Using the Firewall Management service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Aggregate events for customer | ||||
| Aggregate rules within a policy for customer | ||||
| Aggregate rule groups for customer | ||||
| Aggregate rules for customer | ||||
| Get events entities by ID and optionally version | ||||
| Get the firewall field specifications by ID | ||||
| Get network locations entities by ID | ||||
| Updates the network locations metadata such as polling_intervals for the cid | ||||
| Updates the network locations precedence according to the list of ids provided. | ||||
| Get a summary of network locations entities by ID | ||||
| Updates the network locations provided, and return the ID. | ||||
| Create new network locations provided, and return the ID. | ||||
| Delete network location entities by ID. | ||||
| Updates the network locations provided, and return the ID. | ||||
| Get platforms by ID, e.g., windows or mac or droid | ||||
| Get policy container entities by policy ID | ||||
 | Update an identified policy container | ||||
| Update an identified policy container | ||||
| Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order. | ||||
| Create new rule group on a platform for a customer with a name and description, and return the ID | ||||
| Delete rule group entities by ID | ||||
| Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules | ||||
| Validates the request of creating a new rule group on a platform for a customer with a name and description | ||||
| Validates the request of updating name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules | ||||
| Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string) | ||||
| Validates that the test pattern matches the executable filepath glob pattern. | ||||
| Find all event IDs matching the query with filter | ||||
| Get the firewall field specification IDs for the provided platform | ||||
| Get a list of network location IDs | ||||
| Get the list of platform names | ||||
| Find all firewall rule IDs matching the query with filter, and return them in precedence order | ||||
| Find all rule group IDs matching the query with filter | ||||
| Find all rule IDs matching the query with filter | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
aggregate_events
Aggregate events for customer
PEP8 method name
aggregate_events
Endpoint
| Method | Route |
|---|---|
 | /fwmgr/aggregates/events/GET/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |  |  | body | list of dictionaries | Full body payload in JSON format. |
| date_ranges | |  | body | list of dictionaries | Applies to date_range aggregations. Example: [ { "from": "2016-05-28T09:00:31Z", "to": "2016-05-30T09:00:31Z" }, { "from": "2016-06-01T09:00:31Z", "to": "2016-06-10T09:00:31Z" } ] |
| exclude | | | body | string | Elements to exclude. |
| field | | | body | string | The field on which to compute the aggregation. |
| filter | | | body | string | FQL syntax formatted string to use to filter the results. |
| from | | | body | integer | Starting position. |
| include | | | body | string | Elements to include. |
| interval | | | body | string | Time interval for date histogram aggregations. Valid values include:
|
| max_doc_count | | | body | integer | Only return buckets if values are less than or equal to the value here. |
| min_doc_count | | | body | integer | Only return buckets if values are greater than or equal to the value here. |
| missing | | | body | string | Missing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value. |
| name | | | body | string | Name of the aggregate query, as chosen by the user. Used to identify the results returned to you. |
| q | | | body | string | Full text search across all metadata fields. |
| ranges | | | body | list of dictionaries | Applies to range aggregations. Ranges values will depend on field. For example, if max_severity is used, ranges might look like: [ { "From": 0, "To": 70 }, { "From": 70, "To": 100 } ] |
| size | | | body | integer | The max number of term buckets to be returned. |
| sub_aggregates | | | body | list of dictionaries | A nested aggregation, such as: [ { "name": "max_first_behavior", "type": "max", "field": "first_behavior" } ] There is a maximum of 3 nested aggregations per request. |
| sort | | | body | string | FQL syntax string to sort bucket results.
asc and desc using | format. Example: _count|desc |
| time_zone | | | body | string | Time zone for bucket results. |
| type | | | body | string | Type of aggregation. Valid values include:
|
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
response = falcon.aggregate_events(date_ranges=date_ranges,
exclude="string",
field="string",
filter="string",
from=integer,
include="string",
interval="string",
max_doc_count=integer,
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=ranges,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
BODY = [{
"date_ranges": date_ranges,
"exclude": "string",
"field": "string",
"filter": "string",
"from": integer,
"include": "string",
"interval": "string",
"max_doc_count": integer,
"min_doc_count": integer,
"missing": "string",
"name": "string",
"q": "string",
"ranges": ranges,
"size": integer,
"sort": "string",
"sub_aggregates": [
null
]
"time_zone": "string",
"type": "string"
}]
response = falcon.command("aggregate_events", body=BODY)
print(response)
Back to Table of Contents
aggregate_policy_rules
Aggregate rules within a policy for customer
PEP8 method name
aggregate_policy_rules
Endpoint
| Method | Route |
|---|---|
| /fwmgr/aggregates/policy-rules/GET/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| date_ranges | | | body | list of dictionaries | Applies to date_range aggregations. Example: [ { "from": "2016-05-28T09:00:31Z", "to": "2016-05-30T09:00:31Z" }, { "from": "2016-06-01T09:00:31Z", "to": "2016-06-10T09:00:31Z" } ] |
| exclude | | | body | string | Elements to exclude. |
| field | | | body | string | The field on which to compute the aggregation. |
| filter | | | body | string | FQL syntax formatted string to use to filter the results. |
| from | | | body | integer | Starting position. |
| include | | | body | string | Elements to include. |
| interval | | | body | string | Time interval for date histogram aggregations. Valid values include:
|
| max_doc_count | | | body | integer | Only return buckets if values are less than or equal to the value here. |
| min_doc_count | | | body | integer | Only return buckets if values are greater than or equal to the value here. |
| missing | | | body | string | Missing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value. |
| name | | | body | string | Name of the aggregate query, as chosen by the user. Used to identify the results returned to you. |
| q | | | body | string | Full text search across all metadata fields. |
| ranges | | | body | list of dictionaries | Applies to range aggregations. Ranges values will depend on field. For example, if max_severity is used, ranges might look like: [ { "From": 0, "To": 70 }, { "From": 70, "To": 100 } ] |
| size | | | body | integer | The max number of term buckets to be returned. |
| sub_aggregates | | | body | list of dictionaries | A nested aggregation, such as: [ { "name": "max_first_behavior", "type": "max", "field": "first_behavior" } ] There is a maximum of 3 nested aggregations per request. |
| sort | | | body | string | FQL syntax string to sort bucket results.
asc and desc using | format. Example: _count|desc |
| time_zone | | | body | string | Time zone for bucket results. |
| type | | | body | string | Type of aggregation. Valid values include:
|
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
response = falcon.aggregate_policy_rules(date_ranges=date_ranges,
exclude="string",
field="string",
filter="string",
from=integer,
include="string",
interval="string",
max_doc_count=integer,
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=ranges,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
BODY = [{
"date_ranges": date_ranges,
"exclude": "string",
"field": "string",
"filter": "string",
"from": integer,
"include": "string",
"interval": "string",
"max_doc_count": integer,
"min_doc_count": integer,
"missing": "string",
"name": "string",
"q": "string",
"ranges": ranges,
"size": integer,
"sort": "string",
"sub_aggregates": [
null
]
"time_zone": "string",
"type": "string"
}]
response = falcon.command("aggregate_policy_rules", body=BODY)
print(response)
Back to Table of Contents
aggregate_rule_groups
Aggregate rule groups for customer
PEP8 method name
aggregate_rule_groups
Endpoint
| Method | Route |
|---|---|
| /fwmgr/aggregates/rule-groups/GET/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| date_ranges | | | body | list of dictionaries | Applies to date_range aggregations. Example: [ { "from": "2016-05-28T09:00:31Z", "to": "2016-05-30T09:00:31Z" }, { "from": "2016-06-01T09:00:31Z", "to": "2016-06-10T09:00:31Z" } ] |
| exclude | | | body | string | Elements to exclude. |
| field | | | body | string | The field on which to compute the aggregation. |
| filter | | | body | string | FQL syntax formatted string to use to filter the results. |
| from | | | body | integer | Starting position. |
| include | | | body | string | Elements to include. |
| interval | | | body | string | Time interval for date histogram aggregations. Valid values include:
|
| max_doc_count | | | body | integer | Only return buckets if values are less than or equal to the value here. |
| min_doc_count | | | body | integer | Only return buckets if values are greater than or equal to the value here. |
| missing | | | body | string | Missing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value. |
| name | | | body | string | Name of the aggregate query, as chosen by the user. Used to identify the results returned to you. |
| q | | | body | string | Full text search across all metadata fields. |
| ranges | | | body | list of dictionaries | Applies to range aggregations. Ranges values will depend on field. For example, if max_severity is used, ranges might look like: [ { "From": 0, "To": 70 }, { "From": 70, "To": 100 } ] |
| size | | | body | integer | The max number of term buckets to be returned. |
| sub_aggregates | | | body | list of dictionaries | A nested aggregation, such as: [ { "name": "max_first_behavior", "type": "max", "field": "first_behavior" } ] There is a maximum of 3 nested aggregations per request. |
| sort | | | body | string | FQL syntax string to sort bucket results.
asc and desc using | format. Example: _count|desc |
| time_zone | | | body | string | Time zone for bucket results. |
| type | | | body | string | Type of aggregation. Valid values include:
|
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
response = falcon.aggregate_rule_groups(date_ranges=date_ranges,
exclude="string",
field="string",
filter="string",
from=integer,
include="string",
interval="string",
max_doc_count=integer,
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=ranges,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
BODY = [{
"date_ranges": date_ranges,
"exclude": "string",
"field": "string",
"filter": "string",
"from": integer,
"include": "string",
"interval": "string",
"max_doc_count": integer,
"min_doc_count": integer,
"missing": "string",
"name": "string",
"q": "string",
"ranges": ranges,
"size": integer,
"sort": "string",
"sub_aggregates": [
null
]
"time_zone": "string",
"type": "string"
}]
response = falcon.command("aggregate_rule_groups", body=BODY)
print(response)
Back to Table of Contents
aggregate_rules
Aggregate rules for customer
PEP8 method name
aggregate_rules
Endpoint
| Method | Route |
|---|---|
| /fwmgr/aggregates/rules/GET/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| date_ranges | | | body | list of dictionaries | Applies to date_range aggregations. Example: [ { "from": "2016-05-28T09:00:31Z", "to": "2016-05-30T09:00:31Z" }, { "from": "2016-06-01T09:00:31Z", "to": "2016-06-10T09:00:31Z" } ] |
| exclude | | | body | string | Elements to exclude. |
| field | | | body | string | The field on which to compute the aggregation. |
| filter | | | body | string | FQL syntax formatted string to use to filter the results. |
| from | | | body | integer | Starting position. |
| include | | | body | string | Elements to include. |
| interval | | | body | string | Time interval for date histogram aggregations. Valid values include:
|
| max_doc_count | | | body | integer | Only return buckets if values are less than or equal to the value here. |
| min_doc_count | | | body | integer | Only return buckets if values are greater than or equal to the value here. |
| missing | | | body | string | Missing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value. |
| name | | | body | string | Name of the aggregate query, as chosen by the user. Used to identify the results returned to you. |
| q | | | body | string | Full text search across all metadata fields. |
| ranges | | | body | list of dictionaries | Applies to range aggregations. Ranges values will depend on field. For example, if max_severity is used, ranges might look like: [ { "From": 0, "To": 70 }, { "From": 70, "To": 100 } ] |
| size | | | body | integer | The max number of term buckets to be returned. |
| sub_aggregates | | | body | list of dictionaries | A nested aggregation, such as: [ { "name": "max_first_behavior", "type": "max", "field": "first_behavior" } ] There is a maximum of 3 nested aggregations per request. |
| sort | | | body | string | FQL syntax string to sort bucket results.
asc and desc using | format. Example: _count|desc |
| time_zone | | | body | string | Time zone for bucket results. |
| type | | | body | string | Type of aggregation. Valid values include:
|
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
response = falcon.aggregate_rules(date_ranges=date_ranges,
exclude="string",
field="string",
filter="string",
from=integer,
include="string",
interval="string",
max_doc_count=integer,
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=ranges,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
BODY = [{
"date_ranges": date_ranges,
"exclude": "string",
"field": "string",
"filter": "string",
"from": integer,
"include": "string",
"interval": "string",
"max_doc_count": integer,
"min_doc_count": integer,
"missing": "string",
"name": "string",
"q": "string",
"ranges": ranges,
"size": integer,
"sort": "string",
"sub_aggregates": [
null
]
"time_zone": "string",
"type": "string"
}]
response = falcon.command("aggregate_rules", body=BODY)
print(response)
Back to Table of Contents
get_events
Get events entities by ID and optionally version
PEP8 method name
get_events
Endpoint
| Method | Route |
|---|---|
 | /fwmgr/entities/events/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The events to retrieve, identified by ID. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_events(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_events", ids=id_list)
print(response)
Back to Table of Contents
get_firewall_fields
Get the firewall field specifications by ID
PEP8 method name
get_firewall_fields
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/firewall-fields/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The rule types to retrieve, identified by ID. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_firewall_fields(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_firewall_fields", ids=id_list)
print(response)
Back to Table of Contents
get_network_locations_details
Get network locations entities by ID
PEP8 method name
get_network_locations_details
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/network-locations-details/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The ID of the network location to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format, not required if using ids keyword. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_network_locations_details(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_network_locations_details", ids=id_list)
print(response)
Back to Table of Contents
update_network_locations_metadata
Updates the network locations metadata such as polling_intervals for the cid
PEP8 method name
update_network_locations_metadata
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/network-locations-metadata/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| cid | | | body | string | CID for the location. |
| comment | | | query | string | Audit log comment for this action. |
| dns_resolution_targets_polling_interval | | | body | integer | Change the DNS resolution target polling interval. |
| https_reachable_hosts_polling_interval | | | body | integer | Change the HTTPS reachable hosts polling interval. |
| icmp_request_targets_polling_interval | | | body | integer | Change the ICMP request targets polling interval. |
| location_precedence | | | body | list of strings | Reorder location precedence of network locations based upon the order of the list of network location IDs provided. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format, not required if using the comment keyword. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
location_precedence = ["string", "string", "string"]
response = falcon.update_network_locations_metadata(cid="string",
comment="string",
dns_resolution_targets_polling_interval=integer,
https_reachable_hosts_polling_interval=integer,
icmp_request_targets_polling_interval=integer,
location_precedence=location_precedence
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"cid": "string",
"dns_resolution_targets_polling_interval": integer,
"https_reachable_hosts_polling_interval": integer,
"icmp_request_targets_polling_interval": integer,
"location_precedence": [
"string"
]
}
response = falcon.command("update_network_locations_metadata", comment="string", body=BODY)
print(response)
Back to Table of Contents
update_network_locations_precedence
Updates the network locations precedence according to the list of ids provided.
PEP8 method name
update_network_locations_precedence
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/network-locations-precedence/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| cid | | | body | string | CID for the location. |
| comment | | | query | string | Audit log comment for this action. |
| location_precedence | | | body | list of strings | Reorder location precedence of network locations based upon the order of the list of network location IDs provided. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format, not required if using the comment keyword. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
location_precedence = ["string", "string", "string"]
response = falcon.update_network_locations_precedence(cid="string",
comment="string",
location_precedence=location_precedence
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"cid": "string",
"location_precedence": [
"string"
]
}
response = falcon.command("update_network_locations_precedence", comment="string", body=BODY)
print(response)
Back to Table of Contents
get_network_locations
Get a summary of network locations entities by ID
PEP8 method name
get_network_locations
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/network-locations/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The ID of the network location to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format, not required if using ids keyword. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_network_locations(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_network_locations", ids=id_list)
print(response)
Back to Table of Contents
upsert_network_locations
Updates the network locations provided, and return the ID.
PEP8 method name
upsert_network_locations
Endpoint
| Method | Route |
|---|---|
 | /fwmgr/entities/network-locations/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| comment | | | query | string | Audit log comment for this action. |
| connection_types | | | body | dictionary | Connections available at this location. |
| created_by | | | body | string | User UUID that created the change. |
| created_on | | | body | string | Datetime formatted string reflecting the time of the change. |
| default_gateways | | | body | list of strings | List of available gateways at this location. |
| description | | | body | string | Description for the location. |
| dhcp_servers | | | body | list of strings | List of available DHCP servers at this location. |
| dns_resolution_targets | | | body | dictionary | Dictionary containing a list of DNS resolution targets for the location. |
| dns_servers | | | body | list of strings | List of available DNS servers at this location. |
| enabled | | | body | boolean | Flag indicating if this location is enabled. |
| host_addresses | | | body | list of strings | List of available host address ranges for this location. |
| https_reachable_hosts | | | body | dictionary | Dictionary containing a list of hostnames reachable via HTTPS at this location. |
| icmp_request_targets | | | body | dictionary | Dictionary containing targets for ICMP monitoring requests at this location. |
| id | | | body | string | Network location ID to upsert. |
| modified_by | | | body | string | User UUID performing this change. |
| modified_on | | | body | string | UTC formatted date string when this location was modified. |
| name | | | body | string | Name for this location. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format, not required if using the comment keyword. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
connection_types = {
"wired": boolean,
"wireless": {
"enabled": boolean,
"require_encryption": boolean,
"ssids": [
"string"
]
}
}
default_gateways = ["string", "string"]
dhcp_servers = ["string", "string"]
dns_resolution_targets = {
"targets": [
{
"hostname": "string",
"ip_match": [
"string"
]
}
]
}
dns_servers = ["string", "string"]
host_addresses = ["string", "string"]
https_reachable_hosts = {
"hostnames": [
"string"
]
}
icmp_request_targets = {
"targets": [
"string"
]
}
response = falcon.upsert_network_locations(comment="string",
connection_types=connection_types,
created_by="string",
created_on="string",
default_gateways=default_gateways,
description="string",
dhcp_servers=dhcp_servers,
dns_resolution_targets=dns_resolution_targets,
dns_servers=dns_servers,
enabled=boolean,
host_addresses=host_addresses,
https_reachable_hosts=https_reachable_hosts,
icmp_request_targets=icmp_request_targets,
name="string",
id="string",
modified_by="string",
modified_on="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
connection_types = {
"wired": boolean,
"wireless": {
"enabled": boolean,
"require_encryption": boolean,
"ssids": [
"string"
]
}
}
default_gateways = ["string", "string"]
dhcp_servers = ["string", "string"]
dns_resolution_targets = {
"targets": [
{
"hostname": "string",
"ip_match": [
"string"
]
}
]
}
dns_servers = ["string", "string"]
host_addresses = ["string", "string"]
https_reachable_hosts = {
"hostnames": [
"string"
]
}
icmp_request_targets = {
"targets": [
"string"
]
}
BODY = {
"connection_types": connection_types,
"created_by": "string",
"created_on": "string",
"default_gateways": default_gateways,
"description": "string",
"dhcp_servers": dhcp_servers,
"dns_resolution_targets": dns_resolution_targets,
"dns_servers": dns_servers,
"enabled": boolean,
"host_addresses": host_addresses,
"https_reachable_hosts": https_reachable_hosts,
"icmp_request_targets": icmp_request_targets,
"name": "string",
"id": "string",
"modified_by": "string",
"modified_on": "string"
}
response = falcon.command("upsert_network_locations", comment="string", body=BODY)
print(response)
Back to Table of Contents
create_network_locations
Create new network locations provided, and return the ID.
PEP8 method name
create_network_locations
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/network-locations/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| add_fw_rules | | | query | boolean | Flag to indicate that the cloned location needs to be added to the same firewall rules that encompass the original location. |
| body | | | body | dictionary | Full body payload in JSON format. |
| clone_id | | | query | string | A rule group ID from which to copy rules. If this keyword is provided then all other keywords excluding add_fw_rules and comment are ignored. |
| comment | | | query | string | Audit log comment for this action. |
| connection_types | | | body | dictionary | Connections available at this location. |
| default_gateways | | | body | list of strings | List of available gateways at this location. |
| description | | | body | string | Description for the location. |
| dhcp_servers | | | body | list of strings | List of available DHCP servers at this location. |
| dns_resolution_targets | | | body | dictionary | Dictionary containing a list of DNS resolution targets for the location. |
| dns_servers | | | body | list of strings | List of available DNS servers at this location. |
| enabled | | | body | boolean | Flag indicating if this location is enabled. |
| host_addresses | | | body | list of strings | List of available host address ranges for this location. |
| https_reachable_hosts | | | body | dictionary | Dictionary containing a list of hostnames reachable via HTTPS at this location. |
| icmp_request_targets | | | body | dictionary | Dictionary containing targets for ICMP monitoring requests at this location. |
| name | | | body | string | Name for this location. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format, not required if using the add_fw_rules, clone_id or comment keywords. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
connection_types = {
"wired": boolean,
"wireless": {
"enabled": boolean,
"require_encryption": boolean,
"ssids": [
"string"
]
}
}
default_gateways = ["string", "string"]
dhcp_servers = ["string", "string"]
dns_resolution_targets = {
"targets": [
{
"hostname": "string",
"ip_match": [
"string"
]
}
]
}
dns_servers = ["string", "string"]
host_addresses = ["string", "string"]
https_reachable_hosts = {
"hostnames": [
"string"
]
}
icmp_request_targets = {
"targets": [
"string"
]
}
response = falcon.create_network_locations(add_fw_rules=boolean,
clone_id="string",
comment="string",
connection_types=connection_types,
default_gateways=default_gateways,
description="string",
dhcp_servers=dhcp_servers,
dns_resolution_targets=dns_resolution_targets,
dns_servers=dns_servers,
enabled=boolean,
host_addresses=host_addresses,
https_reachable_hosts=https_reachable_hosts,
icmp_request_targets=icmp_request_targets,
name="string",
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
connection_types = {
"wired": boolean,
"wireless": {
"enabled": boolean,
"require_encryption": boolean,
"ssids": [
"string"
]
}
}
default_gateways = ["string", "string"]
dhcp_servers = ["string", "string"]
dns_resolution_targets = {
"targets": [
{
"hostname": "string",
"ip_match": [
"string"
]
}
]
}
dns_servers = ["string", "string"]
host_addresses = ["string", "string"]
https_reachable_hosts = {
"hostnames": [
"string"
]
}
icmp_request_targets = {
"targets": [
"string"
]
}
BODY = {
"connection_types": connection_types,
"default_gateways": default_gateways,
"description": "string",
"dhcp_servers": dhcp_servers,
"dns_resolution_targets": dns_resolution_targets,
"dns_servers": dns_servers,
"enabled": boolean,
"host_addresses": host_addresses,
"https_reachable_hosts": https_reachable_hosts,
"icmp_request_targets": icmp_request_targets,
"name": "string"
}
response = falcon.command("create_network_locations",
add_fw_rules=boolean,
clone_id="string",
comment="string",
body=BODY
)
print(response)
Back to Table of Contents
delete_network_locations
Delete network location entities by ID.
PEP8 method name
delete_network_locations
Endpoint
| Method | Route |
|---|---|
 | /fwmgr/entities/network-locations/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The ID of the network location to delete. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format, not required if using ids keyword. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_network_locations(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("delete_network_locations", ids=id_list)
print(response)
Back to Table of Contents
update_network_locations
Updates the network locations provided, and return the ID.
PEP8 method name
update_network_locations
Endpoint
| Method | Route |
|---|---|
 | /fwmgr/entities/network-locations/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| comment | | | query | string | Audit log comment for this action. |
| connection_types | | | body | dictionary | Connections available at this location. |
| created_by | | | body | string | User UUID that created the change. |
| created_on | | | body | string | Datetime formatted string reflecting the time of the change. |
| default_gateways | | | body | list of strings | List of available gateways at this location. |
| description | | | body | string | Description for the location. |
| dhcp_servers | | | body | list of strings | List of available DHCP servers at this location. |
| dns_resolution_targets | | | body | dictionary | Dictionary containing a list of DNS resolution targets for the location. |
| dns_servers | | | body | list of strings | List of available DNS servers at this location. |
| enabled | | | body | boolean | Flag indicating if this location is enabled. |
| host_addresses | | | body | list of strings | List of available host address ranges for this location. |
| https_reachable_hosts | | | body | dictionary | Dictionary containing a list of hostnames reachable via HTTPS at this location. |
| icmp_request_targets | | | body | dictionary | Dictionary containing targets for ICMP monitoring requests at this location. |
| id | | | body | string | Network location ID to upsert. |
| modified_by | | | body | string | User UUID performing this change. |
| modified_on | | | body | string | UTC formatted date string when this location was modified. |
| name | | | body | string | Name for this location. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format, not required if using the comment keyword. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
connection_types = {
"wired": boolean,
"wireless": {
"enabled": boolean,
"require_encryption": boolean,
"ssids": [
"string"
]
}
}
default_gateways = ["string", "string"]
dhcp_servers = ["string", "string"]
dns_resolution_targets = {
"targets": [
{
"hostname": "string",
"ip_match": [
"string"
]
}
]
}
dns_servers = ["string", "string"]
host_addresses = ["string", "string"]
https_reachable_hosts = {
"hostnames": [
"string"
]
}
icmp_request_targets = {
"targets": [
"string"
]
}
response = falcon.update_network_locations(comment="string",
connection_types=connection_types,
created_by="string",
created_on="string",
default_gateways=default_gateways,
description="string",
dhcp_servers=dhcp_servers,
dns_resolution_targets=dns_resolution_targets,
dns_servers=dns_servers,
enabled=boolean,
host_addresses=host_addresses,
https_reachable_hosts=https_reachable_hosts,
icmp_request_targets=icmp_request_targets,
name="string",
id="string",
modified_by="string",
modified_on="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
connection_types = {
"wired": boolean,
"wireless": {
"enabled": boolean,
"require_encryption": boolean,
"ssids": [
"string"
]
}
}
default_gateways = ["string", "string"]
dhcp_servers = ["string", "string"]
dns_resolution_targets = {
"targets": [
{
"hostname": "string",
"ip_match": [
"string"
]
}
]
}
dns_servers = ["string", "string"]
host_addresses = ["string", "string"]
https_reachable_hosts = {
"hostnames": [
"string"
]
}
icmp_request_targets = {
"targets": [
"string"
]
}
BODY = {
"connection_types": connection_types,
"created_by": "string",
"created_on": "string",
"default_gateways": default_gateways,
"description": "string",
"dhcp_servers": dhcp_servers,
"dns_resolution_targets": dns_resolution_targets,
"dns_servers": dns_servers,
"enabled": boolean,
"host_addresses": host_addresses,
"https_reachable_hosts": https_reachable_hosts,
"icmp_request_targets": icmp_request_targets,
"name": "string",
"id": "string",
"modified_by": "string",
"modified_on": "string"
}
response = falcon.command("update_network_locations", comment="string", body=BODY)
print(response)
Back to Table of Contents
get_platforms
Get platforms by ID, e.g., windows or mac or droid
PEP8 method name
get_platforms
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/platforms/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The platforms to retrieve, identified by ID. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_platforms(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_platforms", ids=id_list)
print(response)
Back to Table of Contents
get_policy_containers
Get policy container entities by policy ID
PEP8 method name
get_policy_containers
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/policies/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The policy container(s) to retrieve, identified by policy ID. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policy_containers(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_policy_containers", ids=id_list)
print(response)
Back to Table of Contents
update_policy_container_v1
Update an identified policy container.
PLEASE NOTE: This endpoint is deprecated in favor of
update_policy_container(also known asupdate_policy_container_v2). Using this legacy endpoint could potentially disable your local logging setting.
PEP8 method name
update-policy-container-v1
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/policies/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| default_inbound | | | body | string | Default inbound. |
| default_outbound | | | body | string | Default outbound. |
| enforce | | | body | boolean | Enforcement flag. |
| is_default_policy | | | body | boolean | Default policy flag. |
| local_logging | | | body | boolean | Local logging flag. |
| platform_id | | | body | string | ID of the platform this policy container. |
| policy_id | | | body | string | Policy ID to apply to this container. |
| rule_group_ids | | | body | string or list of strings | Rule group IDs to include in this container. |
| test_mode | | | body | boolean | Flag indicating if this container is in test mode. |
| tracking | | | body | string | Tracking. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_groups = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_policy_container_v1(default_inbound="string",
default_outbound="string",
enforce=boolean,
is_default_policy=boolean,
local_logging=boolean,
platform_id="string",
policy_id="string",
rule_group_ids=rule_groups,
test_mode=boolean,
tracking="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_groups = ['ID1', 'ID2', 'ID3']
BODY = {
"default_inbound": "string",
"default_outbound": "string",
"enforce": boolean,
"is_default_policy": boolean,
"local_logging": boolean,
"platform_id": "string",
"policy_id": "string",
"rule_group_ids": rule_groups,
"test_mode": boolean,
"tracking": "string"
}
response = falcon.command("update_policy_container_v1", body=BODY)
print(response)
Back to Table of Contents
update_policy_container
Update an identified policy container
PEP8 method name
update_policy_container
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/policies/v2 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| default_inbound | | | body | string | Default inbound. |
| default_outbound | | | body | string | Default outbound. |
| enforce | | | body | boolean | Enforcement flag. |
| is_default_policy | | | body | boolean | Default policy flag. |
| local_logging | | | body | boolean | Local logging flag. |
| platform_id | | | body | string | ID of the platform this policy container. |
| policy_id | | | body | string | Policy ID to apply to this container. |
| rule_group_ids | | | body | string or list of strings | Rule group IDs to include in this container. |
| test_mode | | | body | boolean | Flag indicating if this container is in test mode. |
| tracking | | | body | string | Tracking. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_groups = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_policy_container(default_inbound="string",
default_outbound="string",
enforce=boolean,
is_default_policy=boolean,
local_logging=boolean,
platform_id="string",
policy_id="string",
rule_group_ids=rule_groups,
test_mode=boolean,
tracking="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_groups = ['ID1', 'ID2', 'ID3']
BODY = {
"default_inbound": "string",
"default_outbound": "string",
"enforce": boolean,
"is_default_policy": boolean,
"local_logging": boolean,
"platform_id": "string",
"policy_id": "string",
"rule_group_ids": rule_groups,
"test_mode": boolean,
"tracking": "string"
}
response = falcon.command("update_policy_container", body=BODY)
print(response)
Back to Table of Contents
get_rule_groups
Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order.
PEP8 method name
get_rule_groups
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/rule-groups/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The ID(s) of the rule group to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule_groups(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_rule_groups", ids=id_list)
print(response)
Back to Table of Contents
create_rule_group
Create new rule group on a platform for a customer with a name and description, and return the ID
PEP8 method name
create_rule_group
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/rule-groups/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| action | | | body rules | string | Rule action to perform. String. Overridden if rules keyword is provided. |
| address_family | | | body rules | string | Address type, String. Either IP4, IP6 or NONE.Overridden if rules keyword is provided. |
| body | | | body | dictionary | Full body payload in JSON format. |
| clone_id | | | query | string | A rule group ID from which to copy rules. If this is provided then the 'rules' property of the body is ignored. |
| comment | | | query | string | Comment for this rule group. |
| description | | | body | string | Rule group description. |
| direction | | | body rules | string | Traffic direction for created rule. String. Either IN, OUT or BOTH.Overridden if rules keyword is provided. |
| enabled | | | body | boolean | Flag indicating if the rule group is enabled. |
| fields | | | body rules | dictionary or list of dictionaries | Fields to impact. Dictionary or list of dictionaries. Overridden if rules keyword is provided. |
| icmp | | | body rules | dictionary | ICMP protocol options. Overridden if rules keyword is provided. |
| library | | | query | string | If this flag is set to true then the rules will be cloned from the clone_id from the CrowdStrike Firewal Rule Groups Library. |
| local_address | | | body rules | dictionary or list of dictionaries | Local address and netmask detail. Overridden if rules keyword is provided. |
| local_port | | | body rules | dictionary or list of dictionaries | Local port range. Overridden if rules keyword is provided. |
| log | | | body rules | boolean | Log rule matches. Overridden if rules keyword is provided. |
| name | | | body | string | Rule group name. |
| monitor | | | body rules | dictionary | Monitor count / period. Overridden if rules keyword is provided. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| platform | | | query | string | Common name for the OS platform this rule applies to. Should be provided instead of platform_ids. |
| platform_ids | | | body rules | string or list of strings | OS platform(s) covered by rule. Supports comma delimited strings. Overridden if rules keyword is provided. DEPRECATED |
| protocol | | | body rules | integer | Protocol specified by rule (Integer identifier). Overridden if rules keyword is provided. |
| remote_address | | | body rules | dictionary or list of dictionaries | Remote address and netmask detail. Overridden if rules keyword is provided. |
| remote_port | | | body rules | dictionary or list of dictionaries | Remote port range. Overridden if rules keyword is provided. |
| rule_description | | | body rules | string | Rule description. Overridden if rules keyword is provided. |
| rule_enabled | | | body rules | boolean | Enablement status for the new rule. Overridden if rules keyword is provided. |
| rule_name | | | body rules | string | Rule name. Overridden if rules keyword is provided. |
| rules | | | body | dictionary or list of dictionaries | Rule(s) in JSON format. |
| temp_id | | | body rules | string | String to use for temporary rule ID. Overridden if rules keyword is provided. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
new_rule = {
"action": "string",
"address_family": "string",
"description": "string",
"direction": "string",
"enabled": boolean,
"fields": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
"string"
]
}
],
"icmp": {
"icmp_code": "string",
"icmp_type": "string"
},
"local_address": [
{
"address": "string",
"netmask": integer
}
],
"local_port": [
{
"end": integer,
"start": integer
}
],
"log": boolean,
"monitor": {
"count": "string",
"period_ms": "string"
},
"name": "string",
"platform_ids": [
"string"
],
"protocol": "string",
"remote_address": [
{
"address": "string",
"netmask": integer
}
],
"remote_port": [
{
"end": integer,
"start": integer
}
],
"temp_id": "string"
}
response = falcon.create_rule_group(clone_id="string",
library="string",
comment="string",
description="string",
enabled=boolean,
name="string",
platform="string",
rules=new_rule
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
new_rule = {
"action": "string",
"address_family": "string",
"description": "string",
"direction": "string",
"enabled": boolean,
"fields": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
"string"
]
}
],
"icmp": {
"icmp_code": "string",
"icmp_type": "string"
},
"local_address": [
{
"address": "string",
"netmask": integer
}
],
"local_port": [
{
"end": integer,
"start": integer
}
],
"log": boolean,
"monitor": {
"count": "string",
"period_ms": "string"
},
"name": "string",
"platform_ids": [
"string"
],
"protocol": "string",
"remote_address": [
{
"address": "string",
"netmask": integer
}
],
"remote_port": [
{
"end": integer,
"start": integer
}
],
"temp_id": "string"
}
BODY = {
"description": "string",
"enabled": boolean,
"name": "string",
"platform": "string",
"rules": [new_rule]
}
response = falcon.command("create_rule_group",
body=BODY,
clone_id="string",
library="string",
comment="string"
)
print(response)
Back to Table of Contents
delete_rule_groups
Delete rule group entities by ID
PEP8 method name
delete_rule_groups
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/rule-groups/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comment | | | query | string or list of strings | Audit log comment for this operation. |
| ids | | | query | string or list of strings | The rules to retrieve, identified by ID. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rule_groups(comment="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("delete_rule_groups", comment="string", ids=id_list)
print(response)
Back to Table of Contents
update_rule_group
Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules
PEP8 method name
update_rule_group
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/rule-groups/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| comment | | | query | string | Audit log comment for this action. |
| diff_from | | | body diff_operations | string | From value for the diff. Overridden if diff_operations keyword is provided. |
| diff_op | | | body diff_operations | string | Operation for the diff. Overridden if diff_operations keyword is provided. |
| diff_operations | | | body | dictionary or list of dictionaries | Differential operations to perform against the rule group. |
| diff_path | | | body diff_operations | string | Path for the diff. Overridden if diff_operations keyword is provided. |
| diff_type | | | body | string | Type of diff to apply. |
| id | | | body | string | ID of the rule group to update. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| rule_ids | | | body | list of strings | Rule ID(s) to add to the rule group. |
| rule_versions | | | body | list of integers | Rule group versions. |
| tracking | | | body | string | Tracking. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rules = ['ID1', 'ID2', 'ID3']
versions = [1, 2, 3]
diffs = {
"from": "string",
"op": "string",
"path": "string"
}
response = falcon.update_rule_group(comment="string",
diff_operations=diffs,
diff_type="string",
id="string",
rule_ids=rules,
rule_versions=versions,
tracking="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rules = ['ID1', 'ID2', 'ID3']
versions = [1, 2, 3]
diffs = {
"from": "string",
"op": "string",
"path": "string"
}
BODY = {
"diff_operations": [diffs],
"diff_type": "string",
"id": "string",
"rule_ids": rules,
"rule_versions": versions,
"tracking": "string"
}
response = falcon.command("update_rule_group",
comment="string",
body=BODY
)
print(response)
Back to Table of Contents
create_rule_group_validation
Validates the request of creating a new rule group on a platform for a customer with a name and description
PEP8 method name
create_rule_group_validation
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/rule-groups/validation/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format, not required if using other keywords. |
| clone_id | | | query | string | A rule group validation ID from which to copy rules. If this is provided then the 'rules' property of the body is ignored. |
| comment | | | query | string | Audit log comment for this action. |
| description | | | body | string | Rule group validation description. |
| enabled | | | body | boolean | Flag indicating if this validation is enabled. |
| library | | | query | boolean | If this flag is set to true then the rules will be cloned from the clone_id from the CrowdStrike Firewall Rule Groups Library. |
| name | | | body | string | Name for this rule group validation. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. Not required if using the clone_id and comment keywords. |
| platform | | | body | string | Name of the platform this rule group validation is associated with. |
| rules | | | body | list of dictionaries | JSON formatted list of rules to validate. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_list = [
{
"action": "string",
"address_family": "string",
"description": "string",
"direction": "string",
"enabled": boolean,
"fields": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
"string"
]
}
],
"fqdn": "string",
"fqdn_enabled": boolean,
"icmp": {
"icmp_code": "string",
"icmp_type": "string"
},
"local_address": [
{
"address": "string",
"netmask": integer
}
],
"local_port": [
{
"end": integer,
"start": integer
}
],
"log": boolean,
"monitor": {
"count": "string",
"period_ms": "string"
},
"name": "string",
"protocol": "string",
"remote_address": [
{
"address": "string",
"netmask": integer
}
],
"remote_port": [
{
"end": integer,
"start": integer
}
],
"temp_id": "string"
}
]
response = falcon.create_rule_group_validation(clone_id="string",
comment="string",
description="string",
enabled=boolean,
library="string",
name="string",
platform="string",
rules=rule_list
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_list = [
{
"action": "string",
"address_family": "string",
"description": "string",
"direction": "string",
"enabled": boolean,
"fields": [
{
"final_value": "string",
"label": "string",
"name": "string",
"type": "string",
"value": "string",
"values": [
"string"
]
}
],
"fqdn": "string",
"fqdn_enabled": boolean,
"icmp": {
"icmp_code": "string",
"icmp_type": "string"
},
"local_address": [
{
"address": "string",
"netmask": integer
}
],
"local_port": [
{
"end": integer,
"start": integer
}
],
"log": boolean,
"monitor": {
"count": "string",
"period_ms": "string"
},
"name": "string",
"protocol": "string",
"remote_address": [
{
"address": "string",
"netmask": integer
}
],
"remote_port": [
{
"end": integer,
"start": integer
}
],
"temp_id": "string"
}
]
BODY = {
"description": "string",
"enabled": boolean,
"name": "string",
"platform": "string",
"rules": rule_list
}
response = falcon.command("create_rule_group_validation",
clone_id="string",
comment="string",
library="string",
body=BODY
)
print(response)
Back to Table of Contents
update_rule_group_validation
Validates the request of updating name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules
PEP8 method name
update_rule_group_validation
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/rule-groups/validation/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| comment | | | query | string | Audit log comment for this action. |
| diff_from | | | body diff_operations | string | From value for the diff. Overridden if diff_operations keyword is provided. |
| diff_op | | | body diff_operations | string | Operation for the diff. Overridden if diff_operations keyword is provided. |
| diff_operations | | | body | dictionary or list of dictionaries | Differential operations to perform against the rule group. |
| diff_path | | | body diff_operations | string | Path for the diff. Overridden if diff_operations keyword is provided. |
| diff_type | | | body | string | Type of diff to apply. |
| id | | | body | string | ID of the rule group to update. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| rule_ids | | | body | list of strings | Rule ID(s) to add to the rule group. |
| rule_versions | | | body | list of integers | Rule group versions. |
| tracking | | | body | string | Tracking. |
| | comment | query | string | Audit log comment for this action | | :white_check_mark: | body | body | string
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rules = ['ID1', 'ID2', 'ID3']
versions = [1, 2, 3]
diffs = {
"from": "string",
"op": "string",
"path": "string"
}
response = falcon.update_rule_group_validation(comment="string",
diff_operations=diffs,
diff_type="string",
id="string",
rule_ids=rules,
rule_versions=versions,
tracking="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rules = ['ID1', 'ID2', 'ID3']
versions = [1, 2, 3]
diffs = {
"from": "string",
"op": "string",
"path": "string"
}
BODY = {
"diff_operations": [diffs],
"diff_type": "string",
"id": "string",
"rule_ids": rules,
"rule_versions": versions,
"tracking": "string"
}
response = falcon.command("update_rule_group_validation",
comment="string",
body=BODY
)
print(response)
Back to Table of Contents
get_rules
Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string)
PEP8 method name
get_rules
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/rules/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The rules to retrieve, identified by ID. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rules(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_rules", ids=id_list)
print(response)
Back to Table of Contents
validate_filepath_pattern
Validates that the test pattern matches the executable filepath glob pattern.
PEP8 method name
validate_filepath_pattern
Endpoint
| Method | Route |
|---|---|
| /fwmgr/entities/rules/validate-filepath/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| filepath_pattern | | | body | string | Pattern to test against. |
| filepath_test_string | | | body | string | File path string to be tested. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.validate_filepath_pattern(filepath_pattern="string",
filepath_test_string="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"filepath_pattern": "string",
"filepath_test_string": "string"
}
response = falcon.command("validate_filepath_pattern", body=BODY)
print(response)
Back to Table of Contents
query_events
Find all event IDs matching the query with filter
PEP8 method name
query_events
Endpoint
| Method | Route |
|---|---|
| /fwmgr/queries/events/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. To access more than 10k indicators, use the after parameter instead of offset. |
| filter | | | query | string | FQL Syntax formatted filter that should be used to limit the results. |
| limit | | | query | integer | Maximum number of results to return. |
| offset | | | query | integer | The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default. To access more than 10k iocs, use the after parameter instead of offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| q | | | query | string | Free text search across all indexed fields. |
| sort | | | query | string | FQL Syntax formatted sort filter. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_events(sort="string",
filter="string",
q="string",
offset=integer,
after="string",
limit=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_events",
sort="string",
filter="string",
q="string",
offset=integer,
after="string",
limit=integer
)
print(response)
Back to Table of Contents
query_firewall_fields
Get the firewall field specification IDs for the provided platform
PEP8 method name
query_firewall_fields
Endpoint
| Method | Route |
|---|---|
| /fwmgr/queries/firewall-fields/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | integer | Maximum number of results to return. |
| offset | | | query | integer | The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default. To access more than 10k iocs, use the after parameter instead of offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| platform_id | | | query | string | Field configurations specific to this platform. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_firewall_fields(platform_id="string",
offset=integer,
limit=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_firewall_fields",
platform_id="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
query_network_locations
Get a list of network location IDs
PEP8 method name
query_network_locations
Endpoint
| Method | Route |
|---|---|
| /fwmgr/queries/network-locations/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. To access more than 10k indicators, use the after parameter instead of offset. |
| filter | | | query | string | FQL Syntax formatted filter that should be used to limit the results. |
| limit | | | query | integer | Maximum number of results to return. |
| offset | | | query | integer | The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default. To access more than 10k iocs, use the after parameter instead of offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| q | | | query | string | Free text search across all indexed fields. |
| sort | | | query | string | FQL Syntax formatted sort filter. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy.firewall_management import FirewallManagement
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_network_locations(sort="string",
filter="string",
q="string",
offset="string",
after="string",
limit=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_network_locations",
sort="string",
filter="string",
q="string",
offset="string",
after="string",
limit=integer
)
print(response)
Back to Table of Contents
query_platforms
Get the list of platform names
PEP8 method name
query_platforms
Endpoint
| Method | Route |
|---|---|
| /fwmgr/queries/platforms/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | integer | Maximum number of results to return. |
| offset | | | query | integer | The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default. To access more than 10k iocs, use the after parameter instead of offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_platforms(offset=integer, limit=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_platforms", limit=integer, offset=integer)
print(response)
Back to Table of Contents
query_policy_rules
Find all firewall rule IDs matching the query with filter, and return them in precedence order
PEP8 method name
query_policy_rules
Endpoint
| Method | Route |
|---|---|
| /fwmgr/queries/policy-rules/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. To access more than 10k indicators, use the after parameter instead of offset. |
| filter | | | query | string | FQL Syntax formatted filter that should be used to limit the results. |
| id | | | query | string | The ID of the policy container within which to query. |
| limit | | | query | integer | Maximum number of results to return. |
| offset | | | query | integer | The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default. To access more than 10k iocs, use the after parameter instead of offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| q | | | query | string | Free text search across all indexed fields. |
| sort | | | query | string | FQL Syntax formatted sort filter. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_policy_rules(id="string",
sort="string",
filter="string",
q="string",
offset=integer,
limit=integer,
after="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_policy_rules",
id="string",
sort="string",
filter="string",
q="string",
offset=integer,
limit=integer,
after="string"
)
print(response)
Back to Table of Contents
query_rule_groups
Find all rule group IDs matching the query with filter
PEP8 method name
query_rule_groups
Endpoint
| Method | Route |
|---|---|
| /fwmgr/queries/rule-groups/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. To access more than 10k indicators, use the after parameter instead of offset. |
| filter | | | query | string | FQL Syntax formatted filter that should be used to limit the results. |
| limit | | | query | integer | Maximum number of results to return. |
| offset | | | query | integer | The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default. To access more than 10k iocs, use the after parameter instead of offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| q | | | query | string | Free text search across all indexed fields. |
| sort | | | query | string | FQL Syntax formatted sort filter. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_groups(sort="string",
filter="string",
q="string",
offset="string",
after="string",
limit=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_rule_groups",
sort="string",
filter="string",
q="string",
offset="string",
after="string",
limit=integer
)
print(response)
Back to Table of Contents
query_rules
Find all rule IDs matching the query with filter
PEP8 method name
query_rules
Endpoint
| Method | Route |
|---|---|
| /fwmgr/queries/rules/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. To access more than 10k indicators, use the after parameter instead of offset. |
| filter | | | query | string | FQL Syntax formatted filter that should be used to limit the results. |
| limit | | | query | integer | Maximum number of results to return. |
| offset | | | query | integer | The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default. To access more than 10k iocs, use the after parameter instead of offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| q | | | query | string | Free text search across all indexed fields. |
| sort | | | query | string | FQL Syntax formatted sort filter. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import FirewallManagement
# Do not hardcode API credentials!
falcon = FirewallManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rules(sort="string",
filter="string",
q="string",
offset=integer,
after="string",
limit=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("query_rules",
sort="string",
filter="string",
q="string",
offset=integer,
after="string",
limit=integer
)
print(response)
Back to Table of Contents