CrowdStrike Falcon CrowdStrike Subreddit

Using the Spotlight Evaluation Logic service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
combinedQueryEvaluationLogic
PEP8query_evaluation_logic_combined
Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.
getEvaluationLogic
PEP8get_evaluation_logic
Get details on evaluation logic items by providing one or more IDs.
queryEvaluationLogic
PEP8query_evaluation_logic
Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

combinedQueryEvaluationLogic

Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.

PEP8 method name

query_evaluation_logic_combined

Endpoint

MethodRoute
GET/spotlight/combined/evaluation-logic/v1

Required Scope

spotlight-vulnerabilities:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
after
Service Class Support

Uber Class Support
querystringA pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of entities to return.
filter
Service Class Support

Uber Class Support
querystringFQL query specifying the filter parameters.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
sort
Service Class Support

Uber Class Support
querystringSort evaluation logic by their properties.

Usage

Service class example (PEP8 syntax)
from falconpy.spotlight_evaluation_logic import SpotlightEvaluationLogic

# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.query_evaluation_logic_combined(after="string",
                                                  limit=integer,
                                                  filter="string",
                                                  sort="string"
                                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import SpotlightEvaluationLogic

# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.combinedQueryEvaluationLogic(after="string",
                                               limit=integer,
                                               filter="string",
                                               sort="string"
                                               )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("combinedQueryEvaluationLogic",
                          after="string",
                          limit=integer,
                          filter="string",
                          sort="string"
                          )
print(response)

getEvaluationLogic

Get details on evaluation logic items by providing one or more IDs.

PEP8 method name

get_evaluation_logic

Endpoint

MethodRoute
GET/spotlight/entities/evaluation-logic/v1

Required Scope

spotlight-vulnerabilities:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querylist of stringsOne or more evaluation logic IDs.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy.spotlight_evaluation_logic import SpotlightEvaluationLogic

# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_evaluation_logic(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import SpotlightEvaluationLogic

# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getEvaluationLogic(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getEvaluationLogic", ids=id_list)
print(response)

queryEvaluationLogic

Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.

PEP8 method name

query_evaluation_logic

Endpoint

MethodRoute
GET/spotlight/queries/evaluation-logic/v1

Required Scope

spotlight-vulnerabilities:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
after
Service Class Support

Uber Class Support
querystringA pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of entities to return.
filter
Service Class Support

Uber Class Support
querystringFQL query specifying the filter parameters.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
sort
Service Class Support

Uber Class Support
querystringSort evaluation logic by their properties.

Usage

Service class example (PEP8 syntax)
from falconpy.spotlight_evaluation_logic import SpotlightEvaluationLogic

# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.query_evaluation_logic(after="string",
                                         limit=integer,
                                         filter="string",
                                         sort="string"
                                         )
print(response)
Service class example (Operation ID syntax)
from falconpy import SpotlightEvaluationLogic

# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.queryEvaluationLogic(after="string",
                                       limit=integer,
                                       filter="string",
                                       sort="string"
                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryEvaluationLogic",
                          after="string",
                          limit=integer,
                          filter="string",
                          sort="string"
                          )
print(response)