Installation Tokens
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Gets the details of one or more audit events by id. | ||||
|
Check current installation token settings. | ||||
|
Gets the details of one or more tokens by id. | ||||
|
Creates a token. | ||||
|
Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead. | ||||
|
Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore. | ||||
|
Search for audit events by providing a FQL filter and paging details. | ||||
|
Search for tokens by providing a FQL filter and paging details. | ||||
Gets the details of one or more audit events by id.
audit_events_read
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
 |
|
query | string or list of strings | ID(s) of the audit events to retrieve details for. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.audit_events_read(ids=id_list)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("audit_events_read", ids=id_list)
print(response)Check current installation token settings.
customer_settings_read
- Consumes: application/json
- Produces: application/json
No keywords or arguments accepted.
from falconpy import InstallationTokens
falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.customer_settings_read()
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("customer_settings_read")
print(response)Gets the details of one or more tokens by id.
tokens_read
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | ID(s) of the tokens to retrieve details for. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_read(ids=id_list)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("tokens_read", ids=id_list)
print(response)Creates a token.
tokens_create
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
 |
body | string | Full body payload in JSON format. |
| expires_timestamp |
|
 |
body | string | Expiration timestamp. UTC format. |
| label |
|
|
body | string | Installation token label. |
| revoked |
|
|
body | boolean | Flag indicating if the token is revoked. |
from falconpy import InstallationTokens
falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.tokens_create(expires_timestamp="string",
label="string",
revoked=boolean
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"expires_timestamp": "2021-09-22T02:28:11.762Z",
"label": "string",
"revoked": boolean
}
response = falcon.command("tokens_create", body=BODY)
print(response)Deletes a token immediately. To revoke a token, use tokens_update instead.
tokens_delete
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | ID(s) of the tokens to delete. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_delete(ids=id_list)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("tokens_delete", ids=id_list)
print(response)Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.
tokens_update
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | string | Full body payload in JSON format. |
| expires_timestamp |
|
|
body | string | Expiration timestamp. UTC format. |
| label |
|
|
body | string | Installation token label. |
| ids |
|
|
query | string or list of strings | ID(s) of the tokens to update. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
| revoked |
|
|
body | boolean | Flag indicating if the token is revoked. |
from falconpy import InstallationTokens
falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_update(expires_timestamp="string",
label="string",
ids=id_list,
revoked=boolean
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"expires_timestamp": "2021-09-22T02:28:11.762Z",
"label": "string",
"revoked": boolean
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("tokens_update", body=BODY, ids=id_list)
print(response)Search for audit events by providing a FQL filter and paging details.
audit_events_query
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | FQL Syntax formatted string used to limit the results. |
| limit |
|
|
query | integer | Maximum number of records to return. (Max: 1000, Default: 10) |
| offset |
|
|
query | integer | Starting index of overall result set from which to return ids. |
| sort |
|
|
query | string | The property to sort by. (Ex: timestamp.desc) |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.audit_events_query(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("audit_events_query",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)Search for tokens by providing a FQL filter and paging details.
tokens_query
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | FQL Syntax formatted string used to limit the results. |
| limit |
|
|
query | integer | Maximum number of records to return. (Max: 1000, Default: 10) |
| offset |
|
|
query | integer | Starting index of overall result set from which to return ids. |
| sort |
|
|
query | string | The property to sort by. (Ex: created_timestamp.desc) |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.tokens_query(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("tokens_query",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
