Welcome to the FalconPy Wiki
This wiki provides documentation for FalconPy, the CrowdStrike Falcon API Software Development Kit.
What is the FalconPy SDK for?
The FalconPy SDK contains a collection of Python classes that abstract CrowdStrike Falcon OAuth2 API interaction, removing duplicative code and allowing developers to focus on just the logic of their solution requirements.
SDK Contents
This SDK provides two distinct methods for interacting with the CrowdStrike Falcon OAuth2 API.
Service Classes | The Uber Class |
---|---|
Representing a single service collection, Service Classes have methods defined for every available operation within that specific service collection. | A single harness for interacting with the entire API, the Uber Class can interact with every available operation within every service collection. |
Service Collections
There are currently 71 Service Classes defined that provide an interface to individual service collections within the CrowdStrike Falcon OAuth2 API.
Service Collection | Service Class Name | Functional API Scope |
---|---|---|
Alerts | Alerts | CrowdStrike Falcon Alerts |
API Integrations | APIIntegrations | CrowdStrike Falcon API Integrations |
ASPM | ASPM | CrowdStrike Falcon ASPM |
Certificate Based Exclusions | CertificateBasedExclusions | CrowdStrike Falcon Certificate Based Exclusions |
Cloud Connect AWS | CloudConnectAWS | CrowdStrike Falcon Discover for Cloud and Containers (AWS) |
Cloud Snapshots | Cloud Snapshots | CrowdStrike Falcon Horizon Cloud Snapshots |
Compliance Assessments | ComplianceAssessments | CrowdStrike Falcon Compliance Assessments |
Configuration Assessment | ConfigurationAssessment | CrowdStrike Falcon Configuration Assessment |
Configuration Assessment Evaluation Logic | ConfigurationAssessmentEvaluationLogic | CrowdStrike Falcon Configuration Assessment Evaluation Logic |
Container Alerts | ContainerAlerts | CrowdStrike Falcon Container Alerts |
Container Detections | ContainerDetections | CrowdStrike Falcon Container Detections |
Container Images | ContainerImages | CrowdStrike Falcon Container Images |
Container Packages | ContainerPackages | CrowdStrike Falcon Container Packages |
Container Vulnerabilities | ContainerVulnerabilities | CrowdStrike Falcon Container Vulnerabilities |
CSPM Registration | CSPMRegistration | CrowdStrike Falcon Horizon |
Custom IOA | CustomIOA | CrowdStrike Falcon Custom Indicators of Attack |
Custom Storage | CustomStorage | CrowdStrike Falcon Custom Storage |
D4C Registration | D4CRegistration | CrowdStrike Falcon Discover for Cloud and Containers (Azure / GCP) |
DataScanner | DataScanner | CrowdStrike Falcon DataScanner |
Delivery Settings | Delivery Settings | CrowdStrike Falcon Delivery Settings |
Detects | Detects | CrowdStrike Falcon Detections |
Device Control Policies | DeviceControlPolicies | CrowdStrike Falcon Device Control |
Discover | Discover | CrowdStrike Falcon Discover |
Downloads | Downloads | CrowdStrike Falcon Downloads |
Drift Indicators | DriftIndicators | CrowdStrike Falcon Drift Indicators |
Event Streams | EventStreams | CrowdStrike Falcon Event Streams |
Exposure Management | ExposureManagement | CrowdStrike Falcon Exposure Management |
Falcon Complete Dashboard | FalconCompleteDashboard | CrowdStrike Falcon Complete Dashboard |
Falcon Container | FalconContainer | CrowdStrike Falcon Container |
Falcon Intelligence Sandbox | FalconXSandbox | CrowdStrike Falcon Intelligence Sandbox |
FDR | FDR | CrowdStrike Falcon Data Replicator |
FileVantage | FileVantage | CrowdStrike Falcon FileVantage |
Firewall Management | FirewallManagement | CrowdStrike Falcon Firewall Management |
Firewall Policies | FirewallPolicies | CrowdStrike Falcon Firewall Policy Management |
Flight Control | FlightControl | CrowdStrike Falcon Flight Control |
Foundry LogScale | FoundryLogScale | CrowdStrike Falcon Foundry LogScale |
Host Group | HostGroup | CrowdStrike Falcon Host Groups |
Host Migration | HostMigration | CrowdStrike Falcon Host Migration |
Hosts | Hosts | CrowdStrike Falcon Hosts |
Identity Protection | IdentityProtection | CrowdStrike Falcon Identity Protection |
Image Assessment Policies | ImageAssessmentPolicies | CrowdStrike Image Assessment Policies |
Incidents | Incidents | CrowdStrike Falcon Incidents and Detection Monitoring |
Installation Tokens | InstallationTokens | CrowdStrike Falcon Installation Tokens |
Intel | Intel | CrowdStrike Falcon Threat Intel |
IOA Exclusions | IOAExclusions | CrowdStrike Falcon Indicators of Attack Exclusions |
IOC | IOC | CrowdStrike Falcon Custom Indicators of Compromise v2 |
IOCs | IOCs | CrowdStrike Falcon Custom Indicators of Compromise |
Kubernetes Protection | KubernetesProtection | CrowdStrike Falcon Kubernetes Protection |
MalQuery | MalQuery | CrowdStrike Falcon Malquery |
Message Center | MessageCenter | CrowdStrike Message Center |
ML Exclusions | MLExclusions | CrowdStrike Falcon ML Exclusions |
Mobile Enrollment | MobileEnrollment | CrowdStrike Falcon Mobile Enrollment |
OAuth2 | OAuth2 | CrowdStrike Falcon OAuth2 Token |
On Demand Scan | ODS | CrowdStrike Falcon On Demand Scan |
Overwatch Dashboard | OverwatchDashboard | CrowdStrike Falcon Overwatch Dashboard |
Prevention Policy | PreventionPolicy | CrowdStrike Falcon Prevention Policy |
Quarantine | Quarantine | CrowdStrike Falcon Quarantine |
Quick Scan | QuickScan | CrowdStrike Falcon Quick Scan |
Quick Scan Pro | QuickScanPro | CrowdStrike Falcon Quick Scan Pro |
Real Time Response Admin | RealTimeResponseAdmin | CrowdStrike Falcon Real Time Response (RTR) Administration |
Real Time Response | RealTimeResponse | CrowdStrike Falcon Real Time Response (RTR) |
Real Time Response Audit | RealTimeResponseAudit | CrowdStrike Real Time Response Audit |
Recon | Recon | CrowdStrike Falcon Recon |
Report Executions | ReportExecutions | CrowdStrike Falcon Report Executions |
Response Policies | ResponsePolicies | CrowdStrike Falcon Real Time Response Policies |
Sample Uploads | SampleUploads | CrowdStrike Falcon Sample Uploads |
Scheduled Reports | ScheduledReports | CrowdStrike Falcon Scheduled Reports |
Sensor Download | SensorDownload | CrowdStrike Falcon Sensor Download |
Sensor Update Policy | SensorUpdatePolicy | CrowdStrike Falcon Sensor Policy Management |
Sensor Usage | SensorUsage | CrowdStrike Sensor Usage |
Sensor Visibility Exclusions | SensorVisibilityExclusions | CrowdStrike Falcon Sensor Visibility Exclusions |
Spotlight Evaluation Logic | SpotlightEvaluationLogic | CrowdStrike Falcon Spotlight Evaluation Logic |
Spotlight Vulnerabilities | SpotlightVulnerabilities | CrowdStrike Falcon Spotlight |
Tailored Intelligence | TailoredIntelligence | CrowdStrike Falcon Tailored Intelligence |
ThreatGraph | ThreatGraph | CrowdStrike Falcon ThreatGraph |
Unidentified Containers | UnidentifiedContainers | CrowdStrike Falcon Unidentified Containers |
User Management | UserManagement | CrowdStrike Falcon User and Roles |
Workflows | Workflows | CrowdStrike Falcon Workflows |
Zero Trust Assessment | ZeroTrustAssessment | CrowdStrike Falcon Zero Trust Assessment |
Installation
More details regarding installation can be found at Installation, Upgrades and Removal.
Basic usage
While both solutions provide equivalent functionality, the usage patterns between Service Classes and the Uber Class differ slightly. Review the detail provided by the following links for examples of these syntactic differences. You can also find more detailed examples within the service collection wiki pages and the Samples Collection.
If you still have questions, please reach out to us on the discussion board.
Configuration
FalconPy supports multiple configuration options to customize functionality to meet your specific requirements.
Advanced topics
More advanced details regarding FalconPy usage and functionality can be found in the following pages.
- API Operations Overview
- Authentication
- Extensibility
- Falcon Query Language (FQL)
- Glossary of Terms
- Debug Logging
- Payload Handling
- Response Handling
CrowdStrike FalconPy is completely free
This is free and unencumbered software released into the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.
In jurisdictions that recognize copyright laws, the author or authors of this software dedicate any and all copyright interest in the software to the public domain. We make this dedication for the benefit of the public at large and to the detriment of our heirs and successors. We intend this dedication to be an overt act of relinquishment in perpetuity of all present and future rights to this software under copyright law.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
For more information, please refer to https://unlicense.org