Skip to content

Falcon Complete Dashboard

jshcodes edited this page Apr 11, 2021 · 29 revisions

CrowdStrike Falcon Twitter URL

Using the Falcon Complete Dashboard service collection

Uber class support Uber class support

Table of Contents

API Function Description
AggregateAllowList Retrieve aggregate allowlist ticket values based on the matched filter
AggregateBlockList Retrieve aggregate blocklist ticket values based on the matched filter
AggregateDetections Retrieve aggregate detection values based on the matched filter
AggregateDeviceCountCollection Retrieve aggregate host/devices count based on the matched filter
AggregateEscalations Retrieve aggregate escalation ticket values based on the matched filter
AggregateFCIncidents Retrieve aggregate incident values based on the matched filter
AggregateRemediations Retrieve aggregate remediation ticket values based on the matched filter
QueryAllowListFilter Retrieve allowlist tickets that match the provided filter criteria with scrolling enabled
QueryBlockListFilter Retrieve block listtickets that match the provided filter criteria with scrolling enabled
QueryDetectionIdsByFilter Retrieve DetectionsIds that match the provided FQL filter, criteria with scrolling enabled
GetDeviceCountCollectionQueriesByFilter Retrieve device count collection Ids that match the provided FQL filter, criteria with scrolling enabled
QueryEscalationsFilter Retrieve escalation tickets that match the provided filter criteria with scrolling enabled
QueryIncidentIdsByFilter Retrieve incidents that match the provided filter criteria with scrolling enabled
QueryRemediationsFilter Retrieve remediation tickets that match the provided filter criteria with scrolling enabled

AggregateAllowList

Retrieve aggregate allowlist ticket values based on the matched filter

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
body body string

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.command('AggregateAllowList', body=BODY)
print(response)
falcon.deauthenticate()

AggregateBlockList

Retrieve aggregate blocklist ticket values based on the matched filter

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
body body string

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.command('AggregateBlockList', body=BODY)
print(response)
falcon.deauthenticate()

AggregateDetections

Retrieve aggregate detection values based on the matched filter

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
body body string

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.command('AggregateDetections', body=BODY)
print(response)
falcon.deauthenticate()

AggregateDeviceCountCollection

Retrieve aggregate host/devices count based on the matched filter

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
body body string

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.command('AggregateDeviceCountCollection', body=BODY)
print(response)
falcon.deauthenticate()

AggregateEscalations

Retrieve aggregate escalation ticket values based on the matched filter

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
body body string

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.command('AggregateEscalations', body=BODY)
print(response)
falcon.deauthenticate()

AggregateFCIncidents

Retrieve aggregate incident values based on the matched filter

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
body body string

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.command('AggregateFCIncidents', body=BODY)
print(response)
falcon.deauthenticate()

AggregateRemediations

Retrieve aggregate remediation ticket values based on the matched filter

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
body body string

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.command('AggregateRemediations', body=BODY)
print(response)
falcon.deauthenticate()

QueryAllowListFilter

Retrieve allowlist tickets that match the provided filter criteria with scrolling enabled

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
limit query integer The maximum records to return. [1-500]
sort query string The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".
filter query string Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.
offset query string Starting index of overall result set from which to return ids.

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

PARAMS = {
    'limit': integer,
    'sort': 'string',
    'filter': 'string',
    'offset': 'string'
}

response = falcon.command('QueryAllowListFilter', parameters=PARAMS)
print(response)
falcon.deauthenticate()

QueryBlockListFilter

Retrieve block listtickets that match the provided filter criteria with scrolling enabled

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
limit query integer The maximum records to return. [1-500]
sort query string The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".
filter query string Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.
offset query string Starting index of overall result set from which to return ids.

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

PARAMS = {
    'limit': integer,
    'sort': 'string',
    'filter': 'string',
    'offset': 'string'
}

response = falcon.command('QueryBlockListFilter', parameters=PARAMS)
print(response)
falcon.deauthenticate()

QueryDetectionIdsByFilter

Retrieve DetectionsIds that match the provided FQL filter, criteria with scrolling enabled

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
limit query integer The maximum records to return. [1-500]
sort query string The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".
filter query string Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.
offset query string Starting index of overall result set from which to return ids.

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

PARAMS = {
    'limit': integer,
    'sort': 'string',
    'filter': 'string',
    'offset': 'string'
}

response = falcon.command('QueryDetectionIdsByFilter', parameters=PARAMS)
print(response)
falcon.deauthenticate()

GetDeviceCountCollectionQueriesByFilter

Retrieve device count collection Ids that match the provided FQL filter, criteria with scrolling enabled

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
limit query integer The maximum records to return. [1-500]
sort query string The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".
filter query string Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.
offset query string Starting index of overall result set from which to return ids.

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

PARAMS = {
    'limit': integer,
    'sort': 'string',
    'filter': 'string',
    'offset': 'string'
}

response = falcon.command('GetDeviceCountCollectionQueriesByFilter', parameters=PARAMS)
print(response)
falcon.deauthenticate()

QueryEscalationsFilter

Retrieve escalation tickets that match the provided filter criteria with scrolling enabled

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
limit query integer The maximum records to return. [1-500]
sort query string The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".
filter query string Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.
offset query string Starting index of overall result set from which to return ids.

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

PARAMS = {
    'limit': integer,
    'sort': 'string',
    'filter': 'string',
    'offset': 'string'
}

response = falcon.command('QueryEscalationsFilter', parameters=PARAMS)
print(response)
falcon.deauthenticate()

QueryIncidentIdsByFilter

Retrieve incidents that match the provided filter criteria with scrolling enabled

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
limit query integer The maximum records to return. [1-500]
sort query string The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".
filter query string Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.
offset query string Starting index of overall result set from which to return ids.

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

PARAMS = {
    'limit': integer,
    'sort': 'string',
    'filter': 'string',
    'offset': 'string'
}

response = falcon.command('QueryIncidentIdsByFilter', parameters=PARAMS)
print(response)
falcon.deauthenticate()

QueryRemediationsFilter

Retrieve remediation tickets that match the provided filter criteria with scrolling enabled

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
limit query integer The maximum records to return. [1-500]
sort query string The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".
filter query string Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.
offset query string Starting index of overall result set from which to return ids.

Usage

Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

PARAMS = {
    'limit': integer,
    'sort': 'string',
    'filter': 'string',
    'offset': 'string'
}

response = falcon.command('QueryRemediationsFilter', parameters=PARAMS)
print(response)
falcon.deauthenticate()

CrowdStrike Falcon

Clone this wiki locally