CrowdStrike Falcon CrowdStrike Subreddit

Using the CSPM Registration service collection

Uber class support Service class support Documentation Version Page Updated Samples Available

This service collection has code examples posted to the repository.

Table of Contents

Operation IDDescription
GetCSPMAwsAccount
PEP 8get_aws_account
Returns information about the current status of an AWS account.
CreateCSPMAwsAccount
PEP 8create_aws_account
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
DeleteCSPMAwsAccount
PEP 8delete_aws_account
Deletes an existing AWS account or organization in our system.
PatchCSPMAwsAccount
PEP 8update_aws_account
Patches a existing account in our system for a customer.
GetCSPMAwsConsoleSetupURLs
PEP 8get_aws_console_setup_urls
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
GetCSPMAwsAccountScriptsAttachment
PEP 8get_aws_account_scripts_attachment
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
GetCSPMAzureAccount
PEP 8get_azure_account
Return information about Azure account registration
CreateCSPMAzureAccount
PEP 8create_azure_account
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
DeleteCSPMAzureAccount
PEP 8delete_azure_account
Deletes an Azure subscription from the system.
UpdateCSPMAzureAccountClientID
PEP 8update_azure_account_client_id
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
UpdateCSPMAzureTenantDefaultSubscriptionID
PEP 8update_azure_tenant_default_subscription_id
Update an Azure default subscription_id in our system for given tenant_id
AzureDownloadCertificate
PEP 8azure_download_certificate
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
GetCSPMAzureUserScriptsAttachment
PEP 8get_azure_user_scripts_attachment
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
GetBehaviorDetections
PEP 8get_behavior_detections
Retrieve a list of detected behaviors.
GetConfigurationDetections
PEP 8get_configuration_detections
Retrieve a list of active misconfigurations.
GetConfigurationDetectionEntities
PEP 8get_configuration_detection_entities
Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.
GetConfigurationDetectionIDsV2
PEP 8get_configuration_detection_ids_v2
Get a list of active misconfiguration ids - including custom policy detections in addition to default policy detections.
GetCSPMPolicy
PEP 8get_policy
Given a policy ID, returns detailed policy information.
GetCSPMPoliciesDetails
PEP 8get_policy_details
Given an array of policy IDs, returns detailed policies information.
GetCSPMPolicySettings
PEP 8get_policy_settings
Returns information about current policy settings.
UpdateCSPMPolicySettings
PEP 8update_policy_settings
Updates a policy setting - can be used to override policy severity or to disable a policy entirely.
GetCSPMScanSchedule
PEP 8get_scan_schedule
Returns scan schedule configuration for one or more cloud platforms.
UpdateCSPMScanSchedule
PEP 8update_scan_schedule
Updates scan schedule configuration for one or more cloud platforms.
GetCSPMAzureManagementGroup
PEP8get_azure_management_group
Return information about Azure management group registration
DeleteCSPMAzureManagementGroup
PEP8delete_azure_management_group
Deletes Azure management groups from the system.
CreateCSPMAzureManagementGroup
PEP8default_subscription_id--IDofthedefaultazuresubscription.String.
Creates a new management group in our system for a customer.
GetCSPMCGPAccount
PEP8get_gcp_account
Returns information about the current status of an GCP account.
CreateCSPMGCPAccount
PEP8create_gcp_account
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
DeleteCSPMGCPAccount
PEP8delete_gcp_account
Deletes a GCP account from the system.
UpdateCSPMGCPAccount
PEP8update_gcp_account
Patches a existing account in our system for a customer.
ConnectCSPMGCPAccount
PEP8connect_gcp_account
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id
GetCSPMGCPServiceAccountsExt
PEP8get_gcp_service_account
Returns the service account id and client email for external clients.
UpdateCSPMGCPServiceAccountsExt
PEP8update_gcp_service_account
Updates an existing GCP service account.
GetCSPMGCPUserScriptsAttachment
PEP8get_gcp_user_scripts_attachment
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
GetCSPMGCPValidateAccountsExt
PEP8validate_gcp_account
Run a synchronous health check.
ValidateCSPMGCPServiceAccountExt
PEP8validate_gcp_service_account
Validates credentials for a service account

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetCSPMAwsAccount

Returns information about the current status of an AWS account.

PEP8 method name

get_aws_account

Endpoint

MethodRoute
GET/cloud-connect-cspm-aws/entities/account/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
cspm_lite
Service Class Support

Uber Class Support
querybooleanOnly return CSPM lite accounts.
group_by
Service Class Support

Uber Class Support
querystringThe field to group by.
ids
Service Class Support

Uber Class Support
querystring or list of stringsAWS Account ID(s).
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of results to return. (Default: 100)
offset
Service Class Support

Uber Class Support
queryintegerStarting record position.
iam_role_arns
Service Class Support

Uber Class Support
querystring or list of stringsAWS IAM role ARN(s).
migrated
Service Class Support

Uber Class Support
querystringOnly return migrated D4C accounts (true or false).
organization_ids
Service Class Support

Uber Class Support
querystring or list of stringsAWS Organization ID(s).
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
scan_type
Service Class Support

Uber Class Support
querystringType of scan to perform, dry or full.
status
Service Class Support

Uber Class Support
querystringAccount status to filter results by.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

arns = 'ARN1,ARN2,ARN3'  # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']

response = falcon.get_aws_account(cspm_lite=boolean,
                                  scan_type="string",
                                  organization_ids=orgs,
                                  iam_role_arns=arns,
                                  status="string",
                                  limit=integer,
                                  migrated="boolean string",
                                  offset=integer,
                                  group_by="string",
                                  ids=id_list
                                  )
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

arns = 'ARN1,ARN2,ARN3'  # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']

response = falcon.GetCSPMAwsAccount(cspm_lite=boolean,
                                    scan_type="string",
                                    organization_ids=orgs,
                                    iam_role_arns=arns,
                                    status="string",
                                    limit=integer,
                                    migrated="boolean string",
                                    offset=integer,
                                    group_by="string",
                                    ids=id_list
                                    )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

arns = 'ARN1,ARN2,ARN3'  # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']

response = falcon.command("GetCSPMAwsAccount",
                          cspm_lite=boolean,
                          scan_type="string",
                          organization_ids=orgs,
                          iam_role_arns=arns,
                          status="string",
                          limit=integer,
                          migrated="boolean string",
                          offset=integer,
                          group_by="string",
                          ids=id_list
                          )
print(response)

Back to Table of Contents

CreateCSPMAwsAccount

Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.

PEP8 method name

create_aws_account

Endpoint

MethodRoute
POST/cloud-connect-cspm-aws/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
account_id
Service Class Support

Uber Class Support
bodystringAWS Account ID.
account_type
Service Class Support

Uber Class Support
bodystringAWS Account Type.
behavior_assessment_enabled
Service Class Support

Uber Class Support
bodybooleanFlag indicating if behavior assessment should be enabled.
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
cloudtrail_region
Service Class Support

Uber Class Support
bodystringAWS Cloudtrail Region.
iam_role_arn
Service Class Support

Uber Class Support
bodystringAWS IAM Role ARN.
is_master
Service Class Support

Uber Class Support
bodybooleanFlag indicating this is the master account.
sensor_management_enabled
Service Class Support

Uber Class Support
bodybooleanFlag indicating if sensor management should be enabled.
organization_id
Service Class Support

Uber Class Support
bodystringAWS Organization ID.
use_existing_cloudtrail
Service Class Support

Uber Class Support
bodybooleanFlag indicating if the existing CloudTrail log should be used.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.create_aws_account(account_id="string",
                                     account_type="string",
                                     behavior_assessment_enabled=boolean,
                                     cloudtrail_region="string",
                                     iam_role_arn="string",
                                     is_master=boolean,
                                     sensor_management_enabled=boolean,
                                     organization_id="string",
                                     use_existing_cloudtrail=boolean
                                     )
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.CreateCSPMAwsAccount(account_id="string",
                                       account_type="string",
                                       behavior_assessment_enabled=boolean,
                                       cloudtrail_region="string",
                                       iam_role_arn="string",
                                       is_master=boolean,
                                       sensor_management_enabled=boolean,
                                       organization_id="string",
                                       use_existing_cloudtrail=boolean
                                       )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_id": "string",
            "account_type": "string",
            "behavior_assessment_enabled": boolean,
            "cloudtrail_region": "string",
            "iam_role_arn": "string",
            "is_master": boolean,
            "organization_id": "string",
            "sensor_management_enabled": boolean,
            "use_existing_cloudtrail": boolean
        }
    ]
}

response = falcon.command("CreateCSPMAwsAccount", body=BODY)
print(response)

Back to Table of Contents

DeleteCSPMAwsAccount

Deletes an existing AWS account or organization in our system.

PEP8 method name

delete_aws_account

Endpoint

MethodRoute
DELETE/cloud-connect-cspm-aws/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsThe AWS account IDs to remove.
organization_ids
Service Class Support

Uber Class Support
querystring or list of stringsThe AWS organization ID(s) to delete.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

response = falcon.delete_aws_account(organization_ids=orgs, ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

response = falcon.DeleteCSPMAwsAccount(organization_ids=orgs, ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "organization-ids": [
       "string",
       "string"
    ]
}

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

orgs = 'ORG1,ORG2,ORG3'  # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']

response = falcon.command("DeleteCSPMAwsAccount", organization_ids=orgs, ids=id_list)
print(response)

Back to Table of Contents

PatchCSPMAwsAccount

Patches a existing account in our system for a customer.

PEP8 method name

update_aws_account

Endpoint

MethodRoute
PATCH/cloud-connect-cspm-aws/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
account_id
Service Class Support

Uber Class Support
bodystringAWS Account ID.
behavior_assessment_enabled
Service Class Support

Uber Class Support
bodybooleanFlag indicating if behavior assessment should be enabled.
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
cloudtrail_region
Service Class Support

Uber Class Support
bodystringAWS Cloudtrail Region.
iam_role_arn
Service Class Support

Uber Class Support
bodystringAWS IAM Role ARN.
remediation_region
Service Class Support

Uber Class Support
bodystringRegion where remediation occurs.
remediation_tou_accepted
Service Class Support

Uber Class Support
bodystringThe accepted TOU for this account.
sensor_management_enabled
Service Class Support

Uber Class Support
bodybooleanFlag indicating if sensor management should be enabled.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.update_aws_account(account_id="string",
                                     behavior_assessment_enabled=boolean,
                                     cloudtrail_region="string",
                                     iam_role_arn="string",
                                     remediation_region="string",
                                     remediation_tou_accepted="UTC datetime string",
                                     sensor_management_enabled=boolean
                                     )
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.PatchCSPMAwsAccount(account_id="string",
                                      behavior_assessment_enabled=boolean,
                                      cloudtrail_region="string",
                                      iam_role_arn="string",
                                      remediation_region="string",
                                      remediation_tou_accepted="UTC datetime string",
                                      sensor_management_enabled=boolean
                                      )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_id": "string",
            "behavior_assessment_enabled": boolean,
            "cloudtrail_region": "string",
            "iam_role_arn": "string",
            "remediation_region": "string",
            "remediation_tou_accepted": "2023-07-06T17:32:12.655Z",
            "sensor_management_enabled": boolean
        }
    ]
}

response = falcon.command("PatchCSPMAwsAccount", body=BODY)
print(response)

Back to Table of Contents

GetCSPMAwsConsoleSetupURLs

Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.

PEP8 method name

get_aws_console_setup_urls

Endpoint

MethodRoute
GET/cloud-connect-cspm-aws/entities/console-setup-urls/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsThe AWS account ID(s) to retrieve setup URLs.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
region
Service Class Support

Uber Class Support
querystringRegion
template
Service Class Support

Uber Class Support
querystringTemplate to be rendered. Available values: aws-url, aws-iom-url, aws-ioa-url, aws-sensor-management-url, aws-dspm-url, aws-idp-url
use_existing_cloudtrail
Service Class Support

Uber Class Support
querystringBoolean flag indicating if the CloudTrail be used. (Accepted values: true or false)

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_aws_console_setup_urls(ids=id_list,
                                             region="string",
                                             template="string",
                                             use_existing_cloudtrail="boolean string"
                                             )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMAwsConsoleSetupURLs(ids=id_list,
                                             region="string",
                                             template="string",
                                             use_existing_cloudtrail="boolean string"
                                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMAwsConsoleSetupURLs",
                          ids=id_list,
                          region="string",
                          template="string",
                          use_existing_cloudtrail="boolean string"
                          )
print(response)

Back to Table of Contents

GetCSPMAwsAccountScriptsAttachment

Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.

PEP8 method name

get_aws_account_scripts_attachment

Endpoint

MethodRoute
GET/cloud-connect-cspm-aws/entities/user-scripts-download/v1

Required Scope

cspm-registration:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
accounts
Service Class Support

Uber Class Support
querystring or list of stringsList of accounts to register.
account_type
Service Class Support

Uber Class Support
querystringThe account type (commercial or gov).
aws_profile
Service Class Support

Uber Class Support
querystringThe AWS profile to be used during registration.
behavior_assessment_enabled
Service Class Support

Uber Class Support
querystringEnable behavior assessment. Allowed values: true or false
custom_role_name
Service Class Support

Uber Class Support
querystringThe custom IAM role to be used during registration.
dspm_enabled
Service Class Support

Uber Class Support
querystringEnable DSPM. Allowed values: true or false
dspm_regions
Service Class Support

Uber Class Support
querystring or list of stringsDSPM regions.
dspm_role
Service Class Support

Uber Class Support
querystringDSPM role.
ids
Service Class Support

Uber Class Support
querystring or list of stringsThe AWS account ID(s) to retrieve script attachments.
organization_id
Service Class Support

Uber Class Support
querystring or list of stringsThe AWS organization ID to be registered.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload as a dictionary.
sensor_management_enabled
Service Class Support

Uber Class Support
querystringEnable sensor management. Allowed values: true or false
template
Service Class Support

Uber Class Support
querystringTemplate to be rendered. Allowed values: aws-bash or aws-terraform
use_existing_cloudtrail
Service Class Support

Uber Class Support
querystringUse the existing cloudtrail log. Allowed values: true or false

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

account_list = "AC1,AC2,AC3"  # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3"  # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.

response = falcon.get_aws_account_scripts_attachment(accounts=account_list,
                                                     account_type="string",
                                                     aws_profile="string",
                                                     behavior_assessment_enabled="string",
                                                     custom_role_name="string",
                                                     dspm_enabled="string",
                                                     dspm_regions=dspm_region_list,
                                                     dspm_role="string",
                                                     ids=id_list,
                                                     organization_id=org_id_list,
                                                     sensor_management_enabled="string",
                                                     template="string",
                                                     use_existing_cloudtrail="string"
                                                     )

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

account_list = "AC1,AC2,AC3"  # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3"  # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.

response = falcon.GetCSPMAwsAccountScriptsAttachment(accounts=account_list,
                                                     account_type="string",
                                                     aws_profile="string",
                                                     behavior_assessment_enabled="string",
                                                     custom_role_name="string",
                                                     dspm_enabled="string",
                                                     dspm_regions=dspm_region_list,
                                                     dspm_role="string",
                                                     ids=id_list,
                                                     organization_id=org_id_list,
                                                     sensor_management_enabled="string",
                                                     template="string",
                                                     use_existing_cloudtrail="string"
                                                     )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

account_list = "AC1,AC2,AC3"  # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3"  # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.

response = falcon.command("GetCSPMAwsAccountScriptsAttachment", 
                          accounts=account_list,
                          account_type="string",
                          aws_profile="string",
                          behavior_assessment_enabled="string",
                          custom_role_name="string",
                          dspm_enabled="string",
                          dspm_regions=dspm_region_list,
                          dspm_role="string",
                          ids=id_list,
                          organization_id=org_id_list,
                          sensor_management_enabled="string",
                          template="string",
                          use_existing_cloudtrail="string"
                          )
print(response)

Back to Table of Contents

GetCSPMAzureAccount

Return information about Azure account registration

PEP8 method name

get_azure_account

Endpoint

MethodRoute
GET/cloud-connect-azure/entities/account/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
cspm_lite
Service Class Support

Uber Class Support
querybooleanOnly return CSPM lite accounts.
ids
Service Class Support

Uber Class Support
querystring or list of stringsSubscription ID(s). When empty, all accounts are returned.
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of results to return. (Default: 100)
offset
Service Class Support

Uber Class Support
queryintegerStarting record position.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
scan_type
Service Class Support

Uber Class Support
querystringType of scan to perform, dry or full.
status
Service Class Support

Uber Class Support
querystringAccount status to filter results by.
Allowed values:
  • Event_DiscoverAccountStatusProvisioned
  • Event_DiscoverAccountStatusOperational
tenant_ids
Service Class Support

Uber Class Support
querystring or list of stringsTenant ID(s) used to filter Azure accounts returned.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.get_azure_account(scan_type="string",
                                    cspm_lite=boolean,
                                    status="string",
                                    limit=integer,
                                    offset=integer,
                                    ids=id_list,
                                    tenant_ids=tenants
                                    )
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.GetCSPMAzureAccount(scan_type="string",
                                      cspm_lite=boolean,
                                      status="string",
                                      limit=integer,
                                      offset=integer,
                                      ids=id_list,
                                      tenant_ids=tenants
                                      )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.command("GetCSPMAzureAccount",
                          cspm_lite=boolean,
                          scan_type="string",
                          status="string",
                          limit=integer,
                          offset=integer,
                          ids=id_list,
                          tenant_ids=tenants
                          )
print(response)

Back to Table of Contents

CreateCSPMAzureAccount

Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.

PEP8 method name

create_azure_account

Endpoint

MethodRoute
POST/cloud-connect-azure/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
account_type
Service Class Support

Uber Class Support
bodystringAzure account type.
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
client_id
Service Class Support

Uber Class Support
bodystringClient ID.
default_subscription
Service Class Support

Uber Class Support
bodybooleanFlag indicating if this is the default Azure subscription.
subscription_id
Service Class Support

Uber Class Support
bodystringAzure Subscription ID.
tenant_id
Service Class Support

Uber Class Support
bodystringAzure tenant ID.
years_valid
Service Class Support

Uber Class Support
bodyintegerYears valid.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.create_azure_account(account_type="string",
                                       client_id="string",
                                       default_subscription=boolean,
                                       subscription_id="string",
                                       tenant_id="string",
                                       years_valid=integer
                                       )

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.CreateCSPMAzureAccount(account_type="string",
                                         client_id="string",
                                         default_subscription=boolean,
                                         subscription_id="string",
                                         tenant_id="string",
                                         years_valid=integer
                                         )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_type": "string",
            "client_id": "string",
            "default_subscription": boolean,
            "subscription_id": "string",
            "tenant_id": "string",
            "years_valid": integer
        }
    ]
}

response = falcon.command("CreateCSPMAzureAccount", body=BODY)

print(response)

Back to Table of Contents

DeleteCSPMAzureAccount

Deletes an Azure subscription from the system.

PEP8 method name

delete_azure_account

Endpoint

MethodRoute
DELETE/cloud-connect-cspm-azure/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsAzure subscription IDs to remove.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
retain_tenant
Service Class Support

Uber Class Support
querystringRetain tenant.
tenant_ids
Service Class Support

Uber Class Support
querystring or list of stringsTenant IDs to remove.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.delete_azure_account(ids=id_list, retain_tenant="string", tenant_ids=tenants)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.DeleteCSPMAzureAccount(ids=id_list, retain_tenants="string", tenant_ids=tenants)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

tenants = 'TENANT1,TENANT2,TENANT3'  # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']

response = falcon.command("DeleteCSPMAzureAccount",
                          ids=id_list,
                          retain_tenant="string",
                          tenant_ids=tenants
                          )

print(response)

Back to Table of Contents

UpdateCSPMAzureAccountClientID

Update an Azure service account in our system by with the user-created client_id created with the public key we've provided

PEP8 method name

update_azure_account_client_id

Endpoint

MethodRoute
PATCH/cloud-connect-azure/entities/client-id/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodystringThis field is not used. Ignore.
id
Service Class Support

Uber Class Support
querystring or list of stringsThe Azure Client ID to use for the Service Principal associated with the Azure account.
tenant_id
Service Class Support

Uber Class Support
querystring or list of stringsThe Azure tenant ID to update the Client ID for. Required if multiple tenants are registered.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.update_azure_account_client_id(id="string", tenant_id="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.UpdateCSPMAzureAccountClientID(id="string", tenant_id="string")
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("UpdateCSPMAzureAccountClientID", id="string", tenant_id="string")
print(response)

Back to Table of Contents

UpdateCSPMAzureTenantDefaultSubscriptionID

Update an Azure default subscription_id in our system for given tenant_id

PEP8 method name

update_azure_tenant_default_subscription_id

Endpoint

MethodRoute
PATCH/cloud-connect-cspm-azure/entities/default-subscription-id/v1

Required Scope

cspm-registration:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodystringThis field is not used. Ignore.
subscription_id
Service Class Support

Uber Class Support
querystring or list of stringsThe Azure subscription ID to use as a default for all subscriptions within the tenant.
tenant_id
Service Class Support

Uber Class Support
querystring or list of stringsThe Azure tenant ID to update the Client ID for. Required if multiple tenants are registered.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.update_azure_tenant_default_subscription_id(tenant_id="string",
                                                              subscription_id="string"
                                                              )
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.UpdateCSPMAzureTenantDefaultSubscriptionID(tenant_id="string",
                                                             subscription_id="string"
                                                             )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("UpdateCSPMAzureTenantDefaultSubscriptionID",
                          tenant_id="string",
                          subscription_id="string"
                          )
print(response)

Back to Table of Contents

AzureDownloadCertificate

Returns JSON object(s) that contain the base64 encoded certificate for a service principal.

PEP8 method name

azure_download_certificate

Endpoint

MethodRoute
GET/cloud-connect-cspm-azure/entities/download-certificate/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
refresh
Service Class Support

Uber Class Support
querybooleanForce a refresh of the certificate. Defaults to False.
tenant_id
Service Class Support

Uber Class Support
querystring or list of stringsThe Azure Client ID to generate script for. Defaults to the most recently registered tenant.
years_valid
Service Class Support

Uber Class Support
querystringThe number of years the certificate should be valid (only used when refresh=True).

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.azure_download_certificate(refresh=boolean,
                                             tenant_id="string",
                                             years_valid="string"
                                             )

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.AzureDownloadCertificate(refresh=boolean,
                                           tenant_id="string",
                                           years_valid="string"
                                           )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AzureDownloadCertificate",
                          refresh=boolean,
                          tenant_id="string",
                          years_valid="string"
                          )

print(response)

Back to Table of Contents

GetCSPMAzureUserScriptsAttachment

Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment

PEP8 method name

get_azure_user_scripts_attachment

Endpoint

MethodRoute
GET/cloud-connect-azure/entities/user-scripts-download/v1

Required Scope

cspm-registration:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
account_type
Service Class Support

Uber Class Support
querystringAccount type (gov or commercial).
azure_management_group
Service Class Support

Uber Class Support
querybooleanUse Azure Management Group.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
subscription_ids
Service Class Support

Uber Class Support
querystring or list of stringsSubscription IDs to generate scripts for. Defaults to all.
template
Service Class Support

Uber Class Support
querystring or list of stringsTemplate to be rendered.
tenant_id
Service Class Support

Uber Class Support
querystringThe Azure tenant ID to generate scripts for. Defaults to the most recently registered tenant.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

subscriptions = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.get_azure_user_scripts_attachment(account_type="string",
                                                    azure_management_group=boolean,
                                                    subscription_ids=subscriptions,
                                                    template="string",
                                                    tenant_id="string"
                                                    )
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

subscriptions = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.GetCSPMAzureUserScriptsAttachment(account_type="string",
                                                    azure_management_group=boolean,
                                                    subscription_ids=subscriptions,
                                                    template="string",
                                                    tenant_id="string"
                                                    )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCSPMAzureUserScriptsAttachment",
                          account_type="string",
                          azure_management_group=boolean,
                          subscription_ids=subscriptions,
                          template="string",
                          tenant_id="string"
                          )

print(response)

Back to Table of Contents

GetBehaviorDetections

Retrieve list of detected behaviors.

PEP8 method name

get_behavior_detections

Endpoint

MethodRoute
GET/detects/entities/ioa/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
account_id
Service Class Support

Uber Class Support
querystringCloud account ID (e.g.: AWS AccountID, Azure SubscriptionID).
aws_account_id
Service Class Support

Uber Class Support
querystringAWS Account ID.
azure_subscription_id
Service Class Support

Uber Class Support
querystringAzure Subscription ID.
azure_tenant_id
Service Class Support

Uber Class Support
querystringAzure Tenant ID.
cloud_provider
Service Class Support

Uber Class Support
querystringCloud Provider (azure, aws, gcp).
date_time_since
Service Class Support

Uber Class Support
querystringFilter to retrieve all events after specified date. RFC3339 format.
Example: 2006-01-01T12:00:01Z07:00.
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of results to return. (Max: 500)
next_token
Service Class Support

Uber Class Support
querystringString to get next page of results, associated with the previous execution. Must include all filters from previous execution.
resource_id
Service Class Support

Uber Class Support
querystring or list of stringsResource ID.
resource_uuid
Service Class Support

Uber Class Support
querystring or list of stringsResource UUID.
service
Service Class Support

Uber Class Support
querystringFilter by Cloud Service. A list of available services can be found here.
severity
Service Class Support

Uber Class Support
querystringFilter by severity.
Example: High, Medium or Informational.
state
Service Class Support

Uber Class Support
querystringFilter by state.
Example: open or closed.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
Available Services
ACMIdentity
ACRKMS
AnyKeyVault
App EngineKinesis
BigQueryKubernetes
Cloud Load BalancingLambda
Cloud LoggingLoadBalancer
Cloud SQLMonitor
Cloud StorageNLB/ALB
CloudFormationNetworkSecurityGroup
CloudTrailPostgreSQL
CloudWatch LogsRDS
CloudfrontRedshift
Compute EngineS3
ConfigSES
DiskSNS
DynamoDBSQLDatabase
EBSSQLServer
EC2SQS
ECRSSM
EFSServerless Application Repository
EKSStorageAccount
ELBSubscriptions
EMRVPC
ElasticacheVirtualMachine
GuardDutyVirtualNetwork
IAM 

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

res_ids = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

res_uuids = 'UUID1,UUID2,UUID3'  # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']

response = falcon.get_behavior_detections(account_id="string",
                                          aws_account_id="string",
                                          azure_subscription_id="string",
                                          azure_tenant_id="string",
                                          cloud_provider="string",
                                          date_time_since="string",
                                          limit=integer,
                                          next_token="string",
                                          resource_id=res_ids,
                                          resource_uuid=res_uuids,
                                          service="string",
                                          severity="string",
                                          state="string"
                                          )

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

res_ids = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

res_uuids = 'UUID1,UUID2,UUID3'  # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']

response = falcon.GetBehaviorDetections(account_id="string",
                                        aws_account_id="string",
                                        azure_subscription_id="string",
                                        azure_tenant_id="string",
                                        cloud_provider="string",
                                        date_time_since="string",
                                        limit=integer,
                                        next_token="string",
                                        resource_id=res_ids,
                                        resource_uuid=res_uuids,
                                        service="string",
                                        severity="string",
                                        state="string"
                                        )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

res_ids = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

res_uuids = 'UUID1,UUID2,UUID3'  # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']

response = falcon.command("GetBehaviorDetections",
                          account_id="string",
                          aws_account_id="string",
                          azure_subscription_id="string",
                          azure_tenant_id="string",
                          cloud_provider="string",
                          date_time_since="string",
                          limit=integer,
                          next_token="string",
                          resource_id=res_ids,
                          resource_uuid=res_uuids,
                          service="string",
                          severity="string",
                          state="string"
                          )

print(response)

Back to Table of Contents

GetConfigurationDetections

Retrieve list of detected behaviors.

PEP8 method name

get_configuration_detections

Endpoint

MethodRoute
GET/detects/entities/iom/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
account_id
Service Class Support

Uber Class Support
querystringCloud account ID (e.g.: AWS AccountID, Azure SubscriptionID).
aws_account_id
Service Class Support

Uber Class Support
querystringAWS Account ID.
azure_subscription_id
Service Class Support

Uber Class Support
querystringAzure Subscription ID.
azure_tenant_id
Service Class Support

Uber Class Support
querystringAzure Tenant ID.
cloud_provider
Service Class Support

Uber Class Support
querystringCloud Provider (azure, aws, gcp).
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of results to return. (Max: 500)
next_token
Service Class Support

Uber Class Support
querystringString to get next page of results, associated with the previous execution. Must include all filters from previous execution.
region
Service Class Support

Uber Class Support
querystringCloud Provider Region.
Example: us-east-1.
service
Service Class Support

Uber Class Support
querystringFilter by Cloud Service. A list of available services can be found here.
severity
Service Class Support

Uber Class Support
querystringFilter by severity.
Example: High, Medium or Informational.
status
Service Class Support

Uber Class Support
querystringFilter by status.
Example: new, reoccurring or all.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
Available Services
ACMIdentity
ACRKMS
AnyKeyVault
App EngineKinesis
BigQueryKubernetes
Cloud Load BalancingLambda
Cloud LoggingLoadBalancer
Cloud SQLMonitor
Cloud StorageNLB/ALB
CloudFormationNetworkSecurityGroup
CloudTrailPostgreSQL
CloudWatch LogsRDS
CloudfrontRedshift
Compute EngineS3
ConfigSES
DiskSNS
DynamoDBSQLDatabase
EBSSQLServer
EC2SQS
ECRSSM
EFSServerless Application Repository
EKSStorageAccount
ELBSubscriptions
EMRVPC
ElasticacheVirtualMachine
GuardDutyVirtualNetwork
IAM 

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.get_configuration_detections(account_id="string",
                                               aws_account_id="string",
                                               azure_subscription_id="string",
                                               azure_tenant_id="string",
                                               cloud_provider="string",
                                               limit=integer,
                                               next_token="string",
                                               region="string,
                                               service="string",
                                               severity="string",
                                               status="string"
                                               )
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.GetConfigurationDetections(account_id="string",
                                             aws_account_id="string",
                                             azure_subscription_id="string",
                                             azure_tenant_id="string",
                                             cloud_provider="string",
                                             limit=integer,
                                             next_token="string",
                                             region="string",
                                             service="string",
                                             severity="string",
                                             status="string"
                                             )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetConfigurationDetections",
                          account_id="string",
                          aws_account_id="string",
                          azure_subscription_id="string",
                          azure_tenant_id="string",
                          cloud_provider="string",
                          limit=integer,
                          next_token="string",
                          region="string",
                          service="string",
                          severity="string",
                          status="string"
                          )
print(response)

Back to Table of Contents

GetConfigurationDetectionEntities

Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.

PEP8 method name

get_configuration_detection_entities

Endpoint

MethodRoute
GET/detects/entities/iom/v2

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsDetection IDs to retrieve.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_configuration_detection_entities(ids=id_list)

print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetConfigurationDetectionEntities(ids=id_list)

print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetConfigurationDetectionEntities", ids=id_list)

print(response)

Back to Table of Contents

GetConfigurationDetectionIDsV2

Get list of active misconfiguration ids - including custom policy detections in addition to default policy detections.

PEP8 method name

get_configuration_detection_ids_v2

Endpoint

MethodRoute
GET/detects/queries/iom/v2

Required Scope

cspm-registration:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
offset
Service Class Support

Uber Class Support
queryintegerThe offset to start retrieving detections from
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
limit
Service Class Support

Uber Class Support
queryintegerThe maximum number of detections to return. [1-1000]
sort
Service Class Support

Uber Class Support
querystringThe property to sort by (e.g. timestamp|desc or policy_id|asc)

Default: timestamp|desc

Available fields:
  • account_name
  • account_id
  • attack_types
  • azure_subscription_id
  • cloud_provider
  • cloud_service_keyword
  • status
  • is_managed
  • policy_id
  • policy_type
  • resource_id
  • region
  • scan_time
  • severity
  • severity_string
  • timestamp
filter
Service Class Support

Uber Class Support
querystringThe FQL filter expression that should be used to limit the results.

Available filters:
  • use_current_scan_ids (use this to get records for latest scans)
  • account_name
  • account_id
  • agent_id
  • attack_types
  • azure_subscription_id
  • cloud_provider
  • cloud_service_keyword
  • custom_policy_id
  • is_managed
  • policy_id
  • policy_type
  • resource_id
  • region
  • status
  • scan_time
  • severity
  • severity_string
next_token
Service Class Support

Uber Class Support
querystringString to get next page of results. Cannot be combined with any other keyword except limit.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.get_configuration_detection_ids_v2(offset=integer,
                                                     limit=integer,
                                                     sort="string",
                                                     filter="string",
                                                     next_token="string"
                                                     )

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.GetConfigurationDetectionIDsV2(offset=integer,
                                                 limit=integer,
                                                 sort="string",
                                                 filter="string",
                                                 next_token="string"
                                                 )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetConfigurationDetectionIDsV2",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string",
                          next_token="string"
                          )

print(response)

Back to Table of Contents

GetCSPMPolicy

Given a policy ID, returns detailed policy information.

PEP8 method name

get_policy

Endpoint

MethodRoute
GET/settings/entities/policy-details/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsPolicy IDs to retrieve.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policy(ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMPolicy(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMPolicy", ids=id_list)
print(response)

Back to Table of Contents

GetCSPMPoliciesDetails

Given an array of policy IDs, returns detailed policies information.

PEP8 method name

get_policy_details

Endpoint

MethodRoute
GET/settings/entities/policy-details/v2

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsDetection IDs to retrieve.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policy_details(ids=id_list)

print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetPoliciesDetails(ids=id_list)

print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetPoliciesDetails", ids=id_list)

print(response)

Back to Table of Contents

GetCSPMPolicySettings

Returns information about current policy settings.

PEP8 method name

get_policy_settings

Endpoint

MethodRoute
GET/settings/entities/policy/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
cloud_platform
Service Class Support

Uber Class Support
querystringCloud Provider (azure, aws, gcp).
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
policy_id
Service Class Support

Uber Class Support
querystringIOA Policy ID.
service
Service Class Support

Uber Class Support
querystringFilter by Service type.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.get_policy_settings(service="string",
                                      policy_id="string",
                                      cloud_platform="string"
                                      )
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.GetCSPMPolicySettings(service="string",
                                        policy_id="string",
                                        cloud_platform="string"
                                        )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCSPMPolicySettings",
                          service="string",
                          policy_id="string",
                          cloud_platform="string"
                          )
print(response)

Back to Table of Contents

UpdateCSPMPolicySettings

Updates a policy setting - can be used to override policy severity or to disable a policy entirely.

PEP8 method name

update_policy_settings

Endpoint

MethodRoute
PATCH/settings/entities/policy/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
account_id
Service Class Support

Uber Class Support
bodystringCloud Account ID to impact.
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
enabled
Service Class Support

Uber Class Support
bodybooleanFlag indicating if this policy is enabled.
policy_id
Service Class Support

Uber Class Support
bodyintegerPolicy ID to be updated.
regions
Service Class Support

Uber Class Support
bodystring or list of stringsList of regions where this policy is enforced.
severity
Service Class Support

Uber Class Support
bodystringPolicy severity value.
tag_excluded
Service Class Support

Uber Class Support
bodybooleanTag exclusion flag.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

region_list = 'REG1,REG2,REG3'  # Can also pass a list here: ['REG1', 'REG2', 'REG3']

response = falcon.update_policy_settings(account_id="string",
                                         enabled=boolean,
                                         policy_id=integer,
                                         regions=region_list
                                         severity="string",
                                         tag_excluded=boolean
                                         )
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

region_list = 'REG1,REG2,REG3'  # Can also pass a list here: ['REG1', 'REG2', 'REG3']

response = falcon.UpdateCSPMPolicySettings(account_id="string",
                                           enabled=boolean,
                                           policy_id=integer,
                                           regions=region_list
                                           severity="string",
                                           tag_excluded=boolean
                                           )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
        "account_id": "string",
        "enabled": boolean,
        "policy_id": integer,
        "regions": [
            "string"
        ],
        "severity": "string",
        "tag_excluded": boolean
        }
    ]
}

response = falcon.command("UpdateCSPMPolicySettings", body=BODY)
print(response)

Back to Table of Contents

GetCSPMScanSchedule

Returns scan schedule configuration for one or more cloud platforms.

PEP8 method name

get_scan_schedule

Endpoint

MethodRoute
GET/settings/scan-schedule/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
cloud_platform
Service Class Support

Uber Class Support
querystring or list of stringsThe Cloud Platform. (azure, aws, gcp)
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

clouds = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_scan_schedule(cloud_platform=clouds)
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

clouds = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMScanSchedule(cloud_platform=clouds)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

clouds = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMScanSchedule", cloud_platform=clouds)
print(response)

Back to Table of Contents

UpdateCSPMScanSchedule

Updates scan schedule configuration for one or more cloud platforms.

PEP8 method name

update_scan_schedule

Endpoint

MethodRoute
POST/settings/scan-schedule/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
cloud_platform
Service Class Support

Uber Class Support
bodystringCloud platform (Azure, AWS, GCP).
next_scan_timestamp
Service Class Support

Uber Class Support
bodystringUTC formatted string.
scan_schedule
Service Class Support

Uber Class Support
bodystringScan schedule type.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.update_scan_schedule(cloud_platform="string",
                                       next_scan_timestampt="string",
                                       scan_schedule="string"
                                       )
print(response)

Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.UpdateCSPMScanSchedule(cloud_platform="string",
                                         next_scan_timestampt="string",
                                         scan_schedule="string"
                                         )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "cloud_platform": "string",
            "next_scan_timestamp": "2021-10-25T05:22:27.365Z",
            "scan_schedule": "string"
        }
    ]
}

response = falcon.command("UpdateCSPMScanSchedule", body=BODY)
print(response)

Back to Table of Contents

GetCSPMAzureManagementGroup

Return information about Azure management group registration

PEP8 method name

get_azure_management_group

Endpoint

MethodRoute
GET/cloud-connect-cspm-azure/entities/management-group/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
tenant_ids
Service Class Support

Uber Class Support
querystring or list of stringsTenant ids to filter azure accounts
limit
Service Class Support

Uber Class Support
queryintegerThe maximum records to return. Defaults to 100.
offset
Service Class Support

Uber Class Support
queryintegerThe offset to start retrieving records from

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_management_group(tenant_ids=id_list,
                                             limit=integer,
                                             offset=integer
                                             )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMAzureManagementGroup(tenant_ids=id_list,
                                              limit=integer,
                                              offset=integer
                                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMAzureManagementGroup", 
                          tenant_ids=id_list,
                          limit=integer,
                          offset=integer
                          )
print(response)

DeleteCSPMAzureManagementGroup

Deletes Azure management groups from the system.

PEP8 method name

delete_azure_management_group

Endpoint

MethodRoute
DELETE/cloud-connect-cspm-azure/entities/management-group/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
parametersService Class SupportUber Class SupportquerydictionaryFull query string parameters payload in JSON format.
tenant_idsService Class SupportUber Class Supportquerystring or list of stringsTenant IDs to remove.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_azure_management_group(tenant_ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteCSPMAzureManagementGroup(tenant_ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteCSPMAzureManagementGroup", tenant_ids=id_list)

print(response)

CreateCSPMAzureManagementGroup

Creates a new management group in our system for a customer.

PEP8 method name

default_subscription_id--IDofthedefaultazuresubscription.String.

Endpoint

MethodRoute
POST/cloud-connect-cspm-azure/entities/management-group/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
:white_check_mark:bodybodystring
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
default_subscription_id
Service Class Support

Uber Class Support
bodystringAWS Account ID.
tenant_id
Service Class Support

Uber Class Support
bodystringAWS Account ID.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.create_azure_management_group(default_subscription_id="string",
                                                tenant_id="string"
                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.CreateCSPMAzureManagementGroup(default_subscription_id="string",
                                                 tenant_id="string"
                                                 )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "default_subscription_id": "string"
            "tenant_id": "string",
        }
    ]
}

response = falcon.command("CreateCSPMAzureManagementGroup", body=body_payload)

print(response)

GetCSPMCGPAccount

Returns information about the current status of an GCP account.

PEP8 method name

get_gcp_account

Endpoint

MethodRoute
GET/cloud-connect-cspm-gcp/entities/account/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsHierarchical Resource IDs of accounts.
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of results to return. (Default: 100)
offset
Service Class Support

Uber Class Support
queryintegerStarting record position.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
parent_type
Service Class Support

Uber Class Support
querystringGCP Hierarchy Parent Type in organization/folder/project format.
scan_type
Service Class Support

Uber Class Support
querystringType of scan to perform, dry or full.
status
Service Class Support

Uber Class Support
querystringAccount status to filter results by.
sort
Service Class Support

Uber Class Support
querystringOrder fields in ascending or descending order. Example: parent_type|asc

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_gcp_account(parent_type="string",
                                  scan_type="string",
                                  status="string",
                                  limit=integer,
                                  offset=integer,
                                  sort="string",
                                  ids=id_list
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMCGPAccount(parent_type="string",
                                    scan_type="string",
                                    status="string",
                                    limit=integer,
                                    offset=integer,
                                    sort="string",
                                    ids=id_list
                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMCGPAccount",
                          parent_type="string",
                          scan_type="string",
                          status="string",
                          limit=integer,
                          offset=integer,
                          sort="string",
                          ids=id_list
                          )
print(response)

CreateCSPMGCPAccount

Creates a new account and generates a new service account to add access to your GCP environment.

PEP8 method name

create_gcp_account

Endpoint

MethodRoute
POST/cloud-connect-cspm-gcp/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
parent_id
Service Class Support

Uber Class Support
bodystringParent ID.
parent_type
Service Class Support

Uber Class Support
bodystringParent Type.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.create_gcp_account(parent_id="string", parent_type="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.CreateCSPMGCPAccount(parent_id="string", parent_type="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "parent_id": "string",
            "parent_type": "string"
        }
    ]
}

response = falcon.command("CreateCSPMGCPAccount", body=body_payload)

print(response)

DeleteCSPMGCPAccount

Deletes a GCP account from the system.

PEP8 method name

delete_gcp_account

Endpoint

MethodRoute
DELETE/cloud-connect-cspm-gcp/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsHierarchical Resource IDs of accounts to delete.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_gcp_account(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteCSPMGCPAccount(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteCSPMGCPAccount", ids=id_list)

print(response)

UpdateCSPMGCPAccount

Updates an existing GCP account.

PEP8 method name

update_gcp_account

Endpoint

MethodRoute
PATCH/cloud-connect-cspm-gcp/entities/account/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
environment
Service Class Support

Uber Class Support
bodystringEnvironment.
parent_id
Service Class Support

Uber Class Support
bodystringParent ID.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.update_gcp_account(environment="string", parent_id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.UpdateCSPMGCPAccount(environment="string", parent_id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "environment": "string",
            "parent_id": "string"
        }
    ]
}

response = falcon.command("UpdateCSPMGCPAccount", body=body_payload)

print(response)

ConnectCSPMGCPAccount

Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id.

PEP8 method name

connect_gcp_account

Endpoint

MethodRoute
POST/cloud-connect-cspm-gcp/entities/account/v2

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
client_email
Service Class Support

Uber Class Support
bodystringGCP client email.
client_id
Service Class Support

Uber Class Support
bodystringGCP client ID.
parent_id
Service Class Support

Uber Class Support
bodystringParent ID.
parent_type
Service Class Support

Uber Class Support
bodystringParent type.
private_key
Service Class Support

Uber Class Support
bodystringGCP private key.
private_key_id
Service Class Support

Uber Class Support
bodystringGCP private key ID.
project_id
Service Class Support

Uber Class Support
bodystringGCP project ID.
service_account_id
Service Class Support

Uber Class Support
bodyintegerGCP service account ID.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.connect_gcp_account(client_email="string",
                                      client_id="string",
                                      parent_id="string",
                                      parent_type="string",
                                      private_key="string",
                                      private_key_id="string",
                                      project_id="string",
                                      service_account_id=integer
                                      )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.ConnectCSPMGCPAccount(client_email="string",
                                        client_id="string",
                                        parent_id="string",
                                        parent_type="string",
                                        private_key="string",
                                        private_key_id="string",
                                        project_id="string",
                                        service_account_id=integer
                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "client_email": "string",
            "client_id": "string",
            "parent_id": "string",
            "parent_type": "string",
            "private_key": "string",
            "private_key_id": "string",
            "project_id": "string",
            "service_account_id": integer
        }
    ]
}

response = falcon.command("ConnectCSPMGCPAccount", body=body_payload)

print(response)

GetCSPMGCPServiceAccountsExt

Returns the service account id and client email for external clients.

PEP8 method name

get_gcp_service_account

Endpoint

MethodRoute
GET/cloud-connect-cspm-gcp/entities/service-accounts/v1

Required Scope

cspm-registration:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
id
Service Class Support

Uber Class Support
querystringService account ID to retrieve.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.get_gcp_service_account(id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.GetCSPMGCPServiceAccountsExt(id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCSPMGCPServiceAccountsExt", id="string")

print(response)

UpdateCSPMGCPServiceAccountsExt

Updates an existing GCP service account.

PEP8 method name

update_gcp_service_account

Endpoint

MethodRoute
PATCH/cloud-connect-cspm-gcp/entities/service-accounts/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
client_email
Service Class Support

Uber Class Support
bodystringClient email associated with the account.
client_id
Service Class Support

Uber Class Support
bodystringGCP Client ID.
private_key
Service Class Support

Uber Class Support
bodystringGCP private key.
private_key_id
Service Class Support

Uber Class Support
bodystringGCP private key ID.
project_id
Service Class Support

Uber Class Support
bodystringGCP project ID.
service_account_conditions
Service Class Support

Uber Class Support
bodylist of dictionariesGCP service account conditions.
service_account_id
Service Class Support

Uber Class Support
bodyintegerGCP service account ID.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

conditions = [
    {
        "feature": "string",
        "is_visible": boolean,
        "last_transition": "UTC date string",
        "message": "string",
        "reason": "string",
        "status": "string",
        "type": "string"
    }
]

response = falcon.update_gcp_service_account(client_email="string",
                                             client_id="string",
                                             private_key="string",
                                             private_key_id="string",
                                             project_id="string",
                                             service_account_conditions=conditions,
                                             service_account_id=integer
                                             )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

conditions = [
    {
        "feature": "string",
        "is_visible": boolean,
        "last_transition": "UTC date string",
        "message": "string",
        "reason": "string",
        "status": "string",
        "type": "string"
    }
]

response = falcon.UpdateCSPMGCPServiceAccountExt(client_email="string",
                                                 client_id="string",
                                                 private_key="string",
                                                 private_key_id="string",
                                                 project_id="string",
                                                 service_account_conditions=conditions,
                                                 service_account_id=integer
                                                 )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "client_email": "string",
            "client_id": "string",
            "private_key": "string",
            "private_key_id": "string",
            "project_id": "string",
            "service_account_conditions": [
                {
                    "feature": "string",
                    "is_visible": boolean,
                    "last_transition": "UTC date string",
                    "message": "string",
                    "reason": "string",
                    "status": "string",
                    "type": "string"
                }
            ],
            "service_account_id": integer
        }
    ]
}

response = falcon.command("UpdateCSPMGCPServiceAccountsExt", body=body_payload)

print(response)

GetCSPMGCPUserScriptsAttachment

Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment

PEP8 method name

get_gcp_user_scripts_attachment

Endpoint

MethodRoute
GET/cloud-connect-cspm-gcp/entities/user-scripts-download/v1

Required Scope

cspm-registration:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsHierarchical Resource IDs of accounts.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
parent_type
Service Class Support

Uber Class Support
querystringGCP Hierarchy Parent Type. Allowed values: organization, folder or project

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_gcp_user_scripts_attachment(parent_type="string", ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMGCPUserScriptsAttachment(parent_type="string", ids=id_list)

print(response)
Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMGCPUserScriptsAttachment", parent_type="string", ids=id_list)

print(response)

GetCSPMGCPValidateAccountsExt

Run a synchronous health check.

PEP8 method name

validate_gcp_account

Endpoint

MethodRoute
POST/cloud-connect-cspm-gcp/entities/account/validate/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
resources
Service Class Support

Uber Class Support
bodystring or list of stringsGCP Account IDs to validate.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.validate_gcp_account(resources=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMGCPValidateAccountsExt(resources=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

body_payload = {
    "resources": id_list
}

response = falcon.command("GetCSPMGCPValidateAccountsExt", body=body_payload)

print(response)

ValidateCSPMGCPServiceAccountExt

Validates credentials for a service account

PEP8 method name

validate_gcp_service_account

Endpoint

MethodRoute
POST/cloud-connect-cspm-gcp/entities/service-accounts/validate/v1

Required Scope

cspm-registration:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
client_email
Service Class Support

Uber Class Support
bodystringClient email associated with the service account.
client_id
Service Class Support

Uber Class Support
bodystringGCP Client ID.
private_key
Service Class Support

Uber Class Support
bodystringGCP private key.
private_key_id
Service Class Support

Uber Class Support
bodystringGCP private key ID.
project_id
Service Class Support

Uber Class Support
bodystringGCP project ID.
resources
Service Class Support

Uber Class Support
bodylist of dictionariesList of GCP service accounts to validate. Overrides other keywords except for body if used.
service_account_conditions
Service Class Support

Uber Class Support
bodylist of dictionariesGCP service account conditions.
service_account_id
Service Class Support

Uber Class Support
bodyintegerGCP service account ID.

Usage

Service class example (PEP8 syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

svc_conditions: [
    {
        "last_transition": "UTC date string",
        "message": "string",
        "reason": "string",
        "status": "string",
        "type": "string"
    }
]

response = falcon.validate_gcp_service_account(client_email="string",
                                               client_id="string",
                                               private_key="string",
                                               private_key_id="string",
                                               project_id="string",
                                               service_account_conditions=svc_conditions,
                                               service_account_id=integer
                                               )
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration

# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

svc_conditions: [
    {
        "last_transition": "UTC date string",
        "message": "string",
        "reason": "string",
        "status": "string",
        "type": "string"
    }
]

response = falcon.ValidateCSPMGCPServiceAccountExt(client_email="string",
                                                   client_id="string",
                                                   private_key="string",
                                                   private_key_id="string",
                                                   project_id="string",
                                                   service_account_conditions=svc_conditions,
                                                   service_account_id=integer
                                                   )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "client_email": "string",
            "client_id": "string",
            "private_key": "string",
            "private_key_id": "string",
            "project_id": "string",
            "service_account_conditions": [
                {
                    "last_transition": "UTC date string",
                    "message": "string",
                    "reason": "string",
                    "status": "string",
                    "type": "string"
                }
            ],
            "service_account_id": 0
        }
    ]
}


response = falcon.command("ValidateCSPMGCPServiceAccountExt", body=body_payload)

print(response)