D4C Registration
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Return information about Azure account registration | ||||
|
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. | ||||
|
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their Azure environment | ||||
|
Returns information about the current status of an GCP account. | ||||
|
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. | ||||
|
Returns JSON object(s) that contain the base64 encoded certificate for a service principal. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their GCP environment | ||||
WARNING
client_idandclient_secretare input variables that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (All values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Return information about Azure account registration
get_azure_account
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
 |
|
query | string or list of strings | Subscription ID(s). When empty, all accounts are returned. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| scan_type |
|
|
query | string | Type of scan to perform, dry or full. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_account(scan_type="string", ids=id_list)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAzureAccount(scan_type="string", ids=id_list)
print(response)from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAzureAccount", scan_type="string", ids=id_list)
print(response)Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
create_azure_account
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
 |
body | dictionary | Full body payload in JSON format. |
| subscription_id |
|
 |
body | string | Azure Subscription ID. |
| tenant_id |
|
|
body | string | Azure tenant ID. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_account(subscription_id="string", tenant_id="string")
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMAzureAccount(subscription_id="string", tenant_id="string")
print(response)from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"subscription_id": "string",
"tenant_id": "string"
}
]
}
response = falcon.command("CreateCSPMAzureAccount", body=BODY)
print(response)Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
update_azure_account_client_id
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |
|
|
query | string | Client ID to use for the Service Principal associated with the registered Azure account. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_account_client_id(id="string")
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateCSPMAzureAccountClientID(id="string")
print(response)from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UpdateCSPMAzureAccountClientID", id="string")
print(response)Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
get_azure_user_scripts_attachment
- Produces: application/json
No keywords or arguments accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_azure_user_scripts_attachment()
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMAzureUserScriptsAttachment()
print(response)from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMAzureUserScriptsAttachment")
print(response)Return a script for customer to run in their cloud environment to grant us access to their Azure environment
get_azure_user_scripts
- Consumes: application/json
- Produces: application/json
No keywords or arguments accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_azure_user_scripts()
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMAzureUserScripts()
print(response)from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMAzureUserScripts")
print(response)Returns information about the current status of an GCP account.
get_gcp_account
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | Parent ID(s). When empty, all accounts are returned. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| scan_type |
|
|
query | string | Type of scan to perform, dry or full. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_gcp_account(scan_type="string", ids=id_list)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMCGPAccount(scan_type="string", ids=id_list)
print(response)from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMCGPAccount", scan_type="string", ids=id_list)
print(response)Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
create_gcp_account
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| parent_id |
|
|
body | string | GCP Parent ID. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_gcp_account(parent_id="string")
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMGCPAccount(parent_id="string")
print(response)from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"parent_id": "string"
}
]
}
response = falcon.command("CreateCSPMGCPAccount", body=BODY)
print(response)Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
azure_download_certificate
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| refresh |
|
|
query | boolean | Force a refresh of the certificate. Defaults to False. |
| tenant_id |
|
|
query | string or list of strings | The Azure Client ID to generate script for. Defaults to the most recently registered tenant. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.azure_download_certificate(refresh=boolean, tenant_id="string")
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DiscoverCloudAzureDownloadCertificate(refresh=boolean, tenant_id="string")
print(response)from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DiscoverCloudAzureDownloadCertificate", refresh=boolean, tenant_id="string")
print(response)Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
get_gcp_user_scripts_attachment
- Produces: application/json
No keywords or arguments are accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_user_scripts_attachment()
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMGCPUserScriptsAttachment()
print(response)from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMGCPUserScriptsAttachment")
print(response)Return a script for customer to run in their cloud environment to grant us access to their GCP environment.
get_gcp_user_scripts
- Consumes: application/json
- Produces: application/json
No keywords or arguments are accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_user_scripts()
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMGCPUserScripts()
print(response)from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMGCPUserScripts")
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
