Search for members of a Response policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
Search for Response Policies in your environment by providing a FQL filter and paging details. Returns a set of Response Policies which match the filter criteria
Sets the precedence of Response Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
Search for members of a Response policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
Search for Response Policies in your environment by providing a FQL filter with sort and/or paging details. This returns a set of Response Policy IDs that match the given criteria.
client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Search for members of a Response policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
Search for Response Policies in your environment by providing a FQL filter and paging details. Returns a set of Response Policies which match the filter criteria
from falconpy import ResponsePolicies
# Do not hardcode API credentials!
falcon = ResponsePolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Can also be provided using the keyword `group_id`
act_params = [{
"name": "group_id",
"value": "HOST_GROUP_ID"
}]
response = falcon.performRTResponsePoliciesAction(action_name="string",
action_parameters=act_params,
ids="ID_TO_UPDATE"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"action_name": "string"# Can also pass action_name using a keyword
}
act_params = [{
"name": "group_id",
"value": "HOST_GROUP_ID"
}]
# Only one ID may be updated at a time
BODY = {
"action_parameters": act_params,
"ids": ["ID_TO_UPDATE"]
}
response = falcon.command("performRTResponsePoliciesAction", parameters=PARAMS, body=BODY)
print(response)
Sets the precedence of Response Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
from falconpy import ResponsePolicies
# Do not hardcode API credentials!
falcon = ResponsePolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.set_policies_precedence(ids=id_list, platform_name="string")
print(response)
from falconpy import ResponsePolicies
# Do not hardcode API credentials!
falcon = ResponsePolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3"# Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.setRTResponsePoliciesPrecedence(ids=id_list, platform_name="string")
print(response)
from falconpy import ResponsePolicies
# Do not hardcode API credentials!
falcon = ResponsePolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policies(ids=id_list)
print(response)
from falconpy import ResponsePolicies
# Do not hardcode API credentials!
falcon = ResponsePolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getRTResponsePolicies(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getRTResponsePolicies", ids=id_list)
print(response)
from falconpy import ResponsePolicies
# Do not hardcode API credentials!
falcon = ResponsePolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_policies(ids=id_list)
print(response)
from falconpy import ResponsePolicies
# Do not hardcode API credentials!
falcon = ResponsePolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteRTResponsePolicies(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteRTResponsePolicies", ids=id_list)
print(response)
Search for members of a Response policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
Search for Response Policies in your environment by providing a FQL filter with sort and/or paging details. This returns a set of Response Policy IDs that match the given criteria.