Using the Drift Indicators service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Returns the count of Drift Indicators by the date. by default it's for 7 days. | ||||
| Returns the total count of Drift indicators over a time period | ||||
| Retrieve Drift Indicators by the provided search criteria | ||||
| Retrieve Drift Indicator entities identified by the provided IDs | ||||
| Retrieve all drift indicators that match the given query | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
GetDriftIndicatorsValuesByDate
Returns the count of Drift Indicators by the date. by default it's for 7 days.
PEP8 method name
get_drift_indicators_by_date
Endpoint
| Method | Route |
|---|---|
 | /container-security/aggregates/drift-indicators/count-by-date/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  | | query | string | Filter drift indicators using a query in Falcon Query Language (FQL). Supported filters: cid,cloud_name,command_line,container_id,file_name,file_sha256,host_id,indicator_process_id,namespace,occurred_at,parent_process_id,pod_name,prevented,scheduler_name,severity,worker_node_name |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_drift_indicators_by_date(filter="string", limit=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDriftIndicatorsValuesByDate(filter="string", limit=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDriftIndicatorsValuesByDate",
filter="string",
limit="string
)
print(response)
Back to Table of Contents
ReadDriftIndicatorsCount
Returns the total count of Drift indicators over a time period
PEP8 method name
read_drift_indicator_counts
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/drift-indicators/count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,cloud_name,command_line,container_id,file_name,file_sha256,host_id,indicator_process_id,namespace,occurred_at,parent_process_id,pod_name,prevented,scheduler_name,severity,worker_node_name |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_drift_indicator_counts(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDriftIndicatorsCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDriftIndicatorsCount", filter="string")
print(response)
Back to Table of Contents
SearchAndReadDriftIndicatorEntities
Retrieve Drift Indicators by the provided search criteria
PEP8 method name
search_and_read_drift_indicators
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/drift-indicators/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter Drift Indicators using a query in Falcon Query Language (FQL). Supported filters: cid, cloud_name, command_line, container_id, file_name, file_sha256, host_id, indicator_process_id, namespace, occurred_at, parent_process_id, pod_name, prevented, scheduler_name, severity, worker_node_name |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| sort | | | query | string | The fields to sort the records on. |
Usage
Service class example (PEP8 syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_and_read_drift_indicators(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchAndReadDriftIndicatorEntities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("SearchAndReadDriftIndicatorEntities",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
ReadDriftIndicatorEntities
Retrieve Drift Indicator entities identified by the provided IDs
PEP8 method name
read_drift_indicators_entities
Endpoint
| Method | Route |
|---|---|
| /container-security/entities/drift-indicators/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | array (string) | Search Drift Indicators by ids - The maximum amount is 100 IDs |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.read_drift_indicators(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ReadDriftIndicatorEntities(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ReadDriftIndicatorEntities", ids=id_list)
print(response)
Back to Table of Contents
SearchDriftIndicators
Retrieve all drift indicators that match the given query
PEP8 method name
search_drift_indicators
Endpoint
| Method | Route |
|---|---|
| /container-security/queries/drift-indicators/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter Drift Indicators using a query in Falcon Query Language (FQL). Supported filters: cid, cloud_name, command_line, container_id, file_name, file_sha256, host_id, indicator_process_id, namespace, occurred_at, parent_process_id, pod_name, prevented, scheduler_name, severity, worker_node_name |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| sort | | | query | string | The fields to sort the records on. |
Usage
Service class example (PEP8 syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_drift_indicators(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchDriftIndicators(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("SearchDriftIndicators",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents