-
Notifications
You must be signed in to change notification settings - Fork 0
D4C Registration
Operation ID | Description | ||||
---|---|---|---|---|---|
|
Returns information about the current status of an AWS account. | ||||
|
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. | ||||
|
Deletes an existing AWS account or organization in our system. | ||||
|
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. | ||||
|
Return information about Azure account registration | ||||
|
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. | ||||
|
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their Azure environment | ||||
|
Returns information about the current status of an GCP account. | ||||
|
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. | ||||
|
Returns JSON object(s) that contain the base64 encoded certificate for a service principal. | ||||
|
Return all available Azure tenant IDs. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their GCP environment | ||||
|
Returns static install scripts for Horizon. |
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Returns information about the current status of an AWS account.
get_aws_account
Method | Route |
---|---|
/cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | AWS account ID(s). When empty, all accounts are returned. |
organization_ids |
|
|
query | string or list of strings | AWS organization ID(s). |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
scan_type |
|
|
query | string | Type of scan to perform, dry or full . |
status |
|
|
query | string | Account status to filter results by. |
limit |
|
|
query | integer | The maximum number of records to return. Defaults to 100. |
offset |
|
|
query | integer | The offset to start retrieving records from. |
migrated |
|
|
query | boolean | Only return migrated accounts. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_account(scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated="string",
ids=id_list
)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetD4CAwsAccount(scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated="string",
ids=id_list
)
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetD4CAwsAccount",
scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated=boolean,
ids=id_list
)
print(response)
Back to Table of Contents
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
create_aws_account
Method | Route |
---|---|
/cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id |
|
|
body | string | AWS account ID. |
account_type |
|
|
body | string | AWS account type. |
body |
|
|
body | dictionary | Full body payload in JSON format. |
cloudtrail_region |
|
|
body | string | AWS region for CloudTrail access. |
iam_role_arn |
|
|
body | string | AWS IAM Role ARN. |
is_master |
|
|
body | boolean | Flag indicating if this is the master account. |
organization_id |
|
|
body | string | AWS organization ID. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_aws_account(account_id="string",
account_type="string",
cloudtrail_region="string",
iam_role_arn="string",
is_master=boolean,
organization_id="string"
)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateD4CAwsAccount(account_id="string",
account_type="string",
cloudtrail_region="string",
iam_role_arn="string",
is_master=boolean,
organization_id="string"
)
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"account_type": "string",
"cloudtrail_region": "string",
"iam_role_arn": "string",
"is_master": boolean,
"organization_id": "string"
}
]
}
response = falcon.command("CreateD4CAwsAccount", body=BODY)
print(response)
Back to Table of Contents
Deletes an existing AWS account or organization in our system.
delete_aws_account
Method | Route |
---|---|
/cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | AWS account ID(s). |
organization_ids |
|
|
query | string or list of strings | AWS organization ID(s). |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_account(organization_ids=["string", "string"], ids=id_list)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteD4CAwsAccount(organization_ids=["string", "string"], ids=id_list)
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"organization-ids": [
"string",
"string"
]
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteD4CAwsAccount",
organization_ids=["string", "string"],
ids=id_list
)
print(response)
Back to Table of Contents
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
get_aws_console_setup
Method | Route |
---|---|
/cloud-connect-aws/entities/console-setup-urls/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
region |
|
|
query | string | AWS region to generate URL for. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_aws_console_setup(region="string")
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetD4CAwsConsoleSetupURLs(region="string")
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetD4CAwsConsoleSetupURLs", region="string")
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
get_aws_account_scripts
Method | Route |
---|---|
/cloud-connect-aws/entities/user-scripts-download/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | AWS account ID(s). |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_account_scripts(ids=id_list)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetD4CAWSAccountScriptsAttachment(ids=id_list)
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetD4CAWSAccountScriptsAttachment", ids=id_list)
print(response)
Back to Table of Contents
Return information about Azure account registration
get_azure_account
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMAzureAccount
Method | Route |
---|---|
/cloud-connect-azure/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Subscription ID(s). When empty, all accounts are returned. |
tenant_ids |
|
|
query | string or list of strings | Tenant IDs to use to filter Azure accounts returned. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
scan_type |
|
|
query | string | Type of scan to perform, dry or full . |
status |
|
|
query | string | Account status to filter results by. |
limit |
|
|
query | integer | The maximum number of records to return. Defaults to 100. |
offset |
|
|
query | integer | The offset to start retrieving records from. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.get_azure_account(scan_type="string",
ids=id_list,
tenant_ids=tenants,
status="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.GetDiscoverCloudAzureAccount(scan_type="string",
ids=id_list,
tenant_ids=tenants,
status="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.command("GetDiscoverCloudAzureAccount",
scan_type="string",
ids=id_list,
tenant_ids=tenants,
status="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
create_azure_account
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
CreateCSPMAzureAccount
Method | Route |
---|---|
/cloud-connect-azure/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_type |
|
|
body | string | Azure account type. |
body |
|
|
body | dictionary | Full body payload in JSON format. |
client_id |
|
|
body | string | Client ID. |
default_subscription |
|
|
body | boolean | Flag indicating if this is the default Azure subscription. |
subscription_id |
|
|
body | string | Azure Subscription ID. |
tenant_id |
|
|
body | string | Azure tenant ID. |
years_valid |
|
|
body | integer | Years valid. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_account(account_type="string",
client_id="string",
default_subscription=boolean,
subscription_id="string",
tenant_id="string",
years_valid=integer
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateDiscoverCloudAzureAccount(account_type="string",
client_id="string",
default_subscription=boolean,
subscription_id="string",
tenant_id="string",
years_valid=integer
)
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_type": "string",
"client_id": "string",
"default_subscription": boolean,
"subscription_id": "string",
"tenant_id": "string",
"years_valid": integer
}
]
}
response = falcon.command("CreateDiscoverCloudAzureAccount", body=BODY)
print(response)
Back to Table of Contents
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
update_azure_account_client_id
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
UpdateCSPMAzureAccountClientID
Method | Route |
---|---|
/cloud-connect-azure/entities/client-id/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | Client ID to use for the Service Principal associated with the registered Azure account. |
object_id |
|
|
query | string | Object ID to use for the Service Principal associated with the registered Azure account. |
tenant_id |
|
|
query | string | Tenant ID to update Client ID for. Required if multiple tenants are registered. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_account_client_id(id="string",
object_id="string",
tenant_id="string"
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateDiscoverCloudAzureAccountClientID(id="string",
object_id="string",
tenant_id="string"
)
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UpdateDiscoverCloudAzureAccountClientID",
id="string",
object_id="string",
tenant_id="string"
)
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
get_azure_user_scripts_attachment
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMAzureUserScriptsAttachment
Method | Route |
---|---|
/cloud-connect-azure/entities/user-scripts-download/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
subscription_ids |
|
|
query | string or list of strings | Azure Subscription IDs. |
template |
|
|
query | string or list of strings | Template to be rendered. |
tenant_id |
|
|
query | string | Azure Tenant IDs. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.get_azure_user_scripts_attachment(subscription_ids=subscriptions,
tenant_id=tenants,
template="string"
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.GetDiscoverCloudAzureUserScriptsAttachment(subscription_ids=subscriptions,
tenant_id=tenants,
template="string"
)
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.command("GetDiscoverCloudAzureUserScriptsAttachment",
subscription_ids=subscriptions,
tenant_id=tenants,
template="string"
)
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their Azure environment
get_azure_user_scripts
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMAzureUserScripts
Method | Route |
---|---|
/cloud-connect-azure/entities/user-scripts/v1 |
- Consumes: application/json
- Produces: application/json
No keywords or arguments accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_azure_user_scripts()
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDiscoverCloudAzureUserScripts()
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDiscoverCloudAzureUserScripts")
print(response)
Back to Table of Contents
Returns information about the current status of an GCP account.
get_gcp_account
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMCGPAccount
Method | Route |
---|---|
/cloud-connect-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Parent ID(s). When empty, all accounts are returned. |
limit |
|
|
query | integer | The maximum number of records to return. Defaults to 100. |
offset |
|
|
query | integer | The offset to start retrieving records from. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
parent_type |
|
|
query | string | GCP Hierarchy Parent Type. (Folder , Organization or Project ). |
scan_type |
|
|
query | string | Type of scan to perform, dry or full . |
sort |
|
|
query | string |
FQL formatted string that sets the sort order. Example: parent_type|asc . |
status |
|
|
query | string | Account status to filter results by. operational or provisioned . |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_gcp_account(ids=id_list,
limit=integer,
scan_type="string",
offset=integer,
parent_type="string",
sort="string",
status="string"
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetDiscoverCloudCGPAccount(ids=id_list,
limit=integer,
scan_type="string",
offset=integer,
parent_type="string",
sort="string",
status="string"
)
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetDiscoverCloudCGPAccount",
ids=id_list,
limit=integer,
scan_type="string",
offset=integer,
parent_type="string",
sort="string",
status="string"
)
print(response)
Back to Table of Contents
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
create_gcp_account
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
CreateCSPMGCPAccount
Method | Route |
---|---|
/cloud-connect-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
parent_id |
|
|
body | string | GCP Parent ID. |
parent_type |
|
|
query | string | GCP Hierarchy Parent Type. (Folder , Organization or Project ). |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_gcp_account(parent_id="string", parent_type="string")
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateDiscoverCloudGCPAccount(parent_id="string", parent_type="string")
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"parent_id": "string",
"parent_type": "string"
}
]
}
response = falcon.command("CreateDiscoverCloudGCPAccount", body=BODY)
print(response)
Back to Table of Contents
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
azure_download_certificate
Method | Route |
---|---|
/cloud-connect-azure/entities/download-certificate/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
refresh |
|
|
query | boolean | Force a refresh of the certificate. Defaults to False . |
tenant_id |
|
|
query | string or list of strings | The Azure Client ID to generate script for. Defaults to the most recently registered tenant. |
years_valid |
|
|
body | integer | Years the certificate should be valid. Only used when refresh is set to True. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.azure_download_certificate(refresh=boolean,
tenant_id="string",
years_valid=integer
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DiscoverCloudAzureDownloadCertificate(refresh=boolean,
tenant_id="string",
years_valid=integer
)
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DiscoverCloudAzureDownloadCertificate",
refresh=boolean,
tenant_id="string",
years_valid=integer
)
print(response)
Back to Table of Contents
Return available tenant ids for discover for cloud
get_azure_tenant_ids
Method | Route |
---|---|
/cloud-connect-azure/entities/tenant-id/v1 |
- Produces: application/json
No keywords or arguments accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_azure_tenant_ids()
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDiscoverCloudAzureTenantIDs()
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDiscoverCloudAzureTenantIDs")
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
get_gcp_user_scripts_attachment
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMGCPUserScriptsAttachment
Method | Route |
---|---|
/cloud-connect-gcp/entities/user-scripts-download/v1 |
- Produces: application/json
No keywords or arguments are accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_user_scripts_attachment()
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDiscoverCloudGCPUserScriptsAttachment()
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDiscoverCloudCPUserScriptsAttachment")
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their GCP environment.
get_gcp_user_scripts
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMGCPUserScripts
Method | Route |
---|---|
/cloud-connect-gcp/entities/user-scripts/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parent_type |
|
|
query | string | GCP Hierarchy Parent Type. (Folder , Organization or Project ). |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_user_scripts(parent_type="string")
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDiscoverCloudGCPUserScripts(parent_type="string")
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDiscoverCloudGCPUserScripts", parent_type="string")
print(response)
Back to Table of Contents
Returns static install scripts for Horizon.
get_aws_horizon_scripts
Method | Route |
---|---|
/settings-discover/entities/gen/scripts/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_type |
|
|
query | string | Account type (commercial, gov). Only applicable when registering AWS commercial accounts in a GovCloud environment. |
delete |
|
|
query | boolean | Generate a delete script. |
organization_ids |
|
|
query | string or list of strings | AWS organization ID(s). |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
single_account |
|
|
query | boolean | Generate a static script for a single account. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_aws_horizon_scripts(single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetHorizonD4CScripts(single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetHorizonD4CScripts",
single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)
Back to Table of Contents
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust