Using the Falcon Data Replicator (FDR) service collection

Documentation Version

Operation ID

Description

fdrschema_combined_event_get
PEP 8	get_event_combined

Fetches the combined schema.

fdrschema_entities_event_get
PEP 8	get_event_entities

Fetch event schema by ID.

fdrschema_queries_event_get
PEP 8	query_event_entities

Get list of event IDs given a particular query.

fdrschema_entities_field_get
PEP 8	get_field_entities

Fetch field schema by ID.

fdrschema_queries_field_get
PEP 8	query_field_entities

Get list of field IDs given a particular query.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

fdrschema_combined_event_get

Fetch the combined schema.

PEP8 method name

get_event_combined

Endpoint

Method	Route
	`/fdr/combined/schema-members/v1`

Content-Type

Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)

from falconpy import FDR

# Do not hardcode API credentials!
falcon = FDR(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )

response = falcon.get_event_combined()

print(response)

Service class example (Operation ID syntax)

from falconpy import FDR

# Do not hardcode API credentials!
falcon = FDR(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )

response = falcon.fdrschema_combined_event_get()

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("fdrschema_combined_event_get")

print(response)

Back to Table of Contents

fdrschema_entities_event_get

Fetch event schema by ID.

PEP8 method name

get_event_entities

Endpoint

Method	Route
	`/fdr/entities/schema-events/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	Feed IDs to fetch.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FDR

# Do not hardcode API credentials!
falcon = FDR(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_event_entities(ids=id_list)

print(response)

Service class example (Operation ID syntax)

from falconpy import FDR

# Do not hardcode API credentials!
falcon = FDR(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.fdrschema_entities_event_get(ids=id_list)

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("fdrschema_entities_event_get", ids=id_list)

print(response)

Back to Table of Contents

fdrschema_queries_event_get

Get a list of event IDs given a particular query.

PEP8 method name

query_event_entities

Endpoint

Method	Route
	`/fdr/queries/schema-events/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
offset	query	integer	The offset to start retrieving records from.
parameters	query	dictionary	Full query string parameters payload in JSON format.
limit	query	integer	The maximum records to return.
sort	query	string	FQL formatted sort directive.
filter	query	string	The FQL filter expression that should be used to limit the results.

Usage

Service class example (PEP8 syntax)

from falconpy import FDR

# Do not hardcode API credentials!
falcon = FDR(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )

response = falcon.query_event_entities(filter="string",
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )

print(response)

Service class example (Operation ID syntax)

from falconpy import FDR

# Do not hardcode API credentials!
falcon = FDR(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )

response = falcon.fdrschema_queries_event_get(filter="string",
                                               limit=integer,
                                               offset=integer,
                                               sort="string"
                                               )

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("fdrschema_queries_event_get",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )

print(response)

Back to Table of Contents

fdrschema_entities_field_get

Fetch field schema by ID.

PEP8 method name

get_field_entities

Endpoint

Method	Route
	`/fdr/entities/schema-fields/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	Feed IDs to fetch.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import FDR

# Do not hardcode API credentials!
falcon = FDR(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_field_entities(ids=id_list)

print(response)

Service class example (Operation ID syntax)

from falconpy import FDR

# Do not hardcode API credentials!
falcon = FDR(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.fdrschema_fields_event_get(ids=id_list)

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("fdrschema_fields_event_get", ids=id_list)

print(response)

Back to Table of Contents

fdrschema_queries_field_get

Get a list of field IDs given a particular query.

PEP8 method name

query_field_entities

Endpoint

Method	Route
	`/fdr/queries/schema-fields/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
offset	query	integer	The offset to start retrieving records from.
parameters	query	dictionary	Full query string parameters payload in JSON format.
limit	query	integer	The maximum records to return.
sort	query	string	FQL formatted sort directive.
filter	query	string	The FQL filter expression that should be used to limit the results.

Usage

Service class example (PEP8 syntax)

from falconpy import FDR

# Do not hardcode API credentials!
falcon = FDR(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )

response = falcon.query_field_entities(filter="string",
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )

print(response)

Service class example (Operation ID syntax)

from falconpy import FDR

# Do not hardcode API credentials!
falcon = FDR(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )

response = falcon.fdrschema_queries_field_get(filter="string",
                                              limit=integer,
                                              offset=integer,
                                              sort="string"
                                              )

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("fdrschema_queries_field_get",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )

print(response)

Back to Table of Contents

The CrowdStrike Falcon Wiki for Python