CrowdStrike Falcon Twitter URL

Using the D4C Registration service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
GetCSPMAzureAccount
PEP 8get_azure_account
Return information about Azure account registration
CreateCSPMAzureAccount
PEP 8create_azure_account
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
UpdateCSPMAzureAccountClientID
PEP 8update_azure_account_client_id
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
GetCSPMAzureUserScriptsAttachment
PEP 8get_azure_user_scripts_attachment
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
GetCSPMAzureUserScripts
PEP 8get_azure_user_scripts
Return a script for customer to run in their cloud environment to grant us access to their Azure environment
GetCSPMCGPAccount
PEP 8get_gcp_account
Returns information about the current status of an GCP account.
CreateCSPMGCPAccount
PEP 8create_gcp_account
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
DiscoverCloudAzureDownloadCertificate
PEP 8azure_download_certificate
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
GetCSPMGCPUserScriptsAttachment
PEP 8get_gcp_user_scripts_attachment
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
GetCSPMGCPUserScripts
PEP 8get_gcp_user_scripts
Return a script for customer to run in their cloud environment to grant us access to their GCP environment

Passing credentials

WARNING

client_id and client_secret are input variables that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetCSPMAzureAccount

Return information about Azure account registration

PEP8 method name

get_azure_account

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsSubscription ID(s). When empty, all accounts are returned.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
scan_type
Service Class Support

Uber Class Support
querystringType of scan to perform, dry or full.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_account(scan_type="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMAzureAccount(scan_type="string", ids=id_list)
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMAzureAccount", scan_type="string", ids=id_list)
print(response)

CreateCSPMAzureAccount

Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.

PEP8 method name

create_azure_account

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
subscription_id
Service Class Support

Uber Class Support
bodystringAzure Subscription ID.
tenant_id
Service Class Support

Uber Class Support
bodystringAzure tenant ID.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.create_azure_account(subscription_id="string", tenant_id="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CreateCSPMAzureAccount(subscription_id="string", tenant_id="string")
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

BODY = {
    "resources": [
        {
            "subscription_id": "string",
            "tenant_id": "string"
        }
    ]
}

response = falcon.command("CreateCSPMAzureAccount", body=BODY)
print(response)

UpdateCSPMAzureAccountClientID

Update an Azure service account in our system by with the user-created client_id created with the public key we've provided

PEP8 method name

update_azure_account_client_id

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
id
Service Class Support

Uber Class Support
querystringClient ID to use for the Service Principal associated with the registered Azure account.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.update_azure_account_client_id(id="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.UpdateCSPMAzureAccountClientID(id="string")
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("UpdateCSPMAzureAccountClientID", id="string")
print(response)

GetCSPMAzureUserScriptsAttachment

Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment

PEP8 method name

get_azure_user_scripts_attachment

Content-Type

  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_azure_user_scripts_attachment()
print(response)

Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetCSPMAzureUserScriptsAttachment()
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("GetCSPMAzureUserScriptsAttachment")
print(response)

GetCSPMAzureUserScripts

Return a script for customer to run in their cloud environment to grant us access to their Azure environment

PEP8 method name

get_azure_user_scripts

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_azure_user_scripts()
print(response)

Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetCSPMAzureUserScripts()
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("GetCSPMAzureUserScripts")
print(response)

GetCSPMCGPAccount

Returns information about the current status of an GCP account.

PEP8 method name

get_gcp_account

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsParent ID(s). When empty, all accounts are returned.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
scan_type
Service Class Support

Uber Class Support
querystringType of scan to perform, dry or full.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_gcp_account(scan_type="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetCSPMCGPAccount(scan_type="string", ids=id_list)
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetCSPMCGPAccount", scan_type="string", ids=id_list)
print(response)

CreateCSPMGCPAccount

Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.

PEP8 method name

create_gcp_account

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
parent_id
Service Class Support

Uber Class Support
bodystringGCP Parent ID.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.create_gcp_account(parent_id="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CreateCSPMGCPAccount(parent_id="string")
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

BODY = {
    "resources": [
        {
            "parent_id": "string"
        }
    ]
}

response = falcon.command("CreateCSPMGCPAccount", body=BODY)
print(response)

DiscoverCloudAzureDownloadCertificate

Returns JSON object(s) that contain the base64 encoded certificate for a service principal.

PEP8 method name

azure_download_certificate

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
refresh
Service Class Support

Uber Class Support
querybooleanForce a refresh of the certificate. Defaults to False.
tenant_id
Service Class Support

Uber Class Support
querystring or list of stringsThe Azure Client ID to generate script for. Defaults to the most recently registered tenant.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.azure_download_certificate(refresh=boolean, tenant_id="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.DiscoverCloudAzureDownloadCertificate(refresh=boolean, tenant_id="string")
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("DiscoverCloudAzureDownloadCertificate", refresh=boolean, tenant_id="string")
print(response)

GetCSPMGCPUserScriptsAttachment

Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment

PEP8 method name

get_gcp_user_scripts_attachment

Content-Type

  • Produces: application/json

Keyword Arguments

No keywords or arguments are accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_gcp_user_scripts_attachment()
print(response)

Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetCSPMGCPUserScriptsAttachment()
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("GetCSPMGCPUserScriptsAttachment")
print(response)

GetCSPMGCPUserScripts

Return a script for customer to run in their cloud environment to grant us access to their GCP environment.

PEP8 method name

get_gcp_user_scripts

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords or arguments are accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_gcp_user_scripts()
print(response)

Service class example (Operation ID syntax)
from falconpy import D4CRegistration

# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetCSPMGCPUserScripts()
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("GetCSPMGCPUserScripts")
print(response)