Using the Real Time Response Admin service collection
This service collection has code examples posted to the repository.
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Batch executes a RTR administrator command across the hosts mapped to the given batch ID. | ||||
| Get status of an executed RTR administrator command on a single host. | ||||
| Execute a RTR administrator command on a single host. | ||||
| Get Falcon scripts with metadata and content of script | ||||
| Get put-files based on the ID's given. These are used for the RTR put command. | ||||
| Get put-files based on the ID's given. These are used for the RTR put command. | ||||
| Upload a new put-file to use for the RTR put command. | ||||
| Delete a put-file based on the ID given. Can only delete one file at a time. | ||||
| Get custom-scripts based on the ID's given. These are used for the RTR runscript command. | ||||
| Get custom-scripts based on the ID's given. These are used for the RTR runscript command. | ||||
| Get a list of Falcon script IDs available to the user to run | ||||
| Upload a new custom-script to use for the RTR runscript command. | ||||
| Delete a custom-script based on the ID given. Can only delete one script at a time. | ||||
| Upload a new scripts to replace an existing one. | ||||
| Get a list of put-file ID's that are available to the user for the put command. | ||||
| Get a list of custom-script ID's that are available to the user for the runscript command. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
BatchAdminCmd
Batch executes a RTR administrator command across the hosts mapped to the given batch ID.
PEP8 method name
batch_admin_command
Endpoint
| Method | Route |
|---|---|
 | /real-time-response/combined/batch-admin-command/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |  |  | body | dictionary | Full body payload in JSON format. |
| base_command | |  | body | string | Active Responder base command to perform. For example: get or cp. Refer to this list for a complete listing of available commands. |
| batch_id | | | body | string | RTR Batch ID to execute the command against. Received from batch_init_session. |
| command_string | | | body | string | Full command line of the command to execute. Example: get some_file.txt. |
| host_timeout_duration | | | query | string | Timeout duration for for how long a host has to complete processing in duration syntax. Example, 10s. Valid units: ns, us, ms, s, m, h. Maximum is 10 minutes. |
| optional_hosts | | | body | string or list of strings | List of the subset of hosts we want to impact by this command. Allows for filtering of hosts from execution within the same batch. |
| persist_all | | | body | boolean | Flag indicating if this command should be executed when the host returns to service. |
| timeout | | | query | integer | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 10 minutes. |
| timeout_duration | | | query | string | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s. Valid units: ns, us, ms, s, m, h. Maximum is 10 minutes. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Available base commands
| Command | Description | Operating System |
|---|---|---|
cat | View file contents |  |
cd | Change directory | |
clear | Clear the screen | |
cp | Copy a file | |
csrutil | Get system integrity protection status |  |
encrypt | Encrypt a file | |
env | Display environment variables | |
eventlog | Inspect the event log. Subcommands:
eventlog backup is the recommended solution as opposed to eventlog export, as this method is faster and follows industry-standard file format. |  |
filehash | Calculate a file hash (MD5 or SHA256) | |
get | Retrieve a file | |
getsid | Retrieve the current SID | |
help | Access help for a specific command or sub-command | |
history | Review command history for the current user | |
ifconfig | Review TCP configuration |  |
ipconfig | Review TCP configuration | |
kill | Kill a running process | |
ls | List the contents of a directory | |
map | Map a UNC (SMB) path to a drive letter | |
memdump | Dump memory of a running process | |
mkdir | Create a directory | |
mount | Mount a file system (MacOS, Linux) or list available drives (Windows) | |
mv | Move a file | |
netstat | Retrieve network connection detail | |
ps | List running processes | |
put | Put a file onto a remote host | |
put-and-run | Put a file onto a remote host and then execute it. The put-and-run command reduces the potential for user error in file selection by ensuring that the file ‘put’ on the host is the same file that is ‘run’ on the host. | |
reg | Registry operations. Subcommands:
| |
restart | Restart the system | |
rm | Remove a file | |
run | Run an executable | |
runscript | Run a script | |
shutdown | Shutdown the system | |
tar | Compress a file or directory into a tar file | |
unmap | Unmap a UNC (SMB) path from a drive letter | |
unmount | Unmount a file system | |
update | Install patches through Windows Update. Subcommands:
| |
users | Get details about local users | |
xmemdump | Dump complete memory (kernel) for the system | |
zip | Create a zip archive | |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
response = falcon.batch_admin_command(base_command="string",
batch_id="string",
command_string="string",
optional_hosts=target_hosts,
persist_all=boolean,
timeout=integer,
timeout_duration="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
response = falcon.BatchAdminCmd(base_command="string",
batch_id="string",
command_string="string",
optional_hosts=target_hosts,
persist_all=boolean,
timeout=integer,
timeout_duration="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
BODY = {
"base_command": "string",
"batch_id": "string",
"command_string": "string",
"optional_hosts": target_hosts,
"persist_all": true
}
response = falcon.command("BatchAdminCmd",
timeout=integer,
timeout_duration="string",
body=BODY
)
print(response)
Back to Table of Contents
RTR_CheckAdminCommandStatus
Get status of an executed RTR administrator command on a single host.
PEP8 method name
check_admin_command_status
Endpoint
| Method | Route |
|---|---|
 | /real-time-response/entities/admin-command/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cloud_request_id | | | query | string | Cloud Request ID of the executed command to query. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| sequence_id | | | query | integer | Sequence ID that we want to retrieve. Command responses are chunked across sequences. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.check_admin_command_status(cloud_request_id="string", sequence_id=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_CheckAdminCommandStatus(cloud_request_id="string", sequence_id=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_CheckAdminCommandStatus",
cloud_request_id="string",
sequence_id=integer
)
print(response)
Back to Table of Contents
RTR_ExecuteAdminCommand
Execute a RTR administrator command on a single host.
PEP8 method name
execute_admin_command
Endpoint
| Method | Route |
|---|---|
| /real-time-response/entities/admin-command/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| base_command | | | body | string | Active Responder base command to perform. For example: get or cp. Refer to this list for a complete listing of available commands. |
| session_id | | | body | string | RTR Session ID to execute the command against. Received from init_session. |
| command_string | | | body | string | Full command line of the command to execute. Example: get some_file.txt. |
| persist | | | body | boolean | Flag indicating if this command should be executed when the host returns to service. |
Available base commands
| Command | Description | Operating System |
|---|---|---|
cat | View file contents | |
cd | Change directory | |
clear | Clear the screen | |
cp | Copy a file | |
csrutil | Get system integrity protection status | |
encrypt | Encrypt a file | |
env | Display environment variables | |
eventlog | Inspect the event log. Subcommands:
eventlog backup is the recommended solution as opposed to eventlog export, as this method is faster and follows industry-standard file format. | |
filehash | Calculate a file hash (MD5 or SHA256) | |
get | Retrieve a file | |
getsid | Retrieve the current SID | |
help | Access help for a specific command or sub-command | |
history | Review command history for the current user | |
ifconfig | Review TCP configuration | |
ipconfig | Review TCP configuration | |
kill | Kill a running process | |
ls | List the contents of a directory | |
map | Map a UNC (SMB) path to a drive letter | |
memdump | Dump memory of a running process | |
mkdir | Create a directory | |
mount | Mount a file system (MacOS, Linux) or list available drives (Windows) | |
mv | Move a file | |
netstat | Retrieve network connection detail | |
ps | List running processes | |
put-and-run | Put a file onto a remote host and then execute it. The put-and-run command reduces the potential for user error in file selection by ensuring that the file ‘put’ on the host is the same file that is ‘run’ on the host. | |
reg | Registry operations. Subcommands:
| |
restart | Restart the system | |
rm | Remove a file | |
run | Run an executable | |
runscript | Run a script | |
shutdown | Shutdown the system | |
tar | Compress a file or directory into a tar file | |
unmap | Unmap a UNC (SMB) path from a drive letter | |
unmount | Unmount a file system | |
update | Install patches through Windows Update. Subcommands:
| |
users | Get details about local users | |
xmemdump | Dump complete memory (kernel) for the system | |
zip | Create a zip archive | |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.execute_admin_command(base_command="string",
session_id="string",
command_string="string",
persist=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_ExecuteAdminCommand(base_command="string",
session_id="string",
command_string="string",
persist=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
BODY = {
"base_command": "string",
"command_string": "string",
"persist": true,
"session_id": "string"
}
response = falcon.command("RTR_ExecuteAdminCommand", body=BODY)
print(response)
Back to Table of Contents
RTR_GetFalconScripts
Get Falcon scripts with metadata and content of script
PEP8 method name
get_falcon_scripts
Endpoint
| Method | Route |
|---|---|
| /real-time-response/entities/falcon-scripts/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | array (string) | IDs of the Falcon scripts you want to retrieve |
Usage
Service class example (PEP8 syntax)
from falconpy.real_time_response_admin import RealTimeResponseAdmin
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_falcon_scripts(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.RTR_GetFalconScripts(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("RTR_GetFalconScripts", ids=id_list)
print(response)
Back to Table of Contents
RTR_GetPut_Files
Get put-files based on the ID's given. These are used for the RTR put command.
PEP8 method name
get_put_files
Endpoint
| Method | Route |
|---|---|
| /real-time-response/entities/put-files/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | File IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_put_files(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.RTR_GetPut_Files(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("RTR_GetPut_Files", ids=id_list)
print(response)
Back to Table of Contents
RTR_GetPut_FilesV2
Get put-files based on the ID's given. These are used for the RTR put command.
PEP8 method name
get_put_files_v2
Endpoint
| Method | Route |
|---|---|
| /real-time-response/entities/put-files/v2 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | File IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_put_files_v2(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.RTR_GetPut_FilesV2(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("RTR_GetPut_FilesV2", ids=id_list)
print(response)
Back to Table of Contents
RTR_CreatePut_Files
Upload a new put-file to use for the RTR put command.
PEP8 method name
create_put_files
Endpoint
| Method | Route |
|---|---|
| /real-time-response/entities/put-files/v1 |
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comments_for_audit_log | | | formData | string | A descriptive comment for the audit log. |
| data | | | formData | file | Full formData payload in JSON format. |
| description | | | formData | string | File description. |
| name | | | formData | string | File name (if different than actual file name). |
| files | | | query | list of tuples | File(s) to be uploaded. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
filename = "somefile.ext"
with open(filename, "rb") as upload_file:
file_upload = [('file', ('MyPutFile', upload_file.read(), 'application/octet-stream'))]
response = falcon.create_put_files(comments_for_audit_log="string",
description="string",
name="string",
files=file_upload
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
filename = "somefile.ext"
with open(filename, "rb") as upload_file:
file_upload = [('file', ('MyPutFile', upload_file.read(), 'application/octet-stream'))]
response = falcon.RTR_CreatePut_Files(comments_for_audit_log="string",
description="string",
name="string",
files=file_upload
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PAYLOAD = {
"description": "string",
"name": "string",
"comments_for_audit_log": "string"
}
filename = "somefile.ext"
with open(filename, "rb") as upload_file:
file_upload = [('file', ('MyPutFile', upload_file.read(), 'application/octet-stream'))]
response = falcon.command("RTR_CreatePut_Files", data=PAYLOAD, files=file_upload)
print(response)
Back to Table of Contents
RTR_DeletePut_Files
Delete a put-file based on the ID given. Can only delete one file at a time.
PEP8 method name
delete_put_files
Endpoint
| Method | Route |
|---|---|
 | /real-time-response/entities/put-files/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | File IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_put_files(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.RTR_DeletePut_Files(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("RTR_DeletePut_Files", ids=id_list)
print(response)
Back to Table of Contents
RTR_GetScripts
Get custom-scripts based on the ID's given. These are used for the RTR runscript command.
PEP8 method name
get_scripts
Endpoint
| Method | Route |
|---|---|
| /real-time-response/entities/scripts/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | File IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scripts(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.RTR_GetScripts(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("RTR_GetScripts", ids=id_list)
print(response)
Back to Table of Contents
RTR_GetScriptsV2
Get custom-scripts based on the ID's given. These are used for the RTR runscript command.
PEP8 method name
get_scripts_v2
Endpoint
| Method | Route |
|---|---|
| /real-time-response/entities/scripts/v2 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | File IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scripts_v2(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.RTR_GetScriptsV2(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("RTR_GetScriptsV2", ids=id_list)
print(response)
Back to Table of Contents
RTR_CreateScripts
Upload a new custom-script to use for the RTR runscript command.
PEP8 method name
create_scripts
Endpoint
| Method | Route |
|---|---|
| /real-time-response/entities/scripts/v1 |
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comments_for_audit_log | | | formData | string | A descriptive comment for the audit log. |
| content | | | formData | string | The text contents you want to use for the script. Takes place of a file upload. |
| data | | | formData | file | Full formData payload in JSON format. |
| description | | | formData | string | File description. |
| name | | | formData | string | File name (if different than actual file name). |
| permission_type | | | formData | string | Permissions for the custom-script. Valid permission values include:
|
| platform | | | formData | list of strings | Platform for the script. Currently supports windows, mac, and linux. If no platform is provided, windows is assumed. |
| files | | | query | list of tuples | File(s) to be uploaded. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
filename = "somefile.ext"
with open(filename, "rb") as upload_file:
file_upload = [('file', ('MyScript', upload_file.read(), 'application/script'))]
response = falcon.create_scripts(comments_for_audit_log="string",
description="string",
name="string",
files=file_upload,
platform=["string"],
permission_type="string",
content="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
filename = "somefile.ext"
with open(filename, "rb") as upload_file:
file_upload = [('file', ('MyScript', upload_file.read(), 'application/script'))]
response = falcon.RTR_CreateScripts(comments_for_audit_log="string",
description="string",
name="string",
files=file_upload,
platform=["string"],
permission_type="string",
content="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PAYLOAD = {
"description": "string",
"name": "string",
"comments_for_audit_log": "string",
"permission_type": "string",
"content": "string",
"platform": [
"string",
"string"
]
}
filename = "somefile.ext"
with open(filename, "rb") as upload_file:
file_upload = [('file', ('MyScript', upload_file.read(), 'application/script'))]
response = falcon.command("RTR_CreateScripts", data=PAYLOAD, files=file_upload)
print(response)
Back to Table of Contents
RTR_DeleteScripts
Delete a custom-script based on the ID given. Can only delete one script at a time.
PEP8 method name
delete_scripts
Endpoint
| Method | Route |
|---|---|
| /real-time-response/entities/scripts/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | File IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_scripts(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.RTR_DeleteScripts(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("RTR_DeleteScripts", ids=id_list)
print(response)
Back to Table of Contents
RTR_UpdateScripts
Upload a new scripts to replace an existing one.
PEP8 method name
update_scripts
Endpoint
| Method | Route |
|---|---|
 | /real-time-response/entities/scripts/v1 |
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comments_for_audit_log | | | formData | string | A descriptive comment for the audit log. |
| content | | | formData | string | The text contents you want to use for the script. Takes place of a file upload. |
| data | | | formData | file | Full formData payload in JSON format. |
| description | | | formData | string | File description. |
| id | | | formData | string | The ID of the script to be updated. |
| name | | | formData | string | File name (if different than actual file name). |
| permission_type | | | formData | string | Permissions for the custom-script. Valid permission values include:
|
| platform | | | formData | list of strings | Platform for the script. Currently supports windows, mac, and linux. If no platform is provided, windows is assumed. |
| files | | | query | list of tuples | File(s) to be uploaded. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
file_upload = [('file', ('file.ext', open('file.ext','rb').read(), 'application/script'))]
response = falcon.update_scripts(comments_for_audit_log="string",
description="string",
id="string",
name="string",
files=file_upload,
platform=["string"],
permission_type="string",
content="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
file_upload = [('file', ('file.ext', open('file.ext','rb').read(), 'application/script'))]
response = falcon.RTR_UpdateScripts(comments_for_audit_log="string",
description="string",
id="string",
name="string",
files=file_upload,
platform=["string"],
permission_type="string",
content="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PAYLOAD = {
"id": "string",
"description": "string",
"name": "string",
"comments_for_audit_log": "string",
"permission_type": "string",
"content": "string",
"platform": [
"string",
"string"
]
}
file_upload = [('file', ('file.ext', open('file.ext','rb').read(), 'application/script'))]
response = falcon.command("RTR_UpdateScripts", data=PAYLOAD, files=file_upload)
print(response)
Back to Table of Contents
RTR_ListFalconScripts
Get a list of Falcon script IDs available to the user to run
PEP8 method name
list_falcon_scripts
Endpoint
| Method | Route |
|---|---|
| /real-time-response/queries/falcon-scripts/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Optional filter criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon. |
| offset | | | query | integer | Starting index of overall result set from which to return ids. |
| limit | | | query | integer | Number of ids to return. |
| sort | | | query | string | Sort by spec. Ex: 'created_at |
Usage
Service class example (PEP8 syntax)
from falconpy.real_time_response_admin import RealTimeResponseAdmin
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_falcon_scripts(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_ListFalconScripts(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_ListFalconScripts",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Back to Table of Contents
RTR_ListPut_Files
Get a list of put-file ID's that are available to the user for the put command.
PEP8 method name
list_put_files
Endpoint
| Method | Route |
|---|---|
| /real-time-response/queries/put-files/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL query expression that should be used to limit the results.user_id can accept a special value ‘@me’ which will restrict results to records with current user’s ID. |
| limit | | | query | integer | Maximum number of records to return. |
| offset | | | query | string | Starting index of overall result set from which to return ids. |
| sort | | | query | string | The property to sort by. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_put_files(filter="string",
offset="string",
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_ListPut_Files(filter="string",
offset="string",
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_ListPut_Files",
filter="string",
offset="string",
limit=integer,
sort="string"
)
print(response)
Back to Table of Contents
RTR_ListScripts
Get a list of custom-script ID's that are available to the user for the runscript command.
PEP8 method name
list_scripts
Endpoint
| Method | Route |
|---|---|
| /real-time-response/queries/scripts/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL query expression that should be used to limit the results.user_id can accept a special value ‘@me’ which will restrict results to records with current user’s ID. |
| limit | | | query | integer | Maximum number of records to return. |
| offset | | | query | string | Starting index of overall result set from which to return ids. |
| sort | | | query | string | The property to sort by. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_scripts(filter="string",
offset="string",
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponseAdmin
# Do not hardcode API credentials!
falcon = RealTimeResponseAdmin(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_ListScripts(filter="string",
offset="string",
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_ListScripts",
filter="string",
offset="string",
limit=integer,
sort="string"
)
print(response)
Back to Table of Contents