Overwatch Dashboard
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Get the total number of detections pushed across all customers | ||||
|
Get OverWatch detection event collection info by providing an aggregate query | ||||
|
Get aggregate OverWatch detection event info by providing an aggregate query | ||||
|
Get the total number of incidents pushed across all customers | ||||
|
Get the total number of OverWatch events across all customers | ||||
Get the total number of detections pushed across all customers
aggregates_detections_global_counts
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
 |
|
query | string | FQL query expression that should be used to limit the results. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import OverwatchDashboard
falcon = OverwatchDashboard(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.aggregates_detections_global_counts(filter="string")
print(response)from falconpy import OverwatchDashboard
falcon = OverwatchDashboard(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.AggregatesDetectionsGlobalCounts(filter="string")
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"filter": "string"
}
response = falcon.command("AggregatesDetectionsGlobalCounts", filter="string")
print(response)Get OverWatch detection event collection info by providing an aggregate query
aggregates_events_collections
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
 |
body | string | Full body payload in JSON format. |
| date_ranges |
|
 |
body | list of dictionaries | |
| field |
|
|
body | string | |
| filter |
|
|
body | string | FQL syntax |
| interval |
|
|
body | string | |
| min_doc_count |
|
|
body | integer | Minimum number of documents required to match. |
| missing |
|
|
body | string | |
| name |
|
|
body | string | |
| q |
|
|
body | string | FQL syntax |
| ranges |
|
|
body | list of dictionaries | |
| size |
|
|
body | integer | |
| sort |
|
|
body | string | FQL syntax |
| time_zone |
|
|
body | string | |
| type |
|
|
body | string |
from falconpy import OverwatchDashboard
falcon = OverwatchDashboard(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
response = falcon.aggregates_events_collections(date_ranges=date_ranges,
field="string",
filter="string",
interval="string",
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=ranges,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)from falconpy import OverwatchDashboard
falcon = OverwatchDashboard(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
response = falcon.AggregatesEventsCollections(date_ranges=date_ranges,
field="string",
filter="string",
interval="string",
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=ranges,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
BODY = [{
"date_ranges": date_ranges,
"field": "string",
"filter": "string",
"interval": "string",
"min_doc_count": 0,
"missing": "string",
"name": "string",
"q": "string",
"ranges": ranges,
"size": 0,
"sort": "string",
"sub_aggregates": [
null
],
"time_zone": "string",
"type": "string"
}]
response = falcon.command("AggregatesEventsCollections", body=BODY)
print(response)Get aggregate OverWatch detection event info by providing an aggregate query
aggregates_events
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | string | Full body payload in JSON format. |
| date_ranges |
|
|
body | list of dictionaries | |
| field |
|
|
body | string | |
| filter |
|
|
body | string | FQL syntax |
| interval |
|
|
body | string | |
| min_doc_count |
|
|
body | integer | Minimum number of documents required to match. |
| missing |
|
|
body | string | |
| name |
|
|
body | string | |
| q |
|
|
body | string | FQL syntax |
| ranges |
|
|
body | list of dictionaries | |
| size |
|
|
body | integer | |
| sort |
|
|
body | string | FQL syntax |
| time_zone |
|
|
body | string | |
| type |
|
|
body | string |
from falconpy import OverwatchDashboard
falcon = OverwatchDashboard(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
response = falcon.aggregates_events(date_ranges=date_ranges,
field="string",
filter="string",
interval="string",
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=ranges,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)from falconpy import OverwatchDashboard
falcon = OverwatchDashboard(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
response = falcon.AggregatesEvents(date_ranges=date_ranges,
field="string",
filter="string",
interval="string",
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=ranges,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
BODY = [{
"date_ranges": date_ranges,
"field": "string",
"filter": "string",
"interval": "string",
"min_doc_count": 0,
"missing": "string",
"name": "string",
"q": "string",
"ranges": ranges,
"size": 0,
"sort": "string",
"sub_aggregates": [
null
],
"time_zone": "string",
"type": "string"
}]
response = falcon.command("AggregatesEvents", body=BODY)
print(response)Get the total number of incidents pushed across all customers
aggregates_incidents_global_counts
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | FQL query expression that should be used to limit the results. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import OverwatchDashboard
falcon = OverwatchDashboard(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.aggregates_incidents_global_counts(filter="string")
print(response)from falconpy import OverwatchDashboard
falcon = OverwatchDashboard(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.AggregatesIncidentsGlobalCounts(filter="string")
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("AggregatesIncidentsGlobalCounts", filter="string")
print(response)Get the total number of OverWatch events across all customers
aggregates_events_global_counts
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | FQL query expression that should be used to limit the results. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import OverwatchDashboard
falcon = OverwatchDashboard(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.aggregates_events_global_counts(filter="string")
print(response)from falconpy import OverwatchDashboard
falcon = OverwatchDashboard(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.AggregatesOWEventsGlobalCounts(filter="string")
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("AggregatesOWEventsGlobalCounts", filter="string")
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
