Using the Custom IOA service collection
This service collection has code examples posted to the repository.
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Get pattern severities by ID. | ||||
| Get platforms by ID. | ||||
| Get rule groups by ID. | ||||
| Create a rule group for a platform with a name and an optional description. Returns the rule group. | ||||
| Delete rule groups by ID. | ||||
| Update a rule group. The following properties can be modified: name, description, enabled. | ||||
| Get rule types by ID. | ||||
| Get rules by ID and optionally version in the following format: ID[:version]. | ||||
| Get rules by ID and optionally version in the following format: ID[:version]. The max number of IDs is constrained by URL size. | ||||
| Create a rule within a rule group. Returns the rule. | ||||
| Delete rules from a rule group by ID. | ||||
| Update rules within a rule group. Return the updated rules. | ||||
| Update name, description, enabled or field_values for individual rules within a rule group. The v1 flavor of this call requires the caller to specify the complete state for all the rules in the rule group, instead the v2 flavor will accept the subset of rules in the rule group and apply the attribute updates to the subset of rules in the rule group. Returns the updated rules. | ||||
| Validates field values and checks for matches if a test string is provided. | ||||
| Get all pattern severity IDs. | ||||
| Get all platform IDs. | ||||
| Find all rule groups matching the query with optional filter. | ||||
| Finds all rule group IDs matching the query with optional filter. | ||||
| Get all rule type IDs. | ||||
| Finds all rule IDs matching the query with optional filter. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
get_patterns
Get pattern severities by ID.
PEP8 method name
get_patterns
Endpoint
| Method | Route |
|---|---|
 | /ioarules/entities/pattern-severities/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |  | | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_patterns(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_patterns(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_patterns", ids=id_list)
print(response)
Back to Table of Contents
get_platformsMixin0
Get platforms by ID.
PEP8 method name
get_platforms
Endpoint
| Method | Route |
|---|---|
| /ioarules/entities/platforms/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_platforms(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_platformsMixin0(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_platformsMixin0", ids=id_list)
print(response)
Back to Table of Contents
get_rule_groupsMixin0
Get rule groups by ID.
PEP8 method name
get_rule_groups
Endpoint
| Method | Route |
|---|---|
| /ioarules/entities/rule-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule_groups(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule_groupsMixin0(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_rule_groupsMixin0", ids=id_list)
print(response)
Back to Table of Contents
create_rule_groupMixin0
Create a rule group for a platform with a name and an optional description. Returns the rule group.
PEP8 method name
create_rule_group
Endpoint
| Method | Route |
|---|---|
 | /ioarules/entities/rule-groups/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |  | body | dictionary | Full body payload in JSON format. |
| description | |  | body | string | Rule group description. |
| comment | | | body | string | Comment to associate with this rule group. |
| name | | | body | string | Rule group name. |
| platform | | | body | string | Rule group platform. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_rule_group(description="string",
comment="string",
name="string",
platform="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_rule_groupMixin0(description="string",
comment="string",
name="string",
platform="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"comment": "string",
"description": "string",
"name": "string",
"platform": "string"
}
response = falcon.command("create_rule_groupMixin0", body=BODY)
print(response)
Back to Table of Contents
delete_rule_groupsMixin0
Delete rule groups by ID.
PEP8 method name
delete_rule_groups
Endpoint
| Method | Route |
|---|---|
 | /ioarules/entities/rule-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comment | | | query | string | Audit log comment for this operation. |
| ids | | | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rule_groups(comment="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rule_groupsMixin0(comment="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("delete_rule_groupsMixin0", comment="string", ids=id_list)
print(response)
Back to Table of Contents
update_rule_groupMixin0
Update a rule group. The following properties can be modified: name, description, enabled.
PEP8 method name
update_rule_group
Endpoint
| Method | Route |
|---|---|
 | /ioarules/entities/rule-groups/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| description | | | body | string | Rule group description. |
| comment | | | body | string | Comment to associate with this rule group. |
| enabled | | | body | boolean | Flag indicating if this rule group is enabled. |
| id | | | body | string | ID of the rule group to be updated. |
| name | | | body | string | Rule group name. |
| rulegroup_version | | | body | integer | Rule group version to update. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_rule_group(comment="string",
description="string",
enabled=boolean,
id="string",
name="string",
rulegroup_version=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_rule_groupMixin0(comment="string",
description="string",
enabled=boolean,
id="string",
name="string",
rulegroup_version=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"comment": "string",
"description": "string",
"enabled": boolean,
"id": "string",
"name": "string",
"rulegroup_version": integer
}
response = falcon.command("update_rule_groupMixin0", body=BODY)
print(response)
Back to Table of Contents
get_rule_types
Get rule types by ID.
PEP8 method name
get_rule_types
Endpoint
| Method | Route |
|---|---|
| /ioarules/entities/rule-types/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule_types(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule_types(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_rule_types", ids=id_list)
print(response)
Back to Table of Contents
get_rules_get
Get rules by ID and optionally version in the following format: ID[:version].
PEP8 method name
get_rules_get
Endpoint
| Method | Route |
|---|---|
| /ioarules/entities/rules/GET/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| ids | | | body | string or list of strings | Rule ID(s) to retrieve. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rules_get(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rules_get(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
BODY = {
"ids": id_list
}
response = falcon.command("get_rules_get", body=BODY)
print(response)
Back to Table of Contents
get_rulesMixin0
Get rules by ID and optionally version in the following format: ID[:version]. The max number of IDs is constrained by URL size.
PEP8 method name
get_rules
Endpoint
| Method | Route |
|---|---|
| /ioarules/entities/rules/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rules(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rulesMixin0(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_rulesMixin0", ids=id_list)
print(response)
Back to Table of Contents
create_rule
Create a rule within a rule group. Returns the rule.
PEP8 method name
create_rule
Endpoint
| Method | Route |
|---|---|
| /ioarules/entities/rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| description | | | body | string | Rule description. |
| disposition_id | | | body | integer | Disposition ID of the rule. |
| comment | | | body | string | Comment to associate with this rule. |
| field_values | | | body | dictionary | Dictionary representing the rule field values. |
| pattern_severity | | | body | string | Severity. |
| name | | | body | string | Rule name. |
| rulegroup_id | | | body | string | ID of the Rule group to associate this rule to. |
| ruletype_id | | | body | string | Rule Type ID for this rule. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
field_val = {
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
response = falcon.create_rule(comment="string",
description="string",
disposition_id=integer,
field_values=field_val,
pattern_severity="string",
name="string",
rulegroup_id="string",
ruletype_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
field_val = {
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
response = falcon.create_rule(comment="string",
description="string",
disposition_id=integer,
field_values=field_val,
pattern_severity="string",
name="string",
rulegroup_id="string",
ruletype_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"comment": "string",
"description": "string",
"disposition_id": integer,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"name": "string",
"pattern_severity": "string",
"rulegroup_id": "string",
"ruletype_id": "string"
}
response = falcon.command("create_rule", body=BODY)
print(response)
Back to Table of Contents
delete_rules
Delete rules from a rule group by ID.
PEP8 method name
delete_rules
Endpoint
| Method | Route |
|---|---|
| /ioarules/entities/rules/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comment | | | query | string | Audit log comment for this operation. |
| ids | | | query | string or list of strings | The ID(s) of the entities to return. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| rule_group_id | | | query | string | The parent rule group ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rules(rule_group_id="string", comment="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rules(rule_group_id="string", comment="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("delete_rules",
comment="string",
ids=id_list,
rule_group_id="string"
)
print(response)
Back to Table of Contents
update_rules
Update rules within a rule group. Return the updated rules.
PEP8 method name
update_rules
Endpoint
| Method | Route |
|---|---|
| /ioarules/entities/rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| comment | | | body | string | Comment to associate with this rule. |
| rule_updates | | | body | dictionary | Dictionary representing the rule updates to perfrom. |
| rulegroup_id | | | body | string | ID of the Rule group to associate this rule to. |
| rulegroup_version | | | body | integer | Rule group version. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_update = {
"description": "string",
"disposition_id": integer,
"enabled": boolean,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": integer
}
response = falcon.update_rules(comment="string",
rule_updates=rule_update,
rulegroup_id="string",
rulegroup_version=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_update = {
"description": "string",
"disposition_id": integer,
"enabled": boolean,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": integer
}
response = falcon.update_rules(comment="string",
rule_updates=rule_update,
rulegroup_id="string",
rulegroup_version=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"comment": "string",
"rule_updates": [
{
"description": "string",
"disposition_id": 0,
"enabled": true,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": 0
}
],
"rulegroup_id": "string",
"rulegroup_version": 0
}
response = falcon.command("update_rules", body=BODY)
print(response)
Back to Table of Contents
update_rules_v2
Update name, description, enabled or field_values for individual rules within a rule group. The v1 flavor of this call requires the caller to specify the complete state for all the rules in the rule group, instead the v2 flavor will accept the subset of rules in the rule group and apply the attribute updates to the subset of rules in the rule group. Returns the updated rules.
PEP8 method name
update_rules_v2
Endpoint
| Method | Route |
|---|---|
| /ioarules/entities/rules/v2 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| comment | | | body | string | Comment to associate with this rule. |
| rule_updates | | | body | dictionary | Dictionary representing the rule updates to perfrom. |
| rulegroup_id | | | body | string | ID of the Rule group to associate this rule to. |
| rulegroup_version | | | body | integer | Rule group version. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_update = {
"description": "string",
"disposition_id": integer,
"enabled": boolean,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": integer
}
response = falcon.update_rules_v2(comment="string",
rule_updates=rule_update,
rulegroup_id="string",
rulegroup_version=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_update = {
"description": "string",
"disposition_id": integer,
"enabled": boolean,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": integer
}
response = falcon.update_rules_v2(comment="string",
rule_updates=rule_update,
rulegroup_id="string",
rulegroup_version=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"comment": "string",
"rule_updates": [
{
"description": "string",
"disposition_id": integer,
"enabled": boolean,
"field_values": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
],
"instance_id": "string",
"name": "string",
"pattern_severity": "string",
"rulegroup_version": integer
}
],
"rulegroup_id": "string",
"rulegroup_version": integer
}
response = falcon.command("update_rules_v2", body=BODY)
print(response)
Back to Table of Contents
validate
Validates field values and checks for matches if a test string is provided.
PEP8 method name
validate
Endpoint
| Method | Route |
|---|---|
| /ioarules/entities/rules/validate/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| fields | | | body | list of dictionaries | List of dictionaries containing the fields to be validated. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields_to_validate = [{
"name": "string",
"test_data": "string",
"type": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}]
response = falcon.validate(fields=field_to_validate)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields_to_validate = [{
"name": "string",
"test_data": "string",
"type": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}]
response = falcon.validate(fields=field_to_validate)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"fields": [
{
"name": "string",
"test_data": "string",
"type": "string",
"values": [
{
"label": "string",
"value": "string"
}
]
}
]
}
response = falcon.command("validate", body=BODY)
print(response)
Back to Table of Contents
query_patterns
Get all pattern severity IDs.
PEP8 method name
query_patterns
Endpoint
| Method | Route |
|---|---|
| /ioarules/queries/pattern-severities/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | integer | Maximum number of records to return. |
| offset | | | query | integer | Starting index of overall result set from which to return ids. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_patterns(offset=integer, limit=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_patterns(offset=integer, limit=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_patterns", limit=integer, offset=integer)
print(response)
Back to Table of Contents
query_platformsMixin0
Get all platform IDs.
PEP8 method name
query_platforms
Endpoint
| Method | Route |
|---|---|
| /ioarules/queries/platforms/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | integer | Maximum number of records to return. |
| offset | | | query | integer | Starting index of overall result set from which to return ids. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_platforms(offset=integer, limit=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_platformsMixin0(offset=integer, limit=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_platformsMixin0", offset=integer, limit=integer)
print(response)
Back to Table of Contents
query_rule_groups_full
Find all rule groups matching the query with optional filter.
PEP8 method name
query_rule_groups_full
Endpoint
| Method | Route |
|---|---|
| /ioarules/queries/rule-groups-full/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL Syntax formatted string used to limit the results. Available filters:
such as 2010-05-15T14:55:21.892315096Z for date format fields. |
| limit | | | query | integer | Maximum number of records to return. |
| offset | | | query | integer | Starting index of overall result set from which to return ids. |
| q | | | query | string | Match query criteria which includes all the filter string fields. |
| sort | | | query | string | The property to sort by. (Ex: modified_on.desc) Available sort fields:
|
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_groups_full(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_groups_full(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_rule_groups_full",
sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Back to Table of Contents
query_rule_groupsMixin0
Finds all rule group IDs matching the query with optional filter.
PEP8 method name
query_rule_groups
Endpoint
| Method | Route |
|---|---|
| /ioarules/queries/rule-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL Syntax formatted string used to limit the results. Available filters:
such as 2010-05-15T14:55:21.892315096Z for date format fields. |
| limit | | | query | integer | Maximum number of records to return. |
| offset | | | query | integer | Starting index of overall result set from which to return ids. |
| q | | | query | string | Match query criteria which includes all the filter string fields. |
| sort | | | query | string | The property to sort by. (Ex: modified_on.desc) Available sort fields:
|
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_groups(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_groupsMixin0(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_rule_groupsMixin0",
sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Back to Table of Contents
query_rule_types
Get all rule type IDs.
PEP8 method name
query_rule_types
Endpoint
| Method | Route |
|---|---|
| /ioarules/queries/rule-types/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | integer | Maximum number of records to return. |
| offset | | | query | integer | Starting index of overall result set from which to return ids. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_types(offset=integer, limit=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_types(offset=integer, limit=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_rule_types", offset=integer, limit=integer)
print(response)
Back to Table of Contents
query_rulesMixin0
Finds all rule IDs matching the query with optional filter.
PEP8 method name
query_rules
Endpoint
| Method | Route |
|---|---|
| /ioarules/queries/rules/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL Syntax formatted string used to limit the results. Available filters:
such as 2010-05-15T14:55:21.892315096Z for date format fields. |
| limit | | | query | integer | Maximum number of records to return. |
| offset | | | query | integer | Starting index of overall result set from which to return ids. |
| q | | | query | string | Match query criteria which includes all the filter string fields. |
| sort | | | query | string | The property to sort by. (Ex: rules.created_on.desc) Available sort fields:
|
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rules(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CustomIOA
# Do not hardcode API credentials!
falcon = CustomIOA(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rulesMixin0(sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_rulesMixin0",
sort="string",
filter="string",
q="string",
offset="string",
limit=integer
)
print(response)
Back to Table of Contents