Operation ID | Description |
| Returns the count of Drift Indicators by the date. by default it's for 7 days. |
| Returns the total count of Drift indicators over a time period |
| Retrieve Drift Indicators by the provided search criteria |
| Retrieve Drift Indicator entities identified by the provided IDs |
| Retrieve all drift indicators that match the given query |
WARNING
client_id
and client_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Returns the count of Drift Indicators by the date. by default it's for 7 days.
get_drift_indicators_by_date
Method | Route |
| /container-security/aggregates/drift-indicators/count-by-date/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter drift indicators using a query in Falcon Query Language (FQL). Supported filters: cid,cloud_name,command_line,container_id,file_name,file_sha256,host_id,indicator_process_id,namespace,occurred_at,parent_process_id,pod_name,prevented,scheduler_name,severity,worker_node_name |
limit |
|
| query | integer | The upper-bound on the number of records to retrieve. |
parameters |
|
| query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_drift_indicators_by_date(filter="string", limit=integer)
print(response)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDriftIndicatorsValuesByDate(filter="string", limit=integer)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDriftIndicatorsValuesByDate",
filter="string",
limit="string
)
print(response)
Returns the total count of Drift indicators over a time period
read_drift_indicator_counts
Method | Route |
| /container-security/aggregates/drift-indicators/count/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,cloud_name,command_line,container_id,file_name,file_sha256,host_id,indicator_process_id,namespace,occurred_at,parent_process_id,pod_name,prevented,scheduler_name,severity,worker_node_name |
parameters |
|
| query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_drift_indicator_counts(filter="string")
print(response)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDriftIndicatorsCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDriftIndicatorsCount", filter="string")
print(response)
Retrieve Drift Indicators by the provided search criteria
search_and_read_drift_indicators
Method | Route |
| /container-security/combined/drift-indicators/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter Drift Indicators using a query in Falcon Query Language (FQL). Supported filters: cid, cloud_name, command_line, container_id, file_name, file_sha256, host_id, indicator_process_id, namespace, occurred_at, parent_process_id, pod_name, prevented, scheduler_name, severity, worker_node_name |
limit |
|
| query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
| query | integer | The offset from where to begin. |
parameters |
|
| query | dictionary | Full query string parameters payload in JSON format. |
sort |
|
| query | string | The fields to sort the records on. |
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_and_read_drift_indicators(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchAndReadDriftIndicatorEntities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("SearchAndReadDriftIndicatorEntities",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve Drift Indicator entities identified by the provided IDs
read_drift_indicators_entities
Method | Route |
| /container-security/entities/drift-indicators/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
ids |
|
| query | array (string) | Search Drift Indicators by ids - The maximum amount is 100 IDs |
parameters |
|
| query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.read_drift_indicators(ids=id_list)
print(response)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ReadDriftIndicatorEntities(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ReadDriftIndicatorEntities", ids=id_list)
print(response)
Retrieve all drift indicators that match the given query
search_drift_indicators
Method | Route |
| /container-security/queries/drift-indicators/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter Drift Indicators using a query in Falcon Query Language (FQL). Supported filters: cid, cloud_name, command_line, container_id, file_name, file_sha256, host_id, indicator_process_id, namespace, occurred_at, parent_process_id, pod_name, prevented, scheduler_name, severity, worker_node_name |
limit |
|
| query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
| query | integer | The offset from where to begin. |
parameters |
|
| query | dictionary | Full query string parameters payload in JSON format. |
sort |
|
| query | string | The fields to sort the records on. |
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_drift_indicators(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchDriftIndicators(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("SearchDriftIndicators",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)