CrowdStrike Falcon CrowdStrike Subreddit

Using the Sensor Update Policy service collection

Uber class support Service class support Documentation Version Page Updated Samples Available

This service collection has code examples posted to the repository.

Table of Contents

Operation IDDescription
revealUninstallToken
PEP 8reveal_uninstall_token
Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id'
queryCombinedSensorUpdateBuilds
PEP 8query_combined_builds
Retrieve available builds for use with Sensor Update Policies
queryCombinedSensorUpdateKernels
PEP 8query_combined_kernels
Retrieve kernel compatibility info for Sensor Update Builds
queryCombinedSensorUpdatePolicyMembers
PEP 8query_combined_policy_members
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
queryCombinedSensorUpdatePolicies
PEP 8query_combined_policies
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
queryCombinedSensorUpdatePoliciesV2
PEP 8query_combined_policies_v2
Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
performSensorUpdatePoliciesAction
PEP 8perform_policies_action
Perform the specified action on the Sensor Update Policies specified in the request
setSensorUpdatePoliciesPrecedence
PEP 8set_policies_precedence
Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
getSensorUpdatePolicies
PEP 8get_policies
Retrieve a set of Sensor Update Policies by specifying their IDs
createSensorUpdatePolicies
PEP 8create_policies
Create Sensor Update Policies by specifying details about the policy to create
deleteSensorUpdatePolicies
PEP 8delete_policies
Delete a set of Sensor Update Policies by specifying their IDs
updateSensorUpdatePolicies
PEP 8update_policies
Update Sensor Update Policies by specifying the ID of the policy and details to update
getSensorUpdatePoliciesV2
PEP 8get_policies_v2
Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs
createSensorUpdatePoliciesV2
PEP 8create_policies_v2
Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection
updateSensorUpdatePoliciesV2
PEP 8update_policies_v2
Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection
querySensorUpdateKernelsDistinct
PEP 8query_kernels
Retrieve kernel compatibility info for Sensor Update Builds
querySensorUpdatePolicyMembers
PEP 8query_policy_members
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
querySensorUpdatePolicies
PEP 8query_policies
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

revealUninstallToken

Reveals an uninstall token for a specific device or the bulk maintenace token.

To retrieve the bulk maintenance token pass the value MAINTENANCE as the value for device_id.

PEP8 method name

reveal_uninstall_token

Endpoint

MethodRoute
POST/policy/combined/reveal-uninstall-token/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
audit_message
Service Class Support

Uber Class Support
bodystringMessage to list in the audit log for this action.
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
device_id
Service Class Support

Uber Class Support
bodystringDevice ID to retrieve the uninstall token for.

Pass the value MAINTENANCE here to retrieve the bulk maintenance token.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.reveal_uninstall_token(audit_message="string",
                                         device_id="string"
                                         )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.revealUninstallToken(audit_message="string",
                                       device_id="string"
                                       )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "audit_message": "string",
    "device_id": "string"
}

response = falcon.command("revealUninstallToken", body=BODY)
print(response)

queryCombinedSensorUpdateBuilds

Retrieve available builds for use with Sensor Update Policies

PEP8 method name

query_combined_builds

Endpoint

MethodRoute
GET/policy/combined/sensor-update-builds/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
platform
Service Class Support

Uber Class Support
querystringThe platform to return builds for.

Allowed values:
  • linux
  • mac
  • windows
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
stage
Service Class Support

Uber Class Support
querystring or list of stringsThe stages to return builds for.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

stages = 'STAGE1,STAGE2,STAGE3'  # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']

response = falcon.query_combined_builds(platform="string", stage=stages)

print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

stages = 'STAGE1,STAGE2,STAGE3'  # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']

response = falcon.queryCombinedSensorUpdateBuilds(platform="string", stage=stages)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

stages = 'STAGE1,STAGE2,STAGE3'  # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']

response = falcon.command("queryCombinedSensorUpdateBuilds", platform="string", stage=stages)

print(response)

queryCombinedSensorUpdateKernels

Retrieve kernel compatibility info for Sensor Update Builds

PEP8 method name

query_combined_kernels

Endpoint

MethodRoute
GET/policy/combined/sensor-update-kernels/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

No Uber Class Support
querystringThe filter expression that should be used to limit the results using FQL syntax.
limit
Service Class Support

No Uber Class Support
queryintegerThe maximum number of records to return. [1-500]
offset
Service Class Support

No Uber Class Support
queryintegerThe offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_combined_kernels(filter="string",
                                         offset=integer,
                                         limit=integer,
                                         )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.queryCombinedSensorUpdateKernels(filter="string",
                                                   offset=integer,
                                                   limit=integer,
                                                   )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedSensorUpdateKernels",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          )
print(response)

queryCombinedSensorUpdatePolicyMembers

Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria

PEP8 method name

query_combined_policy_members

Endpoint

MethodRoute
GET/policy/combined/sensor-update-members/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
id
Service Class Support

No Uber Class Support
querystringThe ID of the Sensor Update Policy to search for members of.
filter
Service Class Support

No Uber Class Support
querystringThe filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail.
limit
Service Class Support

No Uber Class Support
queryintegerThe maximum number of records to return. [1-5000]
offset
Service Class Support

No Uber Class Support
queryintegerThe offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
sort
Service Class Support

No Uber Class Support
querystringThe property to sort by in FQL syntax. Supports asc or desc.

Available sort options:
  • created_by
  • created_timestamp
  • enabled
  • modified_by
  • modified_timestamp
  • name
  • platform_name
  • precedence
Available filters

The following fields can be used to filter results retrieved from the API.

NameDescription
created_byThe username, email, or API client ID of the person who created the policy, as identified in the policy object.

When specifying an email address, use a letter p as an operator so that the @ sign is accepted.

You can also search by using the email username or the domain as the value.

For example, to filter on policies created by the email address [email protected]:
filter=created_by:p'[email protected]' (correct)
filter=created_by:'diana.hudson' (correct)
filter=created_by:'email.com' (correct)

filter=created_by:'diana' (incorrect)

Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b:
filter=created_by:'7a12....721b' (correct)

filter=created_by:'api-client-id:7a12....721b' (incorrect)
filter=created_by:'api-client-id' (incorrect)
created_timestampThe full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ)

The timezone is always UTC as denoted by the suffix "Z".

filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
descriptionSearch for a term found in the policy description. The value must be entered in lowercase.

filter=description:'policy'
enabledFind policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.

filter=enabled:'true'
groupsEnter a host group ID to find the policy it's been assigned to.

filter=groups:'1ef3....b0fe'
modified_byThe username, email, or API client ID of the person who modified the policy, as identified in the policy object.

Values for this field follow the same rules as the created_by filter.
modified_timestampThe full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ)

The timezone is always UTC as denoted by the suffix "Z".

Values for this field follow the same rules as the created_timestamp filter.
namePerforms a free text search on single words found in a policy name.

Values must be entered as lowercase and enclosed in single quotes.

You can provide multiple name values separated by an &.

filter=name:'test'
name.rawFilters on exact matches to the full policy name.

Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters.

filter=name.raw:'Test sensor update Policy'
platform_nameThe name of the operating system listed in the policy.

One of:
  • Windows
  • Mac
  • Linux
filter=platform_name:'Windows'

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_combined_policy_members(id="string",
                                                filter="string",
                                                offset=integer,
                                                limit=integer,
                                                sort="string"
                                                )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.queryCombinedSensorUpdatePolicyMembers(id="string",
                                                         filter="string",
                                                         offset=integer,
                                                         limit=integer,
                                                         sort="string"
                                                         )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedSensorUpdatePolicyMembers",
                          id="string",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

queryCombinedSensorUpdatePolicies

Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria

PEP8 method name

query_combined_policies

Endpoint

MethodRoute
GET/policy/combined/sensor-update/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

No Uber Class Support
querystringThe filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail.
limit
Service Class Support

No Uber Class Support
queryintegerThe maximum number of records to return. [1-5000]
offset
Service Class Support

No Uber Class Support
queryintegerThe offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
sort
Service Class Support

No Uber Class Support
querystringThe property to sort by in FQL syntax. Supports asc or desc.

Available sort options:
  • created_by
  • created_timestamp
  • enabled
  • modified_by
  • modified_timestamp
  • name
  • platform_name
  • precedence
Available filters

The following fields can be used to filter results retrieved from the API.

NameDescription
created_byThe username, email, or API client ID of the person who created the policy, as identified in the policy object.

When specifying an email address, use a letter p as an operator so that the @ sign is accepted.

You can also search by using the email username or the domain as the value.

For example, to filter on policies created by the email address [email protected]:
filter=created_by:p'[email protected]' (correct)
filter=created_by:'diana.hudson' (correct)
filter=created_by:'email.com' (correct)

filter=created_by:'diana' (incorrect)

Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b:
filter=created_by:'7a12....721b' (correct)

filter=created_by:'api-client-id:7a12....721b' (incorrect)
filter=created_by:'api-client-id' (incorrect)
created_timestampThe full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ)

The timezone is always UTC as denoted by the suffix "Z".

filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
descriptionSearch for a term found in the policy description. The value must be entered in lowercase.

filter=description:'policy'
enabledFind policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.

filter=enabled:'true'
groupsEnter a host group ID to find the policy it's been assigned to.

filter=groups:'1ef3....b0fe'
modified_byThe username, email, or API client ID of the person who modified the policy, as identified in the policy object.

Values for this field follow the same rules as the created_by filter.
modified_timestampThe full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ)

The timezone is always UTC as denoted by the suffix "Z".

Values for this field follow the same rules as the created_timestamp filter.
namePerforms a free text search on single words found in a policy name.

Values must be entered as lowercase and enclosed in single quotes.

You can provide multiple name values separated by an &.

filter=name:'test'
name.rawFilters on exact matches to the full policy name.

Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters.

filter=name.raw:'Test sensor update Policy'
platform_nameThe name of the operating system listed in the policy.

One of:
  • Windows
  • Mac
  • Linux
filter=platform_name:'Windows'

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_combined_policies(filter="string",
                                          offset=integer,
                                          limit=integer,
                                          sort="string"
                                          )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.queryCombinedSensorUpdatePolicies(filter="string",
                                                    offset=integer,
                                                    limit=integer,
                                                    sort="string"
                                                    )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedSensorUpdatePolicies",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

queryCombinedSensorUpdatePoliciesV2

Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria

PEP8 method name

query_combined_policies_v2

Endpoint

MethodRoute
GET/policy/combined/sensor-update/v2

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

No Uber Class Support
querystringThe filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail.
limit
Service Class Support

No Uber Class Support
queryintegerThe maximum number of records to return. [1-5000]
offset
Service Class Support

No Uber Class Support
queryintegerThe offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
sort
Service Class Support

No Uber Class Support
querystringThe property to sort by in FQL syntax. Supports asc or desc.

Available sort options:
  • created_by
  • created_timestamp
  • enabled
  • modified_by
  • modified_timestamp
  • name
  • platform_name
  • precedence
Available filters

The following fields can be used to filter results retrieved from the API.

NameDescription
created_byThe username, email, or API client ID of the person who created the policy, as identified in the policy object.

When specifying an email address, use a letter p as an operator so that the @ sign is accepted.

You can also search by using the email username or the domain as the value.

For example, to filter on policies created by the email address [email protected]:
filter=created_by:p'[email protected]' (correct)
filter=created_by:'diana.hudson' (correct)
filter=created_by:'email.com' (correct)

filter=created_by:'diana' (incorrect)

Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b:
filter=created_by:'7a12....721b' (correct)

filter=created_by:'api-client-id:7a12....721b' (incorrect)
filter=created_by:'api-client-id' (incorrect)
created_timestampThe full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ)

The timezone is always UTC as denoted by the suffix "Z".

filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
descriptionSearch for a term found in the policy description. The value must be entered in lowercase.

filter=description:'policy'
enabledFind policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.

filter=enabled:'true'
groupsEnter a host group ID to find the policy it's been assigned to.

filter=groups:'1ef3....b0fe'
modified_byThe username, email, or API client ID of the person who modified the policy, as identified in the policy object.

Values for this field follow the same rules as the created_by filter.
modified_timestampThe full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ)

The timezone is always UTC as denoted by the suffix "Z".

Values for this field follow the same rules as the created_timestamp filter.
namePerforms a free text search on single words found in a policy name.

Values must be entered as lowercase and enclosed in single quotes.

You can provide multiple name values separated by an &.

filter=name:'test'
name.rawFilters on exact matches to the full policy name.

Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters.

filter=name.raw:'Test sensor update Policy'
platform_nameThe name of the operating system listed in the policy.

One of:
  • Windows
  • Mac
  • Linux
filter=platform_name:'Windows'

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_combined_policies_v2(filter="string",
                                             offset=integer,
                                             limit=integer,
                                             sort="string"
                                             )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.queryCombinedSensorUpdatePoliciesV2(filter="string",
                                                      offset=integer,
                                                      limit=integer,
                                                      sort="string"
                                                      )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedSensorUpdatePoliciesV2",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

performSensorUpdatePoliciesAction

Perform the specified action on the Sensor Update Policies specified in the request

PEP8 method name

perform_policies_action

Endpoint

MethodRoute
POST/policy/entities/sensor-update-actions/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
action_name
Service Class Support

Uber Class Support
querystringSpecify one of these actions:
  • add-host-group
  • add-rule-group
  • disable
  • enable
  • remove-host-group
  • remove-rule-group
action_parameters
Service Class Support

No Uber Class Support
bodylist of dictionariesAction specific parameter options.

{
    "name": "string",
    "value": "string"
}
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
group_id
Service Class Support

Uber Class Support
body
action_parameters
stringHost Group ID to apply the policy to. String. Overridden if action_parameters is specified.
ids
Service Class Support

No Uber Class Support
bodystring or list of stringsThe ID of the Sensor Update Policy you want to impact. If you provide IDs to the method using this keyword, you do not have to provide a body payload. (Service class usage only)
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.perform_policies_action(action_name="string",
                                          group_id="HOST_GROUP_ID",
                                          ids="ID_TO_UPDATE"
                                          )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

# Can also be provided as the keyword `group_id`
act_params = [{
    "name": "group_id",
    "value": "HOST_GROUP_ID"
}]

response = falcon.performSensorUpdatePoliciesAction(action_name="string",
                                                    action_parameters=act_params,
                                                    ids="ID_TO_UPDATE"
                                                    )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

# Only one ID may be updated at a time
BODY = {
    "action_parameters": [
        {
            "name": "group_id",
            "value": "HOST_GROUP_ID"
        }
    ],
    "ids": ["ID_TO_UPDATE"]
}

response = falcon.command("performSensorUpdatePoliciesAction", action_name="string", body=BODY)
print(response)

# Can also use the following syntax
response = falcon.command("performSensorUpdatePoliciesAction",
                          action_name="string",
                          parameters=PARAMS,
                          body=BODY
                          )
print(response)

setSensorUpdatePoliciesPrecedence

Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence

PEP8 method name

set_policies_precedence

Endpoint

MethodRoute
POST/policy/entities/sensor-update-precedence/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
ids
Service Class Support

No Uber Class Support
bodystring or list of stringsThe ID of the Sensor Update Policy you want to impact. If you provide IDs to the method using this keyword, you do not have to provide a body payload. (Service class usage only)
platform_name
Service Class Support

Uber Class Support
bodystringOperating System platform name.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.set_policies_precedence(ids=id_list, platform_name="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.setSensorUpdatePoliciesPrecedence(ids=id_list, platform_name="string")
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = ['ID1', 'ID2', 'ID3']

BODY = {
    "ids": id_list,
    "platform_name": "Windows"
}

response = falcon.command("setSensorUpdatePoliciesPrecedence", body=BODY)
print(response)

getSensorUpdatePolicies

Retrieve a set of Sensor Update Policies by specifying their IDs

PEP8 method name

get_policies

Endpoint

MethodRoute
GET/policy/entities/sensor-update/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsThe IDs of the Sensor Update Policy to retrieve.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policies(ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getSensorUpdatePolicies(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getSensorUpdatePolicies", ids=id_list)
print(response)

createSensorUpdatePolicies

Create Sensor Update Policies by specifying details about the policy to create

PEP8 method name

create_policies

Endpoint

MethodRoute
POST/policy/entities/sensor-update/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
build
Service Class Support

Uber Class Support
bodystringBuild this Sensor update policy applies to.
description
Service Class Support

Uber Class Support
bodystringSensor update policy description.
name
Service Class Support

Uber Class Support
bodystringName of the Sensor Update policy.
platform_name
Service Class Support

Uber Class Support
bodystringName of the OS platform the Sensor Update policy applies to.
settings
Service Class Support

Uber Class Support
bodydictionarySensor Update policy specific settings.

Overrides the value of build if present.

{
    "build": "string"
}

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.create_policies(build="string",
                                  description="string",
                                  name="string",
                                  platform_name="string"
                                  )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.createSensorUpdatePolicies(build="string",
                                             description="string",
                                             name="string",
                                             platform_name="string"
                                             )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "description": "string",
            "name": "string",
            "platform_name": "string",
            "settings": {
                    "build": "string"
            }
        }
    ]
}

response = falcon.command("createSensorUpdatePolicies", body=BODY)
print(response)

deleteSensorUpdatePolicies

Delete a set of Sensor Update Policies by specifying their IDs

PEP8 method name

delete_policies

Endpoint

MethodRoute
DELETE/policy/entities/sensor-update/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsThe IDs of the Sensor Update policies to delete.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_policies(ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteSensorUpdatePolicies(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteSensorUpdatePolicies", ids=id_list)
print(response)

updateSensorUpdatePolicies

Update Sensor Update Policies by specifying the ID of the policy and details to update

PEP8 method name

update_policies

Endpoint

MethodRoute
PATCH/policy/entities/sensor-update/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
build
Service Class Support

Uber Class Support
bodystringBuild this Sensor update policy applies to.
description
Service Class Support

Uber Class Support
bodystringSensor update policy description.
id
Service Class Support

Uber Class Support
bodystringID the Sensor Update policy to update.
name
Service Class Support

Uber Class Support
bodystringName of the Sensor Update policy.
settings
Service Class Support

Uber Class Support
bodydictionarySensor Update policy specific settings.

Overrides the value of build if present.

{
    "build": "string"
}

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.update_policies(build="string",
                                  description="string",
                                  name="string",
                                  id="string"
                                  )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

BODY = {
    "Body Payload": "See body description above"
}

response = falcon.updateSensorUpdatePolicies(build="string",
                                             description="string",
                                             name="string",
                                             id="string"
                                             )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "description": "string",
            "id": "string",
            "name": "string",
            "settings": {
                    "build": "string"
            }
        }
    ]
}

response = falcon.command("updateSensorUpdatePolicies", body=BODY)
print(response)

getSensorUpdatePoliciesV2

Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs

PEP8 method name

get_policies_v2

Endpoint

MethodRoute
GET/policy/entities/sensor-update/v2

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsThe IDs of the Sensor Update policies to retrieve.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policies_v2(ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getSensorUpdatePoliciesV2(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getSensorUpdatePoliciesV2", ids=id_list)
print(response)

createSensorUpdatePoliciesV2

Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection

PEP8 method name

create_policies_v2

Endpoint

MethodRoute
POST/policy/entities/sensor-update/v2

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
build
Service Class Support

Uber Class Support
bodystringBuild this Sensor update policy applies to. Ignored if settings is provided.
description
Service Class Support

Uber Class Support
bodystringSensor update policy description.
name
Service Class Support

Uber Class Support
bodystringName of the Sensor Update policy.
platform_name
Service Class Support

Uber Class Support
bodystringName of the OS platform the Sensor Update policy applies to.
scheduler
Service Class Support

Uber Class Support
bodydictionaryDictionary containing details for the schedule. Ignored if settings is provided.
settings
Service Class Support

Uber Class Support
bodydictionarySensor Update policy specific settings.

Overrides the value of build, scheduler, show_early_adopter_builds, uninstall_protection, and variants if present.
show_early_adopter_builds
Service Class Support

Uber Class Support
bodybooleanFlag indicating if early adopter builds should be shown as part of this policy. Ignored if settings is provided.
uninstall_protection
Service Class Support

Uber Class Support
bodystringBoolean indicating if uninstall protection should be enabled. Ignored if settings is provided.

Allowed values:
  • ENABLED
  • DISABLED
variants
Service Class Support

Uber Class Support
bodylist of dictionariesList of dictionaries containing details for variants to include in the policy. Ignored if settings is provided.

[{
    "build": "string",
    "platform": "string"
}]

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

schedule = {
    "enabled": boolean,
    "schedules": [
        {
            "days": [
                integer
            ],
            "end": "string",
            "start": "string"
        }
    ],
    "timezone": "string"
}

settings = {
    "build": "string",
    "scheduler": {
        "enabled": boolean,
        "schedules": [
            {
                "days": [
                    integer
                ],
                "end": "string",
                "start": "string"
            }
        ],
        "timezone": "string"
    },
    "show_early_adopter_builds": boolean,
    "uninstall_protection": "ENABLED",
    "variants": [
        {
            "build": "string",
            "platform": "string"
        }
    ]
}

variants = [
    {
        "build": "string",
        "platform": "string"
    }
]

response = falcon.create_policies_v2(build="string",
                                     description="string",
                                     name="string",
                                     platform_name="string",
                                     scheduler=schedule
                                     settings=settings,
                                     show_early_adopter_builds=boolean,
                                     uninstall_protection="ENABLED",
                                     variants=variants
                                     )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

schedule = {
    "enabled": boolean,
    "schedules": [
        {
            "days": [
                integer
            ],
            "end": "string",
            "start": "string"
        }
    ],
    "timezone": "string"
}

settings = {
    "build": "string",
    "scheduler": {
        "enabled": boolean,
        "schedules": [
            {
                "days": [
                    integer
                ],
                "end": "string",
                "start": "string"
            }
        ],
        "timezone": "string"
    },
    "show_early_adopter_builds": boolean,
    "uninstall_protection": "ENABLED",
    "variants": [
        {
            "build": "string",
            "platform": "string"
        }
    ]
}

variants = [
    {
        "build": "string",
        "platform": "string"
    }
]

response = falcon.createSensorUpdatePoliciesV2(build="string",
                                               description="string",
                                               name="string",
                                               platform_name="string",
                                               scheduler=schedule,
                                               settings=settings,
                                               show_early_adopter_builds=boolean,
                                               uninstall_protection="ENABLED",
                                               variants=variants
                                               )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
  "resources": [
    {
      "description": "string",
      "name": "string",
      "platform_name": "string",
      "settings": {
        "build": "string",
        "scheduler": {
          "enabled": boolean,
          "schedules": [
            {
              "days": [
                integer
              ],
              "end": "string",
              "start": "string"
            }
          ],
          "timezone": "string"
        },
        "show_early_adopter_builds": boolean,
        "uninstall_protection": "ENABLED",
        "variants": [
          {
            "build": "string",
            "platform": "string"
          }
        ]
      }
    }
  ]
}

response = falcon.command("createSensorUpdatePoliciesV2", body=BODY)
print(response)

updateSensorUpdatePoliciesV2

Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection

PEP8 method name

update_policies_v2

Endpoint

MethodRoute
PATCH/policy/entities/sensor-update/v2

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
build
Service Class Support

Uber Class Support
bodystringBuild this Sensor update policy applies to. Ignored if settings is provided.
description
Service Class Support

Uber Class Support
bodystringSensor update policy description.
id
Service Class Support

Uber Class Support
bodystringID of the Sensor Update policy to update.
name
Service Class Support

Uber Class Support
bodystringName of the Sensor Update policy.
scheduler
Service Class Support

Uber Class Support
bodydictionaryDictionary containing details for the schedule. Ignored if settings is provided.
settings
Service Class Support

Uber Class Support
bodydictionarySensor Update policy specific settings.

Overrides the value of build, scheduler, show_early_adopter_builds, uninstall_protection, and variants if present.
show_early_adopter_builds
Service Class Support

Uber Class Support
bodybooleanFlag indicating if early adopter builds should be shown as part of this policy. Ignored if settings is provided.
uninstall_protection
Service Class Support

Uber Class Support
bodystringBoolean indicating if uninstall protection should be enabled. Ignored if settings is provided.

Allowed values:
  • ENABLED
  • DISABLED
variants
Service Class Support

Uber Class Support
bodylist of dictionariesList of dictionaries containing details for variants to include in the policy. Ignored if settings is provided.

[{
    "build": "string",
    "platform": "string"
}]

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

schedule = {
    "enabled": boolean,
    "schedules": [
        {
            "days": [
                integer
            ],
            "end": "string",
            "start": "string"
        }
    ],
    "timezone": "string"
}

settings = {
    "build": "string",
    "scheduler": {
        "enabled": boolean,
        "schedules": [
            {
                "days": [
                    integer
                ],
                "end": "string",
                "start": "string"
            }
        ],
        "timezone": "string"
    },
    "show_early_adopter_builds": boolean,
    "uninstall_protection": "ENABLED",
    "variants": [
        {
            "build": "string",
            "platform": "string"
        }
    ]
}

variants = [
    {
        "build": "string",
        "platform": "string"
    }
]

response = falcon.update_policies_v2(build="string",
                                     description="string",
                                     name="string",
                                     platform_name="string",
                                     scheduler=schedule,
                                     settings=settings,
                                     show_early_adopter_builds=boolean,
                                     uninstall_protection="ENABLED",
                                     variants=variants
                                     )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

schedule = {
    "enabled": boolean,
    "schedules": [
        {
            "days": [
                integer
            ],
            "end": "string",
            "start": "string"
        }
    ],
    "timezone": "string"
}

settings = {
    "build": "string",
    "scheduler": {
        "enabled": boolean,
        "schedules": [
            {
                "days": [
                    integer
                ],
                "end": "string",
                "start": "string"
            }
        ],
        "timezone": "string"
    },
    "show_early_adopter_builds": boolean,
    "uninstall_protection": "ENABLED",
    "variants": [
        {
            "build": "string",
            "platform": "string"
        }
    ]
}

variants = [
    {
        "build": "string",
        "platform": "string"
    }
]

response = falcon.updateSensorUpdatePoliciesV2(build="string",
                                               description="string",
                                               name="string",
                                               platform_name="string",
                                               scheduler=schedule,
                                               settings=settings,
                                               show_early_adopter_builds=boolean,
                                               uninstall_protection="ENABLED",
                                               variants=variants
                                               )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
  "resources": [
    {
      "description": "string",
      "name": "string",
      "platform_name": "string",
      "settings": {
        "build": "string",
        "scheduler": {
          "enabled": boolean,
          "schedules": [
            {
              "days": [
                integer
              ],
              "end": "string",
              "start": "string"
            }
          ],
          "timezone": "string"
        },
        "show_early_adopter_builds": boolean,
        "uninstall_protection": "ENABLED",
        "variants": [
          {
            "build": "string",
            "platform": "string"
          }
        ]
      }
    }
  ]
}

response = falcon.command("updateSensorUpdatePoliciesV2", body=BODY)
print(response)

querySensorUpdateKernelsDistinct

Retrieve kernel compatibility info for Sensor Update Builds

PEP8 method name

query_kernels

Endpoint

MethodRoute
GET/policy/queries/sensor-update-kernels/{}/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
distinct_field
Service Class Support

Uber Class Support
pathstringThe field name to get distinct values for.

Default: id.
filter
Service Class Support

Uber Class Support
querystringThe filter expression that should be used to limit the results using FQL syntax.
limit
Service Class Support

Uber Class Support
queryintegerThe maximum number of records to return. [1-500]
offset
Service Class Support

Uber Class Support
queryintegerThe offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_kernels(distinct_field="string",
                                filter="string",
                                offset=integer,
                                limit=integer,
                                )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.querySensorUpdateKernelsDistinct(distinct_field="string",
                                                   filter="string",
                                                   offset=integer,
                                                   limit=integer,
                                                   )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("querySensorUpdateKernelsDistinct",
                          distinct_field="string",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          )
print(response)

querySensorUpdatePolicyMembers

Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria

PEP8 method name

query_policy_members

Endpoint

MethodRoute
GET/policy/queries/sensor-update-members/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
id
Service Class Support

No Uber Class Support
querystringThe ID of the Sensor Update Policy to search for members of.
filter
Service Class Support

No Uber Class Support
querystringThe filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail.
limit
Service Class Support

No Uber Class Support
queryintegerThe maximum number of records to return. [1-5000]
offset
Service Class Support

No Uber Class Support
queryintegerThe offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
sort
Service Class Support

No Uber Class Support
querystringThe property to sort by in FQL syntax. Supports asc or desc.

Available sort options:
  • created_by
  • created_timestamp
  • enabled
  • modified_by
  • modified_timestamp
  • name
  • platform_name
  • precedence
Available filters

The following fields can be used to filter results retrieved from the API.

NameDescription
created_byThe username, email, or API client ID of the person who created the policy, as identified in the policy object.

When specifying an email address, use a letter p as an operator so that the @ sign is accepted.

You can also search by using the email username or the domain as the value.

For example, to filter on policies created by the email address [email protected]:
filter=created_by:p'[email protected]' (correct)
filter=created_by:'diana.hudson' (correct)
filter=created_by:'email.com' (correct)

filter=created_by:'diana' (incorrect)

Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b:
filter=created_by:'7a12....721b' (correct)

filter=created_by:'api-client-id:7a12....721b' (incorrect)
filter=created_by:'api-client-id' (incorrect)
created_timestampThe full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ)

The timezone is always UTC as denoted by the suffix "Z".

filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
descriptionSearch for a term found in the policy description. The value must be entered in lowercase.

filter=description:'policy'
enabledFind policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.

filter=enabled:'true'
groupsEnter a host group ID to find the policy it's been assigned to.

filter=groups:'1ef3....b0fe'
modified_byThe username, email, or API client ID of the person who modified the policy, as identified in the policy object.

Values for this field follow the same rules as the created_by filter.
modified_timestampThe full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ)

The timezone is always UTC as denoted by the suffix "Z".

Values for this field follow the same rules as the created_timestamp filter.
namePerforms a free text search on single words found in a policy name.

Values must be entered as lowercase and enclosed in single quotes.

You can provide multiple name values separated by an &.

filter=name:'test'
name.rawFilters on exact matches to the full policy name.

Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters.

filter=name.raw:'Test sensor update Policy'
platform_nameThe name of the operating system listed in the policy.

One of:
  • Windows
  • Mac
  • Linux
filter=platform_name:'Windows'

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_policy_members(id="string",
                                       filter="string",
                                       offset=integer,
                                       limit=integer,
                                       sort="string"
                                       )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.querySensorUpdatePolicyMembers(id="string",
                                                 filter="string",
                                                 offset=integer,
                                                 limit=integer,
                                                 sort="string"
                                                 )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("querySensorUpdatePolicyMembers",
                          id="string",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

querySensorUpdatePolicies

Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria

PEP8 method name

query_policies

Endpoint

MethodRoute
GET/policy/queries/sensor-update/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

No Uber Class Support
querystringThe filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail.
limit
Service Class Support

No Uber Class Support
queryintegerThe maximum number of records to return. [1-5000]
offset
Service Class Support

No Uber Class Support
queryintegerThe offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
sort
Service Class Support

No Uber Class Support
querystringThe property to sort by in FQL syntax. Supports asc or desc.

Available sort options:
  • created_by
  • created_timestamp
  • enabled
  • modified_by
  • modified_timestamp
  • name
  • platform_name
  • precedence
Available filters

The following fields can be used to filter results retrieved from the API.

NameDescription
created_byThe username, email, or API client ID of the person who created the policy, as identified in the policy object.

When specifying an email address, use a letter p as an operator so that the @ sign is accepted.

You can also search by using the email username or the domain as the value.

For example, to filter on policies created by the email address [email protected]:
filter=created_by:p'[email protected]' (correct)
filter=created_by:'diana.hudson' (correct)
filter=created_by:'email.com' (correct)

filter=created_by:'diana' (incorrect)

Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b:
filter=created_by:'7a12....721b' (correct)

filter=created_by:'api-client-id:7a12....721b' (incorrect)
filter=created_by:'api-client-id' (incorrect)
created_timestampThe full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ)

The timezone is always UTC as denoted by the suffix "Z".

filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
descriptionSearch for a term found in the policy description. The value must be entered in lowercase.

filter=description:'policy'
enabledFind policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.

filter=enabled:'true'
groupsEnter a host group ID to find the policy it's been assigned to.

filter=groups:'1ef3....b0fe'
modified_byThe username, email, or API client ID of the person who modified the policy, as identified in the policy object.

Values for this field follow the same rules as the created_by filter.
modified_timestampThe full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ)

The timezone is always UTC as denoted by the suffix "Z".

Values for this field follow the same rules as the created_timestamp filter.
namePerforms a free text search on single words found in a policy name.

Values must be entered as lowercase and enclosed in single quotes.

You can provide multiple name values separated by an &.

filter=name:'test'
name.rawFilters on exact matches to the full policy name.

Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters.

filter=name.raw:'Test sensor update Policy'
platform_nameThe name of the operating system listed in the policy.

One of:
  • Windows
  • Mac
  • Linux
filter=platform_name:'Windows'

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_policies(filter="string",
                                 offset=integer,
                                 limit=integer,
                                 sort="string"
                                 )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.querySensorUpdatePolicies(filter="string",
                                            offset=integer,
                                            limit=integer,
                                            sort="string"
                                            )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("querySensorUpdatePolicies",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)