Using the Certificate Based Exclusions service collection

Documentation Version

Operation ID

Description

cb_exclusions_get_v1
PEP8	get_exclusions

Find all exclusion IDs matching the query with filter

cb_exclusions_create_v1
PEP8	create_exclusions

Create new Certificate Based Exclusions.

cb_exclusions_delete_v1
PEP8	delete_exclusions

Delete the exclusions by id

cb_exclusions_update_v1
PEP8	update_exclusions

Updates existing Certificate Based Exclusions

certificates_get_v1
PEP8	get_certificates

Retrieves certificate signing information for a file

cb_exclusions_query_v1
PEP8	query_certificates

Search for cert-based exclusions.

cb_exclusions_get_v1

Find all exclusion IDs matching the query with filter.

PEP8 method name

get_exclusions

Endpoint

Method	Route
	`/exclusions/entities/cert-based-exclusions/v1`

Required Scope

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	The ids of the exclusions to retrieve.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_exclusions(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.cb_exclusions_get_v1(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("cb_exclusions_get_v1", ids=id_list)
print(response)

Back to Table of Contents

cb_exclusions_create_v1

Create new Certificate Based Exclusions.

PEP8 method name

create_exclusions

Endpoint

Method	Route
	`/exclusions/entities/cert-based-exclusions/v1`

Required Scope

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
applied_globally	body	boolean	Boolean flag indicating if this exclusion is applied globally.
body	body	dictionary	Full body payload in JSON format.
certificate	body	dictionary	Dictionary describing the certificate.
children_cids	body	string or list of strings	List of child CIDs to apply this exclusion to.
comment	body	string	Exclusion comment.
created_by	body	string	Exclusion created by.
created_on	body	string	Exclusion creation date. UTC date formatted string.
description	body	string	Exclusion description.
host_groups	body	string or list of strings	List of host groups to apply this exclusion to.
issuer	body	string	Certificate issuer. Overwritten if `certificate` keyword is provided.
modified_by	body	string	Exclusion modified by.
modified_on	body	string	Exclusion last modification date. UTC date formatted string.
name	body	string	Exclusion name.
serial	body	string	Certificate serial. Overwritten if `certificate` keyword is provided.
status	body	string	Exclusion status.
subject	body	string	Certificate subject. Overwritten if `certificate` keyword is provided.
thumbprint	body	string	Certificate thumbprint. Overwritten if `certificate` keyword is provided.
valid_from	body	string	Certificate valid from date. UTC date formatted string. Overwritten if `certificate` keyword is provided.
valid_to	body	string	Certificate valid to date. UTC date formatted string. Overwritten if `certificate` keyword is provided.

Usage

Service class example (PEP8 syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

child_ids = 'CID1,CID2,CID3'  # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3'  # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']

response = falcon.create_exclusions(applied_globally=boolean,
                                    children_cids=child_ids,
                                    comment="string",
                                    created_by="string",
                                    created_on="string",
                                    description="string",
                                    host_groups=host_group_ids,
                                    issuer="string",
                                    modified_by="string",
                                    modified_on="string",
                                    name="string",
                                    serial="string",
                                    status="string",
                                    subject="string",
                                    thumbprint="string",
                                    valid_from="string",
                                    valid_to="string"
                                    )
print(response)

Service class example (Operation ID syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

child_ids = 'CID1,CID2,CID3'  # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3'  # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']

response = falcon.cb_exclusions_create_v1(applied_globally=boolean,
                                          children_cids=child_ids,
                                          comment="string",
                                          created_by="string",
                                          created_on="string",
                                          description="string",
                                          host_groups=host_group_ids,
                                          issuer="string",
                                          modified_by="string",
                                          modified_on="string",
                                          name="string",
                                          serial="string",
                                          status="string",
                                          subject="string",
                                          thumbprint="string",
                                          valid_from="string",
                                          valid_to="string"
                                          )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

child_ids = 'CID1,CID2,CID3'  # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3'  # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']

body_payload = {
  "exclusions": [
    {
      "applied_globally": boolean,
      "certificate": {
        "issuer": "string",
        "serial": "string",
        "subject": "string",
        "thumbprint": "string",
        "valid_from": "UTC string",
        "valid_to": "UTC string"
      },
      "children_cids": [
        "string"
      ],
      "comment": "string",
      "created_by": "string",
      "created_on": "UTC string",
      "description": "string",
      "host_groups": [
        "string"
      ],
      "modified_by": "string",
      "modified_on": "UTC string",
      "name": "string",
      "status": "string"
    }
  ]
}

response = falcon.command("cb_exclusions_create_v1", body=body_payload)
print(response)

Back to Table of Contents

cb_exclusions_delete_v1

Delete the exclusions by ID.

PEP8 method name

delete_exclusions

Endpoint

Method	Route
	`/exclusions/entities/cert-based-exclusions/v1`

Required Scope

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
ids	query	string or list of strings	The IDs of the exclusions to delete.
comment	query	string	The comment why these exclusions were deleted.
parameters	query	dictionary	Full query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_exclusions(comment="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.cb_exclusions_delete_v1(comment="string", ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "comment": "string"
}

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("cb_exclusions_delete_v1", parameters=PARAMS, ids=id_list)
print(response)

Back to Table of Contents

cb_exclusions_update_v1

Updates existing Certificate Based Exclusions.

PEP8 method name

update_exclusions

Endpoint

Method	Route
	`/exclusions/entities/cert-based-exclusions/v1`

Required Scope

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
applied_globally	body	boolean	Boolean flag indicating if this exclusion is applied globally.
body	body	dictionary	Full body payload in JSON format.
certificate	body	dictionary	Dictionary describing the certificate.
children_cids	body	string or list of strings	List of child CIDs to apply this exclusion to.
comment	body	string	Exclusion comment.
created_by	body	string	Exclusion created by.
created_on	body	string	Exclusion creation date. UTC date formatted string.
description	body	string	Exclusion description.
host_groups	body	string or list of strings	List of host groups to apply this exclusion to.
issuer	body	string	Certificate issuer. Overwritten if `certificate` keyword is provided.
modified_by	body	string	Exclusion modified by.
modified_on	body	string	Exclusion last modification date. UTC date formatted string.
name	body	string	Exclusion name.
serial	body	string	Certificate serial. Overwritten if `certificate` keyword is provided.
status	body	string	Exclusion status.
subject	body	string	Certificate subject. Overwritten if `certificate` keyword is provided.
thumbprint	body	string	Certificate thumbprint. Overwritten if `certificate` keyword is provided.
valid_from	body	string	Certificate valid from date. UTC date formatted string. Overwritten if `certificate` keyword is provided.
valid_to	body	string	Certificate valid to date. UTC date formatted string. Overwritten if `certificate` keyword is provided.

Usage

Service class example (PEP8 syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

child_ids = 'CID1,CID2,CID3'  # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3'  # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']

response = falcon.update_exclusions(applied_globally=boolean,
                                    children_cids=child_ids,
                                    comment="string",
                                    created_by="string",
                                    created_on="string",
                                    description="string",
                                    host_groups=host_group_ids,
                                    issuer="string",
                                    modified_by="string",
                                    modified_on="string",
                                    name="string",
                                    serial="string",
                                    status="string",
                                    subject="string",
                                    thumbprint="string",
                                    valid_from="string",
                                    valid_to="string"
                                    )
print(response)

Service class example (Operation ID syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

child_ids = 'CID1,CID2,CID3'  # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3'  # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']

response = falcon.cb_exclusions_update_v1(applied_globally=boolean,
                                          children_cids=child_ids,
                                          comment="string",
                                          created_by="string",
                                          created_on="string",
                                          description="string",
                                          host_groups=host_group_ids,
                                          issuer="string",
                                          modified_by="string",
                                          modified_on="string",
                                          name="string",
                                          serial="string",
                                          status="string",
                                          subject="string",
                                          thumbprint="string",
                                          valid_from="string",
                                          valid_to="string"
                                          )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

child_ids = 'CID1,CID2,CID3'  # Can also pass a list here: ['CID1', 'CID2', 'CID3']
host_group_ids = 'HGID1,HGID2,HGID3'  # Can also pass a list here: ['HGID1', 'HGID2', 'HGID3']

body_payload = {
    "resources": [
        {
            "applied_globally": boolean,
            "certificate": {
                "issuer": "string",
                "serial": "string",
                "subject": "string",
                "thumbprint": "string",
                "valid_from": "UTC string",
                "valid_to": "UTC string"
            },
            "children_cids": child_ids,
            "comment": "string",
            "created_by": "string",
            "created_on": "UTC string",
            "description": "string",
            "host_groups": host_group_ids,
            "modified_by": "string",
            "modified_on": "UTC string",
            "name": "string",
            "status": "string"
        }
    ]
}

response = falcon.command("cb_exclusions_update_v1", body=body_payload)
print(response)

Back to Table of Contents

certificates_get_v1

Retrieves certificate signing information for a file

PEP8 method name

get_certificates

Endpoint

Method	Route
	`/exclusions/entities/certificates/v1`

Required Scope

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string	The SHA256 hash of the file to retrieve certificate signing info for.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_certificates(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.certificates_get_v1(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("certificates_get_v1", ids=id_list)
print(response)

Back to Table of Contents

cb_exclusions_query_v1

Search for cert-based exclusions.

PEP8 method name

query_certificates

Endpoint

Method	Route
	`/exclusions/queries/cert-based-exclusions/v1`

Required Scope

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results.
limit	query	integer	The maximum records to return. [1-100]
offset	query	integer	The offset to start retrieving records from
parameters	query	dictionary	Full query string parameters payload in JSON format. Not required when using other keywords.
sort	query	string	The sort expression that should be used to sort the results.

Usage

Service class example (PEP8 syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.query_certificates(filter="string",
                                     offset=integer,
                                     limit=integer,
                                     sort="string"
                                     )
print(response)

Service class example (Operation ID syntax)

from falconpy import CertificateBasedExclusions

falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.cb_exclusions_query_v1(filter="string",
                                         offset=integer,
                                         limit=integer,
                                         sort="string"
                                         )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("cb_exclusions_query_v1",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

Back to Table of Contents

The CrowdStrike Falcon Wiki for Python