Using the Certificate Based Exclusions service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Find all exclusion IDs matching the query with filter | ||||
| Create new Certificate Based Exclusions. | ||||
| Delete the exclusions by id | ||||
| Updates existing Certificate Based Exclusions | ||||
| Retrieves certificate signing information for a file | ||||
| Search for cert-based exclusions. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
cb_exclusions_get_v1
Find all exclusion IDs matching the query with filter.
PEP8 method name
get_exclusions
Endpoint
| Method | Route |
|---|---|
 | /exclusions/entities/cert-based-exclusions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |  | | query | string or list of strings | The ids of the exclusions to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_exclusions(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.cb_exclusions_get_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("cb_exclusions_get_v1", ids=id_list)
print(response)
Back to Table of Contents
cb_exclusions_create_v1
Create new Certificate Based Exclusions.
PEP8 method name
create_exclusions
Endpoint
| Method | Route |
|---|---|
 | /exclusions/entities/cert-based-exclusions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| applied_globally | |  | body | boolean | Boolean flag indicating if this exclusion is applied globally. |
| body | |  | body | dictionary | Full body payload in JSON format. |
| certificate | | | body | dictionary | Dictionary describing the certificate. |
| children_cids | | | body | string or list of strings | List of child CIDs to apply this exclusion to. |
| comment | | | body | string | Exclusion comment. |
| created_by | | | body | string | Exclusion created by. |
| created_on | | | body | string | Exclusion creation date. UTC date formatted string. |
| description | | | body | string | Exclusion description. |
| host_groups | | | body | string or list of strings | List of host groups to apply this exclusion to. |
| issuer | | | body | string | Certificate issuer. Overwritten if certificate keyword is provided. |
| modified_by | | | body | string | Exclusion modified by. |
| modified_on | | | body | string | Exclusion last modification date. UTC date formatted string. |
| name | | | body | string | Exclusion name. |
| serial | | | body | string | Certificate serial. Overwritten if certificate keyword is provided. |
| status | | | body | string | Exclusion status. |
| subject | | | body | string | Certificate subject. Overwritten if certificate keyword is provided. |
| thumbprint | | | body | string | Certificate thumbprint. Overwritten if certificate keyword is provided. |
| valid_from | | | body | string | Certificate valid from date. UTC date formatted string. Overwritten if certificate keyword is provided. |
| valid_to | | | body | string | Certificate valid to date. UTC date formatted string. Overwritten if certificate keyword is provided. |
Usage
Service class example (PEP8 syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
child_ids = 'CID1,CID2,CID3' # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3' # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']
response = falcon.create_exclusions(applied_globally=boolean,
children_cids=child_ids,
comment="string",
created_by="string",
created_on="string",
description="string",
host_groups=host_group_ids,
issuer="string",
modified_by="string",
modified_on="string",
name="string",
serial="string",
status="string",
subject="string",
thumbprint="string",
valid_from="string",
valid_to="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
child_ids = 'CID1,CID2,CID3' # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3' # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']
response = falcon.cb_exclusions_create_v1(applied_globally=boolean,
children_cids=child_ids,
comment="string",
created_by="string",
created_on="string",
description="string",
host_groups=host_group_ids,
issuer="string",
modified_by="string",
modified_on="string",
name="string",
serial="string",
status="string",
subject="string",
thumbprint="string",
valid_from="string",
valid_to="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
child_ids = 'CID1,CID2,CID3' # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3' # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']
body_payload = {
"exclusions": [
{
"applied_globally": boolean,
"certificate": {
"issuer": "string",
"serial": "string",
"subject": "string",
"thumbprint": "string",
"valid_from": "UTC string",
"valid_to": "UTC string"
},
"children_cids": [
"string"
],
"comment": "string",
"created_by": "string",
"created_on": "UTC string",
"description": "string",
"host_groups": [
"string"
],
"modified_by": "string",
"modified_on": "UTC string",
"name": "string",
"status": "string"
}
]
}
response = falcon.command("cb_exclusions_create_v1", body=body_payload)
print(response)
Back to Table of Contents
cb_exclusions_delete_v1
Delete the exclusions by ID.
PEP8 method name
delete_exclusions
Endpoint
| Method | Route |
|---|---|
 | /exclusions/entities/cert-based-exclusions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The IDs of the exclusions to delete. |
| comment | | | query | string | The comment why these exclusions were deleted. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_exclusions(comment="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.cb_exclusions_delete_v1(comment="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"comment": "string"
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("cb_exclusions_delete_v1", parameters=PARAMS, ids=id_list)
print(response)
Back to Table of Contents
cb_exclusions_update_v1
Updates existing Certificate Based Exclusions.
PEP8 method name
update_exclusions
Endpoint
| Method | Route |
|---|---|
 | /exclusions/entities/cert-based-exclusions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| applied_globally | | | body | boolean | Boolean flag indicating if this exclusion is applied globally. |
| body | | | body | dictionary | Full body payload in JSON format. |
| certificate | | | body | dictionary | Dictionary describing the certificate. |
| children_cids | | | body | string or list of strings | List of child CIDs to apply this exclusion to. |
| comment | | | body | string | Exclusion comment. |
| created_by | | | body | string | Exclusion created by. |
| created_on | | | body | string | Exclusion creation date. UTC date formatted string. |
| description | | | body | string | Exclusion description. |
| host_groups | | | body | string or list of strings | List of host groups to apply this exclusion to. |
| issuer | | | body | string | Certificate issuer. Overwritten if certificate keyword is provided. |
| modified_by | | | body | string | Exclusion modified by. |
| modified_on | | | body | string | Exclusion last modification date. UTC date formatted string. |
| name | | | body | string | Exclusion name. |
| serial | | | body | string | Certificate serial. Overwritten if certificate keyword is provided. |
| status | | | body | string | Exclusion status. |
| subject | | | body | string | Certificate subject. Overwritten if certificate keyword is provided. |
| thumbprint | | | body | string | Certificate thumbprint. Overwritten if certificate keyword is provided. |
| valid_from | | | body | string | Certificate valid from date. UTC date formatted string. Overwritten if certificate keyword is provided. |
| valid_to | | | body | string | Certificate valid to date. UTC date formatted string. Overwritten if certificate keyword is provided. |
Usage
Service class example (PEP8 syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
child_ids = 'CID1,CID2,CID3' # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3' # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']
response = falcon.update_exclusions(applied_globally=boolean,
children_cids=child_ids,
comment="string",
created_by="string",
created_on="string",
description="string",
host_groups=host_group_ids,
issuer="string",
modified_by="string",
modified_on="string",
name="string",
serial="string",
status="string",
subject="string",
thumbprint="string",
valid_from="string",
valid_to="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
child_ids = 'CID1,CID2,CID3' # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3' # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']
response = falcon.cb_exclusions_update_v1(applied_globally=boolean,
children_cids=child_ids,
comment="string",
created_by="string",
created_on="string",
description="string",
host_groups=host_group_ids,
issuer="string",
modified_by="string",
modified_on="string",
name="string",
serial="string",
status="string",
subject="string",
thumbprint="string",
valid_from="string",
valid_to="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
child_ids = 'CID1,CID2,CID3' # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3' # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']
body_payload = {
"resources": [
{
"applied_globally": boolean,
"certificate": {
"issuer": "string",
"serial": "string",
"subject": "string",
"thumbprint": "string",
"valid_from": "UTC string",
"valid_to": "UTC string"
},
"children_cids": child_ids,
"comment": "string",
"created_by": "string",
"created_on": "UTC string",
"description": "string",
"host_groups": host_group_ids,
"modified_by": "string",
"modified_on": "UTC string",
"name": "string",
"status": "string"
}
]
}
response = falcon.command("cb_exclusions_update_v1", body=body_payload)
print(response)
Back to Table of Contents
certificates_get_v1
Retrieves certificate signing information for a file
PEP8 method name
get_certificates
Endpoint
| Method | Route |
|---|---|
| /exclusions/entities/certificates/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | The SHA256 hash of the file to retrieve certificate signing info for. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_certificates(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.certificates_get_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("certificates_get_v1", ids=id_list)
print(response)
Back to Table of Contents
cb_exclusions_query_v1
Search for cert-based exclusions.
PEP8 method name
query_certificates
Endpoint
| Method | Route |
|---|---|
| /exclusions/queries/cert-based-exclusions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | The filter expression that should be used to limit the results. |
| limit | | | query | integer | The maximum records to return. [1-100] |
| offset | | | query | integer | The offset to start retrieving records from |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| sort | | | query | string | The sort expression that should be used to sort the results. |
Usage
Service class example (PEP8 syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_certificates(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CertificateBasedExclusions
falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.cb_exclusions_query_v1(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("cb_exclusions_query_v1",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Back to Table of Contents