

Operation ID | Description |
| Returns information about the current status of an AWS account. |
| Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. |
| Deletes an existing AWS account or organization in our system. |
| Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. |
| Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. |
| Return information about Azure account registration |
| Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. |
| Update an Azure service account in our system by with the user-created client_id created with the public key we've provided |
| Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment |
| Return a script for customer to run in their cloud environment to grant us access to their Azure environment |
| Returns information about the current status of an GCP account. |
| Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. |
| Returns JSON object(s) that contain the base64 encoded certificate for a service principal. |
| Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment |
| Return a script for customer to run in their cloud environment to grant us access to their GCP environment |
| Returns static install scripts for Horizon. |
WARNING
client_id
and client_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Returns information about the current status of an AWS account.
get_aws_account
Method | Route |
 | /cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
ids | ![]()

![]() | ![]()

![]() | query | string or list of strings | AWS account ID(s). When empty, all accounts are returned. |
organization_ids | ![]()

![]() | ![]()

![]() | query | string or list of strings | AWS organization ID(s). |
parameters | ![]()

![]() | ![]()

![]() | query | dictionary | Full query string parameters payload in JSON format. |
scan_type | ![]()

![]() | ![]()

![]() | query | string | Type of scan to perform, dry or full . |
status | ![]()

![]() | ![]()

![]() | query | string | Account status to filter results by. |
limit | ![]()

![]() | ![]()

![]() | query | integer | The maximum number of records to return. Defaults to 100. |
offset | ![]()

![]() | ![]()

![]() | query | integer | The offset to start retrieving records from. |
migrated | ![]()

![]() | ![]()

![]() | query | boolean | Only return migrated accounts. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_account(scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated="string",
ids=id_list
)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetD4CAwsAccount(scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated="string",
ids=id_list
)
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetD4CAwsAccount",
scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated=boolean,
ids=id_list
)
print(response)
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
create_aws_account
Method | Route |
 | /cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
account_id | ![]()

![]() | ![]()

![]() | body | string | AWS account ID. |
account_type | ![]()

![]() | ![]()

![]() | body | string | AWS account type. |
body | ![]()

![]() | ![]()

![]() | body | dictionary | Full body payload in JSON format. |
cloudtrail_region | ![]()

![]() | ![]()

![]() | body | string | AWS region for CloudTrail access. |
is_master | ![]()

![]() | ![]()

![]() | body | boolean | Flag indicating if this is the master account. |
organization_id | ![]()

![]() | ![]()

![]() | body | string | AWS organization ID. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_aws_account(account_id="string",
account_type="string",
cloudtrail_region="string",
is_master=boolean,
organization_id="string"
)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateD4CAwsAccount(account_id="string",
account_type="string",
cloudtrail_region="string",
is_master=boolean,
organization_id="string"
)
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"account_type": "string",
"cloudtrail_region": "string",
"is_master": boolean,
"organization_id": "string"
}
]
}
response = falcon.command("CreateD4CAwsAccount", body=BODY)
print(response)
Deletes an existing AWS account or organization in our system.
delete_aws_account
Method | Route |
 | /cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
ids | ![]()

![]() | ![]()

![]() | query | string or list of strings | AWS account ID(s). |
organization_ids | ![]()

![]() | ![]()

![]() | query | string or list of strings | AWS organization ID(s). |
parameters | ![]()

![]() | ![]()

![]() | query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_account(organization_ids=["string", "string"], ids=id_list)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteD4CAwsAccount(organization_ids=["string", "string"], ids=id_list)
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"organization-ids": [
"string",
"string"
]
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteD4CAwsAccount",
organization_ids=["string", "string"],
ids=id_list
)
print(response)
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
get_aws_console_setup
Method | Route |
 | /cloud-connect-aws/entities/console-setup-urls/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
region | ![]()

![]() | ![]()

![]() | query | string | AWS region to generate URL for. |
parameters | ![]()

![]() | ![]()

![]() | query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_aws_console_setup(region="string")
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetD4CAwsConsoleSetupURLs(region="string")
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetD4CAwsConsoleSetupURLs", region="string")
print(response)
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
get_aws_account_scripts
Method | Route |
 | /cloud-connect-aws/entities/user-scripts-download/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
ids | ![]()

![]() | ![]()

![]() | query | string or list of strings | AWS account ID(s). |
parameters | ![]()

![]() | ![]()

![]() | query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_account_scripts(ids=id_list)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetD4CAWSAccountScriptsAttachment(ids=id_list)
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetD4CAWSAccountScriptsAttachment", ids=id_list)
print(response)
Return information about Azure account registration
get_azure_account
Method | Route |
 | /cloud-connect-azure/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
ids | ![]()

![]() | ![]()

![]() | query | string or list of strings | Subscription ID(s). When empty, all accounts are returned. |
parameters | ![]()

![]() | ![]()

![]() | query | dictionary | Full query string parameters payload in JSON format. |
scan_type | ![]()

![]() | ![]()

![]() | query | string | Type of scan to perform, dry or full . |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_account(scan_type="string", ids=id_list)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAzureAccount(scan_type="string", ids=id_list)
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAzureAccount", scan_type="string", ids=id_list)
print(response)
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
create_azure_account
Method | Route |
 | /cloud-connect-azure/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
body | ![]()

![]() | ![]()

![]() | body | dictionary | Full body payload in JSON format. |
subscription_id | ![]()

![]() | ![]()

![]() | body | string | Azure Subscription ID. |
tenant_id | ![]()

![]() | ![]()

![]() | body | string | Azure tenant ID. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_account(subscription_id="string", tenant_id="string")
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMAzureAccount(subscription_id="string", tenant_id="string")
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"subscription_id": "string",
"tenant_id": "string"
}
]
}
response = falcon.command("CreateCSPMAzureAccount", body=BODY)
print(response)
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
update_azure_account_client_id
Method | Route |
 | /cloud-connect-azure/entities/client-id/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
id | ![]()

![]() | ![]()

![]() | query | string | Client ID to use for the Service Principal associated with the registered Azure account. |
parameters | ![]()

![]() | ![]()

![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_account_client_id(id="string")
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateCSPMAzureAccountClientID(id="string")
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UpdateCSPMAzureAccountClientID", id="string")
print(response)
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
get_azure_user_scripts_attachment
Method | Route |
 | /cloud-connect-azure/entities/user-scripts-download/v1 |
- Produces: application/json
No keywords or arguments accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_azure_user_scripts_attachment()
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMAzureUserScriptsAttachment()
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMAzureUserScriptsAttachment")
print(response)
Return a script for customer to run in their cloud environment to grant us access to their Azure environment
get_azure_user_scripts
Method | Route |
 | /cloud-connect-azure/entities/user-scripts/v1 |
- Consumes: application/json
- Produces: application/json
No keywords or arguments accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_azure_user_scripts()
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMAzureUserScripts()
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMAzureUserScripts")
print(response)
Returns information about the current status of an GCP account.
get_gcp_account
Method | Route |
 | /cloud-connect-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
ids | ![]()

![]() | ![]()

![]() | query | string or list of strings | Parent ID(s). When empty, all accounts are returned. |
parameters | ![]()

![]() | ![]()

![]() | query | dictionary | Full query string parameters payload in JSON format. |
scan_type | ![]()

![]() | ![]()

![]() | query | string | Type of scan to perform, dry or full . |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_gcp_account(scan_type="string", ids=id_list)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMCGPAccount(scan_type="string", ids=id_list)
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMCGPAccount", scan_type="string", ids=id_list)
print(response)
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
create_gcp_account
Method | Route |
 | /cloud-connect-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
body | ![]()

![]() | ![]()

![]() | body | dictionary | Full body payload in JSON format. |
parent_id | ![]()

![]() | ![]()

![]() | body | string | GCP Parent ID. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_gcp_account(parent_id="string")
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateCSPMGCPAccount(parent_id="string")
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"parent_id": "string"
}
]
}
response = falcon.command("CreateCSPMGCPAccount", body=BODY)
print(response)
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
azure_download_certificate
Method | Route |
 | /cloud-connect-azure/entities/download-certificate/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
parameters | ![]()

![]() | ![]()

![]() | query | dictionary | Full query string parameters payload in JSON format. |
refresh | ![]()

![]() | ![]()

![]() | query | boolean | Force a refresh of the certificate. Defaults to False . |
tenant_id | ![]()

![]() | ![]()

![]() | query | string or list of strings | The Azure Client ID to generate script for. Defaults to the most recently registered tenant. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.azure_download_certificate(refresh=boolean, tenant_id="string")
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DiscoverCloudAzureDownloadCertificate(refresh=boolean, tenant_id="string")
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DiscoverCloudAzureDownloadCertificate", refresh=boolean, tenant_id="string")
print(response)
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
get_gcp_user_scripts_attachment
Method | Route |
 | /cloud-connect-gcp/entities/user-scripts-download/v1 |
- Produces: application/json
No keywords or arguments are accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_user_scripts_attachment()
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMGCPUserScriptsAttachment()
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMGCPUserScriptsAttachment")
print(response)
Return a script for customer to run in their cloud environment to grant us access to their GCP environment.
get_gcp_user_scripts
Method | Route |
 | /cloud-connect-gcp/entities/user-scripts/v1 |
- Consumes: application/json
- Produces: application/json
No keywords or arguments are accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_user_scripts()
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMGCPUserScripts()
print(response)
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMGCPUserScripts")
print(response)
Returns static install scripts for Horizon.
get_aws_horizon_scripts
Method | Route |
 | /settings-discover/entities/gen/scripts/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
account_type | ![]()

![]() | ![]()

![]() | query | string | Account type (commercial, gov). Only applicable when registering AWS commercial accounts in a GovCloud environment. |
delete | ![]()

![]() | ![]()

![]() | query | boolean | Generate a delete script. |
organization_ids | ![]()

![]() | ![]()

![]() | query | string or list of strings | AWS organization ID(s). |
parameters | ![]()

![]() | ![]()

![]() | query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
single_account | ![]()

![]() | ![]()

![]() | query | boolean | Generate a static script for a single account. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_aws_horizon_scripts(single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetHorizonD4CScripts(single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetHorizonD4CScripts",
single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)