Skip to content

CrowdStrike/crimson-falcon

Repository files navigation

Crimson Falcon - The CrowdStrike Falcon SDK for Ruby

Gem Version

Welcome to Crimson Falcon, the Ruby SDK for the CrowdStrike Falcon Platform. This is where the power of the CrowdStrike Falcon Platform meets the elegance and simplicity of Ruby.

"Why Ruby?" you might ask.

Well, Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. It has an elegant syntax that is natural to read and easy to write. It's unique balance of simplicity, productivity, and just sheer fun, makes coding feel less like a task and more like a hobby. It's like your favorite pair of comfy shoes - familiar, comfortable, and always reliable. 😉

That's what we aim to achieve with Crimson Falcon - a tool that brings together the robust capabilities of CrowdStrike Falcon with the friendly charm of Ruby.

Ready to bring some fun to your cybersecurity game with Ruby and Crimson Falcon? Let's jump right in!

Installation

From RubyGems (This is the way)

To install from RubyGems, use the following command:

gem install crimson-falcon

Add this to the Gemfile:

    gem 'crimson-falcon', '~> 0.5.0'

From Source to Gem: Building the Ruby Code

To build the Ruby code into a gem:

gem build crimson-falcon.gemspec

Then install the gem locally:

gem install ./crimson-falcon-0.5.0.gem

Finally, add this to the Gemfile:

    gem 'crimson-falcon', '~> 0.5.0'

Install from Git

If the Ruby gem is hosted at a git repository: https://github.com/GIT_USER_ID/GIT_REPO_ID, then add the following in the Gemfile:

    # Example
    gem 'crimson-falcon', :git => 'https://github.com/CrowdStrike/crimson-falcon.git'

Getting Started

Samples

We have a collection of sample code that demonstrates how to use the Crimson Falcon SDK. These samples are a great way to get started with the SDK. You can find the samples in the samples directory.

Take Flight

Eager to take flight? Follow the installation process, and then launch into the following code:

# Load the gem
require 'crimson-falcon'

# Setup authorization
Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = "us-2" # or "us-2", "eu-1", "us-gov1"
end

# Create a new API instance
api_instance = Falcon::SensorDownload.new

begin
  # Get CCID to use with sensor installers
  result = api_instance.get_sensor_installers_ccidby_query
  p result.resources
rescue Falcon::ApiError => e
  puts "Error when calling SensorDownload->get_sensor_installers_ccidby_query: #{e}"
end

Welcome aboard the Crimson Falcon! Fly high, code with grace.

Contribute to Crimson Falcon

We are always excited to have contributions from the community! It's what makes open source truly powerful. If you are looking to help out, that's awesome and we thank you in advance.

To get started, please read our Contributing Guide that explains the development process, the project structure, how to propose bugfixes and improvements, and how to build and test your changes to the project. It's a set of directions that will help establish a baseline of expectation for any contributions.

Please make sure you also follow our Code of Conduct. It outlines our expectations for participant behavior as well as the steps for reporting unacceptable behavior.

We appreciate your interest in our project and look forward to collaborating with you!

Crimson Falcon API Docs

♻️ API Docs are automatically generated from the CrowdStrike API specification. ♻️


Class: Falcon::ASPM

  • Operation: create_executor_node
  • POST: /aspm-api-gateway/api/v1/executor_nodes
  • Description: Create a new relay node

Class: Falcon::ASPM

  • Operation: create_integration
  • POST: /aspm-api-gateway/api/v1/integrations
  • Description: Create a new integration

Class: Falcon::ASPM

  • Operation: create_integration_task
  • POST: /aspm-api-gateway/api/v1/integration_tasks
  • Description: Create new integration task.

Class: Falcon::ASPM

  • Operation: delete_executor_node
  • DELETE: /aspm-api-gateway/api/v1/executor_nodes/{ID}
  • Description: Delete a relay node

Class: Falcon::ASPM

  • Operation: delete_integration
  • DELETE: /aspm-api-gateway/api/v1/integrations/{ID}
  • Description: Delete an existing integration by its ID

Class: Falcon::ASPM

  • Operation: delete_integration_task
  • DELETE: /aspm-api-gateway/api/v1/integration_tasks/{ID}
  • Description: Delete an existing integration task by its ID

Class: Falcon::ASPM

  • Operation: delete_tags
  • POST: /aspm-api-gateway/api/v1/tags
  • Description: Remove existing tags

Class: Falcon::ASPM

  • Operation: execute_query
  • POST: /aspm-api-gateway/api/v1/query
  • Description: Execute a query. The syntax used is identical to that of the query page.

Class: Falcon::ASPM

  • Operation: get_executor_nodes
  • GET: /aspm-api-gateway/api/v1/executor_nodes
  • Description: Get all the relay nodes

Class: Falcon::ASPM

  • Operation: get_integration_tasks
  • GET: /aspm-api-gateway/api/v1/integration_tasks
  • Description: Get all the integration tasks

Class: Falcon::ASPM

  • Operation: get_integration_types
  • GET: /aspm-api-gateway/api/v1/integration_types
  • Description: Get all the integration types

Class: Falcon::ASPM

  • Operation: get_integrations
  • GET: /aspm-api-gateway/api/v1/integrations
  • Description: Get a list of all the integrations

Class: Falcon::ASPM

  • Operation: get_service_violation_types
  • GET: /aspm-api-gateway/api/v1/services/violations/types
  • Description: Get the different types of violation

Class: Falcon::ASPM

  • Operation: get_services_count
  • POST: /aspm-api-gateway/api/v1/services/count
  • Description: Get the total amount of existing services

Class: Falcon::ASPM

  • Operation: get_tags
  • GET: /aspm-api-gateway/api/v1/tags
  • Description: Get all the tags

Class: Falcon::ASPM

  • Operation: run_integration_task
  • POST: /aspm-api-gateway/api/v1/integration_tasks/{ID}/run
  • Description: Run an integration task by its ID

Class: Falcon::ASPM


Class: Falcon::ASPM


Class: Falcon::ASPM

  • Operation: update_executor_node
  • PUT: /aspm-api-gateway/api/v1/executor_nodes
  • Description: Update an existing relay node

Class: Falcon::ASPM

  • Operation: update_integration
  • PUT: /aspm-api-gateway/api/v1/integrations/{ID}
  • Description: Update an existing integration by its ID

Class: Falcon::ASPM

  • Operation: update_integration_task
  • PUT: /aspm-api-gateway/api/v1/integration_tasks/{ID}
  • Description: Update an existing integration task by its ID

Class: Falcon::ASPM

  • Operation: upsert_business_applications
  • PUT: /aspm-api-gateway/api/v1/business_applications
  • Description: Create or Update Business Applications

Class: Falcon::ASPM

  • Operation: upsert_tags
  • PUT: /aspm-api-gateway/api/v1/tags
  • Description: Create new or update existing tag. You can update unique tags table or regular tags table

Class: Falcon::Alerts

  • Operation: get_queries_alerts_v1
  • GET: /alerts/queries/alerts/v1
  • Description: Deprecated: please use version v2 of this endpoint. Retrieves all Alerts ids that match a given query.

Class: Falcon::Alerts

  • Operation: get_queries_alerts_v2
  • GET: /alerts/queries/alerts/v2
  • Description: Retrieves all Alerts ids that match a given query.

Class: Falcon::Alerts

  • Operation: patch_entities_alerts_v2
  • PATCH: /alerts/entities/alerts/v2
  • Description: Deprecated: Please use version v3 of this endpoint. Perform actions on Alerts identified by composite ID(s) in request. Each action has a name and a description which describes what the action does. If a request adds and removes tag in a single request, the order of processing would be to remove tags before adding new ones in.

Class: Falcon::Alerts

  • Operation: patch_entities_alerts_v3
  • PATCH: /alerts/entities/alerts/v3
  • Description: Perform actions on Alerts identified by composite ID(s) in request. Each action has a name and a description which describes what the action does. If a request adds and removes tag in a single request, the order of processing would be to remove tags before adding new ones in.

Class: Falcon::Alerts

  • Operation: post_aggregates_alerts_v1
  • POST: /alerts/aggregates/alerts/v1
  • Description: Deprecated: Please use version v2 of this endpoint. Retrieves aggregate values for Alerts across all CIDs.

Class: Falcon::Alerts

  • Operation: post_aggregates_alerts_v2
  • POST: /alerts/aggregates/alerts/v2
  • Description: Retrieves aggregate values for Alerts across all CIDs.

Class: Falcon::Alerts

  • Operation: post_entities_alerts_v1
  • POST: /alerts/entities/alerts/v1
  • Description: Deprecated: please use version v2 of this endpoint. Retrieves all Alerts given their ids.

Class: Falcon::Alerts

  • Operation: post_entities_alerts_v2
  • POST: /alerts/entities/alerts/v2
  • Description: Retrieves all Alerts given their composite ids.

Class: Falcon::ApiIntegrations

  • Operation: execute_command
  • POST: /plugins/entities/execute/v1
  • Description: Execute a command.

Class: Falcon::ApiIntegrations

  • Operation: execute_command_proxy
  • POST: /plugins/entities/execute-proxy/v1
  • Description: Execute a command and proxy the response directly.

Class: Falcon::ApiIntegrations

  • Operation: get_combined_plugin_configs
  • GET: /plugins/combined/configs/v1
  • Description: Queries for config resources and returns details

Class: Falcon::CertificateBasedExclusions

  • Operation: cb_exclusions_create_v1
  • POST: /exclusions/entities/cert-based-exclusions/v1
  • Description: Create new Certificate Based Exclusions.

Class: Falcon::CertificateBasedExclusions

  • Operation: cb_exclusions_delete_v1
  • DELETE: /exclusions/entities/cert-based-exclusions/v1
  • Description: Delete the exclusions by id

Class: Falcon::CertificateBasedExclusions

  • Operation: cb_exclusions_get_v1
  • GET: /exclusions/entities/cert-based-exclusions/v1
  • Description: Find all exclusion IDs matching the query with filter

Class: Falcon::CertificateBasedExclusions

  • Operation: cb_exclusions_query_v1
  • GET: /exclusions/queries/cert-based-exclusions/v1
  • Description: Search for cert-based exclusions.

Class: Falcon::CertificateBasedExclusions

  • Operation: cb_exclusions_update_v1
  • PATCH: /exclusions/entities/cert-based-exclusions/v1
  • Description: Updates existing Certificate Based Exclusions

Class: Falcon::CertificateBasedExclusions

  • Operation: certificates_get_v1
  • GET: /exclusions/entities/certificates/v1
  • Description: Retrieves certificate signing information for a file

Class: Falcon::CloudConnectAws

  • Operation: create_or_update_aws_settings
  • POST: /cloud-connect-aws/entities/settings/v1
  • Description: Create or update Global Settings which are applicable to all provisioned AWS accounts

Class: Falcon::CloudConnectAws

  • Operation: delete_aws_accounts
  • DELETE: /cloud-connect-aws/entities/accounts/v1
  • Description: Delete a set of AWS Accounts by specifying their IDs

Class: Falcon::CloudConnectAws

  • Operation: get_aws_accounts
  • GET: /cloud-connect-aws/entities/accounts/v1
  • Description: Retrieve a set of AWS Accounts by specifying their IDs

Class: Falcon::CloudConnectAws

  • Operation: get_aws_settings
  • GET: /cloud-connect-aws/combined/settings/v1
  • Description: Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts

Class: Falcon::CloudConnectAws

  • Operation: provision_aws_accounts
  • POST: /cloud-connect-aws/entities/accounts/v1
  • Description: Provision AWS Accounts by specifying details about the accounts to provision

Class: Falcon::CloudConnectAws

  • Operation: query_aws_accounts
  • GET: /cloud-connect-aws/combined/accounts/v1
  • Description: Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria

Class: Falcon::CloudConnectAws

  • Operation: query_aws_accounts_for_ids
  • GET: /cloud-connect-aws/queries/accounts/v1
  • Description: Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria

Class: Falcon::CloudConnectAws

  • Operation: update_aws_accounts
  • PATCH: /cloud-connect-aws/entities/accounts/v1
  • Description: Update AWS Accounts by specifying the ID of the account and details to update

Class: Falcon::CloudConnectAws

  • Operation: verify_aws_account_access
  • POST: /cloud-connect-aws/entities/verify-account-access/v1
  • Description: Performs an Access Verification check on the specified AWS Account IDs

Class: Falcon::CloudSnapshots

  • Operation: create_deployment_entity
  • POST: /snapshots/entities/deployments/v1
  • Description: Launch a snapshot scan for a given cloud asset

Class: Falcon::CloudSnapshots


Class: Falcon::CloudSnapshots

  • Operation: get_scan_report
  • GET: /snapshots/entities/scanreports/v1
  • Description: retrieve the scan report for an instance

Class: Falcon::CloudSnapshots

  • Operation: read_deployments_combined
  • GET: /snapshots/combined/deployments/v1
  • Description: Retrieve snapshot jobs identified by the provided IDs

Class: Falcon::CloudSnapshots

  • Operation: read_deployments_entities
  • GET: /snapshots/entities/deployments/v1
  • Description: Retrieve snapshot jobs identified by the provided IDs

Class: Falcon::CloudSnapshots


Class: Falcon::ComplianceAssessments


Class: Falcon::ComplianceAssessments


Class: Falcon::ComplianceAssessments


Class: Falcon::ComplianceAssessments


Class: Falcon::ComplianceAssessments


Class: Falcon::ComplianceAssessments

  • Operation: ext_aggregate_failed_rules_by_clusters
  • GET: /container-compliance/aggregates/failed-rules-by-clusters/v2
  • Description: get the failed rules for each cluster grouped into severity levels

Class: Falcon::ComplianceAssessments

  • Operation: ext_aggregate_failed_rules_by_images
  • GET: /container-compliance/aggregates/failed-rules-by-images/v2
  • Description: get images with failed rules, rule count grouped by severity for each image

Class: Falcon::ComplianceAssessments


Class: Falcon::ComplianceAssessments


Class: Falcon::ComplianceAssessments


Class: Falcon::ComplianceAssessments

  • Operation: ext_aggregate_rules_by_status
  • GET: /container-compliance/aggregates/rules-by-status/v2
  • Description: get the rules grouped by their statuses

Class: Falcon::ConfigurationAssessment

  • Operation: get_combined_assessments_query
  • GET: /configuration-assessment/combined/assessments/v1
  • Description: Search for assessments in your environment by providing an FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria

Class: Falcon::ConfigurationAssessment

  • Operation: get_rule_details
  • GET: /configuration-assessment/entities/rule-details/v1
  • Description: Get rules details for provided one or more rule IDs

Class: Falcon::ConfigurationAssessmentEvaluationLogic

  • Operation: get_evaluation_logic_mixin0
  • GET: /configuration-assessment/entities/evaluation-logic/v1
  • Description: Get details on evaluation logic items by providing one or more finding IDs.

Class: Falcon::ContainerAlerts

  • Operation: read_container_alerts_count
  • GET: /container-security/aggregates/container-alerts/count/v1
  • Description: Search Container Alerts by the provided search criteria

Class: Falcon::ContainerAlerts


Class: Falcon::ContainerAlerts

  • Operation: search_and_read_container_alerts
  • GET: /container-security/combined/container-alerts/v1
  • Description: Search Container Alerts by the provided search criteria

Class: Falcon::ContainerDetections

  • Operation: read_combined_detections
  • GET: /container-security/combined/detections/v1
  • Description: Retrieve image assessment detections identified by the provided filter criteria

Class: Falcon::ContainerDetections

  • Operation: read_detections
  • GET: /container-security/entities/detections/v1
  • Description: Retrieve image assessment detection entities identified by the provided filter criteria

Class: Falcon::ContainerDetections

  • Operation: read_detections_count
  • GET: /container-security/aggregates/detections/count/v1
  • Description: Aggregate count of detections

Class: Falcon::ContainerDetections

  • Operation: read_detections_count_by_severity
  • GET: /container-security/aggregates/detections/count-by-severity/v1
  • Description: Aggregate counts of detections by severity

Class: Falcon::ContainerDetections

  • Operation: read_detections_count_by_type
  • GET: /container-security/aggregates/detections/count-by-type/v1
  • Description: Aggregate counts of detections by detection type

Class: Falcon::ContainerDetections

  • Operation: search_detections
  • GET: /container-security/queries/detections/v1
  • Description: Retrieve image assessment detection entities identified by the provided filter criteria

Class: Falcon::ContainerImages


Class: Falcon::ContainerImages

  • Operation: aggregate_image_count
  • GET: /container-security/aggregates/images/count/v1
  • Description: Aggregate count of images

Class: Falcon::ContainerImages

  • Operation: aggregate_image_count_by_base_os
  • GET: /container-security/aggregates/images/count-by-os-distribution/v1
  • Description: Aggregate count of images grouped by Base OS distribution

Class: Falcon::ContainerImages

  • Operation: aggregate_image_count_by_state
  • GET: /container-security/aggregates/images/count-by-state/v1
  • Description: Aggregate count of images grouped by state

Class: Falcon::ContainerImages

  • Operation: combined_base_images
  • GET: /container-security/combined/base-images/v1
  • Description: Retrieve base images for provided filter

Class: Falcon::ContainerImages


Class: Falcon::ContainerImages

  • Operation: combined_image_detail
  • GET: /container-security/combined/images/detail/v1
  • Description: Retrieve image entities identified by the provided filter criteria

Class: Falcon::ContainerImages

  • Operation: combined_image_issues_summary
  • GET: /container-security/combined/images/issues-summary/v1
  • Description: Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities

Class: Falcon::ContainerImages

  • Operation: combined_image_vulnerability_summary
  • GET: /container-security/combined/images/vulnerabilities-summary/v1
  • Description: aggregates information about vulnerabilities for an image

Class: Falcon::ContainerImages

  • Operation: create_base_images_entities
  • POST: /container-security/entities/base-images/v1
  • Description: Creates base images using the provided details

Class: Falcon::ContainerImages

  • Operation: delete_base_images
  • DELETE: /container-security/entities/base-images/v1
  • Description: Delete base images by base image uuid

Class: Falcon::ContainerImages

  • Operation: get_combined_images
  • GET: /container-security/combined/image-assessment/images/v1
  • Description: Get image assessment results by providing an FQL filter and paging details

Class: Falcon::ContainerImages

  • Operation: read_combined_images_export
  • GET: /container-security/combined/images/export/v1
  • Description: Retrieve images with an option to expand aggregated vulnerabilities/detections

Class: Falcon::ContainerPackages

  • Operation: read_packages_by_fixable_vuln_count
  • GET: /container-security/combined/packages/app-by-fixable-vulnerability-count/v1
  • Description: Retrieve top x app packages with the most fixable vulnerabilities

Class: Falcon::ContainerPackages

  • Operation: read_packages_by_vuln_count
  • GET: /container-security/combined/packages/by-vulnerability-count/v1
  • Description: Retrieve top x packages with the most vulnerabilities

Class: Falcon::ContainerPackages

  • Operation: read_packages_combined
  • GET: /container-security/combined/packages/v1
  • Description: Retrieve packages identified by the provided filter criteria

Class: Falcon::ContainerPackages

  • Operation: read_packages_combined_export
  • GET: /container-security/combined/packages/export/v1
  • Description: Retrieve packages identified by the provided filter criteria for the purpose of export

Class: Falcon::ContainerPackages

  • Operation: read_packages_count_by_zero_day
  • GET: /container-security/aggregates/packages/count-by-zero-day/v1
  • Description: Retrieve packages count affected by zero day vulnerabilities

Class: Falcon::ContainerVulnerabilities

  • Operation: read_combined_vulnerabilities
  • GET: /container-security/combined/vulnerabilities/v1
  • Description: Retrieve vulnerability and aggregate data filtered by the provided FQL

Class: Falcon::ContainerVulnerabilities


Class: Falcon::ContainerVulnerabilities

  • Operation: read_combined_vulnerabilities_info
  • GET: /container-security/combined/vulnerabilities/info/v1
  • Description: Retrieve vulnerability and package related info for this customer

Class: Falcon::ContainerVulnerabilities

  • Operation: read_vulnerabilities_by_image_count
  • GET: /container-security/combined/vulnerabilities/by-image-count/v1
  • Description: Retrieve top x vulnerabilities with the most impacted images

Class: Falcon::ContainerVulnerabilities

  • Operation: read_vulnerabilities_publication_date
  • GET: /container-security/combined/vulnerabilities/by-published-date/v1
  • Description: Retrieve top x vulnerabilities with the most recent publication date

Class: Falcon::ContainerVulnerabilities

  • Operation: read_vulnerability_count
  • GET: /container-security/aggregates/vulnerabilities/count/v1
  • Description: Aggregate count of vulnerabilities

Class: Falcon::ContainerVulnerabilities


Class: Falcon::ContainerVulnerabilities

  • Operation: read_vulnerability_count_by_cps_rating
  • GET: /container-security/aggregates/vulnerabilities/count-by-cps-rating/v1
  • Description: Aggregate count of vulnerabilities grouped by csp_rating

Class: Falcon::ContainerVulnerabilities

  • Operation: read_vulnerability_count_by_cvss_score
  • GET: /container-security/aggregates/vulnerabilities/count-by-cvss-score/v1
  • Description: Aggregate count of vulnerabilities grouped by cvss score

Class: Falcon::ContainerVulnerabilities

  • Operation: read_vulnerability_count_by_severity
  • GET: /container-security/aggregates/vulnerabilities/count-by-severity/v1
  • Description: Aggregate count of vulnerabilities grouped by severity

Class: Falcon::CspgIac

  • Operation: get_credentials_mixin0
  • GET: /iac/entities/image-registry-credentials/v1
  • Description: Gets the registry credentials (external endpoint)

Class: Falcon::CspmRegistration

  • Operation: azure_download_certificate
  • GET: /cloud-connect-cspm-azure/entities/download-certificate/v1
  • Description: Returns JSON object(s) that contain the base64 encoded certificate for a service principal.

Class: Falcon::CspmRegistration

  • Operation: connect_cspm_gcp_account
  • POST: /cloud-connect-cspm-gcp/entities/account/v2
  • Description: Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id

Class: Falcon::CspmRegistration

  • Operation: create_cspm_aws_account
  • POST: /cloud-connect-cspm-aws/entities/account/v1
  • Description: Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.

Class: Falcon::CspmRegistration

  • Operation: create_cspm_azure_account
  • POST: /cloud-connect-cspm-azure/entities/account/v1
  • Description: Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.

Class: Falcon::CspmRegistration

  • Operation: create_cspm_azure_management_group
  • POST: /cloud-connect-cspm-azure/entities/management-group/v1
  • Description: Creates a new management group in our system for a customer.

Class: Falcon::CspmRegistration

  • Operation: create_cspm_gcp_account
  • POST: /cloud-connect-cspm-gcp/entities/account/v1
  • Description: Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.

Class: Falcon::CspmRegistration

  • Operation: delete_cspm_aws_account
  • DELETE: /cloud-connect-cspm-aws/entities/account/v1
  • Description: Deletes an existing AWS account or organization in our system.

Class: Falcon::CspmRegistration

  • Operation: delete_cspm_azure_account
  • DELETE: /cloud-connect-cspm-azure/entities/account/v1
  • Description: Deletes an Azure subscription from the system.

Class: Falcon::CspmRegistration

  • Operation: delete_cspm_azure_management_group
  • DELETE: /cloud-connect-cspm-azure/entities/management-group/v1
  • Description: Deletes Azure management groups from the system.

Class: Falcon::CspmRegistration

  • Operation: delete_cspm_gcp_account
  • DELETE: /cloud-connect-cspm-gcp/entities/account/v1
  • Description: Deletes a GCP account from the system.

Class: Falcon::CspmRegistration


Class: Falcon::CspmRegistration

  • Operation: get_configuration_detection_entities
  • GET: /detects/entities/iom/v2
  • Description: Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.

Class: Falcon::CspmRegistration

  • Operation: get_configuration_detection_ids_v2
  • GET: /detects/queries/iom/v2
  • Description: Get list of active misconfiguration ids - including custom policy detections in addition to default policy detections.

Class: Falcon::CspmRegistration

  • Operation: get_configuration_detections
  • GET: /detects/entities/iom/v1
  • Description: Get list of active misconfigurations. This endpoint is deprecated, please use /queries/iom/v2 and /entities/iom/v2 instead

Class: Falcon::CspmRegistration

  • Operation: get_cspm_aws_account
  • GET: /cloud-connect-cspm-aws/entities/account/v1
  • Description: Returns information about the current status of an AWS account.

Class: Falcon::CspmRegistration

  • Operation: get_cspm_aws_account_scripts_attachment
  • GET: /cloud-connect-cspm-aws/entities/user-scripts-download/v1
  • Description: Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.

Class: Falcon::CspmRegistration

  • Operation: get_cspm_aws_console_setup_urls
  • GET: /cloud-connect-cspm-aws/entities/console-setup-urls/v1
  • Description: Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.

Class: Falcon::CspmRegistration

  • Operation: get_cspm_azure_account
  • GET: /cloud-connect-cspm-azure/entities/account/v1
  • Description: Return information about Azure account registration

Class: Falcon::CspmRegistration

  • Operation: get_cspm_azure_management_group
  • GET: /cloud-connect-cspm-azure/entities/management-group/v1
  • Description: Return information about Azure management group registration

Class: Falcon::CspmRegistration

  • Operation: get_cspm_azure_user_scripts_attachment
  • GET: /cloud-connect-cspm-azure/entities/user-scripts-download/v1
  • Description: Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment

Class: Falcon::CspmRegistration

  • Operation: get_cspm_gcp_account
  • GET: /cloud-connect-cspm-gcp/entities/account/v1
  • Description: Returns information about the current status of an GCP account.

Class: Falcon::CspmRegistration

  • Operation: get_cspm_gcp_service_accounts_ext
  • GET: /cloud-connect-cspm-gcp/entities/service-accounts/v1
  • Description: Returns the service account id and client email for external clients.

Class: Falcon::CspmRegistration

  • Operation: get_cspm_gcp_user_scripts_attachment
  • GET: /cloud-connect-cspm-gcp/entities/user-scripts-download/v1
  • Description: Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment

Class: Falcon::CspmRegistration


Class: Falcon::CspmRegistration

  • Operation: get_cspm_policies_details
  • GET: /settings/entities/policy-details/v2
  • Description: Given an array of policy IDs, returns detailed policies information.

Class: Falcon::CspmRegistration

  • Operation: get_cspm_policy
  • GET: /settings/entities/policy-details/v1
  • Description: Given a policy ID, returns detailed policy information.

Class: Falcon::CspmRegistration

  • Operation: get_cspm_policy_settings
  • GET: /settings/entities/policy/v1
  • Description: Returns information about current policy settings.

Class: Falcon::CspmRegistration

  • Operation: get_cspm_scan_schedule
  • GET: /settings/scan-schedule/v1
  • Description: Returns scan schedule configuration for one or more cloud platforms.

Class: Falcon::CspmRegistration

  • Operation: patch_cspm_aws_account
  • PATCH: /cloud-connect-cspm-aws/entities/account/v1
  • Description: Patches a existing account in our system for a customer.

Class: Falcon::CspmRegistration

  • Operation: update_cspm_azure_account
  • PATCH: /cloud-connect-cspm-azure/entities/account/v1
  • Description: Patches a existing account in our system for a customer.

Class: Falcon::CspmRegistration

  • Operation: update_cspm_azure_account_client_id
  • PATCH: /cloud-connect-cspm-azure/entities/client-id/v1
  • Description: Update an Azure service account in our system by with the user-created client_id created with the public key we've provided

Class: Falcon::CspmRegistration


Class: Falcon::CspmRegistration

  • Operation: update_cspm_gcp_account
  • PATCH: /cloud-connect-cspm-gcp/entities/account/v1
  • Description: Patches a existing account in our system for a customer.

Class: Falcon::CspmRegistration


Class: Falcon::CspmRegistration

  • Operation: update_cspm_policy_settings
  • PATCH: /settings/entities/policy/v1
  • Description: Updates a policy setting - can be used to override policy severity or to disable a policy entirely.

Class: Falcon::CspmRegistration

  • Operation: update_cspm_scan_schedule
  • POST: /settings/scan-schedule/v1
  • Description: Updates scan schedule configuration for one or more cloud platforms.

Class: Falcon::CspmRegistration


Class: Falcon::CustomIoa

  • Operation: create_rule
  • POST: /ioarules/entities/rules/v1
  • Description: Create a rule within a rule group. Returns the rule.

Class: Falcon::CustomIoa

  • Operation: create_rule_group_mixin0
  • POST: /ioarules/entities/rule-groups/v1
  • Description: Create a rule group for a platform with a name and an optional description. Returns the rule group.

Class: Falcon::CustomIoa


Class: Falcon::CustomIoa

  • Operation: delete_rules_0
  • DELETE: /ioarules/entities/rules/v1
  • Description: Delete rules from a rule group by ID.

Class: Falcon::CustomIoa

  • Operation: get_patterns
  • GET: /ioarules/entities/pattern-severities/v1
  • Description: Get pattern severities by ID.

Class: Falcon::CustomIoa

  • Operation: get_platforms_mixin0
  • GET: /ioarules/entities/platforms/v1
  • Description: Get platforms by ID.

Class: Falcon::CustomIoa

  • Operation: get_rule_groups_mixin0
  • GET: /ioarules/entities/rule-groups/v1
  • Description: Get rule groups by ID.

Class: Falcon::CustomIoa

  • Operation: get_rule_types
  • GET: /ioarules/entities/rule-types/v1
  • Description: Get rule types by ID.

Class: Falcon::CustomIoa

  • Operation: get_rules_get
  • POST: /ioarules/entities/rules/GET/v1
  • Description: Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`.

Class: Falcon::CustomIoa

  • Operation: get_rules_mixin0
  • GET: /ioarules/entities/rules/v1
  • Description: Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size.

Class: Falcon::CustomIoa

  • Operation: query_patterns
  • GET: /ioarules/queries/pattern-severities/v1
  • Description: Get all pattern severity IDs.

Class: Falcon::CustomIoa


Class: Falcon::CustomIoa

  • Operation: query_rule_groups_full
  • GET: /ioarules/queries/rule-groups-full/v1
  • Description: Find all rule groups matching the query with optional filter.

Class: Falcon::CustomIoa

  • Operation: query_rule_groups_mixin0
  • GET: /ioarules/queries/rule-groups/v1
  • Description: Finds all rule group IDs matching the query with optional filter.

Class: Falcon::CustomIoa

  • Operation: query_rule_types
  • GET: /ioarules/queries/rule-types/v1
  • Description: Get all rule type IDs.

Class: Falcon::CustomIoa

  • Operation: query_rules_mixin0
  • GET: /ioarules/queries/rules/v1
  • Description: Finds all rule IDs matching the query with optional filter.

Class: Falcon::CustomIoa

  • Operation: update_rule_group_mixin0
  • PATCH: /ioarules/entities/rule-groups/v1
  • Description: Update a rule group. The following properties can be modified: name, description, enabled.

Class: Falcon::CustomIoa

  • Operation: update_rules_0
  • PATCH: /ioarules/entities/rules/v1
  • Description: Update rules within a rule group. Return the updated rules.

Class: Falcon::CustomIoa

  • Operation: update_rules_v2
  • PATCH: /ioarules/entities/rules/v2
  • Description: Update name, description, enabled or field_values for individual rules within a rule group. The v1 flavor of this call requires the caller to specify the complete state for all the rules in the rule group, instead the v2 flavor will accept the subset of rules in the rule group and apply the attribute updates to the subset of rules in the rule group.Return the updated rules.

Class: Falcon::CustomIoa

  • Operation: validate
  • POST: /ioarules/entities/rules/validate/v1
  • Description: Validates field values and checks for matches if a test string is provided.

Class: Falcon::CustomStorage

  • Operation: delete_object
  • DELETE: /customobjects/v1/collections/{collection_name}/objects/{object_key}
  • Description: Delete the specified object

Class: Falcon::CustomStorage

  • Operation: delete_versioned_object
  • DELETE: /customobjects/v1/collections/{collection_name}/{collection_version}/objects/{object_key}
  • Description: Delete the specified versioned object

Class: Falcon::CustomStorage

  • Operation: get_object
  • GET: /customobjects/v1/collections/{collection_name}/objects/{object_key}
  • Description: Get the bytes for the specified object

Class: Falcon::CustomStorage

  • Operation: get_object_metadata
  • GET: /customobjects/v1/collections/{collection_name}/objects/{object_key}/metadata
  • Description: Get the metadata for the specified object

Class: Falcon::CustomStorage

  • Operation: get_versioned_object
  • GET: /customobjects/v1/collections/{collection_name}/{collection_version}/objects/{object_key}
  • Description: Get the bytes for the specified object

Class: Falcon::CustomStorage

  • Operation: get_versioned_object_metadata
  • GET: /customobjects/v1/collections/{collection_name}/{collection_version}/objects/{object_key}/metadata
  • Description: Get the metadata for the specified object

Class: Falcon::CustomStorage

  • Operation: list_objects
  • GET: /customobjects/v1/collections/{collection_name}/objects
  • Description: List the object keys in the specified collection in alphabetical order

Class: Falcon::CustomStorage

  • Operation: list_objects_by_version
  • GET: /customobjects/v1/collections/{collection_name}/{collection_version}/objects
  • Description: List the object keys in the specified collection in alphabetical order

Class: Falcon::CustomStorage

  • Operation: put_object
  • PUT: /customobjects/v1/collections/{collection_name}/objects/{object_key}
  • Description: Put the specified new object at the given key or overwrite an existing object at the given key

Class: Falcon::CustomStorage

  • Operation: put_object_by_version
  • PUT: /customobjects/v1/collections/{collection_name}/{collection_version}/objects/{object_key}
  • Description: Put the specified new object at the given key or overwrite an existing object at the given key

Class: Falcon::CustomStorage

  • Operation: search_objects
  • POST: /customobjects/v1/collections/{collection_name}/objects
  • Description: Search for objects that match the specified filter criteria (returns metadata, not actual objects)

Class: Falcon::CustomStorage

  • Operation: search_objects_by_version
  • POST: /customobjects/v1/collections/{collection_name}/{collection_version}/objects
  • Description: Search for objects that match the specified filter criteria (returns metadata, not actual objects)

Class: Falcon::D4cRegistration

  • Operation: connect_d4_cgcp_account
  • POST: /cloud-connect-gcp/entities/account/v2
  • Description: Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id

Class: Falcon::D4cRegistration

  • Operation: create_d4_c_aws_account
  • POST: /cloud-connect-aws/entities/account/v2
  • Description: Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.

Class: Falcon::D4cRegistration

  • Operation: create_d4_c_gcp_account
  • POST: /cloud-connect-gcp/entities/account/v1
  • Description: Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.

Class: Falcon::D4cRegistration

  • Operation: create_discover_cloud_azure_account
  • POST: /cloud-connect-azure/entities/account/v1
  • Description: Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.

Class: Falcon::D4cRegistration

  • Operation: delete_d4_c_aws_account
  • DELETE: /cloud-connect-aws/entities/account/v2
  • Description: Deletes an existing AWS account or organization in our system.

Class: Falcon::D4cRegistration

  • Operation: delete_d4_cgcp_account
  • DELETE: /cloud-connect-gcp/entities/account/v1
  • Description: Deletes a GCP account from the system.

Class: Falcon::D4cRegistration

  • Operation: discover_cloud_azure_download_certificate
  • GET: /cloud-connect-azure/entities/download-certificate/v1
  • Description: Returns JSON object(s) that contain the base64 encoded certificate for a service principal.

Class: Falcon::D4cRegistration

  • Operation: get_d4_c_aws_account
  • GET: /cloud-connect-aws/entities/account/v2
  • Description: Returns information about the current status of an AWS account.

Class: Falcon::D4cRegistration

  • Operation: get_d4_c_aws_console_setup_urls
  • GET: /cloud-connect-aws/entities/console-setup-urls/v1
  • Description: Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.

Class: Falcon::D4cRegistration

  • Operation: get_d4_c_gcp_account
  • GET: /cloud-connect-gcp/entities/account/v1
  • Description: Returns information about the current status of an GCP account.

Class: Falcon::D4cRegistration

  • Operation: get_d4_c_gcp_user_scripts
  • GET: /cloud-connect-gcp/entities/user-scripts/v1
  • Description: Return a script for customer to run in their cloud environment to grant us access to their GCP environment

Class: Falcon::D4cRegistration

  • Operation: get_d4_caws_account_scripts_attachment
  • GET: /cloud-connect-aws/entities/user-scripts-download/v1
  • Description: Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.

Class: Falcon::D4cRegistration

  • Operation: get_d4_cgcp_service_accounts_ext
  • GET: /cloud-connect-gcp/entities/service-accounts/v1
  • Description: Returns the service account id and client email for external clients.

Class: Falcon::D4cRegistration

  • Operation: get_d4_cgcp_user_scripts_attachment
  • GET: /cloud-connect-gcp/entities/user-scripts-download/v1
  • Description: Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment

Class: Falcon::D4cRegistration


Class: Falcon::D4cRegistration


Class: Falcon::D4cRegistration

  • Operation: get_discover_cloud_azure_user_scripts
  • GET: /cloud-connect-azure/entities/user-scripts/v1
  • Description: Return a script for customer to run in their cloud environment to grant us access to their Azure environment

Class: Falcon::D4cRegistration

  • Operation: get_discover_cloud_azure_user_scripts_attachment
  • GET: /cloud-connect-azure/entities/user-scripts-download/v1
  • Description: Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment

Class: Falcon::D4cRegistration

  • Operation: get_horizon_d4_c_scripts
  • GET: /settings-discover/entities/gen/scripts/v1
  • Description: Returns static install scripts for Horizon.

Class: Falcon::D4cRegistration


Class: Falcon::D4cRegistration

  • Operation: update_discover_cloud_azure_account_client_id
  • PATCH: /cloud-connect-azure/entities/client-id/v1
  • Description: Update an Azure service account in our system by with the user-created client_id created with the public key we've provided

Class: Falcon::Datascanner


Class: Falcon::Datascanner


Class: Falcon::Datascanner


Class: Falcon::Default


Class: Falcon::Default

  • Operation: cloud_registration_aws_delete_account
  • DELETE: /cloud-security-registration-aws/entities/account/v1
  • Description: Deletes an existing AWS account or organization in our system.

Class: Falcon::Default


Class: Falcon::Default


Class: Falcon::Default


Class: Falcon::Default

  • Operation: cloud_registration_aws_validate_accounts
  • POST: /cloud-security-registration-aws/entities/account/validate/v1
  • Description: Validates the AWS account in our system for a provided CID. For internal clients only.

Class: Falcon::DeliverySettings

  • Operation: get_delivery_settings
  • GET: /delivery-settings/entities/delivery-settings/v1
  • Description: Get Delivery Settings

Class: Falcon::DeliverySettings

  • Operation: post_delivery_settings
  • POST: /delivery-settings/entities/delivery-settings/v1
  • Description: Create Delivery Settings

Class: Falcon::Detects

  • Operation: get_aggregate_detects
  • POST: /detects/aggregates/detects/GET/v1
  • Description: Get detect aggregates as specified via json in request body.

Class: Falcon::Detects

  • Operation: get_detect_summaries
  • POST: /detects/entities/summaries/GET/v1
  • Description: View information about detections

Class: Falcon::Detects

  • Operation: query_detects
  • GET: /detects/queries/detects/v1
  • Description: Search for detection IDs that match a given query

Class: Falcon::Detects

  • Operation: update_detects_by_ids_v2
  • PATCH: /detects/entities/detects/v2
  • Description: Modify the state, assignee, and visibility of detections

Class: Falcon::DeviceControlPolicies

  • Operation: create_device_control_policies
  • POST: /policy/entities/device-control/v1
  • Description: Create Device Control Policies by specifying details about the policy to create

Class: Falcon::DeviceControlPolicies

  • Operation: delete_device_control_policies
  • DELETE: /policy/entities/device-control/v1
  • Description: Delete a set of Device Control Policies by specifying their IDs

Class: Falcon::DeviceControlPolicies


Class: Falcon::DeviceControlPolicies

  • Operation: get_device_control_policies
  • GET: /policy/entities/device-control/v1
  • Description: Retrieve a set of Device Control Policies by specifying their IDs

Class: Falcon::DeviceControlPolicies

  • Operation: perform_device_control_policies_action
  • POST: /policy/entities/device-control-actions/v1
  • Description: Perform the specified action on the Device Control Policies specified in the request

Class: Falcon::DeviceControlPolicies

  • Operation: query_combined_device_control_policies
  • GET: /policy/combined/device-control/v1
  • Description: Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria

Class: Falcon::DeviceControlPolicies

  • Operation: query_combined_device_control_policy_members
  • GET: /policy/combined/device-control-members/v1
  • Description: Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria

Class: Falcon::DeviceControlPolicies

  • Operation: query_device_control_policies
  • GET: /policy/queries/device-control/v1
  • Description: Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria

Class: Falcon::DeviceControlPolicies

  • Operation: query_device_control_policy_members
  • GET: /policy/queries/device-control-members/v1
  • Description: Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria

Class: Falcon::DeviceControlPolicies

  • Operation: set_device_control_policies_precedence
  • POST: /policy/entities/device-control-precedence/v1
  • Description: Sets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence

Class: Falcon::DeviceControlPolicies


Class: Falcon::DeviceControlPolicies

  • Operation: update_device_control_policies
  • PATCH: /policy/entities/device-control/v1
  • Description: Update Device Control Policies by specifying the ID of the policy and details to update

Class: Falcon::Discover

  • Operation: combined_applications
  • GET: /discover/combined/applications/v1
  • Description: Search for applications in your environment by providing an FQL filter and paging details. Returns details on applications which match the filter criteria.

Class: Falcon::Discover

  • Operation: combined_hosts
  • GET: /discover/combined/hosts/v1
  • Description: Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns details on assets which match the filter criteria.

Class: Falcon::Discover

  • Operation: get_accounts
  • GET: /discover/entities/accounts/v1
  • Description: Get details on accounts by providing one or more IDs.

Class: Falcon::Discover

  • Operation: get_applications
  • GET: /discover/entities/applications/v1
  • Description: Get details on applications by providing one or more IDs.

Class: Falcon::Discover

  • Operation: get_hosts
  • GET: /discover/entities/hosts/v1
  • Description: Get details on assets by providing one or more IDs.

Class: Falcon::Discover

  • Operation: get_logins
  • GET: /discover/entities/logins/v1
  • Description: Get details on logins by providing one or more IDs.

Class: Falcon::Discover

  • Operation: query_accounts
  • GET: /discover/queries/accounts/v1
  • Description: Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria.

Class: Falcon::Discover

  • Operation: query_applications
  • GET: /discover/queries/applications/v1
  • Description: Search for applications in your environment by providing an FQL filter and paging details. returns a set of application IDs which match the filter criteria.

Class: Falcon::Discover

  • Operation: query_hosts
  • GET: /discover/queries/hosts/v1
  • Description: Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

Class: Falcon::Discover

  • Operation: query_logins
  • GET: /discover/queries/logins/v1
  • Description: Search for logins in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria.

Class: Falcon::DiscoverIot

  • Operation: get_iot_hosts
  • GET: /discover/entities/iot-hosts/v1
  • Description: Get details on IoT assets by providing one or more IDs.

Class: Falcon::DiscoverIot

  • Operation: query_iot_hosts
  • GET: /discover/queries/iot-hosts/v1
  • Description: Search for IoT assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

Class: Falcon::DiscoverIot

  • Operation: query_iot_hosts_v2
  • GET: /discover/queries/iot-hosts/v2
  • Description: Search for IoT assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

Class: Falcon::Downloads

  • Operation: download_file
  • GET: /csdownloads/entities/files/download/v1
  • Description: Gets pre-signed URL for the file

Class: Falcon::DownloadsApi

  • Operation: enumerate_file
  • GET: /csdownloads/entities/files/enumerate/v1
  • Description: Enumerates a list of files available for CID

Class: Falcon::DriftIndicators

  • Operation: get_drift_indicators_values_by_date
  • GET: /container-security/aggregates/drift-indicators/count-by-date/v1
  • Description: Returns the count of Drift Indicators by the date. by default it's for 7 days.

Class: Falcon::DriftIndicators

  • Operation: read_drift_indicator_entities
  • GET: /container-security/entities/drift-indicators/v1
  • Description: Retrieve Drift Indicator entities identified by the provided IDs

Class: Falcon::DriftIndicators

  • Operation: read_drift_indicators_count
  • GET: /container-security/aggregates/drift-indicators/count/v1
  • Description: Returns the total count of Drift indicators over a time period

Class: Falcon::DriftIndicators


Class: Falcon::DriftIndicators

  • Operation: search_drift_indicators
  • GET: /container-security/queries/drift-indicators/v1
  • Description: Retrieve all drift indicators that match the given query

Class: Falcon::EventSchema


Class: Falcon::EventSchema


Class: Falcon::EventSchema

  • Operation: fdrschema_queries_event_get
  • GET: /fdr/queries/schema-events/v1
  • Description: Get list of event IDs given a particular query.

Class: Falcon::EventStreams


Class: Falcon::EventStreams

  • Operation: refresh_active_stream_session
  • POST: /sensors/entities/datafeed-actions/v1/{partition}
  • Description: Refresh an active event stream. Use the URL shown in a GET /sensors/entities/datafeed/v2 response.

Class: Falcon::ExposureManagement

  • Operation: aggregate_external_assets
  • POST: /fem/aggregates/external-assets/v1
  • Description: Returns external assets aggregates.

Class: Falcon::ExposureManagement

  • Operation: blob_download_external_assets
  • GET: /fem/entities/blobs-download/v1
  • Description: Download the entire contents of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.

Class: Falcon::ExposureManagement

  • Operation: blob_preview_external_assets
  • GET: /fem/entities/blobs-preview/v1
  • Description: Download a preview of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.

Class: Falcon::ExposureManagement

  • Operation: combined_ecosystem_subsidiaries
  • GET: /fem/combined/ecosystem-subsidiaries/v1
  • Description: Retrieves a list of ecosystem subsidiaries with their detailed information.

Class: Falcon::ExposureManagement

  • Operation: delete_external_assets
  • DELETE: /fem/entities/external-assets/v1
  • Description: Delete multiple external assets.

Class: Falcon::ExposureManagement

  • Operation: get_ecosystem_subsidiaries
  • GET: /fem/entities/ecosystem-subsidiaries/v1
  • Description: Retrieves detailed information about ecosystem subsidiaries by ID.

Class: Falcon::ExposureManagement

  • Operation: get_external_assets
  • GET: /fem/entities/external-assets/v1
  • Description: Get details on external assets by providing one or more IDs.

Class: Falcon::ExposureManagement

  • Operation: patch_external_assets
  • PATCH: /fem/entities/external-assets/v1
  • Description: Update the details of external assets.

Class: Falcon::ExposureManagement

  • Operation: query_ecosystem_subsidiaries
  • GET: /fem/queries/ecosystem-subsidiaries/v1
  • Description: Retrieves a list of IDs for ecosystem subsidiaries. Use these IDs with the /entities/ecosystem-subsidiaries/v1 endpoints.

Class: Falcon::ExposureManagement

  • Operation: query_external_assets
  • GET: /fem/queries/external-assets/v1
  • Description: Get a list of external asset IDs that match the provided filter conditions. Use these IDs with the /entities/external-assets/v1 endpoints

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_alerts
  • POST: /falcon-complete-dashboards/aggregates/alerts/GET/v1
  • Description: Retrieve aggregate alerts values based on the matched filter

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_allow_list
  • POST: /falcon-complete-dashboards/aggregates/allowlist/GET/v1
  • Description: Retrieve aggregate allowlist ticket values based on the matched filter

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_block_list
  • POST: /falcon-complete-dashboards/aggregates/blocklist/GET/v1
  • Description: Retrieve aggregate blocklist ticket values based on the matched filter

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_detections
  • POST: /falcon-complete-dashboards/aggregates/detects/GET/v1
  • Description: Retrieve aggregate detection values based on the matched filter

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_device_count_collection
  • POST: /falcon-complete-dashboards/aggregates/devicecount-collections/GET/v1
  • Description: Retrieve aggregate host/devices count based on the matched filter

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_escalations
  • POST: /falcon-complete-dashboards/aggregates/escalations/GET/v1
  • Description: Retrieve aggregate escalation ticket values based on the matched filter

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_fc_incidents
  • POST: /falcon-complete-dashboards/aggregates/incidents/GET/v1
  • Description: Retrieve aggregate incident values based on the matched filter

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_prevention_policy
  • POST: /falcon-complete-dashboards/aggregates/prevention-policies/v1
  • Description: Retrieve prevention policies aggregate values based on the matched filter

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_remediations
  • POST: /falcon-complete-dashboards/aggregates/remediations/GET/v1
  • Description: Retrieve aggregate remediation ticket values based on the matched filter

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_sensor_update_policy
  • POST: /falcon-complete-dashboards/aggregates/sensor-update-policies/v1
  • Description: Retrieve sensor update policies aggregate values

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_support_issues
  • POST: /falcon-complete-dashboards/aggregates/support-issues/v1
  • Description: Retrieve aggregate support issue ticket values based on the matched filter

Class: Falcon::FalconCompleteDashboard

  • Operation: aggregate_total_device_counts
  • POST: /falcon-complete-dashboards/aggregates/total-device-counts/v1
  • Description: Retrieve aggregate total host/devices based on the matched filter

Class: Falcon::FalconCompleteDashboard

  • Operation: get_device_count_collection_queries_by_filter
  • GET: /falcon-complete-dashboards/queries/devicecount-collections/v1
  • Description: Retrieve device count collection Ids that match the provided FQL filter, criteria with scrolling enabled

Class: Falcon::FalconCompleteDashboard

  • Operation: query_alert_ids_by_filter
  • GET: /falcon-complete-dashboards/queries/alerts/v1
  • Description: Retrieve Alerts Ids that match the provided FQL filter criteria with scrolling enabled

Class: Falcon::FalconCompleteDashboard

  • Operation: query_allow_list_filter
  • GET: /falcon-complete-dashboards/queries/allowlist/v1
  • Description: Retrieve allowlist tickets that match the provided filter criteria with scrolling enabled

Class: Falcon::FalconCompleteDashboard

  • Operation: query_block_list_filter
  • GET: /falcon-complete-dashboards/queries/blocklist/v1
  • Description: Retrieve block listtickets that match the provided filter criteria with scrolling enabled

Class: Falcon::FalconCompleteDashboard

  • Operation: query_detection_ids_by_filter
  • GET: /falcon-complete-dashboards/queries/detects/v1
  • Description: Retrieve DetectionsIds that match the provided FQL filter, criteria with scrolling enabled

Class: Falcon::FalconCompleteDashboard

  • Operation: query_escalations_filter
  • GET: /falcon-complete-dashboards/queries/escalations/v1
  • Description: Retrieve escalation tickets that match the provided filter criteria with scrolling enabled

Class: Falcon::FalconCompleteDashboard

  • Operation: query_incident_ids_by_filter
  • GET: /falcon-complete-dashboards/queries/incidents/v1
  • Description: Retrieve incidents that match the provided filter criteria with scrolling enabled

Class: Falcon::FalconCompleteDashboard

  • Operation: query_remediations_filter
  • GET: /falcon-complete-dashboards/queries/remediations/v1
  • Description: Retrieve remediation tickets that match the provided filter criteria with scrolling enabled

Class: Falcon::FalconContainer

  • Operation: get_credentials
  • GET: /container-security/entities/image-registry-credentials/v1
  • Description: Gets the registry credentials

Class: Falcon::FalconContainerCli

  • Operation: read_image_vulnerabilities
  • POST: /image-assessment/combined/vulnerability-lookups/v1
  • Description: Retrieve known vulnerabilities for the provided image

Class: Falcon::FalconContainerImage

  • Operation: create_registry_entities
  • POST: /container-security/entities/registries/v1
  • Description: Create a registry entity using the provided details

Class: Falcon::FalconContainerImage

  • Operation: delete_registry_entities
  • DELETE: /container-security/entities/registries/v1
  • Description: Delete the registry entity identified by the entity UUID

Class: Falcon::FalconContainerImage

  • Operation: download_export_file
  • GET: /container-security/entities/exports/files/v1
  • Description: Download an export file

Class: Falcon::FalconContainerImage

  • Operation: launch_export_job
  • POST: /container-security/entities/exports/v1
  • Description: Launch an export job of a Container Security resource. Maximum of 1 job in progress per resource

Class: Falcon::FalconContainerImage

  • Operation: query_export_jobs
  • GET: /container-security/queries/exports/v1
  • Description: Query export jobs entities

Class: Falcon::FalconContainerImage

  • Operation: read_export_jobs
  • GET: /container-security/entities/exports/v1
  • Description: Read export jobs entities

Class: Falcon::FalconContainerImage

  • Operation: read_registry_entities
  • GET: /container-security/queries/registries/v1
  • Description: Retrieve registry entities identified by the customer id

Class: Falcon::FalconContainerImage

  • Operation: read_registry_entities_by_uuid
  • GET: /container-security/entities/registries/v1
  • Description: Retrieve the registry entity identified by the entity UUID

Class: Falcon::FalconContainerImage

  • Operation: update_registry_entities
  • PATCH: /container-security/entities/registries/v1
  • Description: Update the registry entity, as identified by the entity UUID, using the provided details

Class: Falcon::FalconxSandbox

  • Operation: delete_report
  • DELETE: /falconx/entities/reports/v1
  • Description: Delete report based on the report ID. Operation can be checked for success by polling for the report ID on the report-summaries endpoint.

Class: Falcon::FalconxSandbox

  • Operation: delete_sample_v2
  • DELETE: /samples/entities/samples/v2
  • Description: Removes a sample, including file, meta and submissions from the collection

Class: Falcon::FalconxSandbox

  • Operation: get_artifacts
  • GET: /falconx/entities/artifacts/v1
  • Description: Download IOC packs, PCAP files, memory dumps, and other analysis artifacts.

Class: Falcon::FalconxSandbox

  • Operation: get_memory_dump
  • GET: /falconx/entities/memory-dump/v1
  • Description: Get memory dump content, as binary

Class: Falcon::FalconxSandbox


Class: Falcon::FalconxSandbox

  • Operation: get_memory_dump_hex_dump
  • GET: /falconx/entities/memory-dump/hex-dump/v1
  • Description: Get hex view of a memory dump

Class: Falcon::FalconxSandbox

  • Operation: get_reports
  • GET: /falconx/entities/reports/v1
  • Description: Get a full sandbox report.

Class: Falcon::FalconxSandbox

  • Operation: get_sample_v2
  • GET: /samples/entities/samples/v2
  • Description: Retrieves the file associated with the given ID (SHA256)

Class: Falcon::FalconxSandbox

  • Operation: get_submissions
  • GET: /falconx/entities/submissions/v1
  • Description: Check the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.

Class: Falcon::FalconxSandbox

  • Operation: get_summary_reports
  • GET: /falconx/entities/report-summaries/v1
  • Description: Get a short summary version of a sandbox report.

Class: Falcon::FalconxSandbox

  • Operation: query_reports
  • GET: /falconx/queries/reports/v1
  • Description: Find sandbox reports by providing an FQL filter and paging details. Returns a set of report IDs that match your criteria.

Class: Falcon::FalconxSandbox

  • Operation: query_sample_v1
  • POST: /samples/queries/samples/GET/v1
  • Description: Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200

Class: Falcon::FalconxSandbox

  • Operation: query_submissions_mixin0
  • GET: /falconx/queries/submissions/v1
  • Description: Find submission IDs for uploaded files by providing an FQL filter and paging details. Returns a set of submission IDs that match your criteria.

Class: Falcon::FalconxSandbox

  • Operation: submit
  • POST: /falconx/entities/submissions/v1
  • Description: Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.

Class: Falcon::FalconxSandbox

  • Operation: upload_sample_v2
  • POST: /samples/entities/samples/v2
  • Description: Upload a file for sandbox analysis. After uploading, use `/falconx/entities/submissions/v1` to start analyzing the file.

Class: Falcon::FieldSchema


Class: Falcon::FieldSchema

  • Operation: fdrschema_queries_field_get
  • GET: /fdr/queries/schema-fields/v1
  • Description: Get list of field IDs given a particular query.

Class: Falcon::Filevantage

  • Operation: create_policies_0
  • POST: /filevantage/entities/policies/v1
  • Description: Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.

Class: Falcon::Filevantage

  • Operation: create_rule_groups
  • POST: /filevantage/entities/rule-groups/v1
  • Description: Creates a new rule group of the specified type.

Class: Falcon::Filevantage

  • Operation: create_rules
  • POST: /filevantage/entities/rule-groups-rules/v1
  • Description: Creates a new rule configuration within the specified rule group.

Class: Falcon::Filevantage

  • Operation: create_scheduled_exclusions
  • POST: /filevantage/entities/policy-scheduled-exclusions/v1
  • Description: Creates a new scheduled exclusion configuration for the provided policy id.

Class: Falcon::Filevantage

  • Operation: delete_policies
  • DELETE: /filevantage/entities/policies/v1
  • Description: Deletes 1 or more policies.

Class: Falcon::Filevantage

  • Operation: delete_rule_groups
  • DELETE: /filevantage/entities/rule-groups/v1
  • Description: Deletes 1 or more rule groups

Class: Falcon::Filevantage

  • Operation: delete_rules
  • DELETE: /filevantage/entities/rule-groups-rules/v1
  • Description: Deletes 1 or more rules from the specified rule group.

Class: Falcon::Filevantage

  • Operation: delete_scheduled_exclusions
  • DELETE: /filevantage/entities/policy-scheduled-exclusions/v1
  • Description: Deletes 1 or more scheduled exclusions from the provided policy id.

Class: Falcon::Filevantage

  • Operation: get_actions_mixin0
  • GET: /filevantage/entities/actions/v1
  • Description: Retrieves the processing results for 1 or more actions.

Class: Falcon::Filevantage

  • Operation: get_changes
  • GET: /filevantage/entities/changes/v2
  • Description: Retrieve information on changes

Class: Falcon::Filevantage

  • Operation: get_contents
  • GET: /filevantage/entities/change-content/v1
  • Description: Retrieves the content captured for the provided change id

Class: Falcon::Filevantage

  • Operation: get_policies
  • GET: /filevantage/entities/policies/v1
  • Description: Retrieves the configuration for 1 or more policies.

Class: Falcon::Filevantage

  • Operation: get_rule_groups
  • GET: /filevantage/entities/rule-groups/v1
  • Description: Retrieves the rule group details for 1 or more rule groups.

Class: Falcon::Filevantage

  • Operation: get_rules
  • GET: /filevantage/entities/rule-groups-rules/v1
  • Description: Retrieves the configuration for 1 or more rules.

Class: Falcon::Filevantage

  • Operation: get_scheduled_exclusions
  • GET: /filevantage/entities/policy-scheduled-exclusions/v1
  • Description: Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.

Class: Falcon::Filevantage


Class: Falcon::Filevantage

  • Operation: query_actions_mixin0
  • GET: /filevantage/queries/actions/v1
  • Description: Returns one or more action ids

Class: Falcon::Filevantage

  • Operation: query_changes
  • GET: /filevantage/queries/changes/v2
  • Description: Returns 1 or more change ids

Class: Falcon::Filevantage

  • Operation: query_policies
  • GET: /filevantage/queries/policies/v1
  • Description: Retrieve the ids of all policies that are assigned the provided policy type.

Class: Falcon::Filevantage

  • Operation: query_rule_groups
  • GET: /filevantage/queries/rule-groups/v1
  • Description: Retrieve the ids of all rule groups that are of the provided rule group type.

Class: Falcon::Filevantage

  • Operation: query_scheduled_exclusions
  • GET: /filevantage/queries/policy-scheduled-exclusions/v1
  • Description: Retrieve the ids of all scheduled exclusions contained within the provided policy id.

Class: Falcon::Filevantage

  • Operation: signal_changes_external
  • POST: /filevantage/entities/workflow/v1
  • Description: Initiates workflows for the provided change ids

Class: Falcon::Filevantage

  • Operation: start_actions
  • POST: /filevantage/entities/actions/v1
  • Description: Initiates the specified action on the provided change ids

Class: Falcon::Filevantage

  • Operation: update_policies_0
  • PATCH: /filevantage/entities/policies/v1
  • Description: Updates the general information of the provided policy.

Class: Falcon::Filevantage

  • Operation: update_policy_host_groups
  • PATCH: /filevantage/entities/policies-host-groups/v1
  • Description: Manage host groups assigned to a policy.

Class: Falcon::Filevantage

  • Operation: update_policy_precedence_0
  • PATCH: /filevantage/entities/policies-precedence/v1
  • Description: Updates the policy precedence for all policies of a specific type.

Class: Falcon::Filevantage

  • Operation: update_policy_rule_groups
  • PATCH: /filevantage/entities/policies-rule-groups/v1
  • Description: Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.

Class: Falcon::Filevantage

  • Operation: update_rule_group_precedence
  • PATCH: /filevantage/entities/rule-groups-rule-precedence/v1
  • Description: Updates the rule precedence for all rules in the identified rule group.

Class: Falcon::Filevantage

  • Operation: update_rule_groups
  • PATCH: /filevantage/entities/rule-groups/v1
  • Description: Updates the provided rule group.

Class: Falcon::Filevantage

  • Operation: update_rules
  • PATCH: /filevantage/entities/rule-groups-rules/v1
  • Description: Updates the provided rule configuration within the specified rule group.

Class: Falcon::Filevantage

  • Operation: update_scheduled_exclusions
  • PATCH: /filevantage/entities/policy-scheduled-exclusions/v1
  • Description: Updates the provided scheduled exclusion configuration within the provided policy.

Class: Falcon::FirewallManagement

  • Operation: aggregate_events
  • POST: /fwmgr/aggregates/events/GET/v1
  • Description: Aggregate events for customer

Class: Falcon::FirewallManagement

  • Operation: aggregate_policy_rules
  • POST: /fwmgr/aggregates/policy-rules/GET/v1
  • Description: Aggregate rules within a policy for customer

Class: Falcon::FirewallManagement

  • Operation: aggregate_rule_groups
  • POST: /fwmgr/aggregates/rule-groups/GET/v1
  • Description: Aggregate rule groups for customer

Class: Falcon::FirewallManagement

  • Operation: aggregate_rules
  • POST: /fwmgr/aggregates/rules/GET/v1
  • Description: Aggregate rules for customer

Class: Falcon::FirewallManagement

  • Operation: create_network_locations
  • POST: /fwmgr/entities/network-locations/v1
  • Description: Create new network locations provided, and return the ID.

Class: Falcon::FirewallManagement

  • Operation: create_rule_group
  • POST: /fwmgr/entities/rule-groups/v1
  • Description: Create new rule group on a platform for a customer with a name and description, and return the ID

Class: Falcon::FirewallManagement

  • Operation: create_rule_group_validation
  • POST: /fwmgr/entities/rule-groups/validation/v1
  • Description: Validates the request of creating a new rule group on a platform for a customer with a name and description

Class: Falcon::FirewallManagement

  • Operation: delete_network_locations
  • DELETE: /fwmgr/entities/network-locations/v1
  • Description: Delete network location entities by ID.

Class: Falcon::FirewallManagement

  • Operation: delete_rule_groups_0
  • DELETE: /fwmgr/entities/rule-groups/v1
  • Description: Delete rule group entities by ID

Class: Falcon::FirewallManagement

  • Operation: get_events
  • GET: /fwmgr/entities/events/v1
  • Description: Get events entities by ID and optionally version

Class: Falcon::FirewallManagement

  • Operation: get_firewall_fields
  • GET: /fwmgr/entities/firewall-fields/v1
  • Description: Get the firewall field specifications by ID

Class: Falcon::FirewallManagement

  • Operation: get_network_locations
  • GET: /fwmgr/entities/network-locations/v1
  • Description: Get a summary of network locations entities by ID

Class: Falcon::FirewallManagement


Class: Falcon::FirewallManagement

  • Operation: get_platforms
  • GET: /fwmgr/entities/platforms/v1
  • Description: Get platforms by ID, e.g., windows or mac or droid

Class: Falcon::FirewallManagement

  • Operation: get_policy_containers
  • GET: /fwmgr/entities/policies/v1
  • Description: Get policy container entities by policy ID

Class: Falcon::FirewallManagement

  • Operation: get_rule_groups_0
  • GET: /fwmgr/entities/rule-groups/v1
  • Description: Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order.

Class: Falcon::FirewallManagement

  • Operation: get_rules_0
  • GET: /fwmgr/entities/rules/v1
  • Description: Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string)

Class: Falcon::FirewallManagement

  • Operation: query_events
  • GET: /fwmgr/queries/events/v1
  • Description: Find all event IDs matching the query with filter

Class: Falcon::FirewallManagement

  • Operation: query_firewall_fields
  • GET: /fwmgr/queries/firewall-fields/v1
  • Description: Get the firewall field specification IDs for the provided platform

Class: Falcon::FirewallManagement

  • Operation: query_network_locations
  • GET: /fwmgr/queries/network-locations/v1
  • Description: Get a list of network location IDs

Class: Falcon::FirewallManagement

  • Operation: query_platforms
  • GET: /fwmgr/queries/platforms/v1
  • Description: Get the list of platform names

Class: Falcon::FirewallManagement

  • Operation: query_policy_rules
  • GET: /fwmgr/queries/policy-rules/v1
  • Description: Find all firewall rule IDs matching the query with filter, and return them in precedence order

Class: Falcon::FirewallManagement

  • Operation: query_rule_groups_0
  • GET: /fwmgr/queries/rule-groups/v1
  • Description: Find all rule group IDs matching the query with filter

Class: Falcon::FirewallManagement

  • Operation: query_rules
  • GET: /fwmgr/queries/rules/v1
  • Description: Find all rule IDs matching the query with filter

Class: Falcon::FirewallManagement

  • Operation: update_network_locations
  • PATCH: /fwmgr/entities/network-locations/v1
  • Description: Updates the network locations provided, and return the ID.

Class: Falcon::FirewallManagement

  • Operation: update_network_locations_metadata
  • POST: /fwmgr/entities/network-locations-metadata/v1
  • Description: Updates the network locations metadata such as polling_intervals for the cid

Class: Falcon::FirewallManagement

  • Operation: update_network_locations_precedence
  • POST: /fwmgr/entities/network-locations-precedence/v1
  • Description: Updates the network locations precedence according to the list of ids provided.

Class: Falcon::FirewallManagement

  • Operation: update_policy_container
  • PUT: /fwmgr/entities/policies/v2
  • Description: Update an identified policy container, including local logging functionality.

Class: Falcon::FirewallManagement

  • Operation: update_policy_container_v1
  • PUT: /fwmgr/entities/policies/v1
  • Description: Update an identified policy container. WARNING: This endpoint is deprecated in favor of v2, using this endpoint could disable your local logging setting.

Class: Falcon::FirewallManagement

  • Operation: update_rule_group
  • PATCH: /fwmgr/entities/rule-groups/v1
  • Description: Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules

Class: Falcon::FirewallManagement

  • Operation: update_rule_group_validation
  • PATCH: /fwmgr/entities/rule-groups/validation/v1
  • Description: Validates the request of updating name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules

Class: Falcon::FirewallManagement

  • Operation: upsert_network_locations
  • PUT: /fwmgr/entities/network-locations/v1
  • Description: Updates the network locations provided, and return the ID.

Class: Falcon::FirewallManagement

  • Operation: validate_filepath_pattern
  • POST: /fwmgr/entities/rules/validate-filepath/v1
  • Description: Validates that the test pattern matches the executable filepath glob pattern.

Class: Falcon::FirewallPolicies

  • Operation: create_firewall_policies
  • POST: /policy/entities/firewall/v1
  • Description: Create Firewall Policies by specifying details about the policy to create

Class: Falcon::FirewallPolicies

  • Operation: delete_firewall_policies
  • DELETE: /policy/entities/firewall/v1
  • Description: Delete a set of Firewall Policies by specifying their IDs

Class: Falcon::FirewallPolicies

  • Operation: get_firewall_policies
  • GET: /policy/entities/firewall/v1
  • Description: Retrieve a set of Firewall Policies by specifying their IDs

Class: Falcon::FirewallPolicies

  • Operation: perform_firewall_policies_action
  • POST: /policy/entities/firewall-actions/v1
  • Description: Perform the specified action on the Firewall Policies specified in the request

Class: Falcon::FirewallPolicies

  • Operation: query_combined_firewall_policies
  • GET: /policy/combined/firewall/v1
  • Description: Search for Firewall Policies in your environment by providing an FQL filter and paging details. Returns a set of Firewall Policies which match the filter criteria

Class: Falcon::FirewallPolicies

  • Operation: query_combined_firewall_policy_members
  • GET: /policy/combined/firewall-members/v1
  • Description: Search for members of a Firewall Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria

Class: Falcon::FirewallPolicies

  • Operation: query_firewall_policies
  • GET: /policy/queries/firewall/v1
  • Description: Search for Firewall Policies in your environment by providing an FQL filter and paging details. Returns a set of Firewall Policy IDs which match the filter criteria

Class: Falcon::FirewallPolicies

  • Operation: query_firewall_policy_members
  • GET: /policy/queries/firewall-members/v1
  • Description: Search for members of a Firewall Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria

Class: Falcon::FirewallPolicies

  • Operation: set_firewall_policies_precedence
  • POST: /policy/entities/firewall-precedence/v1
  • Description: Sets the precedence of Firewall Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence

Class: Falcon::FirewallPolicies

  • Operation: update_firewall_policies
  • PATCH: /policy/entities/firewall/v1
  • Description: Update Firewall Policies by specifying the ID of the policy and details to update

Class: Falcon::FoundryLogscale


Class: Falcon::FoundryLogscale


Class: Falcon::FoundryLogscale


Class: Falcon::FoundryLogscale


Class: Falcon::FoundryLogscale


Class: Falcon::FoundryLogscale


Class: Falcon::FoundryLogscale


Class: Falcon::FoundryLogscale


Class: Falcon::FoundryLogscale


Class: Falcon::FoundryLogscale


Class: Falcon::FoundryLogscale

  • Operation: ingest_data_async_v1
  • POST: /loggingapi/entities/data-ingestion/ingest-async/v1
  • Description: Asynchronously ingest data into the application repository

Class: Falcon::FoundryLogscale

  • Operation: ingest_data_v1
  • POST: /loggingapi/entities/data-ingestion/ingest/v1
  • Description: Synchronously ingest data into the application repository

Class: Falcon::FoundryLogscale

  • Operation: list_repos_v1
  • GET: /loggingapi/combined/repos/v1
  • Description: Lists available repositories and views

Class: Falcon::FoundryLogscale

  • Operation: list_view_v1
  • GET: /loggingapi/entities/views/v1
  • Description: List views

Class: Falcon::Handle

  • Operation: handle
  • POST: /data-security-dspm/entities/kafka-rest-produce/v1
  • Description:

Class: Falcon::HostGroup

  • Operation: create_host_groups
  • POST: /devices/entities/host-groups/v1
  • Description: Create Host Groups by specifying details about the group to create

Class: Falcon::HostGroup

  • Operation: delete_host_groups
  • DELETE: /devices/entities/host-groups/v1
  • Description: Delete a set of Host Groups by specifying their IDs

Class: Falcon::HostGroup

  • Operation: get_host_groups
  • GET: /devices/entities/host-groups/v1
  • Description: Retrieve a set of Host Groups by specifying their IDs

Class: Falcon::HostGroup

  • Operation: perform_group_action
  • POST: /devices/entities/host-group-actions/v1
  • Description: Perform the specified action on the Host Groups specified in the request

Class: Falcon::HostGroup

  • Operation: query_combined_group_members
  • GET: /devices/combined/host-group-members/v1
  • Description: Search for members of a Host Group in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria

Class: Falcon::HostGroup

  • Operation: query_combined_host_groups
  • GET: /devices/combined/host-groups/v1
  • Description: Search for Host Groups in your environment by providing an FQL filter and paging details. Returns a set of Host Groups which match the filter criteria

Class: Falcon::HostGroup

  • Operation: query_group_members
  • GET: /devices/queries/host-group-members/v1
  • Description: Search for members of a Host Group in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria

Class: Falcon::HostGroup

  • Operation: query_host_groups
  • GET: /devices/queries/host-groups/v1
  • Description: Search for Host Groups in your environment by providing an FQL filter and paging details. Returns a set of Host Group IDs which match the filter criteria

Class: Falcon::HostGroup

  • Operation: update_host_groups
  • PATCH: /devices/entities/host-groups/v1
  • Description: Update Host Groups by specifying the ID of the group and details to update

Class: Falcon::HostMigration

  • Operation: create_migration_v1
  • POST: /host-migration/entities/migrations/v1
  • Description: Create a device migration job.

Class: Falcon::HostMigration

  • Operation: get_host_migration_ids_v1
  • GET: /host-migration/queries/host-migrations/v1
  • Description: Query host migration IDs.

Class: Falcon::HostMigration

  • Operation: get_host_migrations_v1
  • POST: /host-migration/entities/host-migrations/GET/v1
  • Description: Get host migration details.

Class: Falcon::HostMigration

  • Operation: get_migration_destinations_v1
  • POST: /host-migration/entities/migration-destinations/GET/v1
  • Description: Get destinations for a migration.

Class: Falcon::HostMigration

  • Operation: get_migration_ids_v1
  • GET: /host-migration/queries/migrations/v1
  • Description: Query migration jobs.

Class: Falcon::HostMigration

  • Operation: get_migrations_v1
  • GET: /host-migration/entities/migrations/v1
  • Description: Get migration job details.

Class: Falcon::HostMigration

  • Operation: host_migration_aggregates_v1
  • POST: /host-migration/aggregates/host-migrations/v1
  • Description: Get host migration aggregates as specified via json in request body.

Class: Falcon::HostMigration

  • Operation: host_migrations_actions_v1
  • POST: /host-migration/entities/host-migrations-actions/v1
  • Description: Perform an action on host migrations.

Class: Falcon::HostMigration

  • Operation: migration_aggregates_v1
  • POST: /host-migration/aggregates/migrations/v1
  • Description: Get migration aggregates as specified via json in request body.

Class: Falcon::HostMigration

  • Operation: migrations_actions_v1
  • POST: /host-migration/entities/migrations-actions/v1
  • Description: Perform an action on a migration job.

Class: Falcon::Hosts

  • Operation: entities_perform_action
  • POST: /devices/entities/group-actions/v1
  • Description: Performs the specified action on the provided group IDs.

Class: Falcon::Hosts

  • Operation: get_device_details_v2
  • GET: /devices/entities/devices/v2
  • Description: Get details on one or more hosts by providing host IDs as a query parameter. Supports up to a maximum 100 IDs.

Class: Falcon::Hosts

  • Operation: get_online_state_v1
  • GET: /devices/entities/online-state/v1
  • Description: Get the online status for one or more hosts by specifying each host’s unique ID. Successful requests return an HTTP 200 response and the status for each host identified by a `state` of `online`, `offline`, or `unknown` for each host, identified by host `id`. Make a `GET` request to `/devices/queries/devices/v1` to get a list of host IDs.

Class: Falcon::Hosts

  • Operation: perform_action_v2
  • POST: /devices/entities/devices-actions/v2
  • Description: Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host.

Class: Falcon::Hosts

  • Operation: post_device_details_v2
  • POST: /devices/entities/devices/v2
  • Description: Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs.

Class: Falcon::Hosts

  • Operation: query_device_login_history
  • POST: /devices/combined/devices/login-history/v1
  • Description: Retrieve details about recent login sessions for a set of devices.

Class: Falcon::Hosts

  • Operation: query_device_login_history_v2
  • POST: /devices/combined/devices/login-history/v2
  • Description: Retrieve details about recent interactive login sessions for a set of devices powered by the Host Timeline. A max of 10 device ids can be specified

Class: Falcon::Hosts

  • Operation: query_devices_by_filter
  • GET: /devices/queries/devices/v1
  • Description: Search for hosts in your environment by platform, hostname, IP, and other criteria.

Class: Falcon::Hosts

  • Operation: query_devices_by_filter_scroll
  • GET: /devices/queries/devices-scroll/v1
  • Description: Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit)

Class: Falcon::Hosts


Class: Falcon::Hosts

  • Operation: query_hidden_devices
  • GET: /devices/queries/devices-hidden/v1
  • Description: Retrieve hidden hosts that match the provided filter criteria.

Class: Falcon::Hosts

  • Operation: update_device_tags
  • PATCH: /devices/entities/devices/tags/v1
  • Description: Append or remove one or more Falcon Grouping Tags on one or more hosts. Tags must be of the form FalconGroupingTags/

Class: Falcon::HumioAuthProxy

  • Operation: get_lookup_from_package_v1
  • GET: /humio/api/v1/repositories/{repository}/files/{package}/{filename}
  • Description: Download lookup file in package from NGSIEM

Class: Falcon::HumioAuthProxy

  • Operation: get_lookup_from_package_with_namespace_v1
  • GET: /humio/api/v1/repositories/{repository}/files/{namespace}/{package}/{filename}
  • Description: Download lookup file in namespaced package from NGSIEM

Class: Falcon::HumioAuthProxy

  • Operation: get_lookup_v1
  • GET: /humio/api/v1/repositories/{repository}/files/{filename}
  • Description: Download lookup file from NGSIEM

Class: Falcon::HumioAuthProxy

  • Operation: get_search_status_v1
  • GET: /humio/api/v1/repositories/{repository}/queryjobs/{id}
  • Description: Get status of search

Class: Falcon::HumioAuthProxy

  • Operation: start_search_v1
  • POST: /humio/api/v1/repositories/{repository}/queryjobs
  • Description: Initiate search

Class: Falcon::HumioAuthProxy

  • Operation: stop_search_v1
  • DELETE: /humio/api/v1/repositories/{repository}/queryjobs/{id}
  • Description: Stop search

Class: Falcon::HumioAuthProxy

  • Operation: upload_lookup_v1
  • POST: /humio/api/v1/repositories/{repository}/files
  • Description: Upload file to NGSIEM

Class: Falcon::IdentityEntities

  • Operation: get_sensor_aggregates
  • POST: /identity-protection/aggregates/devices/GET/v1
  • Description: Get sensor aggregates as specified via json in request body.

Class: Falcon::IdentityEntities

  • Operation: get_sensor_details
  • POST: /identity-protection/entities/devices/GET/v1
  • Description: Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.

Class: Falcon::IdentityEntities

  • Operation: query_sensors_by_filter
  • GET: /identity-protection/queries/devices/v1
  • Description: Search for sensors in your environment by hostname, IP, and other criteria.

Class: Falcon::IdentityProtection


Class: Falcon::IdentityProtection


Class: Falcon::IdentityProtection


Class: Falcon::IdentityProtection

  • Operation: api_preempt_proxy_post_graphql
  • POST: /identity-protection/combined/graphql/v1
  • Description: Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents.

Class: Falcon::IdentityProtection


Class: Falcon::ImageAssessmentPolicies

  • Operation: create_policies
  • POST: /container-security/entities/image-assessment-policies/v1
  • Description: Create Image Assessment policies

Class: Falcon::ImageAssessmentPolicies

  • Operation: create_policy_groups
  • POST: /container-security/entities/image-assessment-policy-groups/v1
  • Description: Create Image Assessment Policy Group entities

Class: Falcon::ImageAssessmentPolicies

  • Operation: delete_policy
  • DELETE: /container-security/entities/image-assessment-policies/v1
  • Description: Delete Image Assessment Policy by policy UUID

Class: Falcon::ImageAssessmentPolicies

  • Operation: delete_policy_group
  • DELETE: /container-security/entities/image-assessment-policy-groups/v1
  • Description: Delete Image Assessment Policy Group entities

Class: Falcon::ImageAssessmentPolicies

  • Operation: read_policies
  • GET: /container-security/entities/image-assessment-policies/v1
  • Description: Get all Image Assessment policies

Class: Falcon::ImageAssessmentPolicies

  • Operation: read_policy_exclusions
  • GET: /container-security/entities/image-assessment-policy-exclusions/v1
  • Description: Retrieve Image Assessment Policy Exclusion entities

Class: Falcon::ImageAssessmentPolicies

  • Operation: read_policy_groups
  • GET: /container-security/entities/image-assessment-policy-groups/v1
  • Description: Retrieve Image Assessment Policy Group entities

Class: Falcon::ImageAssessmentPolicies

  • Operation: update_policies
  • PATCH: /container-security/entities/image-assessment-policies/v1
  • Description: Update Image Assessment Policy entities

Class: Falcon::ImageAssessmentPolicies

  • Operation: update_policy_exclusions
  • POST: /container-security/entities/image-assessment-policy-exclusions/v1
  • Description: Update Image Assessment Policy Exclusion entities

Class: Falcon::ImageAssessmentPolicies

  • Operation: update_policy_groups
  • PATCH: /container-security/entities/image-assessment-policy-groups/v1
  • Description: Update Image Assessment Policy Group entities

Class: Falcon::ImageAssessmentPolicies

  • Operation: update_policy_precedence
  • POST: /container-security/entities/image-assessment-policy-precedence/v1
  • Description: Update Image Assessment Policy precedence

Class: Falcon::Incidents

  • Operation: crowd_score
  • GET: /incidents/combined/crowdscores/v1
  • Description: Query environment wide CrowdScore and return the entity data

Class: Falcon::Incidents

  • Operation: get_behaviors
  • POST: /incidents/entities/behaviors/GET/v1
  • Description: Get details on behaviors by providing behavior IDs

Class: Falcon::Incidents

  • Operation: get_incidents
  • POST: /incidents/entities/incidents/GET/v1
  • Description: Get details on incidents by providing incident IDs

Class: Falcon::Incidents

  • Operation: perform_incident_action
  • POST: /incidents/entities/incident-actions/v1
  • Description: Perform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description

Class: Falcon::Incidents

  • Operation: query_behaviors
  • GET: /incidents/queries/behaviors/v1
  • Description: Search for behaviors by providing an FQL filter, sorting, and paging details

Class: Falcon::Incidents

  • Operation: query_incidents
  • GET: /incidents/queries/incidents/v1
  • Description: Search for incidents by providing an FQL filter, sorting, and paging details

Class: Falcon::InstallationTokens

  • Operation: audit_events_query
  • GET: /installation-tokens/queries/audit-events/v1
  • Description: Search for audit events by providing an FQL filter and paging details.

Class: Falcon::InstallationTokens

  • Operation: audit_events_read
  • GET: /installation-tokens/entities/audit-events/v1
  • Description: Gets the details of one or more audit events by id.

Class: Falcon::InstallationTokens

  • Operation: customer_settings_read
  • GET: /installation-tokens/entities/customer-settings/v1
  • Description: Check current installation token settings.

Class: Falcon::InstallationTokens

  • Operation: tokens_create
  • POST: /installation-tokens/entities/tokens/v1
  • Description: Creates a token.

Class: Falcon::InstallationTokens

  • Operation: tokens_delete
  • DELETE: /installation-tokens/entities/tokens/v1
  • Description: Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead.

Class: Falcon::InstallationTokens

  • Operation: tokens_query
  • GET: /installation-tokens/queries/tokens/v1
  • Description: Search for tokens by providing an FQL filter and paging details.

Class: Falcon::InstallationTokens

  • Operation: tokens_read
  • GET: /installation-tokens/entities/tokens/v1
  • Description: Gets the details of one or more tokens by id.

Class: Falcon::InstallationTokens

  • Operation: tokens_update
  • PATCH: /installation-tokens/entities/tokens/v1
  • Description: Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.

Class: Falcon::InstallationTokensSettings

  • Operation: customer_settings_update
  • PATCH: /installation-tokens/entities/customer-settings/v1
  • Description: Update installation token settings.

Class: Falcon::Intel

  • Operation: get_intel_actor_entities
  • GET: /intel/entities/actors/v1
  • Description: Retrieve specific actors using their actor IDs.

Class: Falcon::Intel

  • Operation: get_intel_indicator_entities
  • POST: /intel/entities/indicators/GET/v1
  • Description: Retrieve specific indicators using their indicator IDs.

Class: Falcon::Intel

  • Operation: get_intel_report_entities
  • GET: /intel/entities/reports/v1
  • Description: Retrieve specific reports using their report IDs.

Class: Falcon::Intel

  • Operation: get_intel_report_pdf
  • GET: /intel/entities/report-files/v1
  • Description: Return a Report PDF attachment

Class: Falcon::Intel

  • Operation: get_intel_rule_entities
  • GET: /intel/entities/rules/v1
  • Description: Retrieve details for rule sets for the specified ids.

Class: Falcon::Intel

  • Operation: get_intel_rule_file
  • GET: /intel/entities/rules-files/v1
  • Description: Download earlier rule sets.

Class: Falcon::Intel


Class: Falcon::Intel

  • Operation: get_malware_entities
  • GET: /intel/entities/malware/v1
  • Description: Get malware entities for specified ids.

Class: Falcon::Intel

  • Operation: get_malware_mitre_report
  • GET: /intel/entities/malware-mitre-reports/v1
  • Description: Export Mitre ATT&CK information for a given malware family.

Class: Falcon::Intel

  • Operation: get_mitre_report
  • GET: /intel/entities/mitre-reports/v1
  • Description: Export Mitre ATT&CK information for a given actor.

Class: Falcon::Intel

  • Operation: get_vulnerabilities
  • POST: /intel/entities/vulnerabilities/GET/v1
  • Description: Get vulnerabilities

Class: Falcon::Intel

  • Operation: post_mitre_attacks
  • POST: /intel/entities/mitre/v1
  • Description: Retrieves report and observable IDs associated with the given actor and attacks

Class: Falcon::Intel

  • Operation: query_intel_actor_entities
  • GET: /intel/combined/actors/v1
  • Description: Get info about actors that match provided FQL filters.

Class: Falcon::Intel

  • Operation: query_intel_actor_ids
  • GET: /intel/queries/actors/v1
  • Description: Get actor IDs that match provided FQL filters.

Class: Falcon::Intel

  • Operation: query_intel_indicator_entities
  • GET: /intel/combined/indicators/v1
  • Description: Get info about indicators that match provided FQL filters.

Class: Falcon::Intel

  • Operation: query_intel_indicator_ids
  • GET: /intel/queries/indicators/v1
  • Description: Get indicators IDs that match provided FQL filters.

Class: Falcon::Intel

  • Operation: query_intel_report_entities
  • GET: /intel/combined/reports/v1
  • Description: Get info about reports that match provided FQL filters.

Class: Falcon::Intel

  • Operation: query_intel_report_ids
  • GET: /intel/queries/reports/v1
  • Description: Get report IDs that match provided FQL filters.

Class: Falcon::Intel

  • Operation: query_intel_rule_ids
  • GET: /intel/queries/rules/v1
  • Description: Search for rule IDs that match provided filter criteria.

Class: Falcon::Intel

  • Operation: query_malware
  • GET: /intel/queries/malware/v1
  • Description: Get malware family names that match provided FQL filters.

Class: Falcon::Intel

  • Operation: query_mitre_attacks
  • GET: /intel/queries/mitre/v1
  • Description: Gets MITRE tactics and techniques for the given actor, returning concatenation of id and tactic and technique ids, example: fancy-bear_TA0011_T1071

Class: Falcon::Intel


Class: Falcon::Intel

  • Operation: query_vulnerabilities
  • GET: /intel/queries/vulnerabilities/v1
  • Description: Get vulnerabilities IDs

Class: Falcon::IoaExclusions


Class: Falcon::IoaExclusions

  • Operation: delete_ioa_exclusions_v1
  • DELETE: /policy/entities/ioa-exclusions/v1
  • Description: Delete the IOA exclusions by id

Class: Falcon::IoaExclusions

  • Operation: get_ioa_exclusions_v1
  • GET: /policy/entities/ioa-exclusions/v1
  • Description: Get a set of IOA Exclusions by specifying their IDs

Class: Falcon::IoaExclusions

  • Operation: query_ioa_exclusions_v1
  • GET: /policy/queries/ioa-exclusions/v1
  • Description: Search for IOA exclusions.

Class: Falcon::IoaExclusions


Class: Falcon::Ioc

  • Operation: action_get_v1
  • GET: /iocs/entities/actions/v1
  • Description: Get Actions by ids.

Class: Falcon::Ioc

  • Operation: action_query_v1
  • GET: /iocs/queries/actions/v1
  • Description: Query Actions.

Class: Falcon::Ioc

  • Operation: get_indicators_report
  • POST: /iocs/entities/indicators-reports/v1
  • Description: Launch an indicators report creation job

Class: Falcon::Ioc

  • Operation: indicator_aggregate_v1
  • POST: /iocs/aggregates/indicators/v1
  • Description: Get Indicators aggregates as specified via json in the request body.

Class: Falcon::Ioc

  • Operation: indicator_combined_v1
  • GET: /iocs/combined/indicator/v1
  • Description: Get Combined for Indicators.

Class: Falcon::Ioc

  • Operation: indicator_create_v1
  • POST: /iocs/entities/indicators/v1
  • Description: Create Indicators.

Class: Falcon::Ioc

  • Operation: indicator_delete_v1
  • DELETE: /iocs/entities/indicators/v1
  • Description: Delete Indicators by ids.

Class: Falcon::Ioc

  • Operation: indicator_get_device_count_v1
  • GET: /iocs/aggregates/indicators/device-count/v1
  • Description: Get the number of devices the indicator has run on

Class: Falcon::Ioc


Class: Falcon::Ioc


Class: Falcon::Ioc

  • Operation: indicator_get_v1
  • GET: /iocs/entities/indicators/v1
  • Description: Get Indicators by ids.

Class: Falcon::Ioc

  • Operation: indicator_search_v1
  • GET: /iocs/queries/indicators/v1
  • Description: Search for Indicators.

Class: Falcon::Ioc

  • Operation: indicator_update_v1
  • PATCH: /iocs/entities/indicators/v1
  • Description: Update Indicators.

Class: Falcon::Ioc

  • Operation: ioc_type_query_v1
  • GET: /iocs/queries/ioc-types/v1
  • Description: Query IOC Types.

Class: Falcon::Ioc

  • Operation: platform_query_v1
  • GET: /iocs/queries/platforms/v1
  • Description: Query Platforms.

Class: Falcon::Ioc

  • Operation: severity_query_v1
  • GET: /iocs/queries/severities/v1
  • Description: Query Severities.

Class: Falcon::Iocs

  • Operation: devices_count
  • GET: /indicators/aggregates/devices-count/v1
  • Description: Number of hosts in your customer account that have observed a given custom IOC

Class: Falcon::Iocs

  • Operation: devices_ran_on
  • GET: /indicators/queries/devices/v1
  • Description: Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1

Class: Falcon::Iocs

  • Operation: entities_processes
  • GET: /processes/entities/processes/v1
  • Description: For the provided ProcessID retrieve the process details

Class: Falcon::Iocs

  • Operation: processes_ran_on
  • GET: /indicators/queries/processes/v1
  • Description: Search for processes associated with a custom IOC

Class: Falcon::KubernetesProtection

  • Operation: create_aws_account
  • POST: /kubernetes-protection/entities/accounts/aws/v1
  • Description: Creates a new AWS account in our system for a customer and generates the installation script

Class: Falcon::KubernetesProtection

  • Operation: create_azure_subscription
  • POST: /kubernetes-protection/entities/accounts/azure/v1
  • Description: Creates a new Azure Subscription in our system

Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection

  • Operation: delete_azure_subscription
  • DELETE: /kubernetes-protection/entities/accounts/azure/v1
  • Description: Deletes a new Azure Subscription in our system

Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection

  • Operation: get_aws_accounts_mixin0
  • GET: /kubernetes-protection/entities/accounts/aws/v1
  • Description: Provides a list of AWS accounts.

Class: Falcon::KubernetesProtection

  • Operation: get_azure_install_script
  • GET: /kubernetes-protection/entities/user-script/azure/v1
  • Description: Provides the script to run for a given tenant id and subscription IDs

Class: Falcon::KubernetesProtection

  • Operation: get_azure_tenant_config
  • GET: /kubernetes-protection/entities/config/azure/v1
  • Description: Gets the Azure tenant Config

Class: Falcon::KubernetesProtection

  • Operation: get_azure_tenant_ids
  • GET: /kubernetes-protection/entities/tenants/azure/v1
  • Description: Provides all the azure subscriptions and tenants

Class: Falcon::KubernetesProtection

  • Operation: get_clusters
  • GET: /kubernetes-protection/entities/kubernetes/clusters/v1
  • Description: Provides the clusters acknowledged by the Kubernetes Protection service

Class: Falcon::KubernetesProtection

  • Operation: get_combined_cloud_clusters
  • GET: /kubernetes-protection/entities/cloud_cluster/v1
  • Description: Returns a combined list of provisioned cloud accounts and known kubernetes clusters

Class: Falcon::KubernetesProtection

  • Operation: get_helm_values_yaml
  • GET: /kubernetes-protection/entities/integration/agent/v1
  • Description: Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart

Class: Falcon::KubernetesProtection

  • Operation: get_locations
  • GET: /kubernetes-protection/entities/cloud-locations/v1
  • Description: Provides the cloud locations acknowledged by the Kubernetes Protection service

Class: Falcon::KubernetesProtection

  • Operation: get_static_scripts
  • GET: /kubernetes-protection/entities/gen/scripts/v1
  • Description: Gets static bash scripts that are used during registration

Class: Falcon::KubernetesProtection

  • Operation: group_containers_by_managed
  • GET: /container-security/aggregates/containers/group-by-managed/v1
  • Description: Group the containers by Managed

Class: Falcon::KubernetesProtection

  • Operation: list_azure_accounts
  • GET: /kubernetes-protection/entities/accounts/azure/v1
  • Description: Provides the azure subscriptions registered to Kubernetes Protection

Class: Falcon::KubernetesProtection

  • Operation: patch_azure_service_principal
  • PATCH: /kubernetes-protection/entities/service-principal/azure/v1
  • Description: Adds the client ID for the given tenant ID to our system

Class: Falcon::KubernetesProtection

  • Operation: read_cluster_combined
  • GET: /container-security/combined/clusters/v1
  • Description: Retrieve kubernetes clusters identified by the provided filter criteria

Class: Falcon::KubernetesProtection

  • Operation: read_cluster_count
  • GET: /container-security/aggregates/clusters/count/v1
  • Description: Retrieve cluster counts

Class: Falcon::KubernetesProtection

  • Operation: read_cluster_enrichment
  • GET: /container-security/aggregates/enrichment/clusters/entities/v1
  • Description: Retrieve cluster enrichment data

Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection

  • Operation: read_clusters_by_status_count
  • GET: /container-security/aggregates/clusters/count-by-status/v1
  • Description: Bucket clusters by status

Class: Falcon::KubernetesProtection

  • Operation: read_container_combined
  • GET: /container-security/combined/containers/v1
  • Description: Retrieve containers identified by the provided filter criteria

Class: Falcon::KubernetesProtection

  • Operation: read_container_count
  • GET: /container-security/aggregates/containers/count/v1
  • Description: Retrieve container counts

Class: Falcon::KubernetesProtection

  • Operation: read_container_count_by_registry
  • GET: /container-security/aggregates/containers/count-by-registry/v1
  • Description: Retrieve top container image registries

Class: Falcon::KubernetesProtection

  • Operation: read_container_enrichment
  • GET: /container-security/aggregates/enrichment/containers/entities/v1
  • Description: Retrieve container enrichment data

Class: Falcon::KubernetesProtection

  • Operation: read_container_image_detections_count_by_date
  • GET: /container-security/aggregates/containers/image-detections-count-by-date/v1
  • Description: Retrieve count of image assessment detections on running containers over a period of time

Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection

  • Operation: read_container_images_by_state
  • GET: /container-security/aggregates/containers/images-by-state/v1
  • Description: Retrieve count of image states running on containers

Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection

  • Operation: read_containers_sensor_coverage
  • GET: /container-security/aggregates/containers/sensor-coverage/v1
  • Description: Bucket containers by agent type and calculate sensor coverage

Class: Falcon::KubernetesProtection

  • Operation: read_deployment_combined
  • GET: /container-security/combined/deployments/v1
  • Description: Retrieve kubernetes deployments identified by the provided filter criteria

Class: Falcon::KubernetesProtection

  • Operation: read_deployment_count
  • GET: /container-security/aggregates/deployments/count/v1
  • Description: Retrieve deployment counts

Class: Falcon::KubernetesProtection

  • Operation: read_deployment_enrichment
  • GET: /container-security/aggregates/enrichment/deployments/entities/v1
  • Description: Retrieve deployment enrichment data

Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection

  • Operation: read_distinct_container_image_count
  • GET: /container-security/aggregates/images/count-by-distinct/v1
  • Description: Retrieve count of distinct images running on containers

Class: Falcon::KubernetesProtection

  • Operation: read_kubernetes_iom_by_date_range
  • GET: /container-security/aggregates/kubernetes-ioms/count-by-date/v1
  • Description: Returns the count of Kubernetes IOMs by the date. by default it's for 7 days.

Class: Falcon::KubernetesProtection

  • Operation: read_kubernetes_iom_count
  • GET: /container-security/aggregates/kubernetes-ioms/count/v1
  • Description: Returns the total count of Kubernetes IOMs over the past seven days

Class: Falcon::KubernetesProtection

  • Operation: read_kubernetes_iom_entities
  • GET: /container-security/entities/kubernetes-ioms/v1
  • Description: Retrieve Kubernetes IOM entities identified by the provided IDs

Class: Falcon::KubernetesProtection

  • Operation: read_namespace_count
  • GET: /container-security/aggregates/namespaces/count/v1
  • Description: Retrieve namespace counts

Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection

  • Operation: read_node_combined
  • GET: /container-security/combined/nodes/v1
  • Description: Retrieve kubernetes nodes identified by the provided filter criteria

Class: Falcon::KubernetesProtection

  • Operation: read_node_count
  • GET: /container-security/aggregates/nodes/count/v1
  • Description: Retrieve node counts

Class: Falcon::KubernetesProtection

  • Operation: read_node_enrichment
  • GET: /container-security/aggregates/enrichment/nodes/entities/v1
  • Description: Retrieve node enrichment data

Class: Falcon::KubernetesProtection

  • Operation: read_nodes_by_cloud_count
  • GET: /container-security/aggregates/nodes/count-by-cloud/v1
  • Description: Bucket nodes by cloud providers

Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection

  • Operation: read_nodes_by_date_range_count
  • GET: /container-security/aggregates/nodes/count-by-date/v1
  • Description: Retrieve nodes by date range counts

Class: Falcon::KubernetesProtection

  • Operation: read_pod_combined
  • GET: /container-security/combined/pods/v1
  • Description: Retrieve kubernetes pods identified by the provided filter criteria

Class: Falcon::KubernetesProtection

  • Operation: read_pod_count
  • GET: /container-security/aggregates/pods/count/v1
  • Description: Retrieve pod counts

Class: Falcon::KubernetesProtection

  • Operation: read_pod_enrichment
  • GET: /container-security/aggregates/enrichment/pods/entities/v1
  • Description: Retrieve pod enrichment data

Class: Falcon::KubernetesProtection

  • Operation: read_pods_by_date_range_count
  • GET: /container-security/aggregates/pods/count-by-date/v1
  • Description: Retrieve pods by date range counts

Class: Falcon::KubernetesProtection

  • Operation: read_running_container_images
  • GET: /container-security/combined/container-images/v1
  • Description: Retrieve images on running containers

Class: Falcon::KubernetesProtection

  • Operation: read_vulnerable_container_image_count
  • GET: /container-security/aggregates/containers/count-vulnerable-images/v1
  • Description: Retrieve count of vulnerable images running on containers

Class: Falcon::KubernetesProtection

  • Operation: regenerate_api_key
  • POST: /kubernetes-protection/entities/integration/api-key/v1
  • Description: Regenerate API key for docker registry integrations

Class: Falcon::KubernetesProtection


Class: Falcon::KubernetesProtection

  • Operation: search_kubernetes_ioms
  • GET: /container-security/queries/kubernetes-ioms/v1
  • Description: Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query

Class: Falcon::KubernetesProtection

  • Operation: trigger_scan
  • POST: /kubernetes-protection/entities/scan/trigger/v1
  • Description: Triggers a dry run or a full scan of a customer's kubernetes footprint

Class: Falcon::KubernetesProtection

  • Operation: update_aws_account
  • PATCH: /kubernetes-protection/entities/accounts/aws/v1
  • Description: Updates the AWS account per the query parameters provided

Class: Falcon::Malquery

  • Operation: get_mal_query_download_v1
  • GET: /malquery/entities/download-files/v1
  • Description: Download a file indexed by MalQuery. Specify the file using its SHA256. Only one file is supported at this time

Class: Falcon::Malquery

  • Operation: get_mal_query_entities_samples_fetch_v1
  • GET: /malquery/entities/samples-fetch/v1
  • Description: Fetch a zip archive with password 'infected' containing the samples. Call this once the /entities/samples-multidownload request has finished processing

Class: Falcon::Malquery

  • Operation: get_mal_query_metadata_v1
  • GET: /malquery/entities/metadata/v1
  • Description: Retrieve indexed files metadata by their hash

Class: Falcon::Malquery

  • Operation: get_mal_query_quotas_v1
  • GET: /malquery/aggregates/quotas/v1
  • Description: Get information about search and download quotas in your environment

Class: Falcon::Malquery

  • Operation: get_mal_query_request_v1
  • GET: /malquery/entities/requests/v1
  • Description: Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time.

Class: Falcon::Malquery

  • Operation: post_mal_query_entities_samples_multidownload_v1
  • POST: /malquery/entities/samples-multidownload/v1
  • Description: Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip

Class: Falcon::Malquery

  • Operation: post_mal_query_exact_search_v1
  • POST: /malquery/queries/exact-search/v1
  • Description: Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. You can filter results on criteria such as file type, file size and first seen date. Returns a request id which can be used with the /request endpoint

Class: Falcon::Malquery

  • Operation: post_mal_query_fuzzy_search_v1
  • POST: /malquery/combined/fuzzy-search/v1
  • Description: Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity.

Class: Falcon::Malquery

  • Operation: post_mal_query_hunt_v1
  • POST: /malquery/queries/hunt/v1
  • Description: Schedule a YARA-based search for execution. Returns a request id which can be used with the /request endpoint

Class: Falcon::MessageCenter

  • Operation: aggregate_cases
  • POST: /message-center/aggregates/cases/GET/v1
  • Description: Retrieve aggregate case values based on the matched filter

Class: Falcon::MessageCenter

  • Operation: case_add_activity
  • POST: /message-center/entities/case-activity/v1
  • Description: Add an activity to case. Only activities of type comment are allowed via API

Class: Falcon::MessageCenter

  • Operation: case_add_attachment
  • POST: /message-center/entities/case-attachment/v1
  • Description: Upload an attachment for the case.

Class: Falcon::MessageCenter

  • Operation: case_download_attachment
  • GET: /message-center/entities/case-attachment/v1
  • Description: retrieves an attachment for the case, given the attachment id

Class: Falcon::MessageCenter

  • Operation: create_case
  • POST: /message-center/entities/case/v1
  • Description: create a new case

Class: Falcon::MessageCenter

  • Operation: create_case_v2
  • POST: /message-center/entities/case/v2
  • Description: create a new case

Class: Falcon::MessageCenter

  • Operation: get_case_activity_by_ids
  • POST: /message-center/entities/case-activities/GET/v1
  • Description: Retrieve activities for given id's

Class: Falcon::MessageCenter

  • Operation: get_case_entities_by_ids
  • POST: /message-center/entities/cases/GET/v1
  • Description: Retrieve message center cases

Class: Falcon::MessageCenter

  • Operation: query_activity_by_case_id
  • GET: /message-center/queries/case-activities/v1
  • Description: Retrieve activities id's for a case

Class: Falcon::MessageCenter

  • Operation: query_cases_ids_by_filter
  • GET: /message-center/queries/cases/v1
  • Description: Retrieve case id's that match the provided filter criteria

Class: Falcon::MlExclusions


Class: Falcon::MlExclusions

  • Operation: delete_ml_exclusions_v1
  • DELETE: /policy/entities/ml-exclusions/v1
  • Description: Delete the ML exclusions by id

Class: Falcon::MlExclusions

  • Operation: get_ml_exclusions_v1
  • GET: /policy/entities/ml-exclusions/v1
  • Description: Get a set of ML Exclusions by specifying their IDs

Class: Falcon::MlExclusions

  • Operation: query_ml_exclusions_v1
  • GET: /policy/queries/ml-exclusions/v1
  • Description: Search for ML exclusions.

Class: Falcon::MlExclusions

  • Operation: update_ml_exclusions_v1
  • PATCH: /policy/entities/ml-exclusions/v1
  • Description: Update the ML exclusions

Class: Falcon::MobileEnrollment

  • Operation: request_device_enrollment_v3
  • POST: /enrollments/entities/details/v3
  • Description: Trigger on-boarding process for a mobile device

Class: Falcon::MobileEnrollment

  • Operation: request_device_enrollment_v4
  • POST: /enrollments/entities/details/v4
  • Description: Trigger on-boarding process for a mobile device

Class: Falcon::Mssp

  • Operation: add_cid_group_members
  • POST: /mssp/entities/cid-group-members/v1
  • Description: Add new CID group member.

Class: Falcon::Mssp

  • Operation: add_role
  • POST: /mssp/entities/mssp-roles/v1
  • Description: Create a link between user group and CID group, with zero or more additional roles. The call does not replace any existing link between them. User group ID and CID group ID have to be specified in request.

Class: Falcon::Mssp

  • Operation: add_user_group_members
  • POST: /mssp/entities/user-group-members/v1
  • Description: Add new user group member. Maximum 500 members allowed per user group.

Class: Falcon::Mssp

  • Operation: create_cid_groups
  • POST: /mssp/entities/cid-groups/v1
  • Description: Create new CID groups. Name is a required field but description is an optional field. Maximum 500 CID groups allowed.

Class: Falcon::Mssp

  • Operation: create_user_groups
  • POST: /mssp/entities/user-groups/v1
  • Description: Create new user groups. Name is a required field but description is an optional field. Maximum 500 user groups allowed per customer.

Class: Falcon::Mssp

  • Operation: delete_cid_group_members
  • DELETE: /mssp/entities/cid-group-members/v1
  • Description: Deprecated : Please use DELETE /entities/cid-group-members/v2. Delete CID group members.

Class: Falcon::Mssp

  • Operation: delete_cid_group_members_v2
  • DELETE: /mssp/entities/cid-group-members/v2
  • Description: Delete CID group members. Prevents removal of a cid group a cid group if it is only part of one cid group.

Class: Falcon::Mssp

  • Operation: delete_cid_groups
  • DELETE: /mssp/entities/cid-groups/v1
  • Description: Delete CID groups by ID.

Class: Falcon::Mssp

  • Operation: delete_user_group_members
  • DELETE: /mssp/entities/user-group-members/v1
  • Description: Delete user group members entry.

Class: Falcon::Mssp

  • Operation: delete_user_groups
  • DELETE: /mssp/entities/user-groups/v1
  • Description: Delete user groups by ID.

Class: Falcon::Mssp

  • Operation: deleted_roles
  • DELETE: /mssp/entities/mssp-roles/v1
  • Description: Delete links or additional roles between user groups and CID groups. User group ID and CID group ID have to be specified in request. Only specified roles are removed if specified in request payload, else association between User Group and CID group is dissolved completely (if no roles specified).

Class: Falcon::Mssp

  • Operation: get_children
  • GET: /mssp/entities/children/v1
  • Description: Get link to child customer by child CID(s)

Class: Falcon::Mssp

  • Operation: get_children_v2
  • POST: /mssp/entities/children/GET/v2
  • Description: Get link to child customer by child CID(s)

Class: Falcon::Mssp

  • Operation: get_cid_group_by_id
  • GET: /mssp/entities/cid-groups/v1
  • Description: Deprecated : Please use GET /mssp/entities/cid-groups/v2. Get CID groups by ID.

Class: Falcon::Mssp


Class: Falcon::Mssp

  • Operation: get_cid_group_members_by
  • GET: /mssp/entities/cid-group-members/v1
  • Description: Deprecated : Please use GET /mssp/entities/cid-group-members/v2. Get CID group members by CID group ID.

Class: Falcon::Mssp


Class: Falcon::Mssp

  • Operation: get_roles_by_id
  • GET: /mssp/entities/mssp-roles/v1
  • Description: Get link between user group and CID group by ID. Link ID is a string consisting of multiple components, but should be treated as opaque.

Class: Falcon::Mssp

  • Operation: get_user_group_members_by_id
  • GET: /mssp/entities/user-group-members/v1
  • Description: Deprecated : Please use GET /mssp/entities/user-group-members/v2. Get user group members by user group ID.

Class: Falcon::Mssp


Class: Falcon::Mssp

  • Operation: get_user_groups_by_id
  • GET: /mssp/entities/user-groups/v1
  • Description: Deprecated : Please use GET /entities/user-groups/v2. Get user groups by ID.

Class: Falcon::Mssp


Class: Falcon::Mssp

  • Operation: query_children
  • GET: /mssp/queries/children/v1
  • Description: Query for customers linked as children

Class: Falcon::Mssp

  • Operation: query_cid_group_members
  • GET: /mssp/queries/cid-group-members/v1
  • Description: Query a CID groups members by associated CID.

Class: Falcon::Mssp

  • Operation: query_cid_groups
  • GET: /mssp/queries/cid-groups/v1
  • Description: Query CID groups.

Class: Falcon::Mssp

  • Operation: query_roles
  • GET: /mssp/queries/mssp-roles/v1
  • Description: Query links between user groups and CID groups. At least one of CID group ID or user group ID should also be provided. Role ID is optional.

Class: Falcon::Mssp

  • Operation: query_user_group_members
  • GET: /mssp/queries/user-group-members/v1
  • Description: Query user group member by user UUID.

Class: Falcon::Mssp

  • Operation: query_user_groups
  • GET: /mssp/queries/user-groups/v1
  • Description: Query user groups.

Class: Falcon::Mssp

  • Operation: update_cid_groups
  • PATCH: /mssp/entities/cid-groups/v1
  • Description: Update existing CID groups. CID group ID is expected for each CID group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. CID group member(s) remain unaffected.

Class: Falcon::Mssp

  • Operation: update_user_groups
  • PATCH: /mssp/entities/user-groups/v1
  • Description: Update existing user group(s). User group ID is expected for each user group definition provided in request body. Name is a required field but description is an optional field. Empty description will override existing value. User group member(s) remain unaffected.

Class: Falcon::Oauth2

  • Operation: oauth2_access_token
  • POST: /oauth2/token
  • Description: Generate an OAuth2 access token

Class: Falcon::Oauth2

  • Operation: oauth2_revoke_token
  • POST: /oauth2/revoke
  • Description: Revoke a previously issued OAuth2 access token before the end of its standard 30-minute lifespan.

Class: Falcon::Ods


Class: Falcon::Ods

  • Operation: aggregate_scans
  • POST: /ods/aggregates/scans/v1
  • Description: Get aggregates on ODS scan data.

Class: Falcon::Ods

  • Operation: aggregate_scheduled_scans
  • POST: /ods/aggregates/scheduled-scans/v1
  • Description: Get aggregates on ODS scheduled-scan data.

Class: Falcon::Ods

  • Operation: cancel_scans
  • POST: /ods/entities/scan-control-actions/cancel/v1
  • Description: Cancel ODS scans for the given scan ids.

Class: Falcon::Ods

  • Operation: create_scan
  • POST: /ods/entities/scans/v1
  • Description: Create ODS scan and start or schedule scan for the given scan request.

Class: Falcon::Ods

  • Operation: delete_scheduled_scans
  • DELETE: /ods/entities/scheduled-scans/v1
  • Description: Delete ODS scheduled-scans for the given scheduled-scan ids.

Class: Falcon::Ods


Class: Falcon::Ods


Class: Falcon::Ods


Class: Falcon::Ods


Class: Falcon::Ods


Class: Falcon::Ods

  • Operation: query_malicious_files
  • GET: /ods/queries/malicious-files/v1
  • Description: Query malicious files.

Class: Falcon::Ods


Class: Falcon::Ods

  • Operation: query_scans
  • GET: /ods/queries/scans/v1
  • Description: Query Scans.

Class: Falcon::Ods

  • Operation: query_scheduled_scans
  • GET: /ods/queries/scheduled-scans/v1
  • Description: Query ScheduledScans.

Class: Falcon::Ods

  • Operation: schedule_scan
  • POST: /ods/entities/scheduled-scans/v1
  • Description: Create ODS scan and start or schedule scan for the given scan request.

Class: Falcon::OverwatchDashboard

  • Operation: aggregates_detections_global_counts
  • GET: /overwatch-dashboards/aggregates/detections-global-counts/v1
  • Description: Get the total number of detections pushed across all customers

Class: Falcon::OverwatchDashboard

  • Operation: aggregates_events
  • POST: /overwatch-dashboards/aggregates/events/GET/v1
  • Description: Get aggregate OverWatch detection event info by providing an aggregate query

Class: Falcon::OverwatchDashboard

  • Operation: aggregates_events_collections
  • POST: /overwatch-dashboards/aggregates/events-collections/GET/v1
  • Description: Get OverWatch detection event collection info by providing an aggregate query

Class: Falcon::OverwatchDashboard

  • Operation: aggregates_incidents_global_counts
  • GET: /overwatch-dashboards/aggregates/incidents-global-counts/v1
  • Description: Get the total number of incidents pushed across all customers

Class: Falcon::OverwatchDashboard

  • Operation: aggregates_ow_events_global_counts
  • GET: /overwatch-dashboards/aggregates/ow-events-global-counts/v1
  • Description: Get the total number of OverWatch events across all customers

Class: Falcon::PreventionPolicies

  • Operation: create_prevention_policies
  • POST: /policy/entities/prevention/v1
  • Description: Create Prevention Policies by specifying details about the policy to create

Class: Falcon::PreventionPolicies

  • Operation: delete_prevention_policies
  • DELETE: /policy/entities/prevention/v1
  • Description: Delete a set of Prevention Policies by specifying their IDs

Class: Falcon::PreventionPolicies

  • Operation: get_prevention_policies
  • GET: /policy/entities/prevention/v1
  • Description: Retrieve a set of Prevention Policies by specifying their IDs

Class: Falcon::PreventionPolicies

  • Operation: perform_prevention_policies_action
  • POST: /policy/entities/prevention-actions/v1
  • Description: Perform the specified action on the Prevention Policies specified in the request

Class: Falcon::PreventionPolicies

  • Operation: query_combined_prevention_policies
  • GET: /policy/combined/prevention/v1
  • Description: Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria

Class: Falcon::PreventionPolicies

  • Operation: query_combined_prevention_policy_members
  • GET: /policy/combined/prevention-members/v1
  • Description: Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria

Class: Falcon::PreventionPolicies

  • Operation: query_prevention_policies
  • GET: /policy/queries/prevention/v1
  • Description: Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria

Class: Falcon::PreventionPolicies

  • Operation: query_prevention_policy_members
  • GET: /policy/queries/prevention-members/v1
  • Description: Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria

Class: Falcon::PreventionPolicies

  • Operation: set_prevention_policies_precedence
  • POST: /policy/entities/prevention-precedence/v1
  • Description: Sets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence

Class: Falcon::PreventionPolicies

  • Operation: update_prevention_policies
  • PATCH: /policy/entities/prevention/v1
  • Description: Update Prevention Policies by specifying the ID of the policy and details to update

Class: Falcon::Quarantine

  • Operation: action_update_count
  • GET: /quarantine/aggregates/action-update-count/v1
  • Description: Returns count of potentially affected quarantined files for each action.

Class: Falcon::Quarantine

  • Operation: get_aggregate_files
  • POST: /quarantine/aggregates/quarantined-files/GET/v1
  • Description: Get quarantine file aggregates as specified via json in request body.

Class: Falcon::Quarantine

  • Operation: get_quarantine_files
  • POST: /quarantine/entities/quarantined-files/GET/v1
  • Description: Get quarantine file metadata for specified ids.

Class: Falcon::Quarantine

  • Operation: query_quarantine_files
  • GET: /quarantine/queries/quarantined-files/v1
  • Description: Get quarantine file ids that match the provided filter criteria.

Class: Falcon::Quarantine

  • Operation: update_qf_by_query
  • PATCH: /quarantine/queries/quarantined-files/v1
  • Description: Apply quarantine file actions by query.

Class: Falcon::Quarantine


Class: Falcon::QuickScan

  • Operation: get_scans
  • GET: /scanner/entities/scans/v1
  • Description: Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute

Class: Falcon::QuickScan

  • Operation: get_scans_aggregates
  • POST: /scanner/aggregates/scans/GET/v1
  • Description: Get scans aggregations as specified via json in request body.

Class: Falcon::QuickScan

  • Operation: query_submissions
  • GET: /scanner/queries/scans/v1
  • Description: Find IDs for submitted scans by providing an FQL filter and paging details. Returns a set of volume IDs that match your criteria.

Class: Falcon::QuickScan

  • Operation: scan_samples
  • POST: /scanner/entities/scans/v1
  • Description: Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute

Class: Falcon::QuickScanPro

  • Operation: delete_file
  • DELETE: /quickscanpro/entities/files/v1
  • Description: Deletes file by its sha256 identifier.

Class: Falcon::QuickScanPro

  • Operation: delete_scan_result
  • DELETE: /quickscanpro/entities/scans/v1
  • Description: Deletes the result of an QuickScan Pro scan.

Class: Falcon::QuickScanPro

  • Operation: get_scan_result
  • GET: /quickscanpro/entities/scans/v1
  • Description: Gets the result of an QuickScan Pro scan.

Class: Falcon::QuickScanPro

  • Operation: launch_scan
  • POST: /quickscanpro/entities/scans/v1
  • Description: Starts scanning a file uploaded through '/quickscanpro/entities/files/v1'.

Class: Falcon::QuickScanPro

  • Operation: query_scan_results
  • GET: /quickscanpro/queries/scans/v1
  • Description: FQL query specifying the filter parameters

Class: Falcon::QuickScanPro

  • Operation: upload_file_quick_scan_pro
  • POST: /quickscanpro/entities/files/v1
  • Description: Uploads a file to be further analyzed with QuickScan Pro. The samples expire after 90 days.

Class: Falcon::RealTimeResponse

  • Operation: batch_active_responder_cmd
  • POST: /real-time-response/combined/batch-active-responder-command/v1
  • Description: Batch executes a RTR active-responder command across the hosts mapped to the given batch ID.

Class: Falcon::RealTimeResponse

  • Operation: batch_cmd
  • POST: /real-time-response/combined/batch-command/v1
  • Description: Batch executes a RTR read-only command across the hosts mapped to the given batch ID.

Class: Falcon::RealTimeResponse

  • Operation: batch_get_cmd
  • POST: /real-time-response/combined/batch-get-command/v1
  • Description: Batch executes `get` command across hosts to retrieve files. After this call is made `GET /real-time-response/combined/batch-get-command/v1` is used to query for the results.

Class: Falcon::RealTimeResponse

  • Operation: batch_get_cmd_status
  • GET: /real-time-response/combined/batch-get-command/v1
  • Description: Retrieves the status of the specified batch get command. Will return successful files when they are finished processing.

Class: Falcon::RealTimeResponse

  • Operation: batch_init_sessions
  • POST: /real-time-response/combined/batch-init-session/v1
  • Description: Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host.

Class: Falcon::RealTimeResponse

  • Operation: batch_refresh_sessions
  • POST: /real-time-response/combined/batch-refresh-session/v1
  • Description: Batch refresh a RTR session on multiple hosts. RTR sessions will expire after 10 minutes unless refreshed.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_aggregate_sessions
  • POST: /real-time-response/aggregates/sessions/GET/v1
  • Description: Get aggregates on session data.

Class: Falcon::RealTimeResponse


Class: Falcon::RealTimeResponse

  • Operation: r_tr_check_command_status
  • GET: /real-time-response/entities/command/v1
  • Description: Get status of an executed command on a single host.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_delete_file
  • DELETE: /real-time-response/entities/file/v1
  • Description: Delete a RTR session file.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_delete_file_v2
  • DELETE: /real-time-response/entities/file/v2
  • Description: Delete a RTR session file.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_delete_queued_session
  • DELETE: /real-time-response/entities/queued-sessions/command/v1
  • Description: Delete a queued session command

Class: Falcon::RealTimeResponse

  • Operation: r_tr_delete_session
  • DELETE: /real-time-response/entities/sessions/v1
  • Description: Delete a session.

Class: Falcon::RealTimeResponse


Class: Falcon::RealTimeResponse

  • Operation: r_tr_execute_command
  • POST: /real-time-response/entities/command/v1
  • Description: Execute a command on a single host.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_get_extracted_file_contents
  • GET: /real-time-response/entities/extracted-file-contents/v1
  • Description: Get RTR extracted file contents for specified session and sha256.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_init_session
  • POST: /real-time-response/entities/sessions/v1
  • Description: Initialize a new session with the RTR cloud.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_list_all_sessions
  • GET: /real-time-response/queries/sessions/v1
  • Description: Get a list of session_ids.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_list_files
  • GET: /real-time-response/entities/file/v1
  • Description: Get a list of files for the specified RTR session.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_list_files_v2
  • GET: /real-time-response/entities/file/v2
  • Description: Get a list of files for the specified RTR session.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_list_queued_sessions
  • POST: /real-time-response/entities/queued-sessions/GET/v1
  • Description: Get queued session metadata by session ID.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_list_sessions
  • POST: /real-time-response/entities/sessions/GET/v1
  • Description: Get session metadata by session id.

Class: Falcon::RealTimeResponse

  • Operation: r_tr_pulse_session
  • POST: /real-time-response/entities/refresh-session/v1
  • Description: Refresh a session timeout on a single host.

Class: Falcon::RealTimeResponseAdmin

  • Operation: batch_admin_cmd
  • POST: /real-time-response/combined/batch-admin-command/v1
  • Description: Batch executes a RTR administrator command across the hosts mapped to the given batch ID.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_check_admin_command_status
  • GET: /real-time-response/entities/admin-command/v1
  • Description: Get status of an executed RTR administrator command on a single host.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_create_put_files
  • POST: /real-time-response/entities/put-files/v1
  • Description: Upload a new put-file to use for the RTR `put` command.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_create_scripts
  • POST: /real-time-response/entities/scripts/v1
  • Description: Upload a new custom-script to use for the RTR `runscript` command.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_delete_put_files
  • DELETE: /real-time-response/entities/put-files/v1
  • Description: Delete a put-file based on the ID given. Can only delete one file at a time.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_delete_scripts
  • DELETE: /real-time-response/entities/scripts/v1
  • Description: Delete a custom-script based on the ID given. Can only delete one script at a time.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_execute_admin_command
  • POST: /real-time-response/entities/admin-command/v1
  • Description: Execute a RTR administrator command on a single host.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_get_falcon_scripts
  • GET: /real-time-response/entities/falcon-scripts/v1
  • Description: Get Falcon scripts with metadata and content of script

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_get_put_files
  • GET: /real-time-response/entities/put-files/v1
  • Description: Get put-files based on the ID's given. These are used for the RTR `put` command.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_get_put_files_v2
  • GET: /real-time-response/entities/put-files/v2
  • Description: Get put-files based on the ID's given. These are used for the RTR `put` command.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_get_scripts
  • GET: /real-time-response/entities/scripts/v1
  • Description: Get custom-scripts based on the ID's given. These are used for the RTR `runscript` command.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_get_scripts_v2
  • GET: /real-time-response/entities/scripts/v2
  • Description: Get custom-scripts based on the ID's given. These are used for the RTR `runscript` command.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_list_falcon_scripts
  • GET: /real-time-response/queries/falcon-scripts/v1
  • Description: Get a list of Falcon script IDs available to the user to run

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_list_put_files
  • GET: /real-time-response/queries/put-files/v1
  • Description: Get a list of put-file ID's that are available to the user for the `put` command.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_list_scripts
  • GET: /real-time-response/queries/scripts/v1
  • Description: Get a list of custom-script ID's that are available to the user for the `runscript` command.

Class: Falcon::RealTimeResponseAdmin

  • Operation: r_tr_update_scripts
  • PATCH: /real-time-response/entities/scripts/v1
  • Description: Upload a new scripts to replace an existing one.

Class: Falcon::RealTimeResponseAudit

  • Operation: r_tr_audit_sessions
  • GET: /real-time-response-audit/combined/sessions/v1
  • Description: Get all the RTR sessions created for a customer in a specified duration

Class: Falcon::Recon

  • Operation: aggregate_notifications_exposed_data_records_v1
  • POST: /recon/aggregates/notifications-exposed-data-records/GET/v1
  • Description: Get notification exposed data record aggregates as specified via JSON in request body. The valid aggregation fields are: [cid notification_id created_date rule.id rule.name rule.topic source_category site author file.name credential_status bot.operating_system.hardware_id bot.bot_id]

Class: Falcon::Recon

  • Operation: aggregate_notifications_v1
  • POST: /recon/aggregates/notifications/GET/v1
  • Description: Get notification aggregates as specified via JSON in request body.

Class: Falcon::Recon

  • Operation: create_actions_v1
  • POST: /recon/entities/actions/v1
  • Description: Create actions for a monitoring rule. Accepts a list of actions that will be attached to the monitoring rule.

Class: Falcon::Recon

  • Operation: create_export_jobs_v1
  • POST: /recon/entities/exports/v1
  • Description: Launch asynchronous export job. Use the job ID to poll the status of the job using GET /entities/exports/v1.

Class: Falcon::Recon

  • Operation: create_rules_v1
  • POST: /recon/entities/rules/v1
  • Description: Create monitoring rules.

Class: Falcon::Recon

  • Operation: delete_action_v1
  • DELETE: /recon/entities/actions/v1
  • Description: Delete an action from a monitoring rule based on the action ID.

Class: Falcon::Recon

  • Operation: delete_export_jobs_v1
  • DELETE: /recon/entities/exports/v1
  • Description: Delete export jobs (and their associated file(s)) based on their IDs.

Class: Falcon::Recon

  • Operation: delete_notifications_v1
  • DELETE: /recon/entities/notifications/v1
  • Description: Delete notifications based on IDs. Notifications cannot be recovered after they are deleted.

Class: Falcon::Recon

  • Operation: delete_rules_v1
  • DELETE: /recon/entities/rules/v1
  • Description: Delete monitoring rules.

Class: Falcon::Recon

  • Operation: get_actions_v1
  • GET: /recon/entities/actions/v1
  • Description: Get actions based on their IDs. IDs can be retrieved using the GET /queries/actions/v1 endpoint.

Class: Falcon::Recon

  • Operation: get_export_jobs_v1
  • GET: /recon/entities/exports/v1
  • Description: Get the status of export jobs based on their IDs. Export jobs can be launched by calling POST /entities/exports/v1. When a job is complete, use the job ID to download the file(s) associated with it using GET entities/export-files/v1.

Class: Falcon::Recon


Class: Falcon::Recon

  • Operation: get_notifications_detailed_translated_v1
  • GET: /recon/entities/notifications-detailed-translated/v1
  • Description: Get detailed notifications based on their IDs. These include the translated raw intelligence content that generated the match or part of it.

Class: Falcon::Recon

  • Operation: get_notifications_detailed_v1
  • GET: /recon/entities/notifications-detailed/v1
  • Description: Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match or part of it.

Class: Falcon::Recon

  • Operation: get_notifications_exposed_data_records_v1
  • GET: /recon/entities/notifications-exposed-data-records/v1
  • Description: Get notifications exposed data records based on their IDs. IDs can be retrieved using the GET /queries/notifications-exposed-data-records/v1 endpoint. The associate notification can be fetched using the /entities/notifications/v* endpoints

Class: Falcon::Recon

  • Operation: get_notifications_translated_v1
  • GET: /recon/entities/notifications-translated/v1
  • Description: Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint. This endpoint will return translated notification content. The only target language available is English.

Class: Falcon::Recon

  • Operation: get_notifications_v1
  • GET: /recon/entities/notifications/v1
  • Description: Get notifications based on their IDs. IDs can be retrieved using the GET /queries/notifications/v1 endpoint.

Class: Falcon::Recon

  • Operation: get_rules_v1
  • GET: /recon/entities/rules/v1
  • Description: Get monitoring rules based on their IDs. IDs can be retrieved using the GET /queries/rules/v1 endpoint.

Class: Falcon::Recon

  • Operation: preview_rule_v1
  • POST: /recon/aggregates/rules-preview/GET/v1
  • Description: Preview rules notification count and distribution. This will return aggregations on: channel, count, site.

Class: Falcon::Recon

  • Operation: query_actions_v1
  • GET: /recon/queries/actions/v1
  • Description: Query actions based on provided criteria. Use the IDs from this response to get the action entities on GET /entities/actions/v1.

Class: Falcon::Recon

  • Operation: query_notifications_exposed_data_records_v1
  • GET: /recon/queries/notifications-exposed-data-records/v1
  • Description: Query notifications exposed data records based on provided criteria. Use the IDs from this response to get the notification +entities on GET /entities/notifications-exposed-data-records/v1

Class: Falcon::Recon

  • Operation: query_notifications_v1
  • GET: /recon/queries/notifications/v1
  • Description: Query notifications based on provided criteria. Use the IDs from this response to get the notification +entities on GET /entities/notifications/v1, GET /entities/notifications-detailed/v1, +GET /entities/notifications-translated/v1 or GET /entities/notifications-detailed-translated/v1.

Class: Falcon::Recon

  • Operation: query_rules_v1
  • GET: /recon/queries/rules/v1
  • Description: Query monitoring rules based on provided criteria. Use the IDs from this response to fetch the rules on /entities/rules/v1.

Class: Falcon::Recon

  • Operation: update_action_v1
  • PATCH: /recon/entities/actions/v1
  • Description: Update an action for a monitoring rule.

Class: Falcon::Recon

  • Operation: update_notifications_v1
  • PATCH: /recon/entities/notifications/v1
  • Description: Update notification status or assignee. Accepts bulk requests

Class: Falcon::Recon

  • Operation: update_rules_v1
  • PATCH: /recon/entities/rules/v1
  • Description: Update monitoring rules.

Class: Falcon::ReportExecutions

  • Operation: report_executions_download_get
  • GET: /reports/entities/report-executions-download/v1
  • Description: Get report entity download. Returns either a JSON object or a CSV string.

Class: Falcon::ReportExecutions

  • Operation: report_executions_get
  • GET: /reports/entities/report-executions/v1
  • Description: Retrieve report details for the provided report IDs.

Class: Falcon::ReportExecutions

  • Operation: report_executions_query
  • GET: /reports/queries/report-executions/v1
  • Description: Find all report execution IDs matching the query with filter

Class: Falcon::ReportExecutions

  • Operation: report_executions_retry
  • POST: /reports/entities/report-executions-retry/v1
  • Description: This endpoint will be used to retry report executions

Class: Falcon::ResponsePolicies

  • Operation: create_rt_response_policies
  • POST: /policy/entities/response/v1
  • Description: Create Response Policies by specifying details about the policy to create

Class: Falcon::ResponsePolicies

  • Operation: delete_rt_response_policies
  • DELETE: /policy/entities/response/v1
  • Description: Delete a set of Response Policies by specifying their IDs

Class: Falcon::ResponsePolicies

  • Operation: get_rt_response_policies
  • GET: /policy/entities/response/v1
  • Description: Retrieve a set of Response Policies by specifying their IDs

Class: Falcon::ResponsePolicies

  • Operation: perform_rt_response_policies_action
  • POST: /policy/entities/response-actions/v1
  • Description: Perform the specified action on the Response Policies specified in the request

Class: Falcon::ResponsePolicies

  • Operation: query_combined_rt_response_policies
  • GET: /policy/combined/response/v1
  • Description: Search for Response Policies in your environment by providing an FQL filter and paging details. Returns a set of Response Policies which match the filter criteria

Class: Falcon::ResponsePolicies

  • Operation: query_combined_rt_response_policy_members
  • GET: /policy/combined/response-members/v1
  • Description: Search for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria

Class: Falcon::ResponsePolicies

  • Operation: query_rt_response_policies
  • GET: /policy/queries/response/v1
  • Description: Search for Response Policies in your environment by providing an FQL filter with sort and/or paging details. This returns a set of Response Policy IDs that match the given criteria.

Class: Falcon::ResponsePolicies

  • Operation: query_rt_response_policy_members
  • GET: /policy/queries/response-members/v1
  • Description: Search for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria

Class: Falcon::ResponsePolicies

  • Operation: set_rt_response_policies_precedence
  • POST: /policy/entities/response-precedence/v1
  • Description: Sets the precedence of Response Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence

Class: Falcon::ResponsePolicies

  • Operation: update_rt_response_policies
  • PATCH: /policy/entities/response/v1
  • Description: Update Response Policies by specifying the ID of the policy and details to update

Class: Falcon::RuntimeDetections

  • Operation: get_runtime_detections_combined_v2
  • GET: /container-security/combined/runtime-detections/v2
  • Description: Retrieve container runtime detections by the provided search criteria

Class: Falcon::SampleUploads

  • Operation: archive_delete_v1
  • DELETE: /archives/entities/archives/v1
  • Description: Delete an archive that was uploaded previously

Class: Falcon::SampleUploads

  • Operation: archive_get_v1
  • GET: /archives/entities/archives/v1
  • Description: Retrieves the archives upload operation statuses. Status `done` means that archive was processed successfully. Status `error` means that archive was not processed successfully.

Class: Falcon::SampleUploads

  • Operation: archive_list_v1
  • GET: /archives/entities/archive-files/v1
  • Description: Retrieves the archives files in chunks.

Class: Falcon::SampleUploads

  • Operation: archive_upload_v1
  • POST: /archives/entities/archives/v1
  • Description: Uploads an archive and extracts files list from it. Operation is asynchronous use `/archives/entities/archives/v1` to check the status. After uploading, use `/archives/entities/extractions/v1` to copy the file to internal storage making it available for content analysis. This method is deprecated in favor of `/archives/entities/archives/v2`

Class: Falcon::SampleUploads

  • Operation: archive_upload_v2
  • POST: /archives/entities/archives/v2
  • Description: Uploads an archive and extracts files list from it. Operation is asynchronous use `/archives/entities/archives/v1` to check the status. After uploading, use `/archives/entities/extractions/v1` to copy the file to internal storage making it available for content analysis.

Class: Falcon::SampleUploads

  • Operation: delete_sample_v3
  • DELETE: /samples/entities/samples/v3
  • Description: Removes a sample, including file, meta and submissions from the collection

Class: Falcon::SampleUploads

  • Operation: extraction_create_v1
  • POST: /archives/entities/extractions/v1
  • Description: Extracts files from an uploaded archive and copies them to internal storage making it available for content analysis.

Class: Falcon::SampleUploads

  • Operation: extraction_get_v1
  • GET: /archives/entities/extractions/v1
  • Description: Retrieves the files extraction operation statuses. Status `done` means that all files were processed successfully. Status `error` means that at least one of the file could not be processed.

Class: Falcon::SampleUploads

  • Operation: extraction_list_v1
  • GET: /archives/entities/extraction-files/v1
  • Description: Retrieves the files extractions in chunks. Status `done` means that all files were processed successfully. Status `error` means that at least one of the file could not be processed.

Class: Falcon::SampleUploads

  • Operation: get_sample_v3
  • GET: /samples/entities/samples/v3
  • Description: Retrieves the file associated with the given ID (SHA256)

Class: Falcon::SampleUploads

  • Operation: upload_sample_v3
  • POST: /samples/entities/samples/v3
  • Description: Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint.

Class: Falcon::ScheduledReports

  • Operation: scheduled_reports_get
  • GET: /reports/entities/scheduled-reports/v1
  • Description: Retrieve scheduled reports for the provided report IDs.

Class: Falcon::ScheduledReports

  • Operation: scheduled_reports_launch
  • POST: /reports/entities/scheduled-reports/execution/v1
  • Description: Launch scheduled reports executions for the provided report IDs.

Class: Falcon::ScheduledReports

  • Operation: scheduled_reports_query
  • GET: /reports/queries/scheduled-reports/v1
  • Description: Find all report IDs matching the query with filter

Class: Falcon::SensorDownload


Class: Falcon::SensorDownload


Class: Falcon::SensorDownload


Class: Falcon::SensorDownload


Class: Falcon::SensorDownload


Class: Falcon::SensorDownload


Class: Falcon::SensorDownload


Class: Falcon::SensorDownload


Class: Falcon::SensorDownload


Class: Falcon::SensorUpdatePolicies

  • Operation: create_sensor_update_policies
  • POST: /policy/entities/sensor-update/v1
  • Description: Create Sensor Update Policies by specifying details about the policy to create

Class: Falcon::SensorUpdatePolicies

  • Operation: create_sensor_update_policies_v2
  • POST: /policy/entities/sensor-update/v2
  • Description: Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection

Class: Falcon::SensorUpdatePolicies

  • Operation: delete_sensor_update_policies
  • DELETE: /policy/entities/sensor-update/v1
  • Description: Delete a set of Sensor Update Policies by specifying their IDs

Class: Falcon::SensorUpdatePolicies

  • Operation: get_sensor_update_policies
  • GET: /policy/entities/sensor-update/v1
  • Description: Retrieve a set of Sensor Update Policies by specifying their IDs

Class: Falcon::SensorUpdatePolicies

  • Operation: get_sensor_update_policies_v2
  • GET: /policy/entities/sensor-update/v2
  • Description: Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs

Class: Falcon::SensorUpdatePolicies

  • Operation: perform_sensor_update_policies_action
  • POST: /policy/entities/sensor-update-actions/v1
  • Description: Perform the specified action on the Sensor Update Policies specified in the request

Class: Falcon::SensorUpdatePolicies


Class: Falcon::SensorUpdatePolicies


Class: Falcon::SensorUpdatePolicies

  • Operation: query_combined_sensor_update_policies
  • GET: /policy/combined/sensor-update/v1
  • Description: Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria

Class: Falcon::SensorUpdatePolicies

  • Operation: query_combined_sensor_update_policies_v2
  • GET: /policy/combined/sensor-update/v2
  • Description: Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria

Class: Falcon::SensorUpdatePolicies

  • Operation: query_combined_sensor_update_policy_members
  • GET: /policy/combined/sensor-update-members/v1
  • Description: Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria

Class: Falcon::SensorUpdatePolicies

  • Operation: query_sensor_update_kernels_distinct
  • GET: /policy/queries/sensor-update-kernels/{distinct_field}/v1
  • Description: Retrieve kernel compatibility info for Sensor Update Builds

Class: Falcon::SensorUpdatePolicies

  • Operation: query_sensor_update_policies
  • GET: /policy/queries/sensor-update/v1
  • Description: Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria

Class: Falcon::SensorUpdatePolicies

  • Operation: query_sensor_update_policy_members
  • GET: /policy/queries/sensor-update-members/v1
  • Description: Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria

Class: Falcon::SensorUpdatePolicies

  • Operation: reveal_uninstall_token
  • POST: /policy/combined/reveal-uninstall-token/v1
  • Description: Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id'

Class: Falcon::SensorUpdatePolicies

  • Operation: set_sensor_update_policies_precedence
  • POST: /policy/entities/sensor-update-precedence/v1
  • Description: Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence

Class: Falcon::SensorUpdatePolicies

  • Operation: update_sensor_update_policies
  • PATCH: /policy/entities/sensor-update/v1
  • Description: Update Sensor Update Policies by specifying the ID of the policy and details to update

Class: Falcon::SensorUpdatePolicies

  • Operation: update_sensor_update_policies_v2
  • PATCH: /policy/entities/sensor-update/v2
  • Description: Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection

Class: Falcon::SensorUsage

  • Operation: get_sensor_usage_weekly
  • GET: /billing-dashboards-usage/aggregates/weekly-average/v1
  • Description: Fetches weekly average. Each data point represents the average of how many unique AIDs were seen per week for the previous 28 days.

Class: Falcon::SensorVisibilityExclusions

  • Operation: create_sv_exclusions_v1
  • POST: /policy/entities/sv-exclusions/v1
  • Description: Create the sensor visibility exclusions

Class: Falcon::SensorVisibilityExclusions


Class: Falcon::SensorVisibilityExclusions


Class: Falcon::SensorVisibilityExclusions


Class: Falcon::SensorVisibilityExclusions


Class: Falcon::SpotlightEvaluationLogic

  • Operation: combined_query_evaluation_logic
  • GET: /spotlight/combined/evaluation-logic/v1
  • Description: Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.

Class: Falcon::SpotlightEvaluationLogic

  • Operation: get_evaluation_logic
  • GET: /spotlight/entities/evaluation-logic/v1
  • Description: Get details on evaluation logic items by providing one or more IDs.

Class: Falcon::SpotlightEvaluationLogic

  • Operation: query_evaluation_logic
  • GET: /spotlight/queries/evaluation-logic/v1
  • Description: Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.

Class: Falcon::SpotlightVulnerabilities

  • Operation: combined_query_vulnerabilities
  • GET: /spotlight/combined/vulnerabilities/v1
  • Description: Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria

Class: Falcon::SpotlightVulnerabilities

  • Operation: get_remediations_v2
  • GET: /spotlight/entities/remediations/v2
  • Description: Get details on remediation by providing one or more IDs

Class: Falcon::SpotlightVulnerabilities

  • Operation: get_vulnerabilities_0
  • GET: /spotlight/entities/vulnerabilities/v2
  • Description: Get details on vulnerabilities by providing one or more IDs

Class: Falcon::SpotlightVulnerabilities

  • Operation: query_vulnerabilities_0
  • GET: /spotlight/queries/vulnerabilities/v1
  • Description: Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria

Class: Falcon::Threatgraph

  • Operation: combined_edges_get
  • GET: /threatgraph/combined/edges/v1
  • Description: Retrieve edges for a given vertex id. One edge type must be specified

Class: Falcon::Threatgraph

  • Operation: combined_ran_on_get
  • GET: /threatgraph/combined/ran-on/v1
  • Description: Look up instances of indicators such as hashes, domain names, and ip addresses that have been seen on devices in your environment.

Class: Falcon::Threatgraph

  • Operation: combined_summary_get
  • GET: /threatgraph/combined/{vertex-type}/summary/v1
  • Description: Retrieve summary for a given vertex ID

Class: Falcon::Threatgraph

  • Operation: entities_vertices_get
  • GET: /threatgraph/entities/{vertex-type}/v1
  • Description: Retrieve metadata for a given vertex ID. Note: This is a legacy endpoint used by CrowdStrike Store partners prior to release of the ThreatGraph OAuth 2.0 APIs. If you’re not currently using this endpoint, use the /v2 endpoint instead.

Class: Falcon::Threatgraph

  • Operation: entities_vertices_getv2
  • GET: /threatgraph/entities/{vertex-type}/v2
  • Description: Retrieve metadata for a given vertex ID

Class: Falcon::Threatgraph

  • Operation: queries_edgetypes_get
  • GET: /threatgraph/queries/edge-types/v1
  • Description: Show all available edge types

Class: Falcon::UnidentifiedContainers


Class: Falcon::UnidentifiedContainers

  • Operation: read_unidentified_containers_count
  • GET: /container-security/aggregates/unidentified-containers/count/v1
  • Description: Returns the total count of Unidentified Containers over a time period

Class: Falcon::UnidentifiedContainers


Class: Falcon::UserManagement

  • Operation: combined_user_roles_v1
  • GET: /user-management/combined/user-roles/v1
  • Description: Get User Grant(s). This endpoint lists both direct as well as flight control grants between a User and a Customer.

Class: Falcon::UserManagement

  • Operation: create_user
  • POST: /users/entities/users/v1
  • Description: Deprecated : Please use POST /user-management/entities/users/v1. Create a new user. After creating a user, assign one or more roles with POST /user-roles/entities/user-roles/v1

Class: Falcon::UserManagement

  • Operation: create_user_v1
  • POST: /user-management/entities/users/v1
  • Description: Create a new user. After creating a user, assign one or more roles with POST '/user-management/entities/user-role-actions/v1'

Class: Falcon::UserManagement

  • Operation: delete_user
  • DELETE: /users/entities/users/v1
  • Description: Deprecated : Please use DELETE /user-management/entities/users/v1. Delete a user permanently

Class: Falcon::UserManagement

  • Operation: delete_user_v1
  • DELETE: /user-management/entities/users/v1
  • Description: Delete a user permanently.

Class: Falcon::UserManagement

  • Operation: entities_roles_v1
  • GET: /user-management/entities/roles/v1
  • Description: Get info about a role

Class: Falcon::UserManagement

  • Operation: get_available_role_ids
  • GET: /user-roles/queries/user-role-ids-by-cid/v1
  • Description: Deprecated : Please use GET /user-management/queries/roles/v1. Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to `/customer/entities/roles/v1`.

Class: Falcon::UserManagement

  • Operation: get_roles
  • GET: /user-roles/entities/user-roles/v1
  • Description: Deprecated : Please use GET /user-management/entities/roles/v1. Get info about a role

Class: Falcon::UserManagement

  • Operation: get_user_role_ids
  • GET: /user-roles/queries/user-role-ids-by-user-uuid/v1
  • Description: Deprecated : Please use GET /user-management/combined/user-roles/v1. Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to `/customer/entities/roles/v1`.

Class: Falcon::UserManagement

  • Operation: grant_user_role_ids
  • POST: /user-roles/entities/user-roles/v1
  • Description: Deprecated : Please use POST /user-management/entities/user-role-actions/v1. Assign one or more roles to a user

Class: Falcon::UserManagement

  • Operation: queries_roles_v1
  • GET: /user-management/queries/roles/v1
  • Description: Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to `/user-management/entities/roles/v1`.

Class: Falcon::UserManagement

  • Operation: query_user_v1
  • GET: /user-management/queries/users/v1
  • Description: List user IDs for all users in your customer account. For more information on each user, provide the user ID to `/user-management/entities/users/GET/v1`.

Class: Falcon::UserManagement

  • Operation: retrieve_emails_by_cid
  • GET: /users/queries/emails-by-cid/v1
  • Description: Deprecated : Please use POST /user-management/entities/users/GET/v1. List the usernames (usually an email address) for all users in your customer account

Class: Falcon::UserManagement

  • Operation: retrieve_user
  • GET: /users/entities/users/v1
  • Description: Deprecated : Please use POST /user-management/entities/users/GET/v1. Get info about a user

Class: Falcon::UserManagement

  • Operation: retrieve_user_uuid
  • GET: /users/queries/user-uuids-by-email/v1
  • Description: Deprecated : Please use GET /user-management/queries/users/v1. Get a user's ID by providing a username (usually an email address)

Class: Falcon::UserManagement

  • Operation: retrieve_user_uuids_by_cid
  • GET: /users/queries/user-uuids-by-cid/v1
  • Description: Deprecated : Please use GET /user-management/queries/users/v1. List user IDs for all users in your customer account. For more information on each user, provide the user ID to `/users/entities/user/v1`.

Class: Falcon::UserManagement

  • Operation: retrieve_users_getv1
  • POST: /user-management/entities/users/GET/v1
  • Description: Get info about users including their name, UID and CID by providing user UUIDs

Class: Falcon::UserManagement

  • Operation: revoke_user_role_ids
  • DELETE: /user-roles/entities/user-roles/v1
  • Description: Deprecated : Please use POST /user-management/entities/user-role-actions/v1. Revoke one or more roles from a user

Class: Falcon::UserManagement

  • Operation: update_user
  • PATCH: /users/entities/users/v1
  • Description: Deprecated : Please use PATCH /user-management/entities/users/v1. Modify an existing user's first or last name

Class: Falcon::UserManagement

  • Operation: update_user_v1
  • PATCH: /user-management/entities/users/v1
  • Description: Modify an existing user's first or last name.

Class: Falcon::UserManagement

  • Operation: user_action_v1
  • POST: /user-management/entities/user-actions/v1
  • Description: Apply actions to one or more User. Available action names: reset_2fa, reset_password. User UUIDs can be provided in `ids` param as part of request payload.

Class: Falcon::UserManagement

  • Operation: user_roles_action_v1
  • POST: /user-management/entities/user-role-actions/v1
  • Description: Grant or Revoke one or more role(s) to a user against a CID. User UUID, CID and Role ID(s) can be provided in request payload. Available Action(s) : grant, revoke

Class: Falcon::Workflows

  • Operation: workflow_activities_combined
  • GET: /workflows/combined/activities/v1
  • Description: Search for activities by name. Returns all supported activities if no filter specified

Class: Falcon::Workflows

  • Operation: workflow_definitions_combined
  • GET: /workflows/combined/definitions/v1
  • Description: Search workflow definitions based on the provided filter

Class: Falcon::Workflows

  • Operation: workflow_definitions_export
  • GET: /workflows/entities/definitions/export/v1
  • Description: Exports a workflow definition for the given definition ID

Class: Falcon::Workflows

  • Operation: workflow_definitions_import
  • POST: /workflows/entities/definitions/import/v1
  • Description: Imports a workflow definition based on the provided model

Class: Falcon::Workflows

  • Operation: workflow_definitions_update
  • PUT: /workflows/entities/definitions/v1
  • Description: Updates a workflow definition based on the provided model

Class: Falcon::Workflows

  • Operation: workflow_execute
  • POST: /workflows/entities/execute/v1
  • Description: Executes an on-demand Workflow, the body is JSON used to trigger the execution, the response the execution ID(s)

Class: Falcon::Workflows

  • Operation: workflow_execute_internal
  • POST: /workflows/entities/execute/internal/v1
  • Description: Executes an on-demand Workflow - internal workflows permitted, the body is JSON used to trigger the execution, the response the execution ID(s)

Class: Falcon::Workflows

  • Operation: workflow_execution_results
  • GET: /workflows/entities/execution-results/v1
  • Description: Get execution result of a given execution

Class: Falcon::Workflows

  • Operation: workflow_executions_action
  • POST: /workflows/entities/execution-actions/v1
  • Description: Allows a user to resume/retry a failed workflow execution.

Class: Falcon::Workflows

  • Operation: workflow_executions_combined
  • GET: /workflows/combined/executions/v1
  • Description: Search workflow executions based on the provided filter

Class: Falcon::Workflows

  • Operation: workflow_get_human_input_v1
  • GET: /workflows/entities/human-inputs/v1
  • Description: Gets one or more specific human inputs by their IDs.

Class: Falcon::Workflows

  • Operation: workflow_mock_execute
  • POST: /workflows/entities/mock-executions/v1
  • Description: Executes a workflow definition with mocks

Class: Falcon::Workflows

  • Operation: workflow_system_definitions_de_provision
  • POST: /workflows/system-definitions/deprovision/v1
  • Description: Deprovisions a system definition that was previously provisioned on the target CID

Class: Falcon::Workflows

  • Operation: workflow_system_definitions_promote
  • POST: /workflows/system-definitions/promote/v1
  • Description: Promotes a version of a system definition for a customer. The customer must already have been provisioned. This allows the caller to apply an updated template version to a specific cid and expects all parameters to be supplied. If the template supports multi-instance the customer scope definition ID must be supplied to determine which customer workflow should be updated.

Class: Falcon::Workflows

  • Operation: workflow_system_definitions_provision
  • POST: /workflows/system-definitions/provision/v1
  • Description: Provisions a system definition onto the target CID by using the template and provided parameters

Class: Falcon::Workflows

  • Operation: workflow_triggers_combined
  • GET: /workflows/combined/triggers/v1
  • Description: Search for triggers by namespaced identifier, i.e. FalconAudit, Detection, or FalconAudit/Detection/Status. Returns all triggers if no filter specified

Class: Falcon::Workflows

  • Operation: workflow_update_human_input_v1
  • PATCH: /workflows/entities/human-inputs/v1
  • Description: Provides an input in response to a human input action. Depending on action configuration, one or more of Approve, Decline, and/or Escalate are permitted.

Class: Falcon::ZeroTrustAssessment

  • Operation: get_assessment_v1
  • GET: /zero-trust-assessment/entities/assessments/v1
  • Description: Get Zero Trust Assessment data for one or more hosts by providing agent IDs (AID) and a customer ID (CID).

Class: Falcon::ZeroTrustAssessment

  • Operation: get_assessments_by_score_v1
  • GET: /zero-trust-assessment/queries/assessments/v1
  • Description: Get Zero Trust Assessment data for one or more hosts by providing a customer ID (CID) and a range of scores.

Class: Falcon::ZeroTrustAssessment

  • Operation: get_audit_v1
  • GET: /zero-trust-assessment/entities/audit/v1
  • Description: Get the Zero Trust Assessment audit report for one customer ID (CID).