Using the Report Executions service collection

Documentation Version

Operation ID

Description

report_executions_download_get
PEP 8	get_download

Get report entity download

report_executions_retry
PEP 8	retry_reports

Retry the execution of a report by ID.

report_executions_get
PEP 8	get_reports

Retrieve report details for the provided report IDs.

report_executions_query
PEP 8	query_reports

Find all report execution IDs matching the query with filter

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

report_executions_download_get

Get report entity download

PEP8 method name

get_download

Endpoint

Method	Route
	`/reports/entities/report-executions-download/v1`

Required Scope

Content-Type

Consumes: application/json
Produces: application/octet-stream

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	The report_execution id to download.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID HERE'

save_file = "some_file.ext"

response = falcon.get_download(ids=id_list)
open(save_file, 'wb').write(response)

Service class example (Operation ID syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID HERE'

save_file = "some_file.ext"

response = falcon.report_executions_download_get(ids=id_list)
open(save_file, 'wb').write(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID HERE'

save_file = "some_file.ext"

response = falcon.command("report_executions_download_get", ids=id_list)
open(save_file, 'wb').write(response)

report_executions_retry

Retry the execution of a report by ID.

PEP8 method name

retry_reports

Endpoint

Method	Route
	`/reports/entities/report-executions-retry/v1`

Required Scope

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	The report_execution ID(s) to retry execution.
body			query	dictionary	Full body payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID HERE'

response = falcon.retry_reports(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID HERE'

response = falcon.report_executions_retry(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

# To send multiple retries, pass a list of dictionaries, each holding one ID
BODY = {
    "id": "ID HERE"
}

response = falcon.command("report_executions_retry", body=BODY)
print(response)

report_executions_get

Retrieve report details for the provided report IDs.

PEP8 method name

get_reports

Endpoint

Method	Route
	`/reports/entities/report-executions/v1`

Required Scope

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	The report_execution id to get details about.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID HERE'

response = falcon.get_reports(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1 HERE'

response = falcon.report_executions_get(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1 HERE'

response = falcon.command("report_executions_get", ids=id_list)
print(response)

report_executions_query

Find all report execution IDs matching the query with filter

PEP8 method name

query_reports

Endpoint

Method	Route
	`/reports/queries/report-executions/v1`

Required Scope

Content-Type

Consumes: application/json
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	FQL query specifying the filter parameters. Filter term criteria: type scheduled_report_id status Filter range criteria: created_on last_updated_on expiration_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'
limit	query	integer	Number of ids to return.
offset	query	string	Starting index of overall result set from which to return ids.
parameters	query	dictionary	Full query string parameters payload in JSON format.
q	query	string	Match query criteria, which includes all the filter string fields.
sort	query	string	Possible order by fields: created_on last_updated_on

Usage

Service class example (PEP8 syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.query_reports(sort="string",
                                filter="string",
                                q="string",
                                offset="string",
                                limit=integer
                                )
print(response)

Service class example (Operation ID syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.report_executions_query(sort="string",
                                          filter="string",
                                          q="string",
                                          offset="string",
                                          limit=integer
                                          )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("report_executions_query",
                          sort="string",
                          filter="string",
                          q="string",
                          offset="string",
                          limit=integer
                          )
print(response)

The CrowdStrike Falcon Wiki for Python