Using the CSPM Registration service collection
This service collection has code examples posted to the repository.
Table of Contents
Operation ID | Description | ||||
---|---|---|---|---|---|
| Returns information about the current status of an AWS account. | ||||
| Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. | ||||
| Deletes an existing AWS account or organization in our system. | ||||
| Patches a existing account in our system for a customer. | ||||
| Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. | ||||
| Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. | ||||
| Return information about Azure account registration | ||||
| Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. | ||||
| Deletes an Azure subscription from the system. | ||||
| Update an Azure service account in our system by with the user-created client_id created with the public key we've provided | ||||
| Update an Azure default subscription_id in our system for given tenant_id | ||||
| Returns JSON object(s) that contain the base64 encoded certificate for a service principal. | ||||
| Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment | ||||
| Retrieve a list of detected behaviors. | ||||
| Retrieve a list of active misconfigurations. | ||||
| Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections. | ||||
| Get a list of active misconfiguration ids - including custom policy detections in addition to default policy detections. | ||||
| Given a policy ID, returns detailed policy information. | ||||
| Given an array of policy IDs, returns detailed policies information. | ||||
| Returns information about current policy settings. | ||||
| Updates a policy setting - can be used to override policy severity or to disable a policy entirely. | ||||
| Returns scan schedule configuration for one or more cloud platforms. | ||||
| Updates scan schedule configuration for one or more cloud platforms. | ||||
| Return information about Azure management group registration | ||||
| Creates a new management group in our system for a customer. | ||||
| Returns information about the current status of an GCP account. | ||||
| Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. | ||||
| Deletes a GCP account from the system. | ||||
| Patches a existing account in our system for a customer. | ||||
| Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id | ||||
| Returns the service account id and client email for external clients. | ||||
| Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment |
Passing credentials
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
GetCSPMAwsAccount
Returns information about the current status of an AWS account.
PEP8 method name
get_aws_account
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/account/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cspm_lite | query | boolean | Only return CSPM lite accounts. | ||
group_by | query | string | The field to group by. | ||
ids | query | string or list of strings | AWS Account ID(s). | ||
limit | query | integer | Maximum number of results to return. (Default: 100) | ||
offset | query | integer | Starting record position. | ||
iam_role_arns | query | string or list of strings | AWS IAM role ARN(s). | ||
migrated | query | string | Only return migrated D4C accounts (true or false ). | ||
organization_ids | query | string or list of strings | AWS Organization ID(s). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
scan_type | query | string | Type of scan to perform, dry or full . | ||
status | query | string | Account status to filter results by. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
arns = 'ARN1,ARN2,ARN3' # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']
response = falcon.get_aws_account(cspm_lite=boolean,
scan_type="string",
organization_ids=orgs,
iam_role_arns=arns,
status="string",
limit=integer,
migrated="boolean string",
offset=integer,
group_by="string",
ids=id_list
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
arns = 'ARN1,ARN2,ARN3' # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']
response = falcon.GetCSPMAwsAccount(cspm_lite=boolean,
scan_type="string",
organization_ids=orgs,
iam_role_arns=arns,
status="string",
limit=integer,
migrated="boolean string",
offset=integer,
group_by="string",
ids=id_list
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
arns = 'ARN1,ARN2,ARN3' # Can also pass a list here: ['ARN1', 'ARN2', 'ARN3']
response = falcon.command("GetCSPMAwsAccount",
cspm_lite=boolean,
scan_type="string",
organization_ids=orgs,
iam_role_arns=arns,
status="string",
limit=integer,
migrated="boolean string",
offset=integer,
group_by="string",
ids=id_list
)
print(response)
Back to Table of Contents
CreateCSPMAwsAccount
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
PEP8 method name
create_aws_account
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/account/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id | body | string | AWS Account ID. | ||
account_type | body | string | AWS Account Type. | ||
behavior_assessment_enabled | body | boolean | Flag indicating if behavior assessment should be enabled. | ||
body | body | dictionary | Full body payload in JSON format. | ||
cloudtrail_region | body | string | AWS Cloudtrail Region. | ||
iam_role_arn | body | string | AWS IAM Role ARN. | ||
is_master | body | boolean | Flag indicating this is the master account. | ||
sensor_management_enabled | body | boolean | Flag indicating if sensor management should be enabled. | ||
organization_id | body | string | AWS Organization ID. | ||
use_existing_cloudtrail | body | boolean | Flag indicating if the existing CloudTrail log should be used. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_aws_account(account_id="string",
account_type="string",
behavior_assessment_enabled=boolean,
cloudtrail_region="string",
iam_role_arn="string",
is_master=boolean,
sensor_management_enabled=boolean,
organization_id="string",
use_existing_cloudtrail=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMAwsAccount(account_id="string",
account_type="string",
behavior_assessment_enabled=boolean,
cloudtrail_region="string",
iam_role_arn="string",
is_master=boolean,
sensor_management_enabled=boolean,
organization_id="string",
use_existing_cloudtrail=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"account_type": "string",
"behavior_assessment_enabled": boolean,
"cloudtrail_region": "string",
"iam_role_arn": "string",
"is_master": boolean,
"organization_id": "string",
"sensor_management_enabled": boolean,
"use_existing_cloudtrail": boolean
}
]
}
response = falcon.command("CreateCSPMAwsAccount", body=BODY)
print(response)
Back to Table of Contents
DeleteCSPMAwsAccount
Deletes an existing AWS account or organization in our system.
PEP8 method name
delete_aws_account
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/account/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | The AWS account IDs to remove. | ||
organization_ids | query | string or list of strings | The AWS organization ID(s) to delete. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.delete_aws_account(organization_ids=orgs, ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.DeleteCSPMAwsAccount(organization_ids=orgs, ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"organization-ids": [
"string",
"string"
]
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.command("DeleteCSPMAwsAccount", organization_ids=orgs, ids=id_list)
print(response)
Back to Table of Contents
PatchCSPMAwsAccount
Patches a existing account in our system for a customer.
PEP8 method name
update_aws_account
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/account/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id | body | string | AWS Account ID. | ||
behavior_assessment_enabled | body | boolean | Flag indicating if behavior assessment should be enabled. | ||
body | body | dictionary | Full body payload in JSON format. | ||
cloudtrail_region | body | string | AWS Cloudtrail Region. | ||
iam_role_arn | body | string | AWS IAM Role ARN. | ||
remediation_region | body | string | Region where remediation occurs. | ||
remediation_tou_accepted | body | string | The accepted TOU for this account. | ||
sensor_management_enabled | body | boolean | Flag indicating if sensor management should be enabled. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_aws_account(account_id="string",
behavior_assessment_enabled=boolean,
cloudtrail_region="string",
iam_role_arn="string",
remediation_region="string",
remediation_tou_accepted="UTC datetime string",
sensor_management_enabled=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.PatchCSPMAwsAccount(account_id="string",
behavior_assessment_enabled=boolean,
cloudtrail_region="string",
iam_role_arn="string",
remediation_region="string",
remediation_tou_accepted="UTC datetime string",
sensor_management_enabled=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"behavior_assessment_enabled": boolean,
"cloudtrail_region": "string",
"iam_role_arn": "string",
"remediation_region": "string",
"remediation_tou_accepted": "2023-07-06T17:32:12.655Z",
"sensor_management_enabled": boolean
}
]
}
response = falcon.command("PatchCSPMAwsAccount", body=BODY)
print(response)
Back to Table of Contents
GetCSPMAwsConsoleSetupURLs
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
PEP8 method name
get_aws_console_setup_urls
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/console-setup-urls/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | The AWS account ID(s) to retrieve setup URLs. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
region | query | string | Region | ||
use_existing_cloudtrail | query | string | Boolean flag indicating if the CloudTrail be used. (Accepted values: true or false ) |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_console_setup_urls(ids=id_list,
region="string",
use_existing_cloudtrail="boolean string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAwsConsoleSetupURLs(ids=id_list,
region="string",
use_existing_cloudtrail="boolean string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAwsConsoleSetupURLs",
ids=id_list,
region="string",
use_existing_cloudtrail="boolean string"
)
print(response)
Back to Table of Contents
GetCSPMAwsAccountScriptsAttachment
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
PEP8 method name
get_aws_account_scripts_attachment
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-aws/entities/user-scripts-download/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | The AWS account ID(s) to retrieve script attachments. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_account_scripts_attachment(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAwsAccountScriptsAttachment(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAwsAccountScriptsAttachment", ids=id_list)
print(response)
Back to Table of Contents
GetCSPMAzureAccount
Return information about Azure account registration
PEP8 method name
get_azure_account
Endpoint
Method | Route |
---|---|
/cloud-connect-azure/entities/account/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cspm_lite | query | boolean | Only return CSPM lite accounts. | ||
ids | query | string or list of strings | Subscription ID(s). When empty, all accounts are returned. | ||
limit | query | integer | Maximum number of results to return. (Default: 100) | ||
offset | query | integer | Starting record position. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
scan_type | query | string | Type of scan to perform, dry or full . | ||
status | query | string | Account status to filter results by. | ||
tenant_ids | query | string or list of strings | Tenant ID(s) used to filter Azure accounts returned. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.get_azure_account(scan_type="string",
cspm_lite=boolean,
status="string",
limit=integer,
offset=integer,
ids=id_list,
tenant_ids=tenants
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.GetCSPMAzureAccount(scan_type="string",
cspm_lite=boolean,
status="string",
limit=integer,
offset=integer,
ids=id_list,
tenant_ids=tenants
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.command("GetCSPMAzureAccount",
cspm_lite=boolean,
scan_type="string",
status="string",
limit=integer,
offset=integer,
ids=id_list,
tenant_ids=tenants
)
print(response)
Back to Table of Contents
CreateCSPMAzureAccount
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
PEP8 method name
create_azure_account
Endpoint
Method | Route |
---|---|
/cloud-connect-azure/entities/account/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_type | body | string | Azure account type. | ||
body | body | dictionary | Full body payload in JSON format. | ||
client_id | body | string | Client ID. | ||
default_subscription | body | boolean | Flag indicating if this is the default Azure subscription. | ||
subscription_id | body | string | Azure Subscription ID. | ||
tenant_id | body | string | Azure tenant ID. | ||
years_valid | body | integer | Years valid. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_account(account_type="string",
client_id="string",
default_subscription=boolean,
subscription_id="string",
tenant_id="string",
years_valid=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMAzureAccount(account_type="string",
client_id="string",
default_subscription=boolean,
subscription_id="string",
tenant_id="string",
years_valid=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_type": "string",
"client_id": "string",
"default_subscription": boolean,
"subscription_id": "string",
"tenant_id": "string",
"years_valid": integer
}
]
}
response = falcon.command("CreateCSPMAzureAccount", body=BODY)
print(response)
Back to Table of Contents
DeleteCSPMAzureAccount
Deletes an Azure subscription from the system.
PEP8 method name
delete_azure_account
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-azure/entities/account/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | Azure subscription IDs to remove. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
retain_tenant | query | string | Retain tenant. | ||
tenant_ids | query | string or list of strings | Tenant IDs to remove. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.delete_azure_account(ids=id_list, retain_tenant="string", tenant_ids=tenants)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.DeleteCSPMAzureAccount(ids=id_list, retain_tenants="string", tenant_ids=tenants)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.command("DeleteCSPMAzureAccount",
ids=id_list,
retain_tenant="string",
tenant_ids=tenants
)
print(response)
Back to Table of Contents
UpdateCSPMAzureAccountClientID
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
PEP8 method name
update_azure_account_client_id
Endpoint
Method | Route |
---|---|
/cloud-connect-azure/entities/client-id/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | string | This field is not used. Ignore. | ||
id | query | string or list of strings | The Azure Client ID to use for the Service Principal associated with the Azure account. | ||
tenant_id | query | string or list of strings | The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_account_client_id(id="string", tenant_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateCSPMAzureAccountClientID(id="string", tenant_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UpdateCSPMAzureAccountClientID", id="string", tenant_id="string")
print(response)
Back to Table of Contents
UpdateCSPMAzureTenantDefaultSubscriptionID
Update an Azure default subscription_id in our system for given tenant_id
PEP8 method name
update_azure_tenant_default_subscription_id
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-azure/entities/default-subscription-id/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | string | This field is not used. Ignore. | ||
subscription_id | query | string or list of strings | The Azure subscription ID to use as a default for all subscriptions within the tenant. | ||
tenant_id | query | string or list of strings | The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_tenant_default_subscription_id(tenant_id="string",
subscription_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateCSPMAzureTenantDefaultSubscriptionID(tenant_id="string",
subscription_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UpdateCSPMAzureTenantDefaultSubscriptionID",
tenant_id="string",
subscription_id="string"
)
print(response)
Back to Table of Contents
AzureDownloadCertificate
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
PEP8 method name
azure_download_certificate
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-azure/entities/download-certificate/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
refresh | query | boolean | Force a refresh of the certificate. Defaults to False . | ||
tenant_id | query | string or list of strings | The Azure Client ID to generate script for. Defaults to the most recently registered tenant. | ||
years_valid | query | string | The number of years the certificate should be valid (only used when refresh=True ). |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.azure_download_certificate(refresh=boolean,
tenant_id="string",
years_valid="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AzureDownloadCertificate(refresh=boolean,
tenant_id="string",
years_valid="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AzureDownloadCertificate",
refresh=boolean,
tenant_id="string",
years_valid="string"
)
print(response)
Back to Table of Contents
GetCSPMAzureUserScriptsAttachment
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
PEP8 method name
get_azure_user_scripts_attachment
Endpoint
Method | Route |
---|---|
/cloud-connect-azure/entities/user-scripts-download/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_type | query | string | Account type (gov or commercial ). | ||
azure_management_group | query | boolean | Use Azure Management Group. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
subscription_ids | query | string or list of strings | Subscription IDs to generate scripts for. Defaults to all. | ||
template | query | string or list of strings | Template to be rendered. | ||
tenant_id | query | string | The Azure tenant ID to generate scripts for. Defaults to the most recently registered tenant. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.get_azure_user_scripts_attachment(account_type="string",
azure_management_group=boolean,
subscription_ids=subscriptions,
template="string",
tenant_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.GetCSPMAzureUserScriptsAttachment(account_type="string",
azure_management_group=boolean,
subscription_ids=subscriptions,
template="string",
tenant_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMAzureUserScriptsAttachment",
account_type="string",
azure_management_group=boolean,
subscription_ids=subscriptions,
template="string",
tenant_id="string"
)
print(response)
Back to Table of Contents
GetBehaviorDetections
Retrieve list of detected behaviors.
PEP8 method name
get_behavior_detections
Endpoint
Method | Route |
---|---|
/detects/entities/ioa/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id | query | string | Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID). | ||
aws_account_id | query | string | AWS Account ID. | ||
azure_subscription_id | query | string | Azure Subscription ID. | ||
azure_tenant_id | query | string | Azure Tenant ID. | ||
cloud_provider | query | string | Cloud Provider (azure, aws, gcp). | ||
date_time_since | query | string | Filter to retrieve all events after specified date. RFC3339 format. Example: 2006-01-01T12:00:01Z07:00 . | ||
limit | query | integer | Maximum number of results to return. (Max: 500) | ||
next_token | query | string | String to get next page of results, associated with the previous execution. Must include all filters from previous execution. | ||
resource_id | query | string or list of strings | Resource ID. | ||
resource_uuid | query | string or list of strings | Resource UUID. | ||
service | query | string | Filter by Cloud Service. A list of available services can be found here. | ||
severity | query | string | Filter by severity. Example: High , Medium or Informational . | ||
state | query | string | Filter by state. Example: open or closed . | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Available Services
ACM | Identity |
ACR | KMS |
Any | KeyVault |
App Engine | Kinesis |
BigQuery | Kubernetes |
Cloud Load Balancing | Lambda |
Cloud Logging | LoadBalancer |
Cloud SQL | Monitor |
Cloud Storage | NLB/ALB |
CloudFormation | NetworkSecurityGroup |
CloudTrail | PostgreSQL |
CloudWatch Logs | RDS |
Cloudfront | Redshift |
Compute Engine | S3 |
Config | SES |
Disk | SNS |
DynamoDB | SQLDatabase |
EBS | SQLServer |
EC2 | SQS |
ECR | SSM |
EFS | Serverless Application Repository |
EKS | StorageAccount |
ELB | Subscriptions |
EMR | VPC |
Elasticache | VirtualMachine |
GuardDuty | VirtualNetwork |
IAM | Â |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
res_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
res_uuids = 'UUID1,UUID2,UUID3' # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']
response = falcon.get_behavior_detections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
resource_id=res_ids,
resource_uuid=res_uuids,
service="string",
severity="string",
state="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
res_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
res_uuids = 'UUID1,UUID2,UUID3' # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']
response = falcon.GetBehaviorDetections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
resource_id=res_ids,
resource_uuid=res_uuids,
service="string",
severity="string",
state="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
res_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
res_uuids = 'UUID1,UUID2,UUID3' # Can also pass a list here: ['UUID1', 'UUID2', 'UUID3']
response = falcon.command("GetBehaviorDetections",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
resource_id=res_ids,
resource_uuid=res_uuids,
service="string",
severity="string",
state="string"
)
print(response)
Back to Table of Contents
GetConfigurationDetections
Retrieve list of detected behaviors.
PEP8 method name
get_configuration_detections
Endpoint
Method | Route |
---|---|
/detects/entities/iom/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id | query | string | Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID). | ||
aws_account_id | query | string | AWS Account ID. | ||
azure_subscription_id | query | string | Azure Subscription ID. | ||
azure_tenant_id | query | string | Azure Tenant ID. | ||
cloud_provider | query | string | Cloud Provider (azure, aws, gcp). | ||
limit | query | integer | Maximum number of results to return. (Max: 500) | ||
next_token | query | string | String to get next page of results, associated with the previous execution. Must include all filters from previous execution. | ||
region | query | string | Cloud Provider Region. Example: us-east-1 . | ||
service | query | string | Filter by Cloud Service. A list of available services can be found here. | ||
severity | query | string | Filter by severity. Example: High , Medium or Informational . | ||
status | query | string | Filter by status. Example: new , reoccurring or all . | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Available Services
ACM | Identity |
ACR | KMS |
Any | KeyVault |
App Engine | Kinesis |
BigQuery | Kubernetes |
Cloud Load Balancing | Lambda |
Cloud Logging | LoadBalancer |
Cloud SQL | Monitor |
Cloud Storage | NLB/ALB |
CloudFormation | NetworkSecurityGroup |
CloudTrail | PostgreSQL |
CloudWatch Logs | RDS |
Cloudfront | Redshift |
Compute Engine | S3 |
Config | SES |
Disk | SNS |
DynamoDB | SQLDatabase |
EBS | SQLServer |
EC2 | SQS |
ECR | SSM |
EFS | Serverless Application Repository |
EKS | StorageAccount |
ELB | Subscriptions |
EMR | VPC |
Elasticache | VirtualMachine |
GuardDuty | VirtualNetwork |
IAM | Â |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_configuration_detections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
limit=integer,
next_token="string",
region="string,
service="string",
severity="string",
status="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetConfigurationDetections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
limit=integer,
next_token="string",
region="string",
service="string",
severity="string",
status="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetConfigurationDetections",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
limit=integer,
next_token="string",
region="string",
service="string",
severity="string",
status="string"
)
print(response)
Back to Table of Contents
GetConfigurationDetectionEntities
Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.
PEP8 method name
get_configuration_detection_entities
Endpoint
Method | Route |
---|---|
/detects/entities/iom/v2 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | Detection IDs to retrieve. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_configuration_detection_entities(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetConfigurationDetectionEntities(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetConfigurationDetectionEntities", ids=id_list)
print(response)
Back to Table of Contents
GetConfigurationDetectionIDsV2
Get list of active misconfiguration ids - including custom policy detections in addition to default policy detections.
PEP8 method name
get_configuration_detection_ids_v2
Endpoint
Method | Route |
---|---|
/detects/queries/iom/v2 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
offset | query | integer | The offset to start retrieving detections from | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
limit | query | integer | The maximum number of detections to return. [1-5000] | ||
sort | query | string | The property to sort by (e.g. timestamp|desc or policy_id|asc )Default: timestamp|desc Available fields:
| ||
filter | query | string | The FQL filter expression that should be used to limit the results. Available filters:
| ||
next_token | query | string | String to get next page of results. Cannot be combined with any other keyword except limit . |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_configuration_detection_ids_v2(offset=integer,
limit=integer,
sort="string",
filter="string",
next_token="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetConfigurationDetectionIDsV2(offset=integer,
limit=integer,
sort="string",
filter="string",
next_token="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetConfigurationDetectionIDsV2",
offset=integer,
limit=integer,
sort="string",
filter="string",
next_token="string"
)
print(response)
Back to Table of Contents
GetCSPMPolicy
Given a policy ID, returns detailed policy information.
PEP8 method name
get_policy
Endpoint
Method | Route |
---|---|
/settings/entities/policy-details/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | Policy IDs to retrieve. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policy(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMPolicy(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMPolicy", ids=id_list)
print(response)
Back to Table of Contents
GetCSPMPoliciesDetails
Given an array of policy IDs, returns detailed policies information.
PEP8 method name
get_policy_details
Endpoint
Method | Route |
---|---|
/settings/entities/policy-details/v2 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | Detection IDs to retrieve. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policy_details(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetPoliciesDetails(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetPoliciesDetails", ids=id_list)
print(response)
Back to Table of Contents
GetCSPMPolicySettings
Returns information about current policy settings.
PEP8 method name
get_policy_settings
Endpoint
Method | Route |
---|---|
/settings/entities/policy/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cloud_platform | query | string | Cloud Provider (azure, aws, gcp). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
policy_id | query | string | IOA Policy ID. | ||
service | query | string | Filter by Service type. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_policy_settings(service="string",
policy_id="string",
cloud_platform="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMPolicySettings(service="string",
policy_id="string",
cloud_platform="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMPolicySettings",
service="string",
policy_id="string",
cloud_platform="string"
)
print(response)
Back to Table of Contents
UpdateCSPMPolicySettings
Updates a policy setting - can be used to override policy severity or to disable a policy entirely.
PEP8 method name
update_policy_settings
Endpoint
Method | Route |
---|---|
/settings/entities/policy/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id | body | string | Cloud Account ID to impact. | ||
body | body | dictionary | Full body payload in JSON format. | ||
enabled | body | boolean | Flag indicating if this policy is enabled. | ||
policy_id | body | integer | Policy ID to be updated. | ||
regions | body | string or list of strings | List of regions where this policy is enforced. | ||
severity | body | string | Policy severity value. | ||
tag_excluded | body | boolean | Tag exclusion flag. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
region_list = 'REG1,REG2,REG3' # Can also pass a list here: ['REG1', 'REG2', 'REG3']
response = falcon.update_policy_settings(account_id="string",
enabled=boolean,
policy_id=integer,
regions=region_list
severity="string",
tag_excluded=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
region_list = 'REG1,REG2,REG3' # Can also pass a list here: ['REG1', 'REG2', 'REG3']
response = falcon.UpdateCSPMPolicySettings(account_id="string",
enabled=boolean,
policy_id=integer,
regions=region_list
severity="string",
tag_excluded=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"enabled": boolean,
"policy_id": integer,
"regions": [
"string"
],
"severity": "string",
"tag_excluded": boolean
}
]
}
response = falcon.command("UpdateCSPMPolicySettings", body=BODY)
print(response)
Back to Table of Contents
GetCSPMScanSchedule
Returns scan schedule configuration for one or more cloud platforms.
PEP8 method name
get_scan_schedule
Endpoint
Method | Route |
---|---|
/settings/scan-schedule/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cloud_platform | query | string or list of strings | The Cloud Platform. (Azure , AWS , GCP ) | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clouds = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_schedule(cloud_platform=clouds)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clouds = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMScanSchedule(cloud_platform=clouds)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clouds = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMScanSchedule", cloud_platform=clouds)
print(response)
Back to Table of Contents
UpdateCSPMScanSchedule
Updates scan schedule configuration for one or more cloud platforms.
PEP8 method name
update_scan_schedule
Endpoint
Method | Route |
---|---|
/settings/scan-schedule/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
cloud_platform | body | string | Cloud platform (Azure, AWS, GCP). | ||
next_scan_timestamp | body | string | UTC formatted string. | ||
scan_schedule | body | string | Scan schedule type. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_scan_schedule(cloud_platform="string",
next_scan_timestampt="string",
scan_schedule="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateCSPMScanSchedule(cloud_platform="string",
next_scan_timestampt="string",
scan_schedule="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"cloud_platform": "string",
"next_scan_timestamp": "2021-10-25T05:22:27.365Z",
"scan_schedule": "string"
}
]
}
response = falcon.command("UpdateCSPMScanSchedule", body=BODY)
print(response)
Back to Table of Contents
GetCSPMAzureManagementGroup
Return information about Azure management group registration
PEP8 method name
get_azure_management_group
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-azure/entities/management-group/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
tenant_ids | query | string or list of strings | Tenant ids to filter azure accounts | ||
limit | query | integer | The maximum records to return. Defaults to 100. | ||
offset | query | integer | The offset to start retrieving records from |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_management_group(tenant_ids=id_list,
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAzureManagementGroup(tenant_ids=id_list,
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAzureManagementGroup",
tenant_ids=id_list,
limit=integer,
offset=integer
)
print(response)
CreateCSPMAzureManagementGroup
Creates a new management group in our system for a customer.
PEP8 method name
default_subscription_id--IDofthedefaultazuresubscription.String.
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-azure/entities/management-group/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
:white_check_mark: | body | body | string | ||
body | body | dictionary | Full body payload in JSON format. | ||
default_subscription_id | body | string | AWS Account ID. | ||
tenant_id | body | string | AWS Account ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_management_group(default_subscription_id="string",
tenant_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMAzureManagementGroup(default_subscription_id="string",
tenant_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"default_subscription_id": "string"
"tenant_id": "string",
}
]
}
response = falcon.command("CreateCSPMAzureManagementGroup", body=body_payload)
print(response)
GetCSPMCGPAccount
Returns information about the current status of an GCP account.
PEP8 method name
get_gcp_account
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/account/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | Hierarchical Resource IDs of accounts. | ||
limit | query | integer | Maximum number of results to return. (Default: 100) | ||
offset | query | integer | Starting record position. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
parent_type | query | string | GCP Hierarchy Parent Type in organization/folder/project format. | ||
scan_type | query | string | Type of scan to perform, dry or full . | ||
status | query | string | Account status to filter results by. | ||
sort | query | string | Order fields in ascending or descending order. Example: parent_type|asc |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_gcp_account(parent_type="string",
scan_type="string",
status="string",
limit=integer,
offset=integer,
sort="string",
ids=id_list
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMCGPAccount(parent_type="string",
scan_type="string",
status="string",
limit=integer,
offset=integer,
sort="string",
ids=id_list
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMCGPAccount",
parent_type="string",
scan_type="string",
status="string",
limit=integer,
offset=integer,
sort="string",
ids=id_list
)
print(response)
CreateCSPMGCPAccount
Creates a new account and generates a new service account to add access to your GCP environment.
PEP8 method name
create_gcp_account
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/account/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
parent_id | body | string | Parent ID. | ||
parent_type | body | string | Parent Type. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_gcp_account(parent_id="string", parent_type="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMGCPAccount(parent_id="string", parent_type="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"parent_id": "string",
"parent_type": "string"
}
]
}
response = falcon.command("CreateCSPMGCPAccount", body=body_payload)
print(response)
DeleteCSPMGCPAccount
Deletes a GCP account from the system.
PEP8 method name
delete_gcp_account
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/account/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | Hierarchical Resource IDs of accounts to delete. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_gcp_account(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteCSPMGCPAccount(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteCSPMGCPAccount", ids=id_list)
print(response)
UpdateCSPMGCPAccount
Updates an existing GCP account.
PEP8 method name
update_gcp_account
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/account/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
environment | body | string | Environment. | ||
parent_id | body | string | Parent ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_gcp_account(environment="string", parent_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateCSPMGCPAccount(environment="string", parent_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"environment": "string",
"parent_id": "string"
}
]
}
response = falcon.command("UpdateCSPMGCPAccount", body=body_payload)
print(response)
ConnectCSPMGCPAccount
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id
, parent_type
and service_account_id
.
PEP8 method name
connect_gcp_account
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/account/v2 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
client_email | body | string | GCP client email. | ||
client_id | body | string | GCP client ID. | ||
parent_id | body | string | Parent ID. | ||
parent_type | body | string | Parent type. | ||
private_key | body | string | GCP private key. | ||
private_key_id | body | string | GCP private key ID. | ||
project_id | body | string | GCP project ID. | ||
service_account_id | body | integer | GCP service account ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.connect_gcp_account(client_email="string",
client_id="string",
parent_id="string",
parent_type="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_id=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ConnectCSPMGCPAccount(client_email="string",
client_id="string",
parent_id="string",
parent_type="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_id=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"client_email": "string",
"client_id": "string",
"parent_id": "string",
"parent_type": "string",
"private_key": "string",
"private_key_id": "string",
"project_id": "string",
"service_account_id": integer
}
]
}
response = falcon.command("ConnectCSPMGCPAccount", body=body_payload)
print(response)
GetCSPMGCPServiceAccountsExt
Returns the service account id and client email for external clients.
PEP8 method name
get_gcp_service_account
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/service-accounts/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id | query | string | Service account ID to retrieve. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_service_account(id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMGCPServiceAccountsExt(id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMGCPServiceAccountsExt", id="string")
print(response)
GetCSPMGCPUserScriptsAttachment
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
PEP8 method name
get_gcp_user_scripts_attachment
Endpoint
Method | Route |
---|---|
/cloud-connect-cspm-gcp/entities/user-scripts-download/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | Hierarchical Resource IDs of accounts. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
parent_type | query | string | GCP Hierarchy Parent Type. Allowed values: organization , folder or project |
Usage
Service class example (PEP8 syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_gcp_user_scripts_attachment(parent_type="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMGCPUserScriptsAttachment(parent_type="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMGCPUserScriptsAttachment", parent_type="string", ids=id_list)
print(response)