Using the Filevantage service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Retrieves the processing results for one or more actions. | ||||
| Initiates the specified action on the provided change IDs. | ||||
| Retrieves the content captured for the provided change ID. | ||||
| Retrieve information on changes | ||||
| Manage host groups assigned to a policy. | ||||
| Updates the policy precedence for all policies of a specific type. | ||||
| Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy. | ||||
| Retrieves the configuration for 1 or more policies. | ||||
| Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type. | ||||
| Deletes 1 or more policies. | ||||
| Updates the general information of the provided policy. | ||||
| Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id. | ||||
| Creates a new scheduled exclusion configuration for the provided policy id. | ||||
| Deletes 1 or more scheduled exclusions from the provided policy id. | ||||
| Updates the provided scheduled exclusion configuration within the provided policy. | ||||
| Updates the rule precedence for all rules in the identified rule group. | ||||
| Retrieves the configuration for 1 or more rules. | ||||
| Creates a new rule configuration within the specified rule group. | ||||
| Deletes 1 or more rules from the specified rule group. | ||||
| Updates the provided rule configuration within the specified rule group. | ||||
| Retrieves the rule group details for 1 or more rule groups. | ||||
| Creates a new rule group of the specified type. | ||||
| Deletes 1 or more rule groups | ||||
| Updates the provided rule group. | ||||
| Initiates a workflow for the provided change IDs. | ||||
| Returns 1 or more action ids | ||||
| Returns 1 or more change ids | ||||
| Returns 1 or more change ids | ||||
| Retrieve the ids of all policies that are assigned the provided policy type. | ||||
| Retrieve the ids of all scheduled exclusions contained within the provided policy id. | ||||
| Retrieve the ids of all rule groups that are of the provided rule group type. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
getActionsMixin0
Retrieves the processing results for one or more actions
PEP8 method name
get_actions
Endpoint
| Method | Route |
|---|---|
 | /filevantage/entities/actions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |  | | query | string or list of strings | One or more change ids. The maximum number of ids that can be requested at once is 500. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_actions(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getActionsMixin0(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getActionsMixin0", ids=id_list)
print(response)
startActions
Initiates the specified action on the provided change IDs.
PEP8 method name
start_actions
Endpoint
| Method | Route |
|---|---|
 | /filevantage/entities/actions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |  | body | list of dictionaries | Full body payload in JSON format. |
| change_ids | |  | body | string or list of strings | The IDs of the changes the operation will perform. Maximum of 100 IDs per action. |
| comment | | | body | string | Optional comment to describe reason for action. |
| operation | | | body | string | Operation to perform. Must be one of:
|
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
change_id_list = "ID1,ID2,ID3" # Can also pass a list here ["ID1", "ID2", "ID3"]
response = falcon.start_actions(change_ids=change_id_list,
comment="string",
operation="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
change_id_list = "ID1,ID2,ID3" # Can also pass a list here ["ID1", "ID2", "ID3"]
response = falcon.startActions(change_ids=change_id_list,
comment="string",
operation="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
change_id_list = "ID1,ID2,ID3" # Can also pass a list here ["ID1", "ID2", "ID3"]
body_payload = {
"change_ids": change_id_list,
"comment": "string",
"operation": "string"
}
response = falcon.command("startActions", body=body_payload)
print(response)
getContents
Retrieves the content captured for the provided change ID.
PEP8 method name
get_contents
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/change-content/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| compress | | | query | boolean | Compress the response using gzip. Defaults to False. |
| id | | | query | string | ID of the change. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_contents(compress=boolean, id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.getContents(compress=boolean, id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("getActionsMixin0", compress=boolean, ids="string")
print(response)
getChanges
Retrieve information on changes
PEP8 method name
get_changes
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/changes/v2 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | One or more change ids. The maximum number of ids that can be requested at once is 500. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_changes(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getChanges(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getChanges", ids=id_list)
print(response)
updatePolicyHostGroups
Manage host groups assigned to a policy.
PEP8 method name
update_policy_host_groups
Endpoint
| Method | Route |
|---|---|
 | /filevantage/entities/policies-host-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| policy_id | | | query | string | The id of the policy for which to perform the action. |
| action | | | query | string | The action to perform with the provided ids, must be one of: assign or unassign. |
| ids | | | query | string or list of strings | One or more host group ids. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_policy_host_groups(policy_id="string", action="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.updatePolicyHostGroups(policy_id="string", action="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("updatePolicyHostGroups",
policy_id="string",
action="string",
ids=id_list
)
print(response)
updatePolicyPrecedence
Updates the policy precedence for all policies of a specific type.
PEP8 method name
update_policy_precedence
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/policies-precedence/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Precedence of the policies for the provided type. Precedence is determined by element position within the provided list. |
| type | | | query | string | The policy type for which to set the precedence order, must be one of Windows, Linux or Mac. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_policy_precedence(type="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.updatePolicyPrecedence(type="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("updatePolicyPrecedence", type="string", ids=id_list)
print(response)
updatePolicyRuleGroups
Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.
PEP8 method name
update_policy_rule_groups
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/policies-rule-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| policy_id | | | query | string | The id of the policy for which to perform the action. |
| action | | | query | string | The action to perform with the provided ids, must be one of: assign, unassign, or precedence. |
| ids | | | query | string or list of strings | One or more rule group ids. Note, for the precedence action, precedence is controlled by the order of the ids as they are specified in the request. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_policy_rule_groups(policy_id="string", action="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.updatePolicyRuleGroups(policy_id="string", action="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("updatePolicyRuleGroups",
policy_id="string",
action="string",
ids=id_list
)
print(response)
getPolicies
Retrieves the configuration for 1 or more policies.
PEP8 method name
get_policies
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/policies/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | One or more (up to 500) policy IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getPolicies(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getPolicies", ids=id_list)
print(response)
createPolicies
Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.
PEP8 method name
create_policy
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/policies/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| description | | | body | string | The policy description (Max: 500 characters) |
| name | | | body | string | Name of the policy (Max: 100 characters) |
| platform | | | body | string | Policy platform. Must be one of:
|
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_policy(description="string",
name="string",
platform="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.createPolicies(description="string",
name="string",
platform="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"name": "string",
"platform": "string"
}
response = falcon.command("createPolicies", body=body_payload)
print(response)
deletePolicies
Deletes 1 or more policies.
PEP8 method name
delete_policies
Endpoint
| Method | Route |
|---|---|
 | /filevantage/entities/policies/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | One or more (up to 500) policy IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deletePolicies(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deletePolicies", ids=id_list)
print(response)
updatePolicies
Updates the general information of the provided policy.
PEP8 method name
update_policies
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/policies/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| description | | | body | string | The policy description (Max: 500 characters) |
| id | | | body | string | The ID of the policy to be updated |
| name | | | body | string | Name of the policy (Max: 100 characters) |
| enabled | | | body | boolean | Policy enablement status. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_policies(description="string",
id="string",
name="string",
enabled=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.updatePolicies(description="string",
id="string",
name="string",
enabled=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"id": "string",
"name": "string",
"enabled": boolean
}
response = falcon.command("updatePolicies", body=body_payload)
print(response)
getScheduledExclusions
Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.
PEP8 method name
get_scheduled_exclusions
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/policy-scheduled-exclusions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| policy_id | | | query | string | The id of the policy to retrieve the scheduled exclusion configurations. |
| ids | | | query | string or list of strings | One or more (up to 500) scheduled exclusion IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scheduled_exclusions(policy_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getScheduledExclusions(policy_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getScheduledExclusions", policy_id="string", ids=id_list)
print(response)
createScheduledExclusions
Creates a new scheduled exclusion configuration for the provided policy id.
PEP8 method name
create_scheduled_exclusions
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/policy-scheduled-exclusions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| description | | | body | string | The scheduled exclusion description (Max: 500 characters) |
| name | | | body | string | Name of the scheduled exclusion (Max: 100 characters) |
| policy_id | | | body | string | ID of the policy the schedule exclusion is assigned. |
| users | | | body | string | Comma-delimited list of users to not monitor changes. (Max: 500 characters). Example: admin* excludes changes made by all usernames that begin with admin.Supports Falcon GLOB syntax |
| processes | | | body | string | Comma-delimited list of processes to not monitor changes. (Max: 500 characters). Example: **\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location. |
| schedule_start | | | body | string | Indicates the start of the schedule. (RFC3339 format) |
| schedule_end | | | body | string | Indicates the end of the schedule. (RFC3339 format) |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_scheduled_exclusions(description="string",
name="string",
policy_id="string",
users="string",
processes="string",
schedule_start="string",
schedule_end="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.createScheduledExclusions(description="string",
name="string",
policy_id="string",
users="string",
processes="string",
schedule_start="string",
schedule_end="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"name": "string",
"policy_id": "string",
"processes": "string",
"schedule_end": "string",
"schedule_start": "string",
"users": "string"
}
response = falcon.command("createScheduledExclusions", body=body_payload)
print(response)
deleteScheduledExclusions
Deletes 1 or more scheduled exclusions from the provided policy id.
PEP8 method name
delete_scheduled_exclusions
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/policy-scheduled-exclusions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| policy_id | | | query | string | ID of the policy to delete the scheduled exclusions from. |
| ids | | | query | string or list of strings | One or more (up to 500) scheduled exclusion IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_scheduled_exclusions(policy_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteScheduledExclusions(policy_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteScheduledExclusions", policy_id="string", ids=id_list)
print(response)
updateScheduledExclusions
Updates the provided scheduled exclusion configuration within the provided policy.
PEP8 method name
update_scheduled_exclusions
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/policy-scheduled-exclusions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| description | | | body | string | The scheduled exclusion description (Max: 500 characters) |
| id | | | body | string | ID of the scheduled exclusion to update. |
| name | | | body | string | Name of the scheduled exclusion (Max: 100 characters) |
| policy_id | | | body | string | ID of the policy the schedule exclusion is assigned. |
| users | | | body | string | Comma-delimited list of users to not monitor changes. (Max: 500 characters). Example: admin* excludes changes made by all usernames that begin with admin.Supports Falcon GLOB syntax |
| processes | | | body | string | Comma-delimited list of processes to not monitor changes. (Max: 500 characters). Example: **\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location. |
| schedule_start | | | body | string | Indicates the start of the schedule. (RFC3339 format) |
| schedule_end | | | body | string | Indicates the end of the schedule. (RFC3339 format) |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_scheduled_exclusions(description="string",
name="string",
id="string",
policy_id="string",
users="string",
processes="string",
schedule_start="string",
schedule_end="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.updateScheduledExclusions(description="string",
name="string",
id="string",
policy_id="string",
users="string",
processes="string",
schedule_start="string",
schedule_end="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"id": "string",
"name": "string",
"policy_id": "string",
"processes": "string",
"schedule_end": "string",
"schedule_start": "string",
"users": "string"
}
response = falcon.command("updateScheduledExclusions", body=body_payload)
print(response)
updateRuleGroupPrecedence
Updates the rule precedence for all rules in the identified rule group.
PEP8 method name
update_rule_group_precedence
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/rule-groups-rule-precedence/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| rule_group_id | | | query | string | Rule group from which to set the precedence. |
| ids | | | query | string or list of strings | One or more (up to 500) rule group IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_rule_group_precedence(rule_group_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.updateRuleGroupPrecedence(rule_group_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("updateRuleGroupPrecedence", rule_group_id="string", ids=id_list)
print(response)
getRules
Retrieves the configuration for 1 or more rules.
PEP8 method name
get_rules
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/rule-groups-rules/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| rule_group_id | | | query | string | Rule group from which to retrieve the rule configuration. |
| ids | | | query | string or list of strings | One or more (up to 500) rule IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rules(rule_group_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getRules(rule_group_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getRules", rule_group_id="string", ids=id_list)
print(response)
createRules
Creates a new rule configuration within the specified rule group.
PEP8 method name
create_rule
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/rule-groups-rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| description | | | body | string | The rule description (Max: 500 characters) |
| rule_group_id | | | body | string | Group ID containing the group configuration. |
| path | | | body | string | The file system or registry path to monitor. (Max: 250 characters) All paths must end with the path separator, e.g. \ (Windows) or / (Linux/MacOS) |
| severity | | | body | string | To categorize change events produced by this rule. Allowed values:
|
| depth | | | body | string | Recursion levels below the base path to monitor (1 - 5, or ANY). |
| precedence | | | body | integer | The order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result in this rule being placed before the existing rule. |
| include | | | body | string | The files, directories, registry keys, or registry values that will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported |
| exclude | | | body | string | The files, directories, registry keys, or registry values that will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported |
| include_users | | | body | string | The changes performed by these specific users will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported MacOS is not supported at this time |
| exclude_users | | | body | string | The changes performed by these specific users will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported MacOS is not supported at this time |
| include_processes | | | body | string | The changes performed by these specific processes will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported MacOS is not supported at this time |
| exclude_processes | | | body | string | The changes performed by these specific processes will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported MacOS is not supported at this time |
| content_files | | | body | string | The files whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern. |
| content_registry_values | | | body | string | The registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern. |
| enable_content_capture | | | body | boolean | Enable content capturing. |
| enable_hash_capture | | | body | boolean | Enable hash capturing. |
| watch_create_directory_changes | | | body | boolean | File system directory monitoring. |
| watch_delete_directory_changes | | | body | boolean | File system directory monitoring. |
| watch_rename_directory_changes | | | body | boolean | File system directory monitoring. |
| watch_attributes_directory_changes | | | body | boolean | File system directory monitoring. MacOS is not supported at this time |
| watch_permissions_directory_changes | | | body | boolean | File system directory monitoring. MacOS is not supported at this time |
| watch_create_file_changes | | | body | boolean | File system file monitoring. |
| watch_delete_file_changes | | | body | boolean | File system file monitoring. |
| watch_write_file_changes | | | body | boolean | File system file monitoring. |
| watch_rename_file_changes | | | body | boolean | File system file monitoring. |
| watch_attributes_file_changes | | | body | boolean | File system file monitoring. MacOS is not supported at this time |
| watch_permissions_file_changes | | | body | boolean | File system file monitoring. MacOS is not supported at this time |
| watch_create_key_changes | | | body | boolean | Windows registry key and value monitoring. |
| watch_delete_key_changes | | | body | boolean | Windows registry key and value monitoring. |
| watch_permissions_key_changes | | | body | boolean | Windows registry key and value permissions monitoring. |
| watch_set_value_changes | | | body | boolean | Windows registry key and value monitoring. |
| watch_delete_value_changes | | | body | boolean | Windows registry key and value monitoring. |
| watch_rename_key_changes | | | body | boolean | Windows registry key and value monitoring. |
| watch_create_file_changes | | | body | boolean | Windows registry key and value monitoring. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_rule(depth="string",
description="string",
exclude="string",
exclude_processes="string",
exclude_users="string",
include="string",
include_processes="string",
include_users="string",
path="string",
precedence=integer,
rule_group_id="string",
severity="string",
content_files="string",
content_registry_values="string",
enable_content_capture=boolean,
enable_hash_capture=boolean,
watch_attributes_directory_changes=boolean,
watch_attributes_file_changes=boolean,
watch_create_directory_changes=boolean,
watch_create_file_changes=boolean,
watch_create_key_changes=boolean,
watch_delete_directory_changes=boolean,
watch_delete_file_changes=boolean,
watch_delete_key_changes=boolean,
watch_delete_value_changes=boolean,
watch_permissions_directory_changes=boolean,
watch_permissions_file_changes=boolean,
watch_rename_directory_changes=boolean,
watch_rename_file_changes=boolean,
watch_rename_key_changes=boolean,
watch_set_value_changes=boolean,
watch_write_file_changes=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.createRules(depth="string",
description="string",
exclude="string",
exclude_processes="string",
exclude_users="string",
include="string",
include_processes="string",
include_users="string",
path="string",
precedence=integer,
rule_group_id="string",
severity="string",
content_files="string",
content_registry_values="string",
enable_content_capture=boolean,
enable_hash_capture=boolean,
watch_attributes_directory_changes=boolean,
watch_attributes_file_changes=boolean,
watch_create_directory_changes=boolean,
watch_create_file_changes=boolean,
watch_create_key_changes=boolean,
watch_delete_directory_changes=boolean,
watch_delete_file_changes=boolean,
watch_delete_key_changes=boolean,
watch_delete_value_changes=boolean,
watch_permissions_directory_changes=boolean,
watch_permissions_file_changes=boolean,
watch_rename_directory_changes=boolean,
watch_rename_file_changes=boolean,
watch_rename_key_changes=boolean,
watch_set_value_changes=boolean,
watch_write_file_changes=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"depth": "string",
"description": "string",
"exclude": "string",
"exclude_processes": "string",
"exclude_users": "string",
"include": "string",
"include_processes": "string",
"include_users": "string",
"path": "string",
"precedence": 0,
"rule_group_id": "string",
"severity": "string",
"content_files": "string",
"content_registry_values": "string",
"enable_content_capture": boolean,
"enable_hash_capture": boolean,
"watch_attributes_directory_changes": boolean,
"watch_attributes_file_changes": boolean,
"watch_create_directory_changes": boolean,
"watch_create_file_changes": boolean,
"watch_create_key_changes": boolean,
"watch_delete_directory_changes": boolean,
"watch_delete_file_changes": boolean,
"watch_delete_key_changes": boolean,
"watch_delete_value_changes": boolean,
"watch_permissions_directory_changes": boolean,
"watch_permissions_file_changes": boolean,
"watch_rename_directory_changes": boolean,
"watch_rename_file_changes": boolean,
"watch_rename_key_changes": boolean,
"watch_set_value_changes": boolean,
"watch_write_file_changes": boolean
}
response = falcon.command("createRules", body=body_payload)
print(response)
deleteRules
Deletes 1 or more rules from the specified rule group.
PEP8 method name
delete_rules
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/rule-groups-rules/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| rule_group_id | | | query | string | The id of the rule group from which the rules will be deleted. |
| ids | | | query | string or list of strings | One or more (up to 500) rule IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rules(rule_group_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteRules(rule_group_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"rule_group_id": "string"
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteRules", parameters=PARAMS, ids=id_list)
print(response)
updateRules
Updates the provided rule configuration within the specified rule group.
PEP8 method name
update_rule
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/rule-groups-rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| description | | | body | string | The rule description (Max: 500 characters) |
| rule_group_id | | | body | string | Group ID containing the group configuration. |
| path | | | body | string | The file system or registry path to monitor. (Max: 250 characters) All paths must end with the path separator, e.g. \ (Windows) or / (Linux/MacOS) |
| severity | | | body | string | To categorize change events produced by this rule. Allowed values:
|
| depth | | | body | string | Recursion levels below the base path to monitor (1 - 5, or ANY). |
| precedence | | | body | integer | The order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result in this rule being placed before the existing rule. |
| include | | | body | string | The files, directories, registry keys, or registry values that will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported |
| exclude | | | body | string | The files, directories, registry keys, or registry values that will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported |
| include_users | | | body | string | The changes performed by these specific users will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported MacOS is not supported at this time |
| exclude_users | | | body | string | The changes performed by these specific users will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported MacOS is not supported at this time |
| include_processes | | | body | string | The changes performed by these specific processes will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported MacOS is not supported at this time |
| exclude_processes | | | body | string | The changes performed by these specific processes will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to. Falcon GLOB syntax is supported MacOS is not supported at this time |
| content_files | | | body | string | The files whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern. |
| content_registry_values | | | body | string | The registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern. |
| enable_content_capture | | | body | boolean | Enable content capturing. |
| enable_hash_capture | | | body | boolean | Enable hash capturing. |
| watch_create_directory_changes | | | body | boolean | File system directory monitoring. |
| watch_delete_directory_changes | | | body | boolean | File system directory monitoring. |
| watch_rename_directory_changes | | | body | boolean | File system directory monitoring. |
| watch_attributes_directory_changes | | | body | boolean | File system directory monitoring. MacOS is not supported at this time |
| watch_permissions_directory_changes | | | body | boolean | File system directory monitoring. MacOS is not supported at this time |
| watch_create_file_changes | | | body | boolean | File system file monitoring. |
| watch_delete_file_changes | | | body | boolean | File system file monitoring. |
| watch_write_file_changes | | | body | boolean | File system file monitoring. |
| watch_rename_file_changes | | | body | boolean | File system file monitoring. |
| watch_attributes_file_changes | | | body | boolean | File system file monitoring. MacOS is not supported at this time |
| watch_permissions_file_changes | | | body | boolean | File system file monitoring. MacOS is not supported at this time |
| watch_create_key_changes | | | body | boolean | Windows registry key and value monitoring. |
| watch_delete_key_changes | | | body | boolean | Windows registry key and value monitoring. |
| watch_set_value_changes | | | body | boolean | Windows registry key and value monitoring. |
| watch_delete_value_changes | | | body | boolean | Windows registry key and value monitoring. |
| watch_rename_key_changes | | | body | boolean | Windows registry key and value monitoring. |
| watch_create_file_changes | | | body | boolean | Windows registry key and value monitoring. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_rule(depth="string",
description="string",
exclude="string",
exclude_processes="string",
exclude_users="string",
id="string",
include="string",
include_processes="string",
include_users="string",
path="string",
precedence=integer,
rule_group_id="string",
severity="string",
content_files="string",
content_registry_values="string",
enable_content_capture=boolean,
enable_hash_capture=boolean,
watch_attributes_directory_changes=boolean,
watch_attributes_file_changes=boolean,
watch_create_directory_changes=boolean,
watch_create_file_changes=boolean,
watch_create_key_changes=boolean,
watch_delete_directory_changes=boolean,
watch_delete_file_changes=boolean,
watch_delete_key_changes=boolean,
watch_delete_value_changes=boolean,
watch_permissions_directory_changes=boolean,
watch_permissions_file_changes=boolean,
watch_rename_directory_changes=boolean,
watch_rename_file_changes=boolean,
watch_rename_key_changes=boolean,
watch_set_value_changes=boolean,
watch_write_file_changes=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.updateRules(depth="string",
description="string",
exclude="string",
exclude_processes="string",
exclude_users="string",
id="string",
include="string",
include_processes="string",
include_users="string",
path="string",
precedence=integer,
rule_group_id="string",
severity="string",
content_files="string",
content_registry_values="string",
enable_content_capture=boolean,
enable_hash_capture=boolean,
watch_attributes_directory_changes=boolean,
watch_attributes_file_changes=boolean,
watch_create_directory_changes=boolean,
watch_create_file_changes=boolean,
watch_create_key_changes=boolean,
watch_delete_directory_changes=boolean,
watch_delete_file_changes=boolean,
watch_delete_key_changes=boolean,
watch_delete_value_changes=boolean,
watch_permissions_directory_changes=boolean,
watch_permissions_file_changes=boolean,
watch_rename_directory_changes=boolean,
watch_rename_file_changes=boolean,
watch_rename_key_changes=boolean,
watch_set_value_changes=boolean,
watch_write_file_changes=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"depth": "string",
"description": "string",
"exclude": "string",
"exclude_processes": "string",
"exclude_users": "string",
"id": "string",
"include": "string",
"include_processes": "string",
"include_users": "string",
"path": "string",
"precedence": 0,
"rule_group_id": "string",
"severity": "string",
"content_files": "string",
"content_registry_values": "string",
"enable_content_capture": boolean,
"enable_hash_capture": boolean,
"watch_attributes_directory_changes": boolean,
"watch_attributes_file_changes": boolean,
"watch_create_directory_changes": boolean,
"watch_create_file_changes": boolean,
"watch_create_key_changes": boolean,
"watch_delete_directory_changes": boolean,
"watch_delete_file_changes": boolean,
"watch_delete_key_changes": boolean,
"watch_delete_value_changes": boolean,
"watch_permissions_directory_changes": boolean,
"watch_permissions_file_changes": boolean,
"watch_rename_directory_changes": boolean,
"watch_rename_file_changes": boolean,
"watch_rename_key_changes": boolean,
"watch_set_value_changes": boolean,
"watch_write_file_changes": boolean
}
response = falcon.command("updateRules", body=body_payload)
print(response)
getRuleGroups
Retrieves the rule group details for 1 or more rule groups.
PEP8 method name
get_rule_groups
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/rule-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | One or more (up to 500) rule group ids. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule_groups(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getRuleGroups(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getRuleGroups", ids=id_list)
print(response)
createRuleGroups
Creates a new rule group of the specified type.
PEP8 method name
create_rule_group
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/rule-groups/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| description | | | body | string | The policy description (Max: 500 characters) |
| name | | | body | string | Name of the policy (Max: 100 characters) |
| type | | | body | string | Rule group type. Must be one of:
|
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_rule_group(description="string",
name="string",
type="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.createRuleGroups(description="string",
name="string",
type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"name": "string",
"type": "string"
}
response = falcon.command("createRuleGroups", body=body_payload)
print(response)
deleteRuleGroups
Deletes 1 or more rule groups
PEP8 method name
delete_rule_groups
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/rule-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | One or more (up to 500) rule group ids. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rule_groups(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteRuleGroups(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteRuleGroups", ids=id_list)
print(response)
updateRuleGroups
Updates the provided rule group.
PEP8 method name
update_rule_group
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/rule-groups/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| description | | | body | string | The policy description (Max: 500 characters) |
| name | | | body | string | Name of the policy (Max: 100 characters) |
| id | | | body | string | Rule group ID to update. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_rule_group(description="string",
name="string",
id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.updateRuleGroups(description="string",
name="string",
id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"name": "string",
"id": "string"
}
response = falcon.command("updateRuleGroups", body=body_payload)
print(response)
signalChangesExternal
Initiates workflows for the provided change IDs.
PEP8 method name
signal_changes
Endpoint
| Method | Route |
|---|---|
| /filevantage/entities/workflow/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| ids | | | body | string or list of strings | Change IDs to initiate the workflows, limited to 100 IDs per request. |
Usage
Service class example (PEP8 syntax)
from falconpy import Hosts
# Do not hardcode API credentials!
falcon = Hosts(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.signal_changes(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import Hosts
# Do not hardcode API credentials!
falcon = Hosts(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.signalChangesExternal(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("signalChangesExternal", ids=id_list)
print(response)
queryActionsMixin0
Returns one or more action IDs.
PEP8 method name
query_actions
Endpoint
| Method | Route |
|---|---|
| /filevantage/queries/actions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| offset | | | query | integer | The offset to start retrieving records from. Defaults to 0 if not specified. |
| limit | | | query | integer | The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500. |
| sort | | | query | string | Sort results using options like: - created_date (timestamp of the change occurrence) Sort either asc (ascending) or desc (descending). For example: created_date|asc. The full list of allowed sorting options can be reviewed in our API documentation. |
| filter | | | query | string | Filter changes using a query in Falcon Query Language (FQL). Common filter options include: - status - operation_type The full list of allowed filter parameters can be reviewed in our API documentation. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_actions(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryActionsMixin0(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryActionsMixin0",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)
queryChanges
Returns 1 or more change ids
PEP8 method name
query_changes
Endpoint
| Method | Route |
|---|---|
| /filevantage/queries/changes/v2 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| offset | | | query | integer | The offset to start retrieving records from. Defaults to 0 if not specified. |
| limit | | | query | integer | The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500. |
| sort | | | query | string | Sort results using options like: - action_timestamp (timestamp of the change occurrence) Sort either asc (ascending) or desc (descending). For example: action_timestamp|asc. The full list of allowed sorting options can be reviewed in our API documentation. |
| filter | | | query | string | Filter changes using a query in Falcon Query Language (FQL). Common filter options include: - host.name - action_timestamp The full list of allowed filter parameters can be reviewed in our API documentation. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_changes(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryChanges(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryChanges",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)
highVolumeQueryChanges
Returns 1 or more change ids
PEP8 method name
query_changes_scroll
Endpoint
| Method | Route |
|---|---|
| /filevantage/queries/changes/v3 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request don't provide a value for the after token. On subsequent requests provide the after token value from the previous response to continue pagination from where you left. If the response returns an empty after token it means there are no more results to return. |
| limit | | | query | integer | The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 5000. |
| sort | | | query | string | Sort results using options like: - action_timestamp (timestamp of the change occurrence) Sort either asc (ascending) or desc (descending). For example: action_timestamp|asc. Defaults to action_timestamp|desc no value is specified. The full list of allowed sorting options can be reviewed in our API documentation. |
| filter | | | query | string | Filter changes using a query in Falcon Query Language (FQL). Common filter options include: - host.name - action_timestamp The full list of allowed filter parameters can be reviewed in our API documentation. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_changes_scroll(after="string",
limit=integer,
sort="string",
filter="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.highVolumeQueryChanges(after="string",
limit=integer,
sort="string",
filter="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("highVolumeQueryChanges",
after="string",
limit=integer,
sort="string",
filter="string"
)
print(response)
queryPolicies
Retrieve the ids of all policies that are assigned the provided policy type.
PEP8 method name
query_policies
Endpoint
| Method | Route |
|---|---|
| /filevantage/queries/policies/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| offset | | | query | integer | The offset to start retrieving records from. Defaults to 0 if not specified. |
| limit | | | query | integer | The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500. |
| sort | | | query | string | Sort the returned ids based on one of the following properties: precedence, created_timestamp or modified_timestamp Sort either asc (ascending) or desc (descending); for example: precedence|asc. |
| type | | | query | string | The types of policies to retrieve. Allowed values are: Windows, Linux or Mac. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_policies(offset=integer,
limit=integer,
sort="string",
type="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryPolicies(offset=integer,
limit=integer,
sort="string",
type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryPolicies",
offset=integer,
limit=integer,
sort="string",
type="string"
)
print(response)
queryScheduledExclusions
Retrieve the ids of all scheduled exclusions contained within the provided policy id.
PEP8 method name
query_scheduled_exclusions
Endpoint
| Method | Route |
|---|---|
| /filevantage/queries/policy-scheduled-exclusions/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| policy_id | | | query | string | The id of the policy from which to retrieve the scheduled exclusion ids. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_scheduled_exclusions(policy_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryScheduledExclusions(policy_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryScheduledExclusions", policy_id="string")
print(response)
queryRuleGroups
Retrieve the ids of all rule groups that are of the provided rule group type.
PEP8 method name
query_rule_groups
Endpoint
| Method | Route |
|---|---|
| /filevantage/queries/rule-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| offset | | | query | integer | The offset to start retrieving records from. Defaults to 0 if not specified. |
| limit | | | query | integer | The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500. |
| sort | | | query | string | Sort the returned ids based on one of the following properties: created_timestamp or modified_timestamp Sort either asc (ascending) or desc (descending); for example: created_timestamp|asc. |
| type | | | query | string | The rule group type to retrieve the ids of. Allowed values are: WindowsFiles, WindowsRegistry, LinuxFiles or MacFiles. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule_groups(offset=integer,
limit=integer,
sort="string",
type="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryRuleGroups(offset=integer,
limit=integer,
sort="string",
type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryRuleGroups",
offset=integer,
limit=integer,
sort="string",
type="string"
)
print(response)