Using the Report Executions service collection

Table of Contents

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

report_executions_download_get

Get report entity download

PEP8 method name

get_download

Endpoint

Method	Route
	/reports/entities/report-executions-download/v1

Content-Type

• Consumes: application/json
• Produces: application/octet-stream

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	The report_execution id to download.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID HERE'

save_file = "some_file.ext"

response = falcon.get_download(ids=id_list)
open(save_file, 'wb').write(response)

Service class example (Operation ID syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID HERE'

save_file = "some_file.ext"

response = falcon.report_executions_download_get(ids=id_list)
open(save_file, 'wb').write(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID HERE'

save_file = "some_file.ext"

response = falcon.command("report_executions_download_get", ids=id_list)
open(save_file, 'wb').write(response)

report_executions_retry

Retry the execution of a report by ID.

PEP8 method name

retry_reports

Endpoint

Method	Route
	/reports/entities/report-executions-retry/v1

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	The report_execution ID(s) to retry execution.
body			query	dictionary	Full body payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID HERE'

response = falcon.retry_reports(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID HERE'

response = falcon.report_executions_retry(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

# To send multiple retries, pass a list of dictionaries, each holding one ID
BODY = {
    "id": "ID HERE"
}

response = falcon.command("report_executions_retry", body=BODY)
print(response)

report_executions_get

Retrieve report details for the provided report IDs.

PEP8 method name

get_reports

Endpoint

Method	Route
	/reports/entities/report-executions/v1

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	The report_execution id to get details about.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID HERE'

response = falcon.get_reports(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

id_list = 'ID1 HERE'

response = falcon.report_executions_get(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1 HERE'

response = falcon.command("report_executions_get", ids=id_list)
print(response)

report_executions_query

Find all report execution IDs matching the query with filter

PEP8 method name

query_reports

Endpoint

Method	Route
	/reports/queries/report-executions/v1

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	FQL query specifying the filter parameters. Filter term criteria: type scheduled_report_id status Filter range criteria: created_on last_updated_on expiration_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'
limit			query	integer	Number of ids to return.
offset			query	string	Starting index of overall result set from which to return ids.
parameters			query	dictionary	Full query string parameters payload in JSON format.
q			query	string	Match query criteria, which includes all the filter string fields.
sort			query	string	Possible order by fields: created_on last_updated_on

Usage

Service class example (PEP8 syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.query_reports(sort="string",
                                filter="string",
                                q="string",
                                offset="string",
                                limit=integer
                                )
print(response)

Service class example (Operation ID syntax)

from falconpy import ReportExecutions

# Do not hardcode API credentials!
falcon = ReportExecutions(client_id=CLIENT_ID,
                          client_secret=CLIENT_SECRET
                          )

response = falcon.report_executions_query(sort="string",
                                          filter="string",
                                          q="string",
                                          offset="string",
                                          limit=integer
                                          )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("report_executions_query",
                          sort="string",
                          filter="string",
                          q="string",
                          offset="string",
                          limit=integer
                          )
print(response)