Using the Sensor Update Policy service collection
This service collection has code examples posted to the repository.
Table of Contents
Operation ID | Description | ||||
---|---|---|---|---|---|
| Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id' | ||||
| Retrieve available builds for use with Sensor Update Policies | ||||
| Retrieve kernel compatibility info for Sensor Update Builds | ||||
| Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria | ||||
| Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria | ||||
| Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria | ||||
| Perform the specified action on the Sensor Update Policies specified in the request | ||||
| Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence | ||||
| Retrieve a set of Sensor Update Policies by specifying their IDs | ||||
| Create Sensor Update Policies by specifying details about the policy to create | ||||
| Delete a set of Sensor Update Policies by specifying their IDs | ||||
| Update Sensor Update Policies by specifying the ID of the policy and details to update | ||||
| Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs | ||||
| Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection | ||||
| Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection | ||||
| Retrieve kernel compatibility info for Sensor Update Builds | ||||
| Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria | ||||
| Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria |
Passing credentials
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
revealUninstallToken
Reveals an uninstall token for a specific device or the bulk maintenace token.
To retrieve the bulk maintenance token pass the value MAINTENANCE as the value for device_id
.
PEP8 method name
reveal_uninstall_token
Endpoint
Method | Route |
---|---|
/policy/combined/reveal-uninstall-token/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
audit_message | body | string | Message to list in the audit log for this action. | ||
body | body | dictionary | Full body payload in JSON format. | ||
device_id | body | string | Device ID to retrieve the uninstall token for. Pass the value MAINTENANCE here to retrieve the bulk maintenance token. |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.reveal_uninstall_token(audit_message="string",
device_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.revealUninstallToken(audit_message="string",
device_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"audit_message": "string",
"device_id": "string"
}
response = falcon.command("revealUninstallToken", body=BODY)
print(response)
queryCombinedSensorUpdateBuilds
Retrieve available builds for use with Sensor Update Policies
PEP8 method name
query_combined_builds
Endpoint
Method | Route |
---|---|
/policy/combined/sensor-update-builds/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
platform | query | string | The platform to return builds for. Allowed values:
| ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
stage | query | string or list of strings | The stages to return builds for. |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
stages = 'STAGE1,STAGE2,STAGE3' # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']
response = falcon.query_combined_builds(platform="string", stage=stages)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
stages = 'STAGE1,STAGE2,STAGE3' # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']
response = falcon.queryCombinedSensorUpdateBuilds(platform="string", stage=stages)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
stages = 'STAGE1,STAGE2,STAGE3' # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']
response = falcon.command("queryCombinedSensorUpdateBuilds", platform="string", stage=stages)
print(response)
queryCombinedSensorUpdateKernels
Retrieve kernel compatibility info for Sensor Update Builds
PEP8 method name
query_combined_kernels
Endpoint
Method | Route |
---|---|
/policy/combined/sensor-update-kernels/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | The filter expression that should be used to limit the results using FQL syntax. | ||
limit | query | integer | The maximum number of records to return. [1-500] | ||
offset | query | integer | The offset to start retrieving records from. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_kernels(filter="string",
offset=integer,
limit=integer,
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdateKernels(filter="string",
offset=integer,
limit=integer,
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdateKernels",
filter="string",
offset=integer,
limit=integer,
)
print(response)
queryCombinedSensorUpdatePolicyMembers
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
PEP8 method name
query_combined_policy_members
Endpoint
Method | Route |
---|---|
/policy/combined/sensor-update-members/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id | query | string | The ID of the Sensor Update Policy to search for members of. | ||
filter | query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. | ||
limit | query | integer | The maximum number of records to return. [1-5000] | ||
offset | query | integer | The offset to start retrieving records from. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
sort | query | string | The property to sort by in FQL syntax. Supports asc or desc .Available sort options:
|
Available filters
The following fields can be used to filter results retrieved from the API.
Name | Description |
---|---|
created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z' |
description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy' |
enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true' |
groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe' |
modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an & .filter=name:'test' |
name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy' |
platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows' |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_policy_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdatePolicyMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdatePolicyMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
queryCombinedSensorUpdatePolicies
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
PEP8 method name
query_combined_policies
Endpoint
Method | Route |
---|---|
/policy/combined/sensor-update/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. | ||
limit | query | integer | The maximum number of records to return. [1-5000] | ||
offset | query | integer | The offset to start retrieving records from. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
sort | query | string | The property to sort by in FQL syntax. Supports asc or desc .Available sort options:
|
Available filters
The following fields can be used to filter results retrieved from the API.
Name | Description |
---|---|
created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z' |
description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy' |
enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true' |
groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe' |
modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an & .filter=name:'test' |
name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy' |
platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows' |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_policies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdatePolicies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdatePolicies",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
queryCombinedSensorUpdatePoliciesV2
Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
PEP8 method name
query_combined_policies_v2
Endpoint
Method | Route |
---|---|
/policy/combined/sensor-update/v2 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. | ||
limit | query | integer | The maximum number of records to return. [1-5000] | ||
offset | query | integer | The offset to start retrieving records from. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
sort | query | string | The property to sort by in FQL syntax. Supports asc or desc .Available sort options:
|
Available filters
The following fields can be used to filter results retrieved from the API.
Name | Description |
---|---|
created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z' |
description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy' |
enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true' |
groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe' |
modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an & .filter=name:'test' |
name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy' |
platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows' |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_policies_v2(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdatePoliciesV2(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdatePoliciesV2",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
performSensorUpdatePoliciesAction
Perform the specified action on the Sensor Update Policies specified in the request
PEP8 method name
perform_policies_action
Endpoint
Method | Route |
---|---|
/policy/entities/sensor-update-actions/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
action_name | query | string | Specify one of these actions:
| ||
action_parameters | body | list of dictionaries | Action specific parameter options. { "name": "string", "value": "string" } | ||
body | body | dictionary | Full body payload in JSON format. | ||
group_id | body action_parameters | string | Host Group ID to apply the policy to. String. Overridden if action_parameters is specified. | ||
ids | body | string or list of strings | The ID of the Sensor Update Policy you want to impact. If you provide IDs to the method using this keyword, you do not have to provide a body payload. (Service class usage only) | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.perform_policies_action(action_name="string",
group_id="HOST_GROUP_ID",
ids="ID_TO_UPDATE"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Can also be provided as the keyword `group_id`
act_params = [{
"name": "group_id",
"value": "HOST_GROUP_ID"
}]
response = falcon.performSensorUpdatePoliciesAction(action_name="string",
action_parameters=act_params,
ids="ID_TO_UPDATE"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Only one ID may be updated at a time
BODY = {
"action_parameters": [
{
"name": "group_id",
"value": "HOST_GROUP_ID"
}
],
"ids": ["ID_TO_UPDATE"]
}
response = falcon.command("performSensorUpdatePoliciesAction", action_name="string", body=BODY)
print(response)
# Can also use the following syntax
response = falcon.command("performSensorUpdatePoliciesAction",
action_name="string",
parameters=PARAMS,
body=BODY
)
print(response)
setSensorUpdatePoliciesPrecedence
Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
PEP8 method name
set_policies_precedence
Endpoint
Method | Route |
---|---|
/policy/entities/sensor-update-precedence/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
ids | body | string or list of strings | The ID of the Sensor Update Policy you want to impact. If you provide IDs to the method using this keyword, you do not have to provide a body payload. (Service class usage only) | ||
platform_name | body | string | Operating System platform name. |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.set_policies_precedence(ids=id_list, platform_name="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.setSensorUpdatePoliciesPrecedence(ids=id_list, platform_name="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = ['ID1', 'ID2', 'ID3']
BODY = {
"ids": id_list,
"platform_name": "Windows"
}
response = falcon.command("setSensorUpdatePoliciesPrecedence", body=BODY)
print(response)
getSensorUpdatePolicies
Retrieve a set of Sensor Update Policies by specifying their IDs
PEP8 method name
get_policies
Endpoint
Method | Route |
---|---|
/policy/entities/sensor-update/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | The IDs of the Sensor Update Policy to retrieve. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getSensorUpdatePolicies(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getSensorUpdatePolicies", ids=id_list)
print(response)
createSensorUpdatePolicies
Create Sensor Update Policies by specifying details about the policy to create
PEP8 method name
create_policies
Endpoint
Method | Route |
---|---|
/policy/entities/sensor-update/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
build | body | string | Build this Sensor update policy applies to. | ||
description | body | string | Sensor update policy description. | ||
name | body | string | Name of the Sensor Update policy. | ||
platform_name | body | string | Name of the OS platform the Sensor Update policy applies to. | ||
settings | body | dictionary | Sensor Update policy specific settings. Overrides the value of build if present.{ "build": "string" } |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_policies(build="string",
description="string",
name="string",
platform_name="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.createSensorUpdatePolicies(build="string",
description="string",
name="string",
platform_name="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"name": "string",
"platform_name": "string",
"settings": {
"build": "string"
}
}
]
}
response = falcon.command("createSensorUpdatePolicies", body=BODY)
print(response)
deleteSensorUpdatePolicies
Delete a set of Sensor Update Policies by specifying their IDs
PEP8 method name
delete_policies
Endpoint
Method | Route |
---|---|
/policy/entities/sensor-update/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | The IDs of the Sensor Update policies to delete. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteSensorUpdatePolicies(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteSensorUpdatePolicies", ids=id_list)
print(response)
updateSensorUpdatePolicies
Update Sensor Update Policies by specifying the ID of the policy and details to update
PEP8 method name
update_policies
Endpoint
Method | Route |
---|---|
/policy/entities/sensor-update/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
build | body | string | Build this Sensor update policy applies to. | ||
description | body | string | Sensor update policy description. | ||
id | body | string | ID the Sensor Update policy to update. | ||
name | body | string | Name of the Sensor Update policy. | ||
settings | body | dictionary | Sensor Update policy specific settings. Overrides the value of build if present.{ "build": "string" } |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_policies(build="string",
description="string",
name="string",
id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.updateSensorUpdatePolicies(build="string",
description="string",
name="string",
id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"id": "string",
"name": "string",
"settings": {
"build": "string"
}
}
]
}
response = falcon.command("updateSensorUpdatePolicies", body=BODY)
print(response)
getSensorUpdatePoliciesV2
Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs
PEP8 method name
get_policies_v2
Endpoint
Method | Route |
---|---|
/policy/entities/sensor-update/v2 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | The IDs of the Sensor Update policies to retrieve. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policies_v2(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getSensorUpdatePoliciesV2(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getSensorUpdatePoliciesV2", ids=id_list)
print(response)
createSensorUpdatePoliciesV2
Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection
PEP8 method name
create_policies_v2
Endpoint
Method | Route |
---|---|
/policy/entities/sensor-update/v2 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
build | body | string | Build this Sensor update policy applies to. Ignored if settings is provided. | ||
description | body | string | Sensor update policy description. | ||
name | body | string | Name of the Sensor Update policy. | ||
platform_name | body | string | Name of the OS platform the Sensor Update policy applies to. | ||
scheduler | body | dictionary | Dictionary containing details for the schedule. Ignored if settings is provided. | ||
settings | body | dictionary | Sensor Update policy specific settings. Overrides the value of build , scheduler , show_early_adopter_builds , uninstall_protection , and variants if present. | ||
show_early_adopter_builds | body | boolean | Flag indicating if early adopter builds should be shown as part of this policy. Ignored if settings is provided. | ||
uninstall_protection | body | string | Boolean indicating if uninstall protection should be enabled. Ignored if settings is provided.Allowed values:
| ||
variants | body | list of dictionaries | List of dictionaries containing details for variants to include in the policy. Ignored if settings is provided.[{ "build": "string", "platform": "string" }] |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.create_policies_v2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.createSensorUpdatePoliciesV2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule,
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"name": "string",
"platform_name": "string",
"settings": {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
}
]
}
response = falcon.command("createSensorUpdatePoliciesV2", body=BODY)
print(response)
updateSensorUpdatePoliciesV2
Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection
PEP8 method name
update_policies_v2
Endpoint
Method | Route |
---|---|
/policy/entities/sensor-update/v2 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
build | body | string | Build this Sensor update policy applies to. Ignored if settings is provided. | ||
description | body | string | Sensor update policy description. | ||
id | body | string | ID of the Sensor Update policy to update. | ||
name | body | string | Name of the Sensor Update policy. | ||
scheduler | body | dictionary | Dictionary containing details for the schedule. Ignored if settings is provided. | ||
settings | body | dictionary | Sensor Update policy specific settings. Overrides the value of build , scheduler , show_early_adopter_builds , uninstall_protection , and variants if present. | ||
show_early_adopter_builds | body | boolean | Flag indicating if early adopter builds should be shown as part of this policy. Ignored if settings is provided. | ||
uninstall_protection | body | string | Boolean indicating if uninstall protection should be enabled. Ignored if settings is provided.Allowed values:
| ||
variants | body | list of dictionaries | List of dictionaries containing details for variants to include in the policy. Ignored if settings is provided.[{ "build": "string", "platform": "string" }] |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.update_policies_v2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule,
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.updateSensorUpdatePoliciesV2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule,
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"name": "string",
"platform_name": "string",
"settings": {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
}
]
}
response = falcon.command("updateSensorUpdatePoliciesV2", body=BODY)
print(response)
querySensorUpdateKernelsDistinct
Retrieve kernel compatibility info for Sensor Update Builds
PEP8 method name
query_kernels
Endpoint
Method | Route |
---|---|
/policy/queries/sensor-update-kernels/{}/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
distinct_field | path | string | The field name to get distinct values for. Default: id . | ||
filter | query | string | The filter expression that should be used to limit the results using FQL syntax. | ||
limit | query | integer | The maximum number of records to return. [1-500] | ||
offset | query | integer | The offset to start retrieving records from. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_kernels(distinct_field="string",
filter="string",
offset=integer,
limit=integer,
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.querySensorUpdateKernelsDistinct(distinct_field="string",
filter="string",
offset=integer,
limit=integer,
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("querySensorUpdateKernelsDistinct",
distinct_field="string",
filter="string",
offset=integer,
limit=integer,
)
print(response)
querySensorUpdatePolicyMembers
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
PEP8 method name
query_policy_members
Endpoint
Method | Route |
---|---|
/policy/queries/sensor-update-members/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id | query | string | The ID of the Sensor Update Policy to search for members of. | ||
filter | query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. | ||
limit | query | integer | The maximum number of records to return. [1-5000] | ||
offset | query | integer | The offset to start retrieving records from. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
sort | query | string | The property to sort by in FQL syntax. Supports asc or desc .Available sort options:
|
Available filters
The following fields can be used to filter results retrieved from the API.
Name | Description |
---|---|
created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z' |
description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy' |
enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true' |
groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe' |
modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an & .filter=name:'test' |
name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy' |
platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows' |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_policy_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.querySensorUpdatePolicyMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("querySensorUpdatePolicyMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
querySensorUpdatePolicies
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria
PEP8 method name
query_policies
Endpoint
Method | Route |
---|---|
/policy/queries/sensor-update/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. | ||
limit | query | integer | The maximum number of records to return. [1-5000] | ||
offset | query | integer | The offset to start retrieving records from. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
sort | query | string | The property to sort by in FQL syntax. Supports asc or desc .Available sort options:
|
Available filters
The following fields can be used to filter results retrieved from the API.
Name | Description |
---|---|
created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z' |
description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy' |
enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true' |
groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe' |
modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an & .filter=name:'test' |
name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy' |
platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows' |
Usage
Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_policies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.querySensorUpdatePolicies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("querySensorUpdatePolicies",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)