-
Notifications
You must be signed in to change notification settings - Fork 0
CSPM Registration
This service collection has code examples posted to the repository.
Operation ID | Description | ||||
---|---|---|---|---|---|
|
Returns information about the current status of an AWS account. | ||||
|
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. | ||||
|
Deletes an existing AWS account or organization in our system. | ||||
|
Patches a existing account in our system for a customer. | ||||
|
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. | ||||
|
Return information about Azure account registration | ||||
|
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. | ||||
|
Deletes an Azure subscription from the system. | ||||
|
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided | ||||
|
Update an Azure default subscription_id in our system for given tenant_id | ||||
|
Returns JSON object(s) that contain the base64 encoded certificate for a service principal. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment | ||||
|
Retrieve a list of detected behaviors. | ||||
|
Retrieve a list of active misconfigurations. | ||||
|
Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections. | ||||
|
Get a list of active misconfiguration ids - including custom policy detections in addition to default policy detections. | ||||
|
Given a policy ID, returns detailed policy information. | ||||
|
Given an array of policy IDs, returns detailed policies information. | ||||
|
Returns information about current policy settings. | ||||
|
Updates a policy setting - can be used to override policy severity or to disable a policy entirely. | ||||
|
Returns scan schedule configuration for one or more cloud platforms. | ||||
|
Updates scan schedule configuration for one or more cloud platforms. | ||||
|
Return information about Azure management group registration | ||||
|
Deletes Azure management groups from the system. | ||||
|
Creates a new management group in our system for a customer. | ||||
|
Returns information about the current status of an GCP account. | ||||
|
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. | ||||
|
Deletes a GCP account from the system. | ||||
|
Patches a existing account in our system for a customer. | ||||
|
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id | ||||
|
Returns the service account id and client email for external clients. | ||||
|
Updates an existing GCP service account. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment | ||||
|
Run a synchronous health check. | ||||
|
Validates credentials for a service account |
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Returns information about the current status of an AWS account.
get_aws_account
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cspm_lite |
|
|
query | boolean | Only return CSPM lite accounts. |
group_by |
|
|
query | string | The field to group by. |
ids |
|
|
query | string or list of strings | AWS Account ID(s). |
limit |
|
|
query | integer | Maximum number of results to return. (Default: 100) |
offset |
|
|
query | integer | Starting record position. |
iam_role_arns |
|
|
query | string or list of strings | AWS IAM role ARN(s). |
migrated |
|
|
query | string | Only return migrated D4C accounts (true or false ). |
organization_ids |
|
|
query | string or list of strings | AWS Organization ID(s). |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
scan_type |
|
|
query | string | Type of scan to perform, dry or full . |
status |
|
|
query | string | Account status to filter results by. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
arns = 'ARN1,ARN2,ARN3' # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']
response = falcon.get_aws_account(cspm_lite=boolean,
scan_type="string",
organization_ids=orgs,
iam_role_arns=arns,
status="string",
limit=integer,
migrated="boolean string",
offset=integer,
group_by="string",
ids=id_list
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
arns = 'ARN1,ARN2,ARN3' # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']
response = falcon.GetCSPMAwsAccount(cspm_lite=boolean,
scan_type="string",
organization_ids=orgs,
iam_role_arns=arns,
status="string",
limit=integer,
migrated="boolean string",
offset=integer,
group_by="string",
ids=id_list
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
arns = 'ARN1,ARN2,ARN3' # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']
response = falcon.command("GetCSPMAwsAccount",
cspm_lite=boolean,
scan_type="string",
organization_ids=orgs,
iam_role_arns=arns,
status="string",
limit=integer,
migrated="boolean string",
offset=integer,
group_by="string",
ids=id_list
)
print(response)
Back to Table of Contents
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
create_aws_account
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id |
|
|
body | string | AWS Account ID. |
account_type |
|
|
body | string | AWS Account Type. |
behavior_assessment_enabled |
|
|
body | boolean | Flag indicating if behavior assessment should be enabled. |
body |
|
|
body | dictionary | Full body payload in JSON format. |
cloudtrail_region |
|
|
body | string | AWS Cloudtrail Region. |
iam_role_arn |
|
|
body | string | AWS IAM Role ARN. |
is_master |
|
|
body | boolean | Flag indicating this is the master account. |
sensor_management_enabled |
|
|
body | boolean | Flag indicating if sensor management should be enabled. |
organization_id |
|
|
body | string | AWS Organization ID. |
use_existing_cloudtrail |
|
|
body | boolean | Flag indicating if the existing CloudTrail log should be used. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_aws_account(account_id="string",
account_type="string",
behavior_assessment_enabled=boolean,
cloudtrail_region="string",
iam_role_arn="string",
is_master=boolean,
sensor_management_enabled=boolean,
organization_id="string",
use_existing_cloudtrail=boolean
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMAwsAccount(account_id="string",
account_type="string",
behavior_assessment_enabled=boolean,
cloudtrail_region="string",
iam_role_arn="string",
is_master=boolean,
sensor_management_enabled=boolean,
organization_id="string",
use_existing_cloudtrail=boolean
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"account_type": "string",
"behavior_assessment_enabled": boolean,
"cloudtrail_region": "string",
"iam_role_arn": "string",
"is_master": boolean,
"organization_id": "string",
"sensor_management_enabled": boolean,
"use_existing_cloudtrail": boolean
}
]
}
response = falcon.command("CreateCSPMAwsAccount", body=BODY)
print(response)
Back to Table of Contents
Deletes an existing AWS account or organization in our system.
delete_aws_account
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | The AWS account IDs to remove. |
organization_ids |
|
|
query | string or list of strings | The AWS organization ID(s) to delete. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.delete_aws_account(organization_ids=orgs, ids=id_list)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.DeleteCSPMAwsAccount(organization_ids=orgs, ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"organization-ids": [
"string",
"string"
]
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.command("DeleteCSPMAwsAccount", organization_ids=orgs, ids=id_list)
print(response)
Back to Table of Contents
Patches a existing account in our system for a customer.
update_aws_account
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id |
|
|
body | string | AWS Account ID. |
behavior_assessment_enabled |
|
|
body | boolean | Flag indicating if behavior assessment should be enabled. |
body |
|
|
body | dictionary | Full body payload in JSON format. |
cloudtrail_region |
|
|
body | string | AWS Cloudtrail Region. |
iam_role_arn |
|
|
body | string | AWS IAM Role ARN. |
remediation_region |
|
|
body | string | Region where remediation occurs. |
remediation_tou_accepted |
|
|
body | string | The accepted TOU for this account. |
sensor_management_enabled |
|
|
body | boolean | Flag indicating if sensor management should be enabled. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_aws_account(account_id="string",
behavior_assessment_enabled=boolean,
cloudtrail_region="string",
iam_role_arn="string",
remediation_region="string",
remediation_tou_accepted="UTC datetime string",
sensor_management_enabled=boolean
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.PatchCSPMAwsAccount(account_id="string",
behavior_assessment_enabled=boolean,
cloudtrail_region="string",
iam_role_arn="string",
remediation_region="string",
remediation_tou_accepted="UTC datetime string",
sensor_management_enabled=boolean
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"behavior_assessment_enabled": boolean,
"cloudtrail_region": "string",
"iam_role_arn": "string",
"remediation_region": "string",
"remediation_tou_accepted": "2023-07-06T17:32:12.655Z",
"sensor_management_enabled": boolean
}
]
}
response = falcon.command("PatchCSPMAwsAccount", body=BODY)
print(response)
Back to Table of Contents
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
get_aws_console_setup_urls
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/console-setup-urls/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | The AWS account ID(s) to retrieve setup URLs. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
region |
|
|
query | string | Region |
template |
|
|
query | string | Template to be rendered. Available values: aws-url , aws-iom-url , aws-ioa-url , aws-sensor-management-url , aws-dspm-url , aws-idp-url
|
use_existing_cloudtrail |
|
|
query | string | Boolean flag indicating if the CloudTrail be used. (Accepted values: true or false ) |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_console_setup_urls(ids=id_list,
region="string",
template="string",
use_existing_cloudtrail="boolean string"
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAwsConsoleSetupURLs(ids=id_list,
region="string",
template="string",
use_existing_cloudtrail="boolean string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAwsConsoleSetupURLs",
ids=id_list,
region="string",
template="string",
use_existing_cloudtrail="boolean string"
)
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
get_aws_account_scripts_attachment
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/user-scripts-download/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
accounts |
|
|
query | string or list of strings | List of accounts to register. |
account_type |
|
|
query | string | The account type (commercial or gov ). |
aws_profile |
|
|
query | string | The AWS profile to be used during registration. |
behavior_assessment_enabled |
|
|
query | string | Enable behavior assessment. Allowed values: true or false
|
custom_role_name |
|
|
query | string | The custom IAM role to be used during registration. |
dspm_enabled |
|
|
query | string | Enable DSPM. Allowed values: true or false
|
dspm_regions |
|
|
query | string or list of strings | DSPM regions. |
dspm_role |
|
|
query | string | DSPM role. |
ids |
|
|
query | string or list of strings | The AWS account ID(s) to retrieve script attachments. |
organization_id |
|
|
query | string or list of strings | The AWS organization ID to be registered. |
parameters |
|
|
query | dictionary | Full query string parameters payload as a dictionary. |
sensor_management_enabled |
|
|
query | string | Enable sensor management. Allowed values: true or false
|
template |
|
|
query | string | Template to be rendered. Allowed values: aws-bash or aws-terraform
|
use_existing_cloudtrail |
|
|
query | string | Use the existing cloudtrail log. Allowed values: true or false
|
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list = "AC1,AC2,AC3" # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3" # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.
response = falcon.get_aws_account_scripts_attachment(accounts=account_list,
account_type="string",
aws_profile="string",
behavior_assessment_enabled="string",
custom_role_name="string",
dspm_enabled="string",
dspm_regions=dspm_region_list,
dspm_role="string",
ids=id_list,
organization_id=org_id_list,
sensor_management_enabled="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list = "AC1,AC2,AC3" # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3" # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.
response = falcon.GetCSPMAwsAccountScriptsAttachment(accounts=account_list,
account_type="string",
aws_profile="string",
behavior_assessment_enabled="string",
custom_role_name="string",
dspm_enabled="string",
dspm_regions=dspm_region_list,
dspm_role="string",
ids=id_list,
organization_id=org_id_list,
sensor_management_enabled="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list = "AC1,AC2,AC3" # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3" # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.
response = falcon.command("GetCSPMAwsAccountScriptsAttachment",
accounts=account_list,
account_type="string",
aws_profile="string",
behavior_assessment_enabled="string",
custom_role_name="string",
dspm_enabled="string",
dspm_regions=dspm_region_list,
dspm_role="string",
ids=id_list,
organization_id=org_id_list,
sensor_management_enabled="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)
Back to Table of Contents
Return information about Azure account registration
get_azure_account
Method | Route |
---|---|
/cloud-connect-azure/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cspm_lite |
|
|
query | boolean | Only return CSPM lite accounts. |
ids |
|
|
query | string or list of strings | Subscription ID(s). When empty, all accounts are returned. |
limit |
|
|
query | integer | Maximum number of results to return. (Default: 100) |
offset |
|
|
query | integer | Starting record position. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
scan_type |
|
|
query | string | Type of scan to perform, dry or full . |
status |
|
|
query | string | Account status to filter results by. Allowed values:
|
tenant_ids |
|
|
query | string or list of strings | Tenant ID(s) used to filter Azure accounts returned. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.get_azure_account(scan_type="string",
cspm_lite=boolean,
status="string",
limit=integer,
offset=integer,
ids=id_list,
tenant_ids=tenants
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.GetCSPMAzureAccount(scan_type="string",
cspm_lite=boolean,
status="string",
limit=integer,
offset=integer,
ids=id_list,
tenant_ids=tenants
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.command("GetCSPMAzureAccount",
cspm_lite=boolean,
scan_type="string",
status="string",
limit=integer,
offset=integer,
ids=id_list,
tenant_ids=tenants
)
print(response)
Back to Table of Contents
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
create_azure_account
Method | Route |
---|---|
/cloud-connect-azure/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_type |
|
|
body | string | Azure account type. |
body |
|
|
body | dictionary | Full body payload in JSON format. |
client_id |
|
|
body | string | Client ID. |
default_subscription |
|
|
body | boolean | Flag indicating if this is the default Azure subscription. |
subscription_id |
|
|
body | string | Azure Subscription ID. |
tenant_id |
|
|
body | string | Azure tenant ID. |
years_valid |
|
|
body | integer | Years valid. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_account(account_type="string",
client_id="string",
default_subscription=boolean,
subscription_id="string",
tenant_id="string",
years_valid=integer
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMAzureAccount(account_type="string",
client_id="string",
default_subscription=boolean,
subscription_id="string",
tenant_id="string",
years_valid=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_type": "string",
"client_id": "string",
"default_subscription": boolean,
"subscription_id": "string",
"tenant_id": "string",
"years_valid": integer
}
]
}
response = falcon.command("CreateCSPMAzureAccount", body=BODY)
print(response)
Back to Table of Contents
Deletes an Azure subscription from the system.
delete_azure_account
Method | Route |
---|---|
/cloud-connect-cspm-azure/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Azure subscription IDs to remove. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
retain_tenant |
|
|
query | string | Retain tenant. |
tenant_ids |
|
|
query | string or list of strings | Tenant IDs to remove. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.delete_azure_account(ids=id_list, retain_tenant="string", tenant_ids=tenants)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.DeleteCSPMAzureAccount(ids=id_list, retain_tenants="string", tenant_ids=tenants)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.command("DeleteCSPMAzureAccount",
ids=id_list,
retain_tenant="string",
tenant_ids=tenants
)
print(response)
Back to Table of Contents
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
update_azure_account_client_id
Method | Route |
---|---|
/cloud-connect-azure/entities/client-id/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | string | This field is not used. Ignore. |
id |
|
|
query | string or list of strings | The Azure Client ID to use for the Service Principal associated with the Azure account. |
tenant_id |
|
|
query | string or list of strings | The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_account_client_id(id="string", tenant_id="string")
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateCSPMAzureAccountClientID(id="string", tenant_id="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UpdateCSPMAzureAccountClientID", id="string", tenant_id="string")
print(response)
Back to Table of Contents
Update an Azure default subscription_id in our system for given tenant_id
update_azure_tenant_default_subscription_id
Method | Route |
---|---|
/cloud-connect-cspm-azure/entities/default-subscription-id/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | string | This field is not used. Ignore. |
subscription_id |
|
|
query | string or list of strings | The Azure subscription ID to use as a default for all subscriptions within the tenant. |
tenant_id |
|
|
query | string or list of strings | The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_tenant_default_subscription_id(tenant_id="string",
subscription_id="string"
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateCSPMAzureTenantDefaultSubscriptionID(tenant_id="string",
subscription_id="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UpdateCSPMAzureTenantDefaultSubscriptionID",
tenant_id="string",
subscription_id="string"
)
print(response)
Back to Table of Contents
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
azure_download_certificate
Method | Route |
---|---|
/cloud-connect-cspm-azure/entities/download-certificate/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
refresh |
|
|
query | boolean | Force a refresh of the certificate. Defaults to False . |
tenant_id |
|
|
query | string or list of strings | The Azure Client ID to generate script for. Defaults to the most recently registered tenant. |
years_valid |
|
|
query | string | The number of years the certificate should be valid (only used when refresh=True ). |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.azure_download_certificate(refresh=boolean,
tenant_id="string",
years_valid="string"
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AzureDownloadCertificate(refresh=boolean,
tenant_id="string",
years_valid="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AzureDownloadCertificate",
refresh=boolean,
tenant_id="string",
years_valid="string"
)
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
get_azure_user_scripts_attachment
Method | Route |
---|---|
/cloud-connect-azure/entities/user-scripts-download/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_type |
|
|
query | string | Account type (gov or commercial ). |
azure_management_group |
|
|
query | boolean | Use Azure Management Group. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
subscription_ids |
|
|
query | string or list of strings | Subscription IDs to generate scripts for. Defaults to all. |
template |
|
|
query | string or list of strings | Template to be rendered. |
tenant_id |
|
|
query | string | The Azure tenant ID to generate scripts for. Defaults to the most recently registered tenant. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.get_azure_user_scripts_attachment(account_type="string",
azure_management_group=boolean,
subscription_ids=subscriptions,
template="string",
tenant_id="string"
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.GetCSPMAzureUserScriptsAttachment(account_type="string",
azure_management_group=boolean,
subscription_ids=subscriptions,
template="string",
tenant_id="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMAzureUserScriptsAttachment",
account_type="string",
azure_management_group=boolean,
subscription_ids=subscriptions,
template="string",
tenant_id="string"
)
print(response)
Back to Table of Contents
Retrieve list of detected behaviors.
get_behavior_detections
Method | Route |
---|---|
/detects/entities/ioa/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id |
|
|
query | string | Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID). |
aws_account_id |
|
|
query | string | AWS Account ID. |
azure_subscription_id |
|
|
query | string | Azure Subscription ID. |
azure_tenant_id |
|
|
query | string | Azure Tenant ID. |
cloud_provider |
|
|
query | string | Cloud Provider (azure, aws, gcp). |
date_time_since |
|
|
query | string | Filter to retrieve all events after specified date. RFC3339 format. Example: 2006-01-01T12:00:01Z07:00 . |
limit |
|
|
query | integer | Maximum number of results to return. (Max: 500) |
next_token |
|
|
query | string | String to get next page of results, associated with the previous execution. Must include all filters from previous execution. |
resource_id |
|
|
query | string or list of strings | Resource ID. |
resource_uuid |
|
|
query | string or list of strings | Resource UUID. |
service |
|
|
query | string | Filter by Cloud Service. A list of available services can be found here. |
severity |
|
|
query | string | Filter by severity. Example: High , Medium or Informational . |
state |
|
|
query | string | Filter by state. Example: open or closed . |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
ACM | Identity |
ACR | KMS |
Any | KeyVault |
App Engine | Kinesis |
BigQuery | Kubernetes |
Cloud Load Balancing | Lambda |
Cloud Logging | LoadBalancer |
Cloud SQL | Monitor |
Cloud Storage | NLB/ALB |
CloudFormation | NetworkSecurityGroup |
CloudTrail | PostgreSQL |
CloudWatch Logs | RDS |
Cloudfront | Redshift |
Compute Engine | S3 |
Config | SES |
Disk | SNS |
DynamoDB | SQLDatabase |
EBS | SQLServer |
EC2 | SQS |
ECR | SSM |
EFS | Serverless Application Repository |
EKS | StorageAccount |
ELB | Subscriptions |
EMR | VPC |
Elasticache | VirtualMachine |
GuardDuty | VirtualNetwork |
IAM |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
res_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
res_uuids = 'UUID1,UUID2,UUID3' # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']
response = falcon.get_behavior_detections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
resource_id=res_ids,
resource_uuid=res_uuids,
service="string",
severity="string",
state="string"
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
res_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
res_uuids = 'UUID1,UUID2,UUID3' # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']
response = falcon.GetBehaviorDetections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
resource_id=res_ids,
resource_uuid=res_uuids,
service="string",
severity="string",
state="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
res_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
res_uuids = 'UUID1,UUID2,UUID3' # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']
response = falcon.command("GetBehaviorDetections",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
resource_id=res_ids,
resource_uuid=res_uuids,
service="string",
severity="string",
state="string"
)
print(response)
Back to Table of Contents
Retrieve list of detected behaviors.
get_configuration_detections
Method | Route |
---|---|
/detects/entities/iom/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id |
|
|
query | string | Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID). |
aws_account_id |
|
|
query | string | AWS Account ID. |
azure_subscription_id |
|
|
query | string | Azure Subscription ID. |
azure_tenant_id |
|
|
query | string | Azure Tenant ID. |
cloud_provider |
|
|
query | string | Cloud Provider (azure, aws, gcp). |
limit |
|
|
query | integer | Maximum number of results to return. (Max: 500) |
next_token |
|
|
query | string | String to get next page of results, associated with the previous execution. Must include all filters from previous execution. |
region |
|
|
query | string | Cloud Provider Region. Example: us-east-1 . |
service |
|
|
query | string | Filter by Cloud Service. A list of available services can be found here. |
severity |
|
|
query | string | Filter by severity. Example: High , Medium or Informational . |
status |
|
|
query | string | Filter by status. Example: new , reoccurring or all . |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
ACM | Identity |
ACR | KMS |
Any | KeyVault |
App Engine | Kinesis |
BigQuery | Kubernetes |
Cloud Load Balancing | Lambda |
Cloud Logging | LoadBalancer |
Cloud SQL | Monitor |
Cloud Storage | NLB/ALB |
CloudFormation | NetworkSecurityGroup |
CloudTrail | PostgreSQL |
CloudWatch Logs | RDS |
Cloudfront | Redshift |
Compute Engine | S3 |
Config | SES |
Disk | SNS |
DynamoDB | SQLDatabase |
EBS | SQLServer |
EC2 | SQS |
ECR | SSM |
EFS | Serverless Application Repository |
EKS | StorageAccount |
ELB | Subscriptions |
EMR | VPC |
Elasticache | VirtualMachine |
GuardDuty | VirtualNetwork |
IAM |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_configuration_detections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
limit=integer,
next_token="string",
region="string,
service="string",
severity="string",
status="string"
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetConfigurationDetections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
limit=integer,
next_token="string",
region="string",
service="string",
severity="string",
status="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetConfigurationDetections",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
limit=integer,
next_token="string",
region="string",
service="string",
severity="string",
status="string"
)
print(response)
Back to Table of Contents
Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.
get_configuration_detection_entities
Method | Route |
---|---|
/detects/entities/iom/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Detection IDs to retrieve. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_configuration_detection_entities(ids=id_list)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetConfigurationDetectionEntities(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetConfigurationDetectionEntities", ids=id_list)
print(response)
Back to Table of Contents
Get list of active misconfiguration ids - including custom policy detections in addition to default policy detections.
get_configuration_detection_ids_v2
Method | Route |
---|---|
/detects/queries/iom/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
offset |
|
|
query | integer | The offset to start retrieving detections from |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
limit |
|
|
query | integer | The maximum number of detections to return. [1-1000] |
sort |
|
|
query | string | The property to sort by (e.g. timestamp|desc or policy_id|asc )Default: timestamp|desc Available fields:
|
filter |
|
|
query | string | The FQL filter expression that should be used to limit the results. Available filters:
|
next_token |
|
|
query | string | String to get next page of results. Cannot be combined with any other keyword except limit . |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_configuration_detection_ids_v2(offset=integer,
limit=integer,
sort="string",
filter="string",
next_token="string"
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetConfigurationDetectionIDsV2(offset=integer,
limit=integer,
sort="string",
filter="string",
next_token="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetConfigurationDetectionIDsV2",
offset=integer,
limit=integer,
sort="string",
filter="string",
next_token="string"
)
print(response)
Back to Table of Contents
Given a policy ID, returns detailed policy information.
get_policy
Method | Route |
---|---|
/settings/entities/policy-details/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Policy IDs to retrieve. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policy(ids=id_list)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMPolicy(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMPolicy", ids=id_list)
print(response)
Back to Table of Contents
Given an array of policy IDs, returns detailed policies information.
get_policy_details
Method | Route |
---|---|
/settings/entities/policy-details/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Detection IDs to retrieve. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policy_details(ids=id_list)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetPoliciesDetails(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetPoliciesDetails", ids=id_list)
print(response)
Back to Table of Contents
Returns information about current policy settings.
get_policy_settings
Method | Route |
---|---|
/settings/entities/policy/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cloud_platform |
|
|
query | string | Cloud Provider (azure, aws, gcp). |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
policy_id |
|
|
query | string | IOA Policy ID. |
service |
|
|
query | string | Filter by Service type. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_policy_settings(service="string",
policy_id="string",
cloud_platform="string"
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMPolicySettings(service="string",
policy_id="string",
cloud_platform="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMPolicySettings",
service="string",
policy_id="string",
cloud_platform="string"
)
print(response)
Back to Table of Contents
Updates a policy setting - can be used to override policy severity or to disable a policy entirely.
update_policy_settings
Method | Route |
---|---|
/settings/entities/policy/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id |
|
|
body | string | Cloud Account ID to impact. |
body |
|
|
body | dictionary | Full body payload in JSON format. |
enabled |
|
|
body | boolean | Flag indicating if this policy is enabled. |
policy_id |
|
|
body | integer | Policy ID to be updated. |
regions |
|
|
body | string or list of strings | List of regions where this policy is enforced. |
severity |
|
|
body | string | Policy severity value. |
tag_excluded |
|
|
body | boolean | Tag exclusion flag. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
region_list = 'REG1,REG2,REG3' # Can also pass a list here: ['REG1', 'REG2', 'REG3']
response = falcon.update_policy_settings(account_id="string",
enabled=boolean,
policy_id=integer,
regions=region_list
severity="string",
tag_excluded=boolean
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
region_list = 'REG1,REG2,REG3' # Can also pass a list here: ['REG1', 'REG2', 'REG3']
response = falcon.UpdateCSPMPolicySettings(account_id="string",
enabled=boolean,
policy_id=integer,
regions=region_list
severity="string",
tag_excluded=boolean
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"enabled": boolean,
"policy_id": integer,
"regions": [
"string"
],
"severity": "string",
"tag_excluded": boolean
}
]
}
response = falcon.command("UpdateCSPMPolicySettings", body=BODY)
print(response)
Back to Table of Contents
Returns scan schedule configuration for one or more cloud platforms.
get_scan_schedule
Method | Route |
---|---|
/settings/scan-schedule/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cloud_platform |
|
|
query | string or list of strings | The Cloud Platform. (azure , aws , gcp ) |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clouds = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_schedule(cloud_platform=clouds)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clouds = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMScanSchedule(cloud_platform=clouds)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clouds = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMScanSchedule", cloud_platform=clouds)
print(response)
Back to Table of Contents
Updates scan schedule configuration for one or more cloud platforms.
update_scan_schedule
Method | Route |
---|---|
/settings/scan-schedule/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
cloud_platform |
|
|
body | string | Cloud platform (Azure, AWS, GCP). |
next_scan_timestamp |
|
|
body | string | UTC formatted string. |
scan_schedule |
|
|
body | string | Scan schedule type. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_scan_schedule(cloud_platform="string",
next_scan_timestampt="string",
scan_schedule="string"
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateCSPMScanSchedule(cloud_platform="string",
next_scan_timestampt="string",
scan_schedule="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"cloud_platform": "string",
"next_scan_timestamp": "2021-10-25T05:22:27.365Z",
"scan_schedule": "string"
}
]
}
response = falcon.command("UpdateCSPMScanSchedule", body=BODY)
print(response)
Back to Table of Contents
Return information about Azure management group registration
get_azure_management_group
Method | Route |
---|---|
/cloud-connect-cspm-azure/entities/management-group/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
tenant_ids |
|
|
query | string or list of strings | Tenant ids to filter azure accounts |
limit |
|
|
query | integer | The maximum records to return. Defaults to 100. |
offset |
|
|
query | integer | The offset to start retrieving records from |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_management_group(tenant_ids=id_list,
limit=integer,
offset=integer
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAzureManagementGroup(tenant_ids=id_list,
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAzureManagementGroup",
tenant_ids=id_list,
limit=integer,
offset=integer
)
print(response)
Deletes Azure management groups from the system.
delete_azure_management_group
Method | Route |
---|---|
/cloud-connect-cspm-azure/entities/management-group/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
tenant_ids | query | string or list of strings | Tenant IDs to remove. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_azure_management_group(tenant_ids=id_list)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteCSPMAzureManagementGroup(tenant_ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteCSPMAzureManagementGroup", tenant_ids=id_list)
print(response)
Creates a new management group in our system for a customer.
default_subscription_id--IDofthedefaultazuresubscription.String.
Method | Route |
---|---|
/cloud-connect-cspm-azure/entities/management-group/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
✅ | body | body | string | ||
body |
|
|
body | dictionary | Full body payload in JSON format. |
default_subscription_id |
|
|
body | string | AWS Account ID. |
tenant_id |
|
|
body | string | AWS Account ID. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_management_group(default_subscription_id="string",
tenant_id="string"
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMAzureManagementGroup(default_subscription_id="string",
tenant_id="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"default_subscription_id": "string"
"tenant_id": "string",
}
]
}
response = falcon.command("CreateCSPMAzureManagementGroup", body=body_payload)
print(response)
Returns information about the current status of an GCP account.
get_gcp_account
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Hierarchical Resource IDs of accounts. |
limit |
|
|
query | integer | Maximum number of results to return. (Default: 100) |
offset |
|
|
query | integer | Starting record position. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
parent_type |
|
|
query | string | GCP Hierarchy Parent Type in organization/folder/project format. |
scan_type |
|
|
query | string | Type of scan to perform, dry or full . |
status |
|
|
query | string | Account status to filter results by. |
sort |
|
|
query | string | Order fields in ascending or descending order. Example: parent_type|asc
|
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_gcp_account(parent_type="string",
scan_type="string",
status="string",
limit=integer,
offset=integer,
sort="string",
ids=id_list
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMCGPAccount(parent_type="string",
scan_type="string",
status="string",
limit=integer,
offset=integer,
sort="string",
ids=id_list
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMCGPAccount",
parent_type="string",
scan_type="string",
status="string",
limit=integer,
offset=integer,
sort="string",
ids=id_list
)
print(response)
Creates a new account and generates a new service account to add access to your GCP environment.
create_gcp_account
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
parent_id |
|
|
body | string | Parent ID. |
parent_type |
|
|
body | string | Parent Type. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_gcp_account(parent_id="string", parent_type="string")
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMGCPAccount(parent_id="string", parent_type="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"parent_id": "string",
"parent_type": "string"
}
]
}
response = falcon.command("CreateCSPMGCPAccount", body=body_payload)
print(response)
Deletes a GCP account from the system.
delete_gcp_account
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Hierarchical Resource IDs of accounts to delete. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_gcp_account(ids=id_list)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteCSPMGCPAccount(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteCSPMGCPAccount", ids=id_list)
print(response)
Updates an existing GCP account.
update_gcp_account
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
environment |
|
|
body | string | Environment. |
parent_id |
|
|
body | string | Parent ID. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_gcp_account(environment="string", parent_id="string")
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateCSPMGCPAccount(environment="string", parent_id="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"environment": "string",
"parent_id": "string"
}
]
}
response = falcon.command("UpdateCSPMGCPAccount", body=body_payload)
print(response)
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id
, parent_type
and service_account_id
.
connect_gcp_account
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
client_email |
|
|
body | string | GCP client email. |
client_id |
|
|
body | string | GCP client ID. |
parent_id |
|
|
body | string | Parent ID. |
parent_type |
|
|
body | string | Parent type. |
private_key |
|
|
body | string | GCP private key. |
private_key_id |
|
|
body | string | GCP private key ID. |
project_id |
|
|
body | string | GCP project ID. |
service_account_id |
|
|
body | integer | GCP service account ID. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.connect_gcp_account(client_email="string",
client_id="string",
parent_id="string",
parent_type="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_id=integer
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ConnectCSPMGCPAccount(client_email="string",
client_id="string",
parent_id="string",
parent_type="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_id=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"client_email": "string",
"client_id": "string",
"parent_id": "string",
"parent_type": "string",
"private_key": "string",
"private_key_id": "string",
"project_id": "string",
"service_account_id": integer
}
]
}
response = falcon.command("ConnectCSPMGCPAccount", body=body_payload)
print(response)
Returns the service account id and client email for external clients.
get_gcp_service_account
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/service-accounts/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | Service account ID to retrieve. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_service_account(id="string")
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMGCPServiceAccountsExt(id="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMGCPServiceAccountsExt", id="string")
print(response)
Updates an existing GCP service account.
update_gcp_service_account
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/service-accounts/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
client_email |
|
|
body | string | Client email associated with the account. |
client_id |
|
|
body | string | GCP Client ID. |
private_key |
|
|
body | string | GCP private key. |
private_key_id |
|
|
body | string | GCP private key ID. |
project_id |
|
|
body | string | GCP project ID. |
service_account_conditions |
|
|
body | list of dictionaries | GCP service account conditions. |
service_account_id |
|
|
body | integer | GCP service account ID. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions = [
{
"feature": "string",
"is_visible": boolean,
"last_transition": "UTC date string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
]
response = falcon.update_gcp_service_account(client_email="string",
client_id="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_conditions=conditions,
service_account_id=integer
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions = [
{
"feature": "string",
"is_visible": boolean,
"last_transition": "UTC date string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
]
response = falcon.UpdateCSPMGCPServiceAccountExt(client_email="string",
client_id="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_conditions=conditions,
service_account_id=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"client_email": "string",
"client_id": "string",
"private_key": "string",
"private_key_id": "string",
"project_id": "string",
"service_account_conditions": [
{
"feature": "string",
"is_visible": boolean,
"last_transition": "UTC date string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
],
"service_account_id": integer
}
]
}
response = falcon.command("UpdateCSPMGCPServiceAccountsExt", body=body_payload)
print(response)
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
get_gcp_user_scripts_attachment
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/user-scripts-download/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Hierarchical Resource IDs of accounts. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
parent_type |
|
|
query | string | GCP Hierarchy Parent Type. Allowed values: organization , folder or project
|
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_gcp_user_scripts_attachment(parent_type="string", ids=id_list)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMGCPUserScriptsAttachment(parent_type="string", ids=id_list)
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMGCPUserScriptsAttachment", parent_type="string", ids=id_list)
print(response)
Run a synchronous health check.
validate_gcp_account
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/account/validate/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
resources |
|
|
body | string or list of strings | GCP Account IDs to validate. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.validate_gcp_account(resources=id_list)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMGCPValidateAccountsExt(resources=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = {
"resources": id_list
}
response = falcon.command("GetCSPMGCPValidateAccountsExt", body=body_payload)
print(response)
Validates credentials for a service account
validate_gcp_service_account
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/service-accounts/validate/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
client_email |
|
|
body | string | Client email associated with the service account. |
client_id |
|
|
body | string | GCP Client ID. |
private_key |
|
|
body | string | GCP private key. |
private_key_id |
|
|
body | string | GCP private key ID. |
project_id |
|
|
body | string | GCP project ID. |
resources |
|
|
body | list of dictionaries | List of GCP service accounts to validate. Overrides other keywords except for body if used. |
service_account_conditions |
|
|
body | list of dictionaries | GCP service account conditions. |
service_account_id |
|
|
body | integer | GCP service account ID. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
svc_conditions: [
{
"last_transition": "UTC date string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
]
response = falcon.validate_gcp_service_account(client_email="string",
client_id="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_conditions=svc_conditions,
service_account_id=integer
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
svc_conditions: [
{
"last_transition": "UTC date string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
]
response = falcon.ValidateCSPMGCPServiceAccountExt(client_email="string",
client_id="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_conditions=svc_conditions,
service_account_id=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"client_email": "string",
"client_id": "string",
"private_key": "string",
"private_key_id": "string",
"project_id": "string",
"service_account_conditions": [
{
"last_transition": "UTC date string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
],
"service_account_id": 0
}
]
}
response = falcon.command("ValidateCSPMGCPServiceAccountExt", body=body_payload)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust