Skip to content

D4C Registration

jshcodes edited this page Sep 16, 2023 · 35 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Using the D4C Registration service collection

Uber class support Service class support Documentation Version Page Updated

DEPRECATED

This service collection has been superseded by the CSPMRegistration service collection and is now deprecated. Developers should move code over to use the new operations available within the updated collection.

Table of Contents

Operation ID Description
GetD4CAwsAccount
PEP8 get_aws_account
DEPRECATED
Returns information about the current status of an AWS account.
CreateD4CAwsAccount
PEP8 create_aws_account
DEPRECATED
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
DeleteD4CAwsAccount
PEP8 delete_aws_account
DEPRECATED
Deletes an existing AWS account or organization in our system.
GetD4CAwsConsoleSetupURLs
PEP8 get_aws_console_setup
DEPRECATED
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
GetD4CAWSAccountScriptsAttachment
PEP8 get_aws_account_scripts
DEPRECATED
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
GetDiscoverCloudAzureAccount
PEP 8 get_azure_account
DEPRECATED
Return information about Azure account registration
CreateDiscoverCloudAzureAccount
PEP 8 create_azure_account
DEPRECATED
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
UpdateDiscoverCloudAzureAccountClientID
PEP 8 update_azure_account_client_id
DEPRECATED
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
GetDiscoverCloudAzureUserScriptsAttachment
PEP 8 get_azure_user_scripts_attachment
DEPRECATED
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
GetDiscoverCloudAzureUserScripts
PEP 8 get_azure_user_scripts
Return a script for customer to run in their cloud environment to grant us access to their Azure environment
GetDiscoverCloudCGPAccount
PEP 8 get_gcp_account
DEPRECATED
Returns information about the current status of an GCP account.
CreateDiscoverCloudGCPAccount
PEP 8 create_gcp_account
DEPRECATED
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
DiscoverCloudAzureDownloadCertificate
PEP 8 azure_download_certificate
DEPRECATED
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
GetDiscoverCloudAzureTenantIDs
PEP 8 get_azure_tenant_ids
DEPRECATED
Return all available Azure tenant IDs.
GetDiscoverCloudGCPUserScriptsAttachment
PEP 8 get_gcp_user_scripts_attachment
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
GetDiscoverCloudGCPUserScripts
PEP 8 get_gcp_user_scripts
DEPRECATED
Return a script for customer to run in their cloud environment to grant us access to their GCP environment
GetHorizonD4CScripts
PEP8 get_aws_horizon_scripts
DEPRECATED
Returns static install scripts for Horizon.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetD4CAwsAccount

Returns information about the current status of an AWS account.

Deprecated operation

This operation has been superseded by the GetCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

get_aws_account

Endpoint

Method Route
GET /cloud-connect-aws/entities/account/v2

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings AWS account ID(s). When empty, all accounts are returned.
organization_ids
Service Class Support

Uber Class Support
query string or list of strings AWS organization ID(s).
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
scan_type
Service Class Support

Uber Class Support
query string Type of scan to perform, dry or full.
status
Service Class Support

Uber Class Support
query string Account status to filter results by.
limit
Service Class Support

Uber Class Support
query integer The maximum number of records to return. Defaults to 100.
offset
Service Class Support

Uber Class Support
query integer The offset to start retrieving records from.
migrated
Service Class Support

Uber Class Support
query boolean Only return migrated accounts.

Usage

Service class example (PEP8 syntax)
from falconpy.d4c_registration import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_aws_account(scan_type="string",
                                  organization_ids=["string", "string"],
                                  status="string",
                                  limit=integer,
                                  offset=integer,
                                  migrated="string",
                                  ids=id_list
                                  )

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetD4CAwsAccount(scan_type="string",
                                   organization_ids=["string", "string"],
                                   status="string",
                                   limit=integer,
                                   offset=integer,
                                   migrated="string",
                                   ids=id_list
                                   )

print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetD4CAwsAccount",
                          scan_type="string",
                          organization_ids=["string", "string"],
                          status="string",
                          limit=integer,
                          offset=integer,
                          migrated=boolean,
                          ids=id_list
                          )

print(response)

Back to Table of Contents

CreateD4CAwsAccount

Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.

Deprecated operation

This operation has been superseded by the CreateCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

create_aws_account

Endpoint

Method Route
POST /cloud-connect-aws/entities/account/v2

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Name Service Uber Type Data type Description
account_id
Service Class Support

Uber Class Support
body string AWS account ID.
account_type
Service Class Support

Uber Class Support
body string AWS account type.
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
cloudtrail_region
Service Class Support

Uber Class Support
body string AWS region for CloudTrail access.
iam_role_arn
Service Class Support

Uber Class Support
body string AWS IAM Role ARN.
is_master
Service Class Support

Uber Class Support
body boolean Flag indicating if this is the master account.
organization_id
Service Class Support

Uber Class Support
body string AWS organization ID.

Usage

Service class example (PEP8 syntax)
from falconpy.d4c_registration import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.create_aws_account(account_id="string",
                                     account_type="string",
                                     cloudtrail_region="string",
                                     iam_role_arn="string",
                                     is_master=boolean,
                                     organization_id="string"
                                     )

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CreateD4CAwsAccount(account_id="string",
                                      account_type="string",
                                      cloudtrail_region="string",
                                      iam_role_arn="string",
                                      is_master=boolean,
                                      organization_id="string"
                                      )

print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_id": "string",
            "account_type": "string",
            "cloudtrail_region": "string",
            "iam_role_arn": "string",
            "is_master": boolean,
            "organization_id": "string"
        }
    ]
}

response = falcon.command("CreateD4CAwsAccount", body=BODY)

print(response)

Back to Table of Contents

DeleteD4CAwsAccount

Deletes an existing AWS account or organization in our system.

Deprecated operation

This operation has been superseded by the DeleteCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

delete_aws_account

Endpoint

Method Route
DELETE /cloud-connect-aws/entities/account/v2

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings AWS account ID(s).
organization_ids
Service Class Support

Uber Class Support
query string or list of strings AWS organization ID(s).
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format, not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy.d4c_registration import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_aws_account(organization_ids=["string", "string"], ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteD4CAwsAccount(organization_ids=["string", "string"], ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "organization-ids": [
       "string",
       "string"
    ]
}

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteD4CAwsAccount",
                          organization_ids=["string", "string"],
                          ids=id_list
                          )

print(response)

Back to Table of Contents

GetD4CAwsConsoleSetupURLs

Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.

Deprecated operation

This operation has been superseded by the GetCSPMAwsConsoleSetupURLs operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

get_aws_console_setup

Endpoint

Method Route
GET /cloud-connect-aws/entities/console-setup-urls/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Name Service Uber Type Data type Description
region
Service Class Support

Uber Class Support
query string AWS region to generate URL for.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format, not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy.d4c_registration import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_aws_console_setup(region="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetD4CAwsConsoleSetupURLs(region="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetD4CAwsConsoleSetupURLs", region="string")

print(response)

Back to Table of Contents

GetD4CAWSAccountScriptsAttachment

Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.

Deprecated operation

This operation has been superseded by the GetCSPMAwsAccountScriptsAttachment operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

get_aws_account_scripts

Endpoint

Method Route
GET /cloud-connect-aws/entities/user-scripts-download/v1

Content-Type

  • Produces: application/json

Parameters

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings AWS account ID(s).
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format, not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy.d4c_registration import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_aws_account_scripts(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetD4CAWSAccountScriptsAttachment(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetD4CAWSAccountScriptsAttachment", ids=id_list)

print(response)

Back to Table of Contents

GetDiscoverCloudAzureAccount

Return information about Azure account registration

Deprecated operation

This operation has been superseded by the GetCSPMAzureAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

get_azure_account

Deprecated ID

This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.

FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.

  • Legacy Operation ID: GetCSPMAzureAccount

Endpoint

Method Route
GET /cloud-connect-azure/entities/account/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Subscription ID(s). When empty, all accounts are returned.
tenant_ids
Service Class Support

Uber Class Support
query string or list of strings Tenant IDs to use to filter Azure accounts returned.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
scan_type
Service Class Support

Uber Class Support
query string Type of scan to perform, dry or full.
status
Service Class Support

Uber Class Support
query string Account status to filter results by.
limit
Service Class Support

Uber Class Support
query integer The maximum number of records to return. Defaults to 100.
offset
Service Class Support

Uber Class Support
query integer The offset to start retrieving records from.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.get_azure_account(scan_type="string",
                                    ids=id_list,
                                    tenant_ids=tenants,
                                    status="string",
                                    limit=integer,
                                    offset=integer
                                    )

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.GetDiscoverCloudAzureAccount(scan_type="string",
                                               ids=id_list,
                                               tenant_ids=tenants,
                                               status="string",
                                               limit=integer,
                                               offset=integer
                                               )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.command("GetDiscoverCloudAzureAccount",
                          scan_type="string",
                          ids=id_list,
                          tenant_ids=tenants,
                          status="string",
                          limit=integer,
                          offset=integer
                          )

print(response)

Back to Table of Contents

CreateDiscoverCloudAzureAccount

Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.

Deprecated operation

This operation has been superseded by the CreateCSPMAzureAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

create_azure_account

Deprecated ID

This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.

FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.

  • Legacy Operation ID: CreateCSPMAzureAccount

Endpoint

Method Route
POST /cloud-connect-azure/entities/account/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
account_type
Service Class Support

Uber Class Support
body string Azure account type.
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
client_id
Service Class Support

Uber Class Support
body string Client ID.
default_subscription
Service Class Support

Uber Class Support
body boolean Flag indicating if this is the default Azure subscription.
subscription_id
Service Class Support

Uber Class Support
body string Azure Subscription ID.
tenant_id
Service Class Support

Uber Class Support
body string Azure tenant ID.
years_valid
Service Class Support

Uber Class Support
body integer Years valid.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.create_azure_account(account_type="string",
                                       client_id="string",
                                       default_subscription=boolean,
                                       subscription_id="string",
                                       tenant_id="string",
                                       years_valid=integer
                                       )

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CreateDiscoverCloudAzureAccount(account_type="string",
                                                  client_id="string",
                                                  default_subscription=boolean,
                                                  subscription_id="string",
                                                  tenant_id="string",
                                                  years_valid=integer
                                                  )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_type": "string",
            "client_id": "string",
            "default_subscription": boolean,
            "subscription_id": "string",
            "tenant_id": "string",
            "years_valid": integer
        }
    ]
}

response = falcon.command("CreateDiscoverCloudAzureAccount", body=BODY)

print(response)

Back to Table of Contents

UpdateDiscoverCloudAzureAccountClientID

Update an Azure service account in our system by with the user-created client_id created with the public key we've provided

Deprecated operation

This operation has been superseded by the UpdateCSPMAzureAccountClientID operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

update_azure_account_client_id

Deprecated ID

This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.

FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.

  • Legacy Operation ID: UpdateCSPMAzureAccountClientID

Endpoint

Method Route
PATCH /cloud-connect-azure/entities/client-id/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
id
Service Class Support

Uber Class Support
query string Client ID to use for the Service Principal associated with the registered Azure account.
object_id
Service Class Support

Uber Class Support
query string Object ID to use for the Service Principal associated with the registered Azure account.
tenant_id
Service Class Support

Uber Class Support
query string Tenant ID to update Client ID for. Required if multiple tenants are registered.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.update_azure_account_client_id(id="string",
                                                 object_id="string",
                                                 tenant_id="string"
                                                 )

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.UpdateDiscoverCloudAzureAccountClientID(id="string",
                                                          object_id="string",
                                                          tenant_id="string"
                                                          )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("UpdateDiscoverCloudAzureAccountClientID",
                          id="string",
                          object_id="string",
                          tenant_id="string"
                          )

print(response)

Back to Table of Contents

GetDiscoverCloudAzureUserScriptsAttachment

Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment

Deprecated operation

This operation has been superseded by the GetCSPMAzureUserScriptsAttachment operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

get_azure_user_scripts_attachment

Deprecated ID

This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.

FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.

  • Legacy Operation ID: GetCSPMAzureUserScriptsAttachment

Endpoint

Method Route
GET /cloud-connect-azure/entities/user-scripts-download/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
subscription_ids
Service Class Support

Uber Class Support
query string or list of strings Azure Subscription IDs.
template
Service Class Support

Uber Class Support
query string or list of strings Template to be rendered.
tenant_id
Service Class Support

Uber Class Support
query string Azure Tenant IDs.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

subscriptions = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.get_azure_user_scripts_attachment(subscription_ids=subscriptions,
                                                    tenant_id=tenants,
                                                    template="string"
                                                    )

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

subscriptions = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.GetDiscoverCloudAzureUserScriptsAttachment(subscription_ids=subscriptions,
                                                             tenant_id=tenants,
                                                             template="string"
                                                             )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

subscriptions = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.command("GetDiscoverCloudAzureUserScriptsAttachment",
                          subscription_ids=subscriptions,
                          tenant_id=tenants,
                          template="string"
                          )

print(response)

Back to Table of Contents

GetDiscoverCloudAzureUserScripts

Return a script for customer to run in their cloud environment to grant us access to their Azure environment

PEP8 method name

get_azure_user_scripts

Deprecated ID

This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.

FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.

  • Legacy Operation ID: GetCSPMAzureUserScripts

Endpoint

Method Route
GET /cloud-connect-azure/entities/user-scripts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_azure_user_scripts()

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetDiscoverCloudAzureUserScripts()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetDiscoverCloudAzureUserScripts")

print(response)

Back to Table of Contents

GetDiscoverCloudCGPAccount

Returns information about the current status of an GCP account.

PEP8 method name

get_gcp_account

Deprecated ID

This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.

FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.

  • Legacy Operation ID: GetCSPMCGPAccount

Endpoint

Method Route
GET /cloud-connect-gcp/entities/account/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Parent ID(s). When empty, all accounts are returned.
limit
Service Class Support

Uber Class Support
query integer The maximum number of records to return. Defaults to 100.
offset
Service Class Support

Uber Class Support
query integer The offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
parent_type
Service Class Support

Uber Class Support
query string GCP Hierarchy Parent Type. (Folder, Organization or Project).
scan_type
Service Class Support

Uber Class Support
query string Type of scan to perform, dry or full.
sort
Service Class Support

Uber Class Support
query string FQL formatted string that sets the sort order. Example: parent_type|asc.
status
Service Class Support

Uber Class Support
query string Account status to filter results by. operational or provisioned.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_gcp_account(ids=id_list,
                                  limit=integer,
                                  scan_type="string",
                                  offset=integer,
                                  parent_type="string",
                                  sort="string",
                                  status="string"
                                  )

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetDiscoverCloudCGPAccount(ids=id_list,
                                             limit=integer,
                                             scan_type="string",
                                             offset=integer,
                                             parent_type="string",
                                             sort="string",
                                             status="string"
                                             )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetDiscoverCloudCGPAccount",
                          ids=id_list,
                          limit=integer,
                          scan_type="string",
                          offset=integer,
                          parent_type="string",
                          sort="string",
                          status="string"
                          )

print(response)

Back to Table of Contents

CreateDiscoverCloudGCPAccount

Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.

PEP8 method name

create_gcp_account

Deprecated ID

This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.

FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.

  • Legacy Operation ID: CreateCSPMGCPAccount

Endpoint

Method Route
POST /cloud-connect-gcp/entities/account/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
parent_id
Service Class Support

Uber Class Support
body string GCP Parent ID.
parent_type
Service Class Support

Uber Class Support
query string GCP Hierarchy Parent Type. (Folder, Organization or Project).

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.create_gcp_account(parent_id="string", parent_type="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CreateDiscoverCloudGCPAccount(parent_id="string", parent_type="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "parent_id": "string",
            "parent_type": "string"
        }
    ]
}

response = falcon.command("CreateDiscoverCloudGCPAccount", body=BODY)

print(response)

Back to Table of Contents

DiscoverCloudAzureDownloadCertificate

Returns JSON object(s) that contain the base64 encoded certificate for a service principal.

Deprecated operation

This operation has been superseded by the AzureDownloadCertificate operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

PEP8 method name

azure_download_certificate

Endpoint

Method Route
GET /cloud-connect-azure/entities/download-certificate/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
refresh
Service Class Support

Uber Class Support
query boolean Force a refresh of the certificate. Defaults to False.
tenant_id
Service Class Support

Uber Class Support
query string or list of strings The Azure Client ID to generate script for. Defaults to the most recently registered tenant.
years_valid
Service Class Support

Uber Class Support
body integer Years the certificate should be valid. Only used when refresh is set to True.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.azure_download_certificate(refresh=boolean,
                                             tenant_id="string",
                                             years_valid=integer
                                             )

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.DiscoverCloudAzureDownloadCertificate(refresh=boolean,
                                                        tenant_id="string",
                                                        years_valid=integer
                                                        )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("DiscoverCloudAzureDownloadCertificate",
                          refresh=boolean,
                          tenant_id="string",
                          years_valid=integer
                          )

print(response)

Back to Table of Contents

GetDiscoverCloudAzureTenantIDs

Return available tenant ids for discover for cloud

Deprecated operation

This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.

PEP8 method name

get_azure_tenant_ids

Endpoint

Method Route
GET /cloud-connect-azure/entities/tenant-id/v1

Content-Type

  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_azure_tenant_ids()

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetDiscoverCloudAzureTenantIDs()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetDiscoverCloudAzureTenantIDs")

print(response)

Back to Table of Contents

GetDiscoverCloudGCPUserScriptsAttachment

Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment

PEP8 method name

get_gcp_user_scripts_attachment

Deprecated ID

This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.

FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.

  • Legacy Operation ID: GetCSPMGCPUserScriptsAttachment

Endpoint

Method Route
GET /cloud-connect-gcp/entities/user-scripts-download/v1

Content-Type

  • Produces: application/json

Keyword Arguments

No keywords or arguments are accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_gcp_user_scripts_attachment()

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetDiscoverCloudGCPUserScriptsAttachment()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetDiscoverCloudCPUserScriptsAttachment")

print(response)

Back to Table of Contents

GetDiscoverCloudGCPUserScripts

Return a script for customer to run in their cloud environment to grant us access to their GCP environment.

PEP8 method name

get_gcp_user_scripts

Deprecated ID

This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.

FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.

  • Legacy Operation ID: GetCSPMGCPUserScripts

Endpoint

Method Route
GET /cloud-connect-gcp/entities/user-scripts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
parent_type
Service Class Support

Uber Class Support
query string GCP Hierarchy Parent Type. (Folder, Organization or Project).

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_gcp_user_scripts(parent_type="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetDiscoverCloudGCPUserScripts(parent_type="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetDiscoverCloudGCPUserScripts", parent_type="string")

print(response)

Back to Table of Contents

GetHorizonD4CScripts

Returns static install scripts for Horizon.

Deprecated operation

This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.

PEP8 method name

get_aws_horizon_scripts

Endpoint

Method Route
GET /settings-discover/entities/gen/scripts/v1

Content-Type

  • Produces: application/json

Parameters

Name Service Uber Type Data type Description
account_type
Service Class Support

Uber Class Support
query string Account type (commercial, gov). Only applicable when registering AWS commercial accounts in a GovCloud environment.
delete
Service Class Support

Uber Class Support
query boolean Generate a delete script.
organization_ids
Service Class Support

Uber Class Support
query string or list of strings AWS organization ID(s).
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format, not required when using other keywords.
single_account
Service Class Support

Uber Class Support
query boolean Generate a static script for a single account.

Usage

Service class example (PEP8 syntax)
from falconpy.d4c_registration import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_aws_horizon_scripts(single_account="string",
                                          organization_id="string",
                                          delete="string",
                                          account_type="string"
                                          )

print(response)
Service class example (Operation ID syntax)
from falconpy import D4CRegistration

falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetHorizonD4CScripts(single_account="string",
                                       organization_id="string",
                                       delete="string",
                                       account_type="string"
                                       )

print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetHorizonD4CScripts", 
                          single_account="string",
                          organization_id="string",
                          delete="string",
                          account_type="string"
                          )

print(response)

Back to Table of Contents

CrowdStrike Falcon

Clone this wiki locally