_list)
print(response)

Back to Table of Contents

PatchCSPMAwsAccount

Patches a existing account in our system for a customer.

PEP8 method name

update_aws_account

Endpoint

Method Route
PATCH /cloud-connect-cspm-aws/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
account_id
Service Class Support

Uber Class Support
body string AWS Account ID.
behavior_assessment_enabled
Service Class Support

Uber Class Support
body boolean Flag indicating if behavior assessment should be enabled.
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
cloudtrail_region
Service Class Support

Uber Class Support
body string AWS Cloudtrail Region.
iam_role_arn
Service Class Support

Uber Class Support
body string AWS IAM Role ARN.
remediation_region
Service Class Support

Uber Class Support
body string Region where remediation occurs.
remediation_tou_accepted
Service Class Support

Uber Class Support
body string The accepted TOU for this account.
sensor_management_enabled
Service Class Support

Uber Class Support
body boolean Flag indicating if sensor management should be enabled.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.update_aws_account(account_id="string",
                                     behavior_assessment_enabled=boolean,
                                     cloudtrail_region="string",
                                     iam_role_arn="string",
                                     remediation_region="string",
                                     remediation_tou_accepted="UTC datetime string",
                                     sensor_management_enabled=boolean
                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.PatchCSPMAwsAccount(account_id="string",
                                      behavior_assessment_enabled=boolean,
                                      cloudtrail_region="string",
                                      iam_role_arn="string",
                                      remediation_region="string",
                                      remediation_tou_accepted="UTC datetime string",
                                      sensor_management_enabled=boolean
                                      )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_id": "string",
            "behavior_assessment_enabled": boolean,
            "cloudtrail_region": "string",
            "iam_role_arn": "string",
            "remediation_region": "string",
            "remediation_tou_accepted": "2023-07-06T17:32:12.655Z",
            "sensor_management_enabled": boolean
        }
    ]
}

response = falcon.command("PatchCSPMAwsAccount", body=BODY)
print(response)

Back to Table of Contents

GetCSPMAwsConsoleSetupURLs

Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.

PEP8 method name

get_aws_console_setup_urls

Endpoint

Method Route
GET /cloud-connect-cspm-aws/entities/console-setup-urls/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings The AWS account ID(s) to retrieve setup URLs.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
region
Service Class Support

Uber Class Support
query string Region
template
Service Class Support

Uber Class Support
query string Template to be rendered. Available values: aws-url, aws-iom-url, aws-ioa-url, aws-sensor-management-url, aws-dspm-url, aws-idp-url
use_existing_cloudtrail
Service Class Support

Uber Class Support
query string Boolean flag indicating if the CloudTrail be used. (Accepted values: true or false)

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_aws_console_setup_urls(ids=id_list,
                                             region="string",
                                             template="string",
                                             use_existing_cloudtrail="boolean string"
                                             )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMAwsConsoleSetupURLs(ids=id_list,
                                             region="string",
                                             template="string",
                                             use_existing_cloudtrail="boolean string"
                                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMAwsConsoleSetupURLs",
                          ids=id_list,
                          region="string",
                          template="string",
                          use_existing_cloudtrail="boolean string"
                          )
print(response)

Back to Table of Contents

GetCSPMAwsAccountScriptsAttachment

Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.

PEP8 method name

get_aws_account_scripts_attachment

Endpoint

Method Route
GET /cloud-connect-cspm-aws/entities/user-scripts-download/v1

Required Scope

cspm-registration:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
accounts
Service Class Support

Uber Class Support
query string or list of strings List of accounts to register.
account_type
Service Class Support

Uber Class Support
query string The account type (commercial or gov).
aws_profile
Service Class Support

Uber Class Support
query string The AWS profile to be used during registration.
behavior_assessment_enabled
Service Class Support

Uber Class Support
query string Enable behavior assessment. Allowed values: true or false
custom_role_name
Service Class Support

Uber Class Support
query string The custom IAM role to be used during registration.
dspm_enabled
Service Class Support

Uber Class Support
query string Enable DSPM. Allowed values: true or false
dspm_regions
Service Class Support

Uber Class Support
query string or list of strings DSPM regions.
dspm_role
Service Class Support

Uber Class Support
query string DSPM role.
ids
Service Class Support

Uber Class Support
query string or list of strings The AWS account ID(s) to retrieve script attachments.
organization_id
Service Class Support

Uber Class Support
query string or list of strings The AWS organization ID to be registered.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload as a dictionary.
sensor_management_enabled
Service Class Support

Uber Class Support
query string Enable sensor management. Allowed values: true or false
template
Service Class Support

Uber Class Support
query string Template to be rendered. Allowed values: aws-bash or aws-terraform
use_existing_cloudtrail
Service Class Support

Uber Class Support
query string Use the existing cloudtrail log. Allowed values: true or false

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

account_list = "AC1,AC2,AC3"  # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3"  # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.

response = falcon.get_aws_account_scripts_attachment(accounts=account_list,
                                                     account_type="string",
                                                     aws_profile="string",
                                                     behavior_assessment_enabled="string",
                                                     custom_role_name="string",
                                                     dspm_enabled="string",
                                                     dspm_regions=dspm_region_list,
                                                     dspm_role="string",
                                                     ids=id_list,
                                                     organization_id=org_id_list,
                                                     sensor_management_enabled="string",
                                                     template="string",
                                                     use_existing_cloudtrail="string"
                                                     )

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

account_list = "AC1,AC2,AC3"  # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3"  # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.

response = falcon.GetCSPMAwsAccountScriptsAttachment(accounts=account_list,
                                                     account_type="string",
                                                     aws_profile="string",
                                                     behavior_assessment_enabled="string",
                                                     custom_role_name="string",
                                                     dspm_enabled="string",
                                                     dspm_regions=dspm_region_list,
                                                     dspm_role="string",
                                                     ids=id_list,
                                                     organization_id=org_id_list,
                                                     sensor_management_enabled="string",
                                                     template="string",
                                                     use_existing_cloudtrail="string"
                                                     )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

account_list = "AC1,AC2,AC3"  # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3"  # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.

response = falcon.command("GetCSPMAwsAccountScriptsAttachment", 
                          accounts=account_list,
                          account_type="string",
                          aws_profile="string",
                          behavior_assessment_enabled="string",
                          custom_role_name="string",
                          dspm_enabled="string",
                          dspm_regions=dspm_region_list,
                          dspm_role="string",
                          ids=id_list,
                          organization_id=org_id_list,
                          sensor_management_enabled="string",
                          template="string",
                          use_existing_cloudtrail="string"
                          )
print(response)

Back to Table of Contents

GetCSPMAzureAccount

Return information about Azure account registration

PEP8 method name

get_azure_account

Endpoint

Method Route
GET /cloud-connect-azure/entities/account/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cspm_lite
Service Class Support

Uber Class Support
query boolean Only return CSPM lite accounts.
ids
Service Class Support

Uber Class Support
query string or list of strings Subscription ID(s). When empty, all accounts are returned.
limit
Service Class Support

Uber Class Support
query integer Maximum number of results to return. (Default: 100)
offset
Service Class Support

Uber Class Support
query integer Starting record position.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
scan_type
Service Class Support

Uber Class Support
query string Type of scan to perform, dry or full.
status
Service Class Support

Uber Class Support
query string Account status to filter results by.
Allowed values:
  • Event_DiscoverAccountStatusProvisioned
  • Event_DiscoverAccountStatusOperational
tenant_ids
Service Class Support

Uber Class Support
query string or list of strings Tenant ID(s) used to filter Azure accounts returned.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.get_azure_account(scan_type="string",
                                    cspm_lite=boolean,
                                    status="string",
                                    limit=integer,
                                    offset=integer,
                                    ids=id_list,
                                    tenant_ids=tenants
                                    )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.GetCSPMAzureAccount(scan_type="string",
                                      cspm_lite=boolean,
                                      status="string",
                                      limit=integer,
                                      offset=integer,
                                      ids=id_list,
                                      tenant_ids=tenants
                                      )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.command("GetCSPMAzureAccount",
                          cspm_lite=boolean,
                          scan_type="string",
                          status="string",
                          limit=integer,
                          offset=integer,
                          ids=id_list,
                          tenant_ids=tenants
                          )
print(response)

Back to Table of Contents

CreateCSPMAzureAccount

Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.

PEP8 method name

create_azure_account

Endpoint

Method Route
POST /cloud-connect-azure/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
account_type
Service Class Support

Uber Class Support
body string Azure account type.
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
client_id
Service Class Support

Uber Class Support
body string Client ID.
default_subscription
Service Class Support

Uber Class Support
body boolean Flag indicating if this is the default Azure subscription.
subscription_id
Service Class Support

Uber Class Support
body string Azure Subscription ID.
tenant_id
Service Class Support

Uber Class Support
body string Azure tenant ID.
years_valid
Service Class Support

Uber Class Support
body integer Years valid.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.create_azure_account(account_type="string",
                                       client_id="string",
                                       default_subscription=boolean,
                                       subscription_id="string",
                                       tenant_id="string",
                                       years_valid=integer
                                       )

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.CreateCSPMAzureAccount(account_type="string",
                                         client_id="string",
                                         default_subscription=boolean,
                                         subscription_id="string",
                                         tenant_id="string",
                                         years_valid=integer
                                         )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_type": "string",
            "client_id": "string",
            "default_subscription": boolean,
            "subscription_id": "string",
            "tenant_id": "string",
            "years_valid": integer
        }
    ]
}

response = falcon.command("CreateCSPMAzureAccount", body=BODY)

print(response)

Back to Table of Contents

DeleteCSPMAzureAccount

Deletes an Azure subscription from the system.

PEP8 method name

delete_azure_account

Endpoint

Method Route
DELETE /cloud-connect-cspm-azure/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Azure subscription IDs to remove.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
retain_tenant
Service Class Support

Uber Class Support
query string Retain tenant.
tenant_ids
Service Class Support

Uber Class Support
query string or list of strings Tenant IDs to remove.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.delete_azure_account(ids=id_list, retain_tenant="string", tenant_ids=tenants)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.DeleteCSPMAzureAccount(ids=id_list, retain_tenants="string", tenant_ids=tenants)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.command("DeleteCSPMAzureAccount",
                          ids=id_list,
                          retain_tenant="string",
                          tenant_ids=tenants
                          )

print(response)

Back to Table of Contents

UpdateCSPMAzureAccountClientID

Update an Azure service account in our system by with the user-created client_id created with the public key we've provided

PEP8 method name

update_azure_account_client_id

Endpoint

Method Route
PATCH /cloud-connect-azure/entities/client-id/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body string This field is not used. Ignore.
id
Service Class Support

Uber Class Support
query string or list of strings The Azure Client ID to use for the Service Principal associated with the Azure account.
tenant_id
Service Class Support

Uber Class Support
query string or list of strings The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.update_azure_account_client_id(id="string", tenant_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.UpdateCSPMAzureAccountClientID(id="string", tenant_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("UpdateCSPMAzureAccountClientID", id="string", tenant_id="string")
print(response)

Back to Table of Contents

UpdateCSPMAzureTenantDefaultSubscriptionID

Update an Azure default subscription_id in our system for given tenant_id

PEP8 method name

update_azure_tenant_default_subscription_id

Endpoint

Method Route
PATCH /cloud-connect-cspm-azure/entities/default-subscription-id/v1

Required Scope

cspm-registration:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body string This field is not used. Ignore.
subscription_id
Service Class Support

Uber Class Support
query string or list of strings The Azure subscription ID to use as a default for all subscriptions within the tenant.
tenant_id
Service Class Support

Uber Class Support
query string or list of strings The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.update_azure_tenant_default_subscription_id(tenant_id="string",
                                                              subscription_id="string"
                                                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.UpdateCSPMAzureTenantDefaultSubscriptionID(tenant_id="string",
                                                             subscription_id="string"
                                                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("UpdateCSPMAzureTenantDefaultSubscriptionID",
                          tenant_id="string",
                          subscription_id="string"
                          )
print(response)

Back to Table of Contents

AzureDownloadCertificate

Returns JSON object(s) that contain the base64 encoded certificate for a service principal.

PEP8 method name

azure_download_certificate

Endpoint

Method Route
GET /cloud-connect-cspm-azure/entities/download-certificate/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
refresh
Service Class Support

Uber Class Support
query boolean Force a refresh of the certificate. Defaults to False.
tenant_id
Service Class Support

Uber Class Support
query string or list of strings The Azure Client ID to generate script for. Defaults to the most recently registered tenant.
years_valid
Service Class Support

Uber Class Support
query string The number of years the certificate should be valid (only used when refresh=True).

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.azure_download_certificate(refresh=boolean,
                                             tenant_id="string",
                                             years_valid="string"
                                             )

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.AzureDownloadCertificate(refresh=boolean,
                                           tenant_id="string",
                                           years_valid="string"
                                           )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AzureDownloadCertificate",
                          refresh=boolean,
                          tenant_id="string",
                          years_valid="string"
                          )

print(response)

Back to Table of Contents

GetCSPMAzureUserScriptsAttachment

Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment

PEP8 method name

get_azure_user_scripts_attachment

Endpoint

Method Route
GET /cloud-connect-azure/entities/user-scripts-download/v1

Required Scope

cspm-registration:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
account_type
Service Class Support

Uber Class Support
query string Account type (gov or commercial).
azure_management_group
Service Class Support

Uber Class Support
query boolean Use Azure Management Group.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
subscription_ids
Service Class Support

Uber Class Support
query string or list of strings Subscription IDs to generate scripts for. Defaults to all.
template
Service Class Support

Uber Class Support
query string or list of strings Template to be rendered.
tenant_id
Service Class Support

Uber Class Support
query string The Azure tenant ID to generate scripts for. Defaults to the most recently registered tenant.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

subscriptions = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.get_azure_user_scripts_attachment(account_type="string",
                                                    azure_management_group=boolean,
                                                    subscription_ids=subscriptions,
                                                    template="string",
                                                    tenant_id="string"
                                                    )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

subscriptions = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.GetCSPMAzureUserScriptsAttachment(account_type="string",
                                                    azure_management_group=boolean,
                                                    subscription_ids=subscriptions,
                                                    template="string",
                                                    tenant_id="string"
                                                    )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCSPMAzureUserScriptsAttachment",
                          account_type="string",
                          azure_management_group=boolean,
                          subscription_ids=subscriptions,
                          template="string",
                          tenant_id="string"
                          )

print(response)

Back to Table of Contents

GetBehaviorDetections

Retrieve list of detected behaviors.

PEP8 method name

get_behavior_detections

Endpoint

Method Route
GET /detects/entities/ioa/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
account_id
Service Class Support

Uber Class Support
query string Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID).
aws_account_id
Service Class Support

Uber Class Support
query string AWS Account ID.
azure_subscription_id
Service Class Support

Uber Class Support
query string Azure Subscription ID.
azure_tenant_id
Service Class Support

Uber Class Support
query string Azure Tenant ID.
cloud_provider
Service Class Support

Uber Class Support
query string Cloud Provider (azure, aws, gcp).
date_time_since
Service Class Support

Uber Class Support
query string Filter to retrieve all events after specified date. RFC3339 format.
Example: 2006-01-01T12:00:01Z07:00.
limit
Service Class Support

Uber Class Support
query integer Maximum number of results to return. (Max: 500)
next_token
Service Class Support

Uber Class Support
query string String to get next page of results, associated with the previous execution. Must include all filters from previous execution.
resource_id
Service Class Support

Uber Class Support
query string or list of strings Resource ID.
resource_uuid
Service Class Support

Uber Class Support
query string or list of strings Resource UUID.
service
Service Class Support

Uber Class Support
query string Filter by Cloud Service. A list of available services can be found here.
severity
Service Class Support

Uber Class Support
query string Filter by severity.
Example: High, Medium or Informational.
state
Service Class Support

Uber Class Support
query string Filter by state.
Example: open or closed.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
Available Services
ACM Identity
ACR KMS
Any KeyVault
App Engine Kinesis
BigQuery Kubernetes
Cloud Load Balancing Lambda
Cloud Logging LoadBalancer
Cloud SQL Monitor
Cloud Storage NLB/ALB
CloudFormation NetworkSecurityGroup
CloudTrail PostgreSQL
CloudWatch Logs RDS
Cloudfront Redshift
Compute Engine S3
Config SES
Disk SNS
DynamoDB SQLDatabase
EBS SQLServer
EC2 SQS
ECR SSM
EFS Serverless Application Repository
EKS StorageAccount
ELB Subscriptions
EMR VPC
Elasticache VirtualMachine
GuardDuty VirtualNetwork
IAM  

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

res_ids = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

res_uuids = 'UUID1,UUID2,UUID3'  # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']

response = falcon.get_behavior_detections(account_id="string",
                                          aws_account_id="string",
                                          azure_subscription_id="string",
                                          azure_tenant_id="string",
                                          cloud_provider="string",
                                          date_time_since="string",
                                          limit=integer,
                                          next_token="string",
                                          resource_id=res_ids,
                                          resource_uuid=res_uuids,
                                          service="string",
                                          severity="string",
                                          state="string"
                                          )

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

res_ids = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

res_uuids = 'UUID1,UUID2,UUID3'  # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']

response = falcon.GetBehaviorDetections(account_id="string",
                                        aws_account_id="string",
                                        azure_subscription_id="string",
                                        azure_tenant_id="string",
                                        cloud_provider="string",
                                        date_time_since="string",
                                        limit=integer,
                                        next_token="string",
                                        resource_id=res_ids,
                                        resource_uuid=res_uuids,
                                        service="string",
                                        severity="string",
                                        state="string"
                                        )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

res_ids = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

res_uuids = 'UUID1,UUID2,UUID3'  # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']

response = falcon.command("GetBehaviorDetections",
                          account_id="string",
                          aws_account_id="string",
                          azure_subscription_id="string",
                          azure_tenant_id="string",
                          cloud_provider="string",
                          date_time_since="string",
                          limit=integer,
                          next_token="string",
                          resource_id=res_ids,
                          resource_uuid=res_uuids,
                          service="string",
                          severity="string",
                          state="string"
                          )

print(response)

Back to Table of Contents

GetConfigurationDetections

Retrieve list of detected behaviors.

PEP8 method name

get_configuration_detections

Endpoint

Method Route
GET /detects/entities/iom/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
account_id
Service Class Support

Uber Class Support
query string Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID).
aws_account_id
Service Class Support

Uber Class Support
query string AWS Account ID.
azure_subscription_id
Service Class Support

Uber Class Support
query string Azure Subscription ID.
azure_tenant_id
Service Class Support

Uber Class Support
query string Azure Tenant ID.
cloud_provider
Service Class Support

Uber Class Support
query string Cloud Provider (azure, aws, gcp).
limit
Service Class Support

Uber Class Support
query integer Maximum number of results to return. (Max: 500)
next_token
Service Class Support

Uber Class Support
query string String to get next page of results, associated with the previous execution. Must include all filters from previous execution.
region
Service Class Support

Uber Class Support
query string Cloud Provider Region.
Example: us-east-1.
service
Service Class Support

Uber Class Support
query string Filter by Cloud Service. A list of available services can be found here.
severity
Service Class Support

Uber Class Support
query string Filter by severity.
Example: High, Medium or Informational.
status
Service Class Support

Uber Class Support
query string Filter by status.
Example: new, reoccurring or all.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
Available Services
ACM Identity
ACR KMS
Any KeyVault
App Engine Kinesis
BigQuery Kubernetes
Cloud Load Balancing Lambda
Cloud Logging LoadBalancer
Cloud SQL Monitor
Cloud Storage NLB/ALB
CloudFormation NetworkSecurityGroup
CloudTrail PostgreSQL
CloudWatch Logs RDS
Cloudfront Redshift
Compute Engine S3
Config SES
Disk SNS
DynamoDB SQLDatabase
EBS SQLServer
EC2 SQS
ECR SSM
EFS Serverless Application Repository
EKS StorageAccount
ELB Subscriptions
EMR VPC
Elasticache VirtualMachine
GuardDuty VirtualNetwork
IAM  

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.get_configuration_detections(account_id="string",
                                               aws_account_id="string",
                                               azure_subscription_id="string",
                                               azure_tenant_id="string",
                                               cloud_provider="string",
                                               limit=integer,
                                               next_token="string",
                                               region="string,
                                               service="string",
                                               severity="string",
                                               status="string"
                                               )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.GetConfigurationDetections(account_id="string",
                                             aws_account_id="string",
                                             azure_subscription_id="string",
                                             azure_tenant_id="string",
                                             cloud_provider="string",
                                             limit=integer,
                                             next_token="string",
                                             region="string",
                                             service="string",
                                             severity="string",
                                             status="string"
                                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetConfigurationDetections",
                          account_id="string",
                          aws_account_id="string",
                          azure_subscription_id="string",
                          azure_tenant_id="string",
                          cloud_provider="string",
                          limit=integer,
                          next_token="string",
                          region="string",
                          service="string",
                          severity="string",
                          status="string"
                          )
print(response)

Back to Table of Contents

GetConfigurationDetectionEntities

Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.

PEP8 method name

get_configuration_detection_entities

Endpoint

Method Route
GET /detects/entities/iom/v2

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Detection IDs to retrieve.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_configuration_detection_entities(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetConfigurationDetectionEntities(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetConfigurationDetectionEntities", ids=id_list)

print(response)

Back to Table of Contents

GetConfigurationDetectionIDsV2

Get list of active misconfiguration ids - including custom policy detections in addition to default policy detections.

PEP8 method name

get_configuration_detection_ids_v2

Endpoint

Method Route
GET /detects/queries/iom/v2

Required Scope

cspm-registration:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
offset
Service Class Support

Uber Class Support
query integer The offset to start retrieving detections from
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
limit
Service Class Support

Uber Class Support
query integer The maximum number of detections to return. [1-1000]
sort
Service Class Support

Uber Class Support
query string The property to sort by (e.g. timestamp|desc or policy_id|asc)

Default: timestamp|desc

Available fields:
  • account_name
  • account_id
  • attack_types
  • azure_subscription_id
  • cloud_provider
  • cloud_service_keyword
  • status
  • is_managed
  • policy_id
  • policy_type
  • resource_id
  • region
  • scan_time
  • severity
  • severity_string
  • timestamp
filter
Service Class Support

Uber Class Support
query string The FQL filter expression that should be used to limit the results.

Available filters:
  • use_current_scan_ids (use this to get records for latest scans)
  • account_name
  • account_id
  • agent_id
  • attack_types
  • azure_subscription_id
  • cloud_provider
  • cloud_service_keyword
  • custom_policy_id
  • is_managed
  • policy_id
  • policy_type
  • resource_id
  • region
  • status
  • scan_time
  • severity
  • severity_string
next_token
Service Class Support

Uber Class Support
query string String to get next page of results. Cannot be combined with any other keyword except limit.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.get_configuration_detection_ids_v2(offset=integer,
                                                     limit=integer,
                                                     sort="string",
                                                     filter="string",
                                                     next_token="string"
                                                     )

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.GetConfigurationDetectionIDsV2(offset=integer,
                                                 limit=integer,
                                                 sort="string",
                                                 filter="string",
                                                 next_token="string"
                                                 )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetConfigurationDetectionIDsV2",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string",
                          next_token="string"
                          )

print(response)

Back to Table of Contents

GetCSPMPolicy

Given a policy ID, returns detailed policy information.

PEP8 method name

get_policy

Endpoint

Method Route
GET /settings/entities/policy-details/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Policy IDs to retrieve.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policy(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMPolicy(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMPolicy", ids=id_list)
print(response)

Back to Table of Contents

GetCSPMPoliciesDetails

Given an array of policy IDs, returns detailed policies information.

PEP8 method name

get_policy_details

Endpoint

Method Route
GET /settings/entities/policy-details/v2

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Detection IDs to retrieve.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policy_details(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetPoliciesDetails(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetPoliciesDetails", ids=id_list)

print(response)

Back to Table of Contents

GetCSPMPolicySettings

Returns information about current policy settings.

PEP8 method name

get_policy_settings

Endpoint

Method Route
GET /settings/entities/policy/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cloud_platform
Service Class Support

Uber Class Support
query string Cloud Provider (azure, aws, gcp).
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
policy_id
Service Class Support

Uber Class Support
query string IOA Policy ID.
service
Service Class Support

Uber Class Support
query string Filter by Service type.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.get_policy_settings(service="string",
                                      policy_id="string",
                                      cloud_platform="string"
                                      )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.GetCSPMPolicySettings(service="string",
                                        policy_id="string",
                                        cloud_platform="string"
                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCSPMPolicySettings",
                          service="string",
                          policy_id="string",
                          cloud_platform="string"
                          )
print(response)

Back to Table of Contents

UpdateCSPMPolicySettings

Updates a policy setting - can be used to override policy severity or to disable a policy entirely.

PEP8 method name

update_policy_settings

Endpoint

Method Route
PATCH /settings/entities/policy/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
account_id
Service Class Support

Uber Class Support
body string Cloud Account ID to impact.
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
enabled
Service Class Support

Uber Class Support
body boolean Flag indicating if this policy is enabled.
policy_id
Service Class Support

Uber Class Support
body integer Policy ID to be updated.
regions
Service Class Support

Uber Class Support
body string or list of strings List of regions where this policy is enforced.
severity
Service Class Support

Uber Class Support
body string Policy severity value.
tag_excluded
Service Class Support

Uber Class Support
body boolean Tag exclusion flag.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

region_list = 'REG1,REG2,REG3'  # Can also pass a list here: ['REG1', 'REG2', 'REG3']

response = falcon.update_policy_settings(account_id="string",
                                         enabled=boolean,
                                         policy_id=integer,
                                         regions=region_list
                                         severity="string",
                                         tag_excluded=boolean
                                         )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

region_list = 'REG1,REG2,REG3'  # Can also pass a list here: ['REG1', 'REG2', 'REG3']

response = falcon.UpdateCSPMPolicySettings(account_id="string",
                                           enabled=boolean,
                                           policy_id=integer,
                                           regions=region_list
                                           severity="string",
                                           tag_excluded=boolean
                                           )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
        "account_id": "string",
        "enabled": boolean,
        "policy_id": integer,
        "regions": [
            "string"
        ],
        "severity": "string",
        "tag_excluded": boolean
        }
    ]
}

response = falcon.command("UpdateCSPMPolicySettings", body=BODY)
print(response)

Back to Table of Contents

GetCSPMScanSchedule

Returns scan schedule configuration for one or more cloud platforms.

PEP8 method name

get_scan_schedule

Endpoint

Method Route
GET /settings/scan-schedule/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cloud_platform
Service Class Support

Uber Class Support
query string or list of strings The Cloud Platform. (azure, aws, gcp)
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

clouds = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_scan_schedule(cloud_platform=clouds)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

clouds = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMScanSchedule(cloud_platform=clouds)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

clouds = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMScanSchedule", cloud_platform=clouds)
print(response)

Back to Table of Contents

UpdateCSPMScanSchedule

Updates scan schedule configuration for one or more cloud platforms.

PEP8 method name

update_scan_schedule

Endpoint

Method Route
POST /settings/scan-schedule/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
cloud_platform
Service Class Support

Uber Class Support
body string Cloud platform (Azure, AWS, GCP).
next_scan_timestamp
Service Class Support

Uber Class Support
body string UTC formatted string.
scan_schedule
Service Class Support

Uber Class Support
body string Scan schedule type.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.update_scan_schedule(cloud_platform="string",
                                       next_scan_timestampt="string",
                                       scan_schedule="string"
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.UpdateCSPMScanSchedule(cloud_platform="string",
                                         next_scan_timestampt="string",
                                         scan_schedule="string"
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "cloud_platform": "string",
            "next_scan_timestamp": "2021-10-25T05:22:27.365Z",
            "scan_schedule": "string"
        }
    ]
}

response = falcon.command("UpdateCSPMScanSchedule", body=BODY)
print(response)

Back to Table of Contents

GetCSPMAzureManagementGroup

Return information about Azure management group registration

PEP8 method name

get_azure_management_group

Endpoint

Method Route
GET /cloud-connect-cspm-azure/entities/management-group/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
tenant_ids
Service Class Support

Uber Class Support
query string or list of strings Tenant ids to filter azure accounts
limit
Service Class Support

Uber Class Support
query integer The maximum records to return. Defaults to 100.
offset
Service Class Support

Uber Class Support
query integer The offset to start retrieving records from

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_management_group(tenant_ids=id_list,
                                             limit=integer,
                                             offset=integer
                                             )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMAzureManagementGroup(tenant_ids=id_list,
                                              limit=integer,
                                              offset=integer
                                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMAzureManagementGroup", 
                          tenant_ids=id_list,
                          limit=integer,
                          offset=integer
                          )
print(response)

DeleteCSPMAzureManagementGroup

Deletes Azure management groups from the system.

PEP8 method name

delete_azure_management_group

Endpoint

Method Route
DELETE /cloud-connect-cspm-azure/entities/management-group/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
parameters Service Class Support Uber Class Support query dictionary Full query string parameters payload in JSON format.
tenant_ids Service Class Support Uber Class Support query string or list of strings Tenant IDs to remove.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_azure_management_group(tenant_ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteCSPMAzureManagementGroup(tenant_ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteCSPMAzureManagementGroup", tenant_ids=id_list)

print(response)

CreateCSPMAzureManagementGroup

Creates a new management group in our system for a customer.

PEP8 method name

default_subscription_id--IDofthedefaultazuresubscription.String.

Endpoint

Method Route
POST /cloud-connect-cspm-azure/entities/management-group/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body body string
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
default_subscription_id
Service Class Support

Uber Class Support
body string AWS Account ID.
tenant_id
Service Class Support

Uber Class Support
body string AWS Account ID.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.create_azure_management_group(default_subscription_id="string",
                                                tenant_id="string"
                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.CreateCSPMAzureManagementGroup(default_subscription_id="string",
                                                 tenant_id="string"
                                                 )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "default_subscription_id": "string"
            "tenant_id": "string",
        }
    ]
}

response = falcon.command("CreateCSPMAzureManagementGroup", body=body_payload)

print(response)

GetCSPMCGPAccount

Returns information about the current status of an GCP account.

PEP8 method name

get_gcp_account

Endpoint

Method Route
GET /cloud-connect-cspm-gcp/entities/account/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Hierarchical Resource IDs of accounts.
limit
Service Class Support

Uber Class Support
query integer Maximum number of results to return. (Default: 100)
offset
Service Class Support

Uber Class Support
query integer Starting record position.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
parent_type
Service Class Support

Uber Class Support
query string GCP Hierarchy Parent Type in organization/folder/project format.
scan_type
Service Class Support

Uber Class Support
query string Type of scan to perform, dry or full.
status
Service Class Support

Uber Class Support
query string Account status to filter results by.
sort
Service Class Support

Uber Class Support
query string Order fields in ascending or descending order. Example: parent_type|asc

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_gcp_account(parent_type="string",
                                  scan_type="string",
                                  status="string",
                                  limit=integer,
                                  offset=integer,
                                  sort="string",
                                  ids=id_list
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMCGPAccount(parent_type="string",
                                    scan_type="string",
                                    status="string",
                                    limit=integer,
                                    offset=integer,
                                    sort="string",
                                    ids=id_list
                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMCGPAccount",
                          parent_type="string",
                          scan_type="string",
                          status="string",
                          limit=integer,
                          offset=integer,
                          sort="string",
                          ids=id_list
                          )
print(response)

CreateCSPMGCPAccount

Creates a new account and generates a new service account to add access to your GCP environment.

PEP8 method name

create_gcp_account

Endpoint

Method Route
POST /cloud-connect-cspm-gcp/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
parent_id
Service Class Support

Uber Class Support
body string Parent ID.
parent_type
Service Class Support

Uber Class Support
body string Parent Type.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.create_gcp_account(parent_id="string", parent_type="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.CreateCSPMGCPAccount(parent_id="string", parent_type="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "parent_id": "string",
            "parent_type": "string"
        }
    ]
}

response = falcon.command("CreateCSPMGCPAccount", body=body_payload)

print(response)

DeleteCSPMGCPAccount

Deletes a GCP account from the system.

PEP8 method name

delete_gcp_account

Endpoint

Method Route
DELETE /cloud-connect-cspm-gcp/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Hierarchical Resource IDs of accounts to delete.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_gcp_account(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteCSPMGCPAccount(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteCSPMGCPAccount", ids=id_list)

print(response)

UpdateCSPMGCPAccount

Updates an existing GCP account.

PEP8 method name

update_gcp_account

Endpoint

Method Route
PATCH /cloud-connect-cspm-gcp/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
environment
Service Class Support

Uber Class Support
body string Environment.
parent_id
Service Class Support

Uber Class Support
body string Parent ID.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.update_gcp_account(environment="string", parent_id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.UpdateCSPMGCPAccount(environment="string", parent_id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "environment": "string",
            "parent_id": "string"
        }
    ]
}

response = falcon.command("UpdateCSPMGCPAccount", body=body_payload)

print(response)

ConnectCSPMGCPAccount

Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id.

PEP8 method name

connect_gcp_account

Endpoint

Method Route
POST /cloud-connect-cspm-gcp/entities/account/v2

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
client_email
Service Class Support

Uber Class Support
body string GCP client email.
client_id
Service Class Support

Uber Class Support
body string GCP client ID.
parent_id
Service Class Support

Uber Class Support
body string Parent ID.
parent_type
Service Class Support

Uber Class Support
body string Parent type.
private_key
Service Class Support

Uber Class Support
body string GCP private key.
private_key_id
Service Class Support

Uber Class Support
body string GCP private key ID.
project_id
Service Class Support

Uber Class Support
body string GCP project ID.
service_account_id
Service Class Support

Uber Class Support
body integer GCP service account ID.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.connect_gcp_account(client_email="string",
                                      client_id="string",
                                      parent_id="string",
                                      parent_type="string",
                                      private_key="string",
                                      private_key_id="string",
                                      project_id="string",
                                      service_account_id=integer
                                      )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.ConnectCSPMGCPAccount(client_email="string",
                                        client_id="string",
                                        parent_id="string",
                                        parent_type="string",
                                        private_key="string",
                                        private_key_id="string",
                                        project_id="string",
                                        service_account_id=integer
                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "client_email": "string",
            "client_id": "string",
            "parent_id": "string",
            "parent_type": "string",
            "private_key": "string",
            "private_key_id": "string",
            "project_id": "string",
            "service_account_id": integer
        }
    ]
}

response = falcon.command("ConnectCSPMGCPAccount", body=body_payload)

print(response)

GetCSPMGCPServiceAccountsExt

Returns the service account id and client email for external clients.

PEP8 method name

get_gcp_service_account

Endpoint

Method Route
GET /cloud-connect-cspm-gcp/entities/service-accounts/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
id
Service Class Support

Uber Class Support
query string Service account ID to retrieve.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.get_gcp_service_account(id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.GetCSPMGCPServiceAccountsExt(id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCSPMGCPServiceAccountsExt", id="string")

print(response)

UpdateCSPMGCPServiceAccountsExt

Updates an existing GCP service account.

PEP8 method name

update_gcp_service_account

Endpoint

Method Route
PATCH /cloud-connect-cspm-gcp/entities/service-accounts/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
client_email
Service Class Support

Uber Class Support
body string Client email associated with the account.
client_id
Service Class Support

Uber Class Support
body string GCP Client ID.
private_key
Service Class Support

Uber Class Support
body string GCP private key.
private_key_id
Service Class Support

Uber Class Support
body string GCP private key ID.
project_id
Service Class Support

Uber Class Support
body string GCP project ID.
service_account_conditions
Service Class Support

Uber Class Support
body list of dictionaries GCP service account conditions.
service_account_id
Service Class Support

Uber Class Support
body integer GCP service account ID.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

conditions = [
    {
        "feature": "string",
        "is_visible": boolean,
        "last_transition": "UTC date string",
        "message": "string",
        "reason": "string",
        "status": "string",
        "type": "string"
    }
]

response = falcon.update_gcp_service_account(client_email="string",
                                             client_id="string",
                                             private_key="string",
                                             private_key_id="string",
                                             project_id="string",
                                             service_account_conditions=conditions,
                                             service_account_id=integer
                                             )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

conditions = [
    {
        "feature": "string",
        "is_visible": boolean,
        "last_transition": "UTC date string",
        "message": "string",
        "reason": "string",
        "status": "string",
        "type": "string"
    }
]

response = falcon.UpdateCSPMGCPServiceAccountExt(client_email="string",
                                                 client_id="string",
                                                 private_key="string",
                                                 private_key_id="string",
                                                 project_id="string",
                                                 service_account_conditions=conditions,
                                                 service_account_id=integer
                                                 )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "client_email": "string",
            "client_id": "string",
            "private_key": "string",
            "private_key_id": "string",
            "project_id": "string",
            "service_account_conditions": [
                {
                    "feature": "string",
                    "is_visible": boolean,
                    "last_transition": "UTC date string",
                    "message": "string",
                    "reason": "string",
                    "status": "string",
                    "type": "string"
                }
            ],
            "service_account_id": integer
        }
    ]
}

response = falcon.command("UpdateCSPMGCPServiceAccountsExt", body=body_payload)

print(response)

GetCSPMGCPUserScriptsAttachment

Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment

PEP8 method name

get_gcp_user_scripts_attachment

Endpoint

Method Route
GET /cloud-connect-cspm-gcp/entities/user-scripts-download/v1

Required Scope

cspm-registration:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Hierarchical Resource IDs of accounts.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
parent_type
Service Class Support

Uber Class Support
query string GCP Hierarchy Parent Type. Allowed values: organization, folder or project

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_gcp_user_scripts_attachment(parent_type="string", ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMGCPUserScriptsAttachment(parent_type="string", ids=id_list)

print(response)
Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMGCPUserScriptsAttachment", parent_type="string", ids=id_list)

print(response)

GetCSPMGCPValidateAccountsExt

Run a synchronous health check.

PEP8 method name

validate_gcp_account

Endpoint

Method Route
POST /cloud-connect-cspm-gcp/entities/account/validate/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
resources
Service Class Support

Uber Class Support
body string or list of strings GCP Account IDs to validate.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.validate_gcp_account(resources=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMGCPValidateAccountsExt(resources=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

body_payload = {
    "resources": id_list
}

response = falcon.command("GetCSPMGCPValidateAccountsExt", body=body_payload)

print(response)

ValidateCSPMGCPServiceAccountExt

Validates credentials for a service account

PEP8 method name

validate_gcp_service_account

Endpoint

Method Route
POST /cloud-connect-cspm-gcp/entities/service-accounts/validate/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
client_email
Service Class Support

Uber Class Support
body string Client email associated with the service account.
client_id
Service Class Support

Uber Class Support
body string GCP Client ID.
private_key
Service Class Support

Uber Class Support
body string GCP private key.
private_key_id
Service Class Support

Uber Class Support
body string GCP private key ID.
project_id
Service Class Support

Uber Class Support
body string GCP project ID.
resources
Service Class Support

Uber Class Support
body list of dictionaries List of GCP service accounts to validate. Overrides other keywords except for body if used.
service_account_conditions
Service Class Support

Uber Class Support
body list of dictionaries GCP service account conditions.
service_account_id
Service Class Support

Uber Class Support
body integer GCP service account ID.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

svc_conditions: [
    {
        "last_transition": "UTC date string",
        "message": "string",
        "reason": "string",
        "status": "string",
        "type": "string"
    }
]

response = falcon.validate_gcp_service_account(client_email="string",
                                               client_id="string",
                                               private_key="string",
                                               private_key_id="string",
                                               project_id="string",
                                               service_account_conditions=svc_conditions,
                                               service_account_id=integer
                                               )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

svc_conditions: [
    {
        "last_transition": "UTC date string",
        "message": "string",
        "reason": "string",
        "status": "string",
        "type": "string"
    }
]

response = falcon.ValidateCSPMGCPServiceAccountExt(client_email="string",
                                                   client_id="string",
                                                   private_key="string",
                                                   private_key_id="string",
                                                   project_id="string",
                                                   service_account_conditions=svc_conditions,
                                                   service_account_id=integer
                                                   )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "client_email": "string",
            "client_id": "string",
            "private_key": "string",
            "private_key_id": "string",
            "project_id": "string",
            "service_account_conditions": [
                {
                    "last_transition": "UTC date string",
                    "message": "string",
                    "reason": "string",
                    "status": "string",
                    "type": "string"
                }
            ],
            "service_account_id": 0
        }
    ]
}


response = falcon.command("ValidateCSPMGCPServiceAccountExt", body=body_payload)

print(response)

CrowdStrike Falcon

Clone this wiki locally