CrowdStrike Falcon CrowdStrike Subreddit

Welcome to the FalconPy Wiki

Documentation Version

This wiki provides documentation for FalconPy, the CrowdStrike Falcon API Software Development Kit.

What is the FalconPy SDK for?

The FalconPy SDK contains a collection of Python classes that abstract CrowdStrike Falcon OAuth2 API interaction, removing duplicative code and allowing developers to focus on just the logic of their solution requirements.

SDK Contents

Available Classes Deprecated Classes Available API Operations

This SDK provides two distinct methods for interacting with the CrowdStrike Falcon OAuth2 API.

Service ClassesThe Uber Class
Service ClassesThe Uber Class
Representing a single service collection, Service Classes have methods defined for every available operation within that specific service collection.A single harness for interacting with the entire API, the Uber Class can interact with every available operation within every service collection.

Service Collections

There are currently 66 Service Classes defined that provide an interface to individual service collections within the CrowdStrike Falcon OAuth2 API.

Service CollectionService Class NameFunctional API Scope
AlertsAlertsCrowdStrike Falcon Alerts
Cloud Connect AWS
Deprecated
CloudConnectAWS
Deprecated
CrowdStrike Falcon Discover for Cloud and Containers (AWS)
Cloud SnapshotsCloud SnapshotsCrowdStrike Falcon Horizon Cloud Snapshots
Configuration AssessmentConfigurationAssessmentCrowdStrike Falcon Configuration Assessment
Configuration Assessment Evaluation LogicConfigurationAssessmentEvaluationLogicCrowdStrike Falcon Configuration Assessment Evaluation Logic
Container AlertsContainerAlertsCrowdStrike Falcon Container Alerts
Container DetectionsContainerDetectionsCrowdStrike Falcon Container Detections
Container ImagesContainerImagesCrowdStrike Falcon Container Images
Container PackagesContainerPackagesCrowdStrike Falcon Container Packages
Container VulnerabilitiesContainerVulnerabilitiesCrowdStrike Falcon Container Vulnerabilities
CSPM RegistrationCSPMRegistrationCrowdStrike Falcon Horizon
Custom IOACustomIOACrowdStrike Falcon Custom Indicators of Attack
Custom StorageCustomStorageCrowdStrike Falcon Custom Storage
D4C Registration
Deprecated
D4CRegistration
Deprecated
CrowdStrike Falcon Discover for Cloud and Containers (Azure / GCP)
DetectsDetectsCrowdStrike Falcon Detections
Device Control PoliciesDeviceControlPoliciesCrowdStrike Falcon Device Control
DiscoverDiscoverCrowdStrike Falcon Discover
Drift IndicatorsDriftIndicatorsCrowdStrike Falcon Drift Indicators
Event StreamsEventStreamsCrowdStrike Falcon Event Streams
Falcon Complete DashboardFalconCompleteDashboardCrowdStrike Falcon Complete Dashboard
Falcon ContainerFalconContainerCrowdStrike Falcon Container
Falcon Intelligence SandboxFalconXSandboxCrowdStrike Falcon Intelligence Sandbox
FDRFDRCrowdStrike Falcon Data Replicator
FileVantageFileVantageCrowdStrike Falcon FileVantage
Firewall ManagementFirewallManagementCrowdStrike Falcon Firewall Management
Firewall PoliciesFirewallPoliciesCrowdStrike Falcon Firewall Policy Management
Flight ControlFlightControlCrowdStrike Falcon Flight Control
Foundry LogScaleFoundryLogScaleCrowdStrike Falcon Foundry LogScale
Host GroupHostGroupCrowdStrike Falcon Host Groups
HostsHostsCrowdStrike Falcon Hosts
Identity ProtectionIdentityProtectionCrowdStrike Falcon Identity Protection
Image Assessment PoliciesImageAssessmentPoliciesCrowdStrike Image Assessment Policies
IncidentsIncidentsCrowdStrike Falcon Incidents and Detection Monitoring
Installation TokensInstallationTokensCrowdStrike Falcon Installation Tokens
IntelIntelCrowdStrike Falcon Threat Intel
IOA ExclusionsIOAExclusionsCrowdStrike Falcon Indicators of Attack Exclusions
IOCIOCCrowdStrike Falcon Custom Indicators of Compromise v2
IOCs   DeprecatedIOCs   DeprecatedCrowdStrike Falcon Custom Indicators of Compromise
Kubernetes ProtectionKubernetesProtectionCrowdStrike Falcon Kubernetes Protection
MalQueryMalQueryCrowdStrike Falcon Malquery
Message CenterMessageCenterCrowdStrike Message Center
ML ExclusionsMLExclusionsCrowdStrike Falcon ML Exclusions
Mobile EnrollmentMobileEnrollmentCrowdStrike Falcon Mobile Enrollment
OAuth2OAuth2CrowdStrike Falcon OAuth2 Token
On Demand ScanODSCrowdStrike Falcon On Demand Scan
Overwatch DashboardOverwatchDashboardCrowdStrike Falcon Overwatch Dashboard
Prevention PolicyPreventionPolicyCrowdStrike Falcon Prevention Policy
QuarantineQuarantineCrowdStrike Falcon Quarantine
Quick ScanQuickScanCrowdStrike Falcon Quick Scan
Real Time Response AdminRealTimeResponseAdminCrowdStrike Falcon Real Time Response (RTR) Administration
Real Time ResponseRealTimeResponseCrowdStrike Falcon Real Time Response (RTR)
Real Time Response AuditRealTimeResponseAuditCrowdStrike Real Time Response Audit
ReconReconCrowdStrike Falcon Recon
Report ExecutionsReportExecutionsCrowdStrike Falcon Report Executions
Response PoliciesResponsePoliciesCrowdStrike Falcon Real Time Response Policies
Sample UploadsSampleUploadsCrowdStrike Falcon Sample Uploads
Scheduled ReportsScheduledReportsCrowdStrike Falcon Scheduled Reports
Sensor DownloadSensorDownloadCrowdStrike Falcon Sensor Download
Sensor Update PolicySensorUpdatePolicyCrowdStrike Falcon Sensor Policy Management
Sensor Visibility ExclusionsSensorVisibilityExclusionsCrowdStrike Falcon Sensor Visibility Exclusions
Spotlight Evaluation LogicSpotlightEvaluationLogicCrowdStrike Falcon Spotlight Evaluation Logic
Spotlight VulnerabilitiesSpotlightVulnerabilitiesCrowdStrike Falcon Spotlight
Tailored IntelligenceTailoredIntelligenceCrowdStrike Falcon Tailored Intelligence
Unidentified ContainersUnidentifiedContainersCrowdStrike Falcon Unidentified Containers
User ManagementUserManagementCrowdStrike Falcon User and Roles
WorkflowsWorkflowsCrowdStrike Falcon Workflows
Zero Trust AssessmentZeroTrustAssessmentCrowdStrike Falcon Zero Trust Assessment

Installation

Project Status: Active – The project has reached a stable, usable state and is being actively developed. PyPI PyPI - Implementation PyPI - Python Version PyPI - Wheel

More details regarding installation can be found at Installation, Upgrades and Removal.

Basic usage

While both solutions provide equivalent functionality, the usage patterns between Service Classes and the Uber Class differ slightly. Review the detail provided by the following links for examples of these syntactic differences. You can also find more detailed examples within the service collection wiki pages and the Samples Collection.

If you still have questions, please reach out to us on the discussion board.

Configuration

FalconPy supports multiple configuration options to customize functionality to meet your specific requirements.

Advanced topics

More advanced details regarding FalconPy usage and functionality can be found in the following pages.

CrowdStrike FalconPy is completely free

PyPI - License

This is free and unencumbered software released into the public domain.

Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.

In jurisdictions that recognize copyright laws, the author or authors of this software dedicate any and all copyright interest in the software to the public domain. We make this dedication for the benefit of the public at large and to the detriment of our heirs and successors. We intend this dedication to be an overt act of relinquishment in perpetuity of all present and future rights to this software under copyright law.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

For more information, please refer to https://unlicense.org