Using the Drift Indicators service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Returns the count of Drift Indicators by the date. by default it's for 7 days. | ||||
| Returns the total count of Drift indicators over a time period | ||||
| Retrieve Drift Indicators by the provided search criteria | ||||
| Retrieve all drift indicators that match the given query | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
GetDriftIndicatorsValuesByDate
Returns the count of Drift Indicators by the date. by default it's for 7 days.
PEP8 method name
get_drift_indicators_by_date
Endpoint
| Method | Route |
|---|---|
 | /container-security/aggregates/drift-indicators/count-by-date/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  | | query | string | Filter drift indicators using a query in Falcon Query Language (FQL). Supported filters: cid,cloud_name,command_line,container_id,file_name,file_sha256,host_id,indicator_process_id,namespace,occurred_at,parent_process_id,pod_name,prevented,scheduler_name,severity,worker_node_name |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
Usage
Service class example (PEP8 syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_drift_indicators_by_date(filter="string", limit=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDriftIndicatorsValuesByDate(filter="string", limit=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDriftIndicatorsValuesByDate",
filter="string",
limit="string
)
print(response)
ReadDriftIndicatorsCount
Returns the total count of Drift indicators over a time period
PEP8 method name
read_drift_indicator_counts
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/drift-indicators/count/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,cloud_name,command_line,container_id,file_name,file_sha256,host_id,indicator_process_id,namespace,occurred_at,parent_process_id,pod_name,prevented,scheduler_name,severity,worker_node_name |
Usage
Service class example (PEP8 syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_drift_indicator_counts(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDriftIndicatorsCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDriftIndicatorsCount", filter="string")
print(response)
SearchAndReadDriftIndicatorEntities
Retrieve Drift Indicators by the provided search criteria
PEP8 method name
search_and_read_drift_indicators
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/drift-indicators/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter Drift Indicators using a query in Falcon Query Language (FQL). Supported filters: cid, cloud_name, command_line, container_id, file_name, file_sha256, host_id, indicator_process_id, namespace, occurred_at, parent_process_id, pod_name, prevented, scheduler_name, severity, worker_node_name |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| sort | | | query | string | The fields to sort the records on. |
Usage
Service class example (PEP8 syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_and_read_drift_indicators(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchAndReadDriftIndicatorEntities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("SearchAndReadDriftIndicatorEntities",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
SearchDriftIndicators
Retrieve all drift indicators that match the given query
PEP8 method name
search_drift_indicators
Endpoint
| Method | Route |
|---|---|
| /container-security/queries/drift-indicators/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter Drift Indicators using a query in Falcon Query Language (FQL). Supported filters: cid, cloud_name, command_line, container_id, file_name, file_sha256, host_id, indicator_process_id, namespace, occurred_at, parent_process_id, pod_name, prevented, scheduler_name, severity, worker_node_name |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| sort | | | query | string | The fields to sort the records on. |
Usage
Service class example (PEP8 syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_drift_indicators(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import DriftIndicators
# Do not hardcode API credentials!
falcon = DriftIndicators(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchDriftIndicators(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("SearchDriftIndicators",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)