Using the FileVantage service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Retrieve information on changes. | ||||
| Returns one or more change IDs. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
getChanges
Retrieve information on changes
PEP8 method name
get_changes
Endpoint
| Method | Route |
|---|---|
 | /filevantage/entities/changes/v2 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Datatype | Description |
|---|---|---|---|---|---|
| ids |  | | query | string or list of strings | The ID(s) of the changes to return. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_changes(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getChanges(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getChanges", ids=id_list)
print(response)
queryChanges
Returns one or more change IDs
PEP8 method name
query_changes
Endpoint
| Method | Route |
|---|---|
| /filevantage/queries/changes/v2 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Datatype | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL Syntax formatted string used to limit the results. Available filters
|
| limit | | | query | integer | The maximum number of changes to return in the response (default: 100; max: 500). Use with the offset parameter to manage pagination of results |
| offset | | | query | integer | The first change index to return in the response. If not provided it will default to 0. Use with the limit parameter to manage pagination of results. |
| sort | | | query | string | Sort changes using action_timestamp (timestamp of the change occurrence) or ingestion_timestamp (timestamp of whent he change was ingested).Sort either asc (ascending) or desc (descending).For example: action_timestamp|asc. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_changes(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryChanges(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryChanges",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)