This service collection has code examples posted to the repository.
| Operation ID | Description |
|---|
| Get pattern severities by ID. |
| Get platforms by ID. |
| Get rule groups by ID. |
| Create a rule group for a platform with a name and an optional description. Returns the rule group. |
| Delete rule groups by ID. |
| Update a rule group. The following properties can be modified: name, description, enabled. |
| Get rule types by ID. |
| Get rules by ID and optionally version in the following format: ID[:version]. |
| Get rules by ID and optionally version in the following format: ID[:version]. The max number of IDs is constrained by URL size. |
| Create a rule within a rule group. Returns the rule. |
| Delete rules from a rule group by ID. |
| Update rules within a rule group. Return the updated rules. |
| Update name, description, enabled or field_values for individual rules within a rule group. The v1 flavor of this call requires the caller to specify the complete state for all the rules in the rule group, instead the v2 flavor will accept the subset of rules in the rule group and apply the attribute updates to the subset of rules in the rule group. Returns the updated rules. |
| Validates field values and checks for matches if a test string is provided. |
| Get all pattern severity IDs. |
| Get all platform IDs. |
| Find all rule groups matching the query with optional filter. |
| Finds all rule group IDs matching the query with optional filter. |
| Get all rule type IDs. |
| Finds all rule IDs matching the query with optional filter. |
WARNING
client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Get pattern severities by ID.
get_patterns
| Method | Route |
|---|
 | /ioarules/entities/pattern-severities/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_patterns(ids=id_list)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_patterns(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_patterns", ids=id_list)
print(response)
Get platforms by ID.
get_platforms
| Method | Route |
|---|
| /ioarules/entities/platforms/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_platforms(ids=id_list)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_platformsMixin0(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_platformsMixin0", ids=id_list)
print(response)
Get rule groups by ID.
get_rule_groups
| Method | Route |
|---|
| /ioarules/entities/rule-groups/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule_groups(ids=id_list)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule_groupsMixin0(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_rule_groupsMixin0", ids=id_list)
print(response)
Create a rule group for a platform with a name and an optional description. Returns the rule group.
create_rule_group
| Method | Route |
|---|
 | /ioarules/entities/rule-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. |
| description | ![]()
![]() | ![]()
![]() | body | string | Rule group description. |
| comment | ![]()
![]() | ![]()
![]() | body | string | Comment to associate with this rule group. |
| name | ![]()
![]() | ![]()
![]() | body | string | Rule group name. |
| platform | ![]()
![]() | ![]()
![]() | body | string | Rule group platform. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_rule_group(description="string",
comment="string",
name="string",
platform="string"
)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_rule_groupMixin0(description="string",
comment="string",
name="string",
platform="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"comment": "string",
"description": "string",
"name": "string",
"platform": "string"
}
response = falcon.command("create_rule_groupMixin0", body=BODY)
print(response)
Delete rule groups by ID.
delete_rule_groups
| Method | Route |
|---|
 | /ioarules/entities/rule-groups/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| comment | ![]()
![]() | ![]()
![]() | query | string | Audit log comment for this operation. |
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rule_groups(comment="string", ids=id_list)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rule_groupsMixin0(comment="string", ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("delete_rule_groupsMixin0", comment="string", ids=id_list)
print(response)
Update a rule group. The following properties can be modified: name, description, enabled.
update_rule_group
| Method | Route |
|---|
 | /ioarules/entities/rule-groups/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. |
| description | ![]()
![]() | ![]()
![]() | body | string | Rule group description. |
| comment | ![]()
![]() | ![]()
![]() | body | string | Comment to associate with this rule group. |
| enabled | ![]()
![]() | ![]()
![]() | body | boolean | Flag indicating if this rule group is enabled. |
| id | ![]()
![]() | ![]()
![]() | body | string | ID of the rule group to be updated. |
| name | ![]()
![]() | ![]()
![]() | body | string | Rule group name. |
| rulegroup_version | ![]()
![]() | ![]()
![]() | body | integer | Rule group version to update. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_rule_group(comment="string",
description="string",
enabled=boolean,
id="string",
name="string",
rulegroup_version=integer
)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_rule_groupMixin0(comment="string",
description="string",
enabled=boolean,
id="string",
name="string",
rulegroup_version=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"comment": "string",
"description": "string",
"enabled": boolean,
"id": "string",
"name": "string",
"rulegroup_version": integer
}
response = falcon.command("update_rule_groupMixin0", body=BODY)
print(response)
Get rule types by ID.
get_rule_types
| Method | Route |
|---|
| /ioarules/entities/rule-types/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule_types(ids=id_list)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule_types(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_rule_types", ids=id_list)
print(response)
Get rules by ID and optionally version in the following format: ID[:version].
get_rules_get
| Method | Route |
|---|
| /ioarules/entities/rules/GET/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. |
| ids | ![]()
![]() | ![]()
![]() | body | string or list of strings | Rule ID(s) to retrieve. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rules_get(ids=id_list)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rules_get(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
BODY = {
"ids": id_list
}
response = falcon.command("get_rules_get", body=BODY)
print(response)
Get rules by ID and optionally version in the following format: ID[:version]. The max number of IDs is constrained by URL size.
get_rules
| Method | Route |
|---|
| /ioarules/entities/rules/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rules(ids=id_list)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rulesMixin0(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_rulesMixin0", ids=id_list)
print(response)
Create a rule within a rule group. Returns the rule.
create_rule
| Method | Route |
|---|
| /ioarules/entities/rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. |
| description | ![]()
![]() | ![]()
![]() | body | string | Rule description. |
| disposition_id | ![]()
![]() | ![]()
![]() | body | integer | Disposition ID of the rule. |
| comment | ![]()
![]() | ![]()
![]() | body | string | Comment to associate with this rule. |
| field_values | ![]()
![]() | ![]()
![]() | body | dictionary | Dictionary representing the rule field values. |
| pattern_severity | ![]()
![]() | ![]()
![]() | body | string | Severity. |
| name | ![]()
![]() | ![]()
![]() | body | string | Rule name. |
| rulegroup_id | ![]()
![]() | ![]()
![]() | body | string | ID of the Rule group to associate this rule to. |
| ruletype_id | ![]()
![]() | ![]()
![]() | body | string | Rule Type ID for this rule. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
field_val = {
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
response = falcon.create_rule(comment="string",
description="string",
disposition_id=integer,
field_values=field_val,
pattern_severity="string",
name="string",
rulegroup_id="string",
ruletype_id="string"
)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
field_val = {
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
response = falcon.create_rule(comment="string",
description="string",
disposition_id=integer,
field_values=field_val,
pattern_severity="string",
name="string",
rulegroup_id="string",
ruletype_id="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"comment": "string",
"description": "string",
"disposition_id": integer,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"name": "string",
"pattern_severity": "string",
"rulegroup_id": "string",
"ruletype_id": "string"
}
response = falcon.command("create_rule", body=BODY)
print(response)
Delete rules from a rule group by ID.
delete_rules
| Method | Route |
|---|
| /ioarules/entities/rules/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| comment | ![]()
![]() | ![]()
![]() | query | string | Audit log comment for this operation. |
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
| rule_group_id | ![]()
![]() | ![]()
![]() | query | string | The parent rule group ID. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rules(rule_group_id="string", comment="string", ids=id_list)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rules(rule_group_id="string", comment="string", ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("delete_rules",
comment="string",
ids=id_list,
rule_group_id="string"
)
print(response)
Update rules within a rule group. Return the updated rules.
update_rules
| Method | Route |
|---|
| /ioarules/entities/rules/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. |
| comment | ![]()
![]() | ![]()
![]() | body | string | Comment to associate with this rule. |
| rule_updates | ![]()
![]() | ![]()
![]() | body | dictionary | Dictionary representing the rule updates to perfrom. |
| rulegroup_id | ![]()
![]() | ![]()
![]() | body | string | ID of the Rule group to associate this rule to. |
| rulegroup_version | ![]()
![]() | ![]()
![]() | body | integer | Rule group version. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_update = {
"description": "string",
"disposition_id": integer,
"enabled": boolean,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": integer
}
response = falcon.update_rules(comment="string",
rule_updates=rule_update,
rulegroup_id="string",
rulegroup_version=integer
)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_update = {
"description": "string",
"disposition_id": integer,
"enabled": boolean,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": integer
}
response = falcon.update_rules(comment="string",
rule_updates=rule_update,
rulegroup_id="string",
rulegroup_version=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"comment": "string",
"rule_updates": [
{
"description": "string",
"disposition_id": 0,
"enabled": true,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": 0
}
],
"rulegroup_id": "string",
"rulegroup_version": 0
}
response = falcon.command("update_rules", body=BODY)
print(response)
Update name, description, enabled or field_values for individual rules within a rule group. The v1 flavor of this call requires the caller to specify the complete state for all the rules in the rule group, instead the v2 flavor will accept the subset of rules in the rule group and apply the attribute updates to the subset of rules in the rule group. Returns the updated rules.
update_rules_v2
| Method | Route |
|---|
| /ioarules/entities/rules/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. |
| comment | ![]()
![]() | ![]()
![]() | body | string | Comment to associate with this rule. |
| rule_updates | ![]()
![]() | ![]()
![]() | body | dictionary | Dictionary representing the rule updates to perfrom. |
| rulegroup_id | ![]()
![]() | ![]()
![]() | body | string | ID of the Rule group to associate this rule to. |
| rulegroup_version | ![]()
![]() | ![]()
![]() | body | integer | Rule group version. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_update = {
"description": "string",
"disposition_id": integer,
"enabled": boolean,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": integer
}
response = falcon.update_rules(comment="string",
rule_updates=rule_update,
rulegroup_id="string",
rulegroup_version=integer
)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_update = {
"description": "string",
"disposition_id": integer,
"enabled": boolean,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": integer
}
response = falcon.update_rules(comment="string",
rule_updates=rule_update,
rulegroup_id="string",
rulegroup_version=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"comment": "string",
"rule_updates": [
{
"description": "string",
"disposition_id": integer,
"enabled": boolean,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": integer
}
],
"rulegroup_id": "string",
"rulegroup_version": integer
}
response = falcon.command("update_rules", body=BODY)
print(response)
Validates field values and checks for matches if a test string is provided.
validate
| Method | Route |
|---|
| /ioarules/entities/rules/validate/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. |
| fields | ![]()
![]() | ![]()
![]() | body | list of dictionaries | List of dictionaries containing the fields to be validated. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields_to_validate = [{
"name": "string",
"test_data": "string",
"type": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}]
response = falcon.validate(fields=field_to_validate)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields_to_validate = [{
"name": "string",
"test_data": "string",
"type": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}]
response = falcon.validate(fields=field_to_validate)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"fields": [
{
"name": "string",
"test_data": "string",
"type": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
]
}
response = falcon.command("validate", body=BODY)
print(response)
Get all pattern severity IDs.
query_patterns
| Method | Route |
|---|
| /ioarules/queries/pattern-severities/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| limit | ![]()
![]() | ![]()
![]() | query | integer | Maximum number of records to return. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Starting index of overall result set from which to return ids. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_patterns(offset=integer, limit=integer)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_patterns(offset=integer, limit=integer)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_patterns", limit=integer, offset=integer)
print(response)
Get all platform IDs.
query_platforms
| Method | Route |
|---|
| /ioarules/queries/platforms/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| limit | ![]()
![]() | ![]()
![]() | query | integer | Maximum number of records to return. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Starting index of overall result set from which to return ids. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_platforms(offset=integer, limit=integer)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_platformsMixin0(offset=integer, limit=integer)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_platformsMixin0", offset=integer, limit=integer)
print(response)
Find all rule groups matching the query with optional filter.
query_rule_groups_full
| Method | Route |
|---|
| /ioarules/queries/rule-groups-full/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | FQL Syntax formatted string used to limit the results.
Available filters:- enabled
- platform
- name
- description
- rules.action_label
- rules.name
- rules.description
- rules.pattern_severity
- rules.ruletype_name
- rules.enabled
Filter range criteria: You may use any common date format,
such as 2010-05-15T14:55:21.892315096Z for date format fields. |
| limit | ![]()
![]() | ![]()
![]() | query | integer | Maximum number of records to return. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Starting index of overall result set from which to return ids. |
| q | ![]()
![]() | ![]()
![]() | query | string | Match query criteria which includes all the filter string fields. |
| sort | ![]()
![]() | ![]()
![]() | query | string | The property to sort by. (Ex: modified_on.desc)
Available sort fields: - created_by
- created_on
- modified_by
- modified_on
- enabled
- name
- description
|
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_groups_full(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_groups_full(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_rule_groups_full",
sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Finds all rule group IDs matching the query with optional filter.
query_rule_groups
| Method | Route |
|---|
| /ioarules/queries/rule-groups/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | FQL Syntax formatted string used to limit the results.
Available filters:- enabled
- platform
- name
- description
- rules.action_label
- rules.name
- rules.description
- rules.pattern_severity
- rules.ruletype_name
- rules.enabled
Filter range criteria: You may use any common date format,
such as 2010-05-15T14:55:21.892315096Z for date format fields. |
| limit | ![]()
![]() | ![]()
![]() | query | integer | Maximum number of records to return. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Starting index of overall result set from which to return ids. |
| q | ![]()
![]() | ![]()
![]() | query | string | Match query criteria which includes all the filter string fields. |
| sort | ![]()
![]() | ![]()
![]() | query | string | The property to sort by. (Ex: modified_on.desc)
Available sort fields: - created_by
- created_on
- modified_by
- modified_on
- enabled
- name
- description
|
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_groups(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_groupsMixin0(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_rule_groupsMixin0",
sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Get all rule type IDs.
query_rule_types
| Method | Route |
|---|
| /ioarules/queries/rule-types/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| limit | ![]()
![]() | ![]()
![]() | query | integer | Maximum number of records to return. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Starting index of overall result set from which to return ids. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_types(offset=integer, limit=integer)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_types(offset=integer, limit=integer)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_rule_types", offset=integer, limit=integer)
print(response)
Finds all rule IDs matching the query with optional filter.
query_rules
| Method | Route |
|---|
| /ioarules/queries/rules/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | FQL Syntax formatted string used to limit the results.
Available filters:- enabled
- platform
- name
- description
- rules.action_label
- rules.name
- rules.description
- rules.pattern_severity
- rules.ruletype_name
- rules.enabled
Filter range criteria: You may use any common date format,
such as 2010-05-15T14:55:21.892315096Z for date format fields. |
| limit | ![]()
![]() | ![]()
![]() | query | integer | Maximum number of records to return. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Starting index of overall result set from which to return ids. |
| q | ![]()
![]() | ![]()
![]() | query | string | Match query criteria which includes all the filter string fields. |
| sort | ![]()
![]() | ![]()
![]() | query | string | The property to sort by. (Ex: rules.created_on.desc)
Available sort fields: - rules.ruletype_name
- rules.enabled
- rules.created_by
- rules.current_version.name
- rules.current_version.modified_by
- rules.created_on
- rules.current_version.description
- rules.current_version.pattern_severity
- rules.current_version.action_label
- rules.current_version.modified_on
|
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rules(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rulesMixin0(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_rulesMixin0",
sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)