CrowdStrike Falcon CrowdStrike Subreddit

Using the Filevantage service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
getChanges
PEP8get_changes
Retrieve information on changes
updatePolicyHostGroups
PEP8update_policy_host_groups
Manage host groups assigned to a policy.
updatePolicyPrecedence
PEP8update_policy_precedence
Updates the policy precedence for all policies of a specific type.
updatePolicyRuleGroups
PEP8update_policy_rule_groups
Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.
getPolicies
PEP8get_policies
Retrieves the configuration for 1 or more policies.
createPolicies
PEP8create_policy
Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.
deletePolicies
PEP8delete_policies
Deletes 1 or more policies.
updatePolicies
PEP8update_policies
Updates the general information of the provided policy.
getScheduledExclusions
PEP8get_scheduled_exclusions
Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.
createScheduledExclusions
PEP8create_scheduled_exclusions
Creates a new scheduled exclusion configuration for the provided policy id.
deleteScheduledExclusions
PEP8delete_scheduled_exclusions
Deletes 1 or more scheduled exclusions from the provided policy id.
updateScheduledExclusions
PEP8update_scheduled_exclusions
Updates the provided scheduled exclusion configuration within the provided policy.
updateRuleGroupPrecedence
PEP8update_rule_group_precedence
Updates the rule precedence for all rules in the identified rule group.
getRules
PEP8get_rules
Retrieves the configuration for 1 or more rules.
createRules
PEP8create_rule
Creates a new rule configuration within the specified rule group.
deleteRules
PEP8delete_rules
Deletes 1 or more rules from the specified rule group.
updateRules
PEP8update_rule
Updates the provided rule configuration within the specified rule group.
getRuleGroups
PEP8get_rule_groups
Retrieves the rule group details for 1 or more rule groups.
createRuleGroups
PEP8create_rule_group
Creates a new rule group of the specified type.
deleteRuleGroups
PEP8delete_rule_groups
Deletes 1 or more rule groups
updateRuleGroups
PEP8update_rule_group
Updates the provided rule group.
queryChanges
PEP8query_changes
Returns 1 or more change ids
highVolumeQueryChanges
PEP8query_changes_scroll
Returns 1 or more change ids
queryPolicies
PEP8query_policies
Retrieve the ids of all policies that are assigned the provided policy type.
queryScheduledExclusions
PEP8query_scheduled_exclusions
Retrieve the ids of all scheduled exclusions contained within the provided policy id.
queryRuleGroups
PEP8query_rule_groups
Retrieve the ids of all rule groups that are of the provided rule group type.

getChanges

Retrieve information on changes

PEP8 method name

get_changes

Endpoint

MethodRoute
GET/filevantage/entities/changes/v2

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
queryarray (string)One or more change ids. The maximum number of ids that can be requested at once is 500.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_changes(ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getChanges(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getChanges", ids=id_list)
print(response)

updatePolicyHostGroups

Manage host groups assigned to a policy.

PEP8 method name

update_policy_host_groups

Endpoint

MethodRoute
PATCH/filevantage/entities/policies-host-groups/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
policy_id
Service Class Support

Uber Class Support
querystringThe id of the policy for which to perform the action.
action
Service Class Support

Uber Class Support
querystringThe action to perform with the provided ids, must be one of: assign or unassign.
ids
Service Class Support

Uber Class Support
queryarray (string)One or more host group ids.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_policy_host_groups(policy_id="string", action="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updatePolicyHostGroups(policy_id="string", action="string", ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "policy_id": "string",
    "action": "string"
}

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updatePolicyHostGroups",
                          policy_id="string",
                          action="string",
                          ids=id_list
                          )
print(response)

updatePolicyPrecedence

Updates the policy precedence for all policies of a specific type.

PEP8 method name

update_policy_precedence

Endpoint

MethodRoute
PATCH/filevantage/entities/policies-precedence/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
queryarray (string)Precedence of the policies for the provided type. Precedence is determined by element position within the provided list.
type
Service Class Support

Uber Class Support
querystringThe policy type for which to set the precedence order, must be one of Windows, Linux or Mac.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_policy_precedence(type="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updatePolicyPrecedence(type="string", ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updatePolicyPrecedence", type="string", ids=id_list)
print(response)

updatePolicyRuleGroups

Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.

PEP8 method name

update_policy_rule_groups

Endpoint

MethodRoute
PATCH/filevantage/entities/policies-rule-groups/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
policy_id
Service Class Support

Uber Class Support
querystringThe id of the policy for which to perform the action.
action
Service Class Support

Uber Class Support
querystringThe action to perform with the provided ids, must be one of: assign, unassign, or precedence.
ids
Service Class Support

Uber Class Support
queryarray (string)One or more rule group ids. Note, for the precedence action, precedence is controlled by the order of the ids as they are specified in the request.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_policy_rule_groups(policy_id="string", action="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updatePolicyRuleGroups(policy_id="string", action="string", ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updatePolicyRuleGroups",
                          policy_id="string",
                          action="string",
                          ids=id_list
                          )
print(response)

getPolicies

Retrieves the configuration for 1 or more policies.

PEP8 method name

get_policies

Endpoint

MethodRoute
GET/filevantage/entities/policies/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
queryarray (string)One or more (up to 500) policy IDs.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policies(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getPolicies(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getPolicies", ids=id_list)

print(response)

createPolicies

Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.

PEP8 method name

create_policy

Endpoint

MethodRoute
POST/filevantage/entities/policies/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodylist of dictionariesFull body payload in JSON format.
description
Service Class Support

Uber Class Support
bodystringThe policy description (Max: 500 characters)
name
Service Class Support

Uber Class Support
bodystringName of the policy (Max: 100 characters)
platform
Service Class Support

Uber Class Support
bodystringPolicy platform. Must be one of:
  • Windows
  • Linux
  • Mac

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.create_policy(description="string",
                                name="string",
                                platform="string"
                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.createPolicies(description="string",
                                 name="string",
                                 platform="string"
                                 )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "name": "string",
    "platform": "string"
}

response = falcon.command("createPolicies", body=body_payload)

print(response)

deletePolicies

Deletes 1 or more policies.

PEP8 method name

delete_policies

Endpoint

MethodRoute
DELETE/filevantage/entities/policies/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
queryarray (string)One or more (up to 500) policy IDs.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_policies(ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deletePolicies(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deletePolicies", ids=id_list)

print(response)

updatePolicies

Updates the general information of the provided policy.

PEP8 method name

update_policies

Endpoint

MethodRoute
PATCH/filevantage/entities/policies/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodylist of dictionariesFull body payload in JSON format.
description
Service Class Support

Uber Class Support
bodystringThe policy description (Max: 500 characters)
id
Service Class Support

Uber Class Support
bodystringThe ID of the policy to be updated
name
Service Class Support

Uber Class Support
bodystringName of the policy (Max: 100 characters)
enabled
Service Class Support

Uber Class Support
bodybooleanPolicy enablement status.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.update_policies(description="string",
                                  id="string",
                                  name="string",
                                  enabled=boolean
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.updatePolicies(description="string",
                                 id="string",
                                 name="string",
                                 enabled=boolean
                                 )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "id": "string",
    "name": "string",
    "enabled": boolean
}

response = falcon.command("updatePolicies", body=body_payload)

print(response)

getScheduledExclusions

Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.

PEP8 method name

get_scheduled_exclusions

Endpoint

MethodRoute
GET/filevantage/entities/policy-scheduled-exclusions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
policy_id
Service Class Support

Uber Class Support
querystringThe id of the policy to retrieve the scheduled exclusion configurations.
ids
Service Class Support

Uber Class Support
queryarray (string)One or more (up to 500) scheduled exclusion IDs.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_scheduled_exclusions(policy_id="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getScheduledExclusions(policy_id="string", ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getScheduledExclusions", policy_id="string", ids=id_list)
print(response)

createScheduledExclusions

Creates a new scheduled exclusion configuration for the provided policy id.

PEP8 method name

create_scheduled_exclusions

Endpoint

MethodRoute
POST/filevantage/entities/policy-scheduled-exclusions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodylist of dictionariesFull body payload in JSON format.
description
Service Class Support

Uber Class Support
bodystringThe scheduled exclusion description (Max: 500 characters)
name
Service Class Support

Uber Class Support
bodystringName of the scheduled exclusion (Max: 100 characters)
policy_id
Service Class Support

Uber Class Support
bodystringID of the policy the schedule exclusion is assigned.
users
Service Class Support

Uber Class Support
bodystringComma-delimited list of users to not monitor changes. (Max: 500 characters).

Example: admin* excludes changes made by all usernames that begin with admin.

Supports Falcon GLOB syntax
processes
Service Class Support

Uber Class Support
bodystringComma-delimited list of processes to not monitor changes. (Max: 500 characters).

Example: **\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.
schedule_start
Service Class Support

Uber Class Support
bodystringIndicates the start of the schedule. (RFC3339 format)
schedule_end
Service Class Support

Uber Class Support
bodystringIndicates the end of the schedule. (RFC3339 format)

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.create_scheduled_exclusions(description="string",
                                              name="string",
                                              policy_id="string",
                                              users="string",
                                              processes="string",
                                              schedule_start="string",
                                              schedule_end="string"
                                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.createScheduledExclusions(description="string",
                                            name="string",
                                            policy_id="string",
                                            users="string",
                                            processes="string",
                                            schedule_start="string",
                                            schedule_end="string"
                                            )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
body_payload = {
    "description": "string",
    "name": "string",
    "policy_id": "string",
    "processes": "string",
    "schedule_end": "string",
    "schedule_start": "string",
    "users": "string"
}

response = falcon.command("createScheduledExclusions", body=body_payload)

print(response)

deleteScheduledExclusions

Deletes 1 or more scheduled exclusions from the provided policy id.

PEP8 method name

delete_scheduled_exclusions

Endpoint

MethodRoute
DELETE/filevantage/entities/policy-scheduled-exclusions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
policy_id
Service Class Support

Uber Class Support
querystringID of the policy to delete the scheduled exclusions from.
ids
Service Class Support

Uber Class Support
queryarray (string)One or more (up to 500) scheduled exclusion IDs.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_scheduled_exclusions(policy_id="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteScheduledExclusions(policy_id="string", ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteScheduledExclusions", policy_id="string", ids=id_list)
print(response)

updateScheduledExclusions

Updates the provided scheduled exclusion configuration within the provided policy.

PEP8 method name

update_scheduled_exclusions

Endpoint

MethodRoute
PATCH/filevantage/entities/policy-scheduled-exclusions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodylist of dictionariesFull body payload in JSON format.
description
Service Class Support

Uber Class Support
bodystringThe scheduled exclusion description (Max: 500 characters)
id
Service Class Support

Uber Class Support
bodystringID of the scheduled exclusion to update.
name
Service Class Support

Uber Class Support
bodystringName of the scheduled exclusion (Max: 100 characters)
policy_id
Service Class Support

Uber Class Support
bodystringID of the policy the schedule exclusion is assigned.
users
Service Class Support

Uber Class Support
bodystringComma-delimited list of users to not monitor changes. (Max: 500 characters).

Example: admin* excludes changes made by all usernames that begin with admin.

Supports Falcon GLOB syntax
processes
Service Class Support

Uber Class Support
bodystringComma-delimited list of processes to not monitor changes. (Max: 500 characters).

Example: **\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.
schedule_start
Service Class Support

Uber Class Support
bodystringIndicates the start of the schedule. (RFC3339 format)
schedule_end
Service Class Support

Uber Class Support
bodystringIndicates the end of the schedule. (RFC3339 format)
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.update_scheduled_exclusions(description="string",
                                              name="string",
                                              id="string",
                                              policy_id="string",
                                              users="string",
                                              processes="string",
                                              schedule_start="string",
                                              schedule_end="string"
                                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.updateScheduledExclusions(description="string",
                                            name="string",
                                            id="string",
                                            policy_id="string",
                                            users="string",
                                            processes="string",
                                            schedule_start="string",
                                            schedule_end="string"
                                            )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "id": "string",
    "name": "string",
    "policy_id": "string",
    "processes": "string",
    "schedule_end": "string",
    "schedule_start": "string",
    "users": "string"
}

response = falcon.command("updateScheduledExclusions", body=body_payload)

print(response)

updateRuleGroupPrecedence

Updates the rule precedence for all rules in the identified rule group.

PEP8 method name

update_rule_group_precedence

Endpoint

MethodRoute
PATCH/filevantage/entities/rule-groups-rule-precedence/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
rule_group_id
Service Class Support

Uber Class Support
querystringRule group from which to set the precedence.
ids
Service Class Support

Uber Class Support
queryarray (string)One or more (up to 500) rule group IDs.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_rule_group_precedence(rule_group_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updateRuleGroupPrecedence(rule_group_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updateRuleGroupPrecedence", rule_group_id="string", ids=id_list)
print(response)

getRules

Retrieves the configuration for 1 or more rules.

PEP8 method name

get_rules

Endpoint

MethodRoute
GET/filevantage/entities/rule-groups-rules/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
rule_group_id
Service Class Support

Uber Class Support
querystringRule group from which to retrieve the rule configuration.
ids
Service Class Support

Uber Class Support
queryarray (string)One or more (up to 500) rule IDs.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_rules(rule_group_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getRules(rule_group_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getRules", rule_group_id="string", ids=id_list)
print(response)

createRules

Creates a new rule configuration within the specified rule group.

PEP8 method name

create_rule

Endpoint

MethodRoute
POST/filevantage/entities/rule-groups-rules/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodylist of dictionariesFull body payload in JSON format.
description
Service Class Support

Uber Class Support
bodystringThe rule description (Max: 500 characters)
rule_group_id
Service Class Support

Uber Class Support
bodystringGroup ID containing the group configuration.
path
Service Class Support

Uber Class Support
bodystringThe file system or registry path to monitor. (Max: 250 characters)

All paths must end with the path separator,
e.g. \ (Windows) or / (Linux/MacOS)
severity
Service Class Support

Uber Class Support
bodystringTo categorize change events produced by this rule. Allowed values:
  • Low
  • Medium
  • High
  • Critical
depth
Service Class Support

Uber Class Support
bodystringRecursion levels below the base path to monitor (1 - 5, or ANY).
precedence
Service Class Support

Uber Class Support
bodyintegerThe order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result in this rule being placed before the existing rule.
include
Service Class Support

Uber Class Support
bodystringThe files, directories, registry keys, or registry values that will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported
exclude
Service Class Support

Uber Class Support
bodystringThe files, directories, registry keys, or registry values that will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported
include_users
Service Class Support

Uber Class Support
bodystringThe changes performed by these specific users will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
exclude_users
Service Class Support

Uber Class Support
bodystringThe changes performed by these specific users will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
include_processes
Service Class Support

Uber Class Support
bodystringThe changes performed by these specific processes will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
exclude_processes
Service Class Support

Uber Class Support
bodystringThe changes performed by these specific processes will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
watch_create_directory_changes
Service Class Support

Uber Class Support
bodybooleanFile system directory monitoring.
watch_delete_directory_changes
Service Class Support

Uber Class Support
bodybooleanFile system directory monitoring.
watch_rename_directory_changes
Service Class Support

Uber Class Support
bodybooleanFile system directory monitoring.
watch_attributes_directory_changes
Service Class Support

Uber Class Support
bodybooleanFile system directory monitoring.

MacOS is not supported at this time
watch_permissions_directory_changes
Service Class Support

Uber Class Support
bodybooleanFile system directory monitoring.

MacOS is not supported at this time
watch_create_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.
watch_delete_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.
watch_write_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.
watch_rename_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.
watch_attributes_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.

MacOS is not supported at this time
watch_permissions_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.

MacOS is not supported at this time
watch_create_key_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.
watch_delete_key_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.
watch_permissions_key_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value permissions monitoring.
watch_set_value_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.
watch_delete_value_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.
watch_rename_key_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.
watch_create_file_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.create_rule(depth="string",
                              description="string",
                              exclude="string",
                              exclude_processes="string",
                              exclude_users="string",
                              include="string",
                              include_processes="string",
                              include_users="string",
                              path="string",
                              precedence=integer,
                              rule_group_id="string",
                              severity="string",
                              watch_attributes_directory_changes=boolean,
                              watch_attributes_file_changes=boolean,
                              watch_create_directory_changes=boolean,
                              watch_create_file_changes=boolean,
                              watch_create_key_changes=boolean,
                              watch_delete_directory_changes=boolean,
                              watch_delete_file_changes=boolean,
                              watch_delete_key_changes=boolean,
                              watch_delete_value_changes=boolean,
                              watch_permissions_directory_changes=boolean,
                              watch_permissions_file_changes=boolean,
                              watch_rename_directory_changes=boolean,
                              watch_rename_file_changes=boolean,
                              watch_rename_key_changes=boolean,
                              watch_set_value_changes=boolean,
                              watch_write_file_changes=boolean
                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.createRules(depth="string",
                              description="string",
                              exclude="string",
                              exclude_processes="string",
                              exclude_users="string",
                              include="string",
                              include_processes="string",
                              include_users="string",
                              path="string",
                              precedence=integer,
                              rule_group_id="string",
                              severity="string",
                              watch_attributes_directory_changes=boolean,
                              watch_attributes_file_changes=boolean,
                              watch_create_directory_changes=boolean,
                              watch_create_file_changes=boolean,
                              watch_create_key_changes=boolean,
                              watch_delete_directory_changes=boolean,
                              watch_delete_file_changes=boolean,
                              watch_delete_key_changes=boolean,
                              watch_delete_value_changes=boolean,
                              watch_permissions_directory_changes=boolean,
                              watch_permissions_file_changes=boolean,
                              watch_rename_directory_changes=boolean,
                              watch_rename_file_changes=boolean,
                              watch_rename_key_changes=boolean,
                              watch_set_value_changes=boolean,
                              watch_write_file_changes=boolean
                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "depth": "string",
    "description": "string",
    "exclude": "string",
    "exclude_processes": "string",
    "exclude_users": "string",
    "include": "string",
    "include_processes": "string",
    "include_users": "string",
    "path": "string",
    "precedence": 0,
    "rule_group_id": "string",
    "severity": "string",
    "watch_attributes_directory_changes": boolean,
    "watch_attributes_file_changes": boolean,
    "watch_create_directory_changes": boolean,
    "watch_create_file_changes": boolean,
    "watch_create_key_changes": boolean,
    "watch_delete_directory_changes": boolean,
    "watch_delete_file_changes": boolean,
    "watch_delete_key_changes": boolean,
    "watch_delete_value_changes": boolean,
    "watch_permissions_directory_changes": boolean,
    "watch_permissions_file_changes": boolean,
    "watch_rename_directory_changes": boolean,
    "watch_rename_file_changes": boolean,
    "watch_rename_key_changes": boolean,
    "watch_set_value_changes": boolean,
    "watch_write_file_changes": boolean
}

response = falcon.command("createRules", body=body_payload)

print(response)

deleteRules

Deletes 1 or more rules from the specified rule group.

PEP8 method name

delete_rules

Endpoint

MethodRoute
DELETE/filevantage/entities/rule-groups-rules/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
rule_group_id
Service Class Support

Uber Class Support
querystringThe id of the rule group from which the rules will be deleted.
ids
Service Class Support

Uber Class Support
queryarray (string)One or more (up to 500) rule IDs.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_rules(rule_group_id="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteRules(rule_group_id="string", ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "rule_group_id": "string"
}

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteRules", parameters=PARAMS, ids=id_list)
print(response)

updateRules

Updates the provided rule configuration within the specified rule group.

PEP8 method name

update_rule

Endpoint

MethodRoute
PATCH/filevantage/entities/rule-groups-rules/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodylist of dictionariesFull body payload in JSON format.
description
Service Class Support

Uber Class Support
bodystringThe rule description (Max: 500 characters)
rule_group_id
Service Class Support

Uber Class Support
bodystringGroup ID containing the group configuration.
path
Service Class Support

Uber Class Support
bodystringThe file system or registry path to monitor. (Max: 250 characters)

All paths must end with the path separator,
e.g. \ (Windows) or / (Linux/MacOS)
severity
Service Class Support

Uber Class Support
bodystringTo categorize change events produced by this rule. Allowed values:
  • Low
  • Medium
  • High
  • Critical
depth
Service Class Support

Uber Class Support
bodystringRecursion levels below the base path to monitor (1 - 5, or ANY).
precedence
Service Class Support

Uber Class Support
bodyintegerThe order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result in this rule being placed before the existing rule.
include
Service Class Support

Uber Class Support
bodystringThe files, directories, registry keys, or registry values that will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported
exclude
Service Class Support

Uber Class Support
bodystringThe files, directories, registry keys, or registry values that will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported
include_users
Service Class Support

Uber Class Support
bodystringThe changes performed by these specific users will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
exclude_users
Service Class Support

Uber Class Support
bodystringThe changes performed by these specific users will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
include_processes
Service Class Support

Uber Class Support
bodystringThe changes performed by these specific processes will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
exclude_processes
Service Class Support

Uber Class Support
bodystringThe changes performed by these specific processes will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
watch_create_directory_changes
Service Class Support

Uber Class Support
bodybooleanFile system directory monitoring.
watch_delete_directory_changes
Service Class Support

Uber Class Support
bodybooleanFile system directory monitoring.
watch_rename_directory_changes
Service Class Support

Uber Class Support
bodybooleanFile system directory monitoring.
watch_attributes_directory_changes
Service Class Support

Uber Class Support
bodybooleanFile system directory monitoring.

MacOS is not supported at this time
watch_permissions_directory_changes
Service Class Support

Uber Class Support
bodybooleanFile system directory monitoring.

MacOS is not supported at this time
watch_create_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.
watch_delete_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.
watch_write_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.
watch_rename_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.
watch_attributes_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.

MacOS is not supported at this time
watch_permissions_file_changes
Service Class Support

Uber Class Support
bodybooleanFile system file monitoring.

MacOS is not supported at this time
watch_create_key_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.
watch_delete_key_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.
watch_set_value_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.
watch_delete_value_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.
watch_rename_key_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.
watch_create_file_changes
Service Class Support

Uber Class Support
bodybooleanWindows registry key and value monitoring.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.update_rule(depth="string",
                              description="string",
                              exclude="string",
                              exclude_processes="string",
                              exclude_users="string",
                              id="string",
                              include="string",
                              include_processes="string",
                              include_users="string",
                              path="string",
                              precedence=integer,
                              rule_group_id="string",
                              severity="string",
                              watch_attributes_directory_changes=boolean,
                              watch_attributes_file_changes=boolean,
                              watch_create_directory_changes=boolean,
                              watch_create_file_changes=boolean,
                              watch_create_key_changes=boolean,
                              watch_delete_directory_changes=boolean,
                              watch_delete_file_changes=boolean,
                              watch_delete_key_changes=boolean,
                              watch_delete_value_changes=boolean,
                              watch_permissions_directory_changes=boolean,
                              watch_permissions_file_changes=boolean,
                              watch_rename_directory_changes=boolean,
                              watch_rename_file_changes=boolean,
                              watch_rename_key_changes=boolean,
                              watch_set_value_changes=boolean,
                              watch_write_file_changes=boolean
                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.updateRules(depth="string",
                              description="string",
                              exclude="string",
                              exclude_processes="string",
                              exclude_users="string",
                              id="string",
                              include="string",
                              include_processes="string",
                              include_users="string",
                              path="string",
                              precedence=integer,
                              rule_group_id="string",
                              severity="string",
                              watch_attributes_directory_changes=boolean,
                              watch_attributes_file_changes=boolean,
                              watch_create_directory_changes=boolean,
                              watch_create_file_changes=boolean,
                              watch_create_key_changes=boolean,
                              watch_delete_directory_changes=boolean,
                              watch_delete_file_changes=boolean,
                              watch_delete_key_changes=boolean,
                              watch_delete_value_changes=boolean,
                              watch_permissions_directory_changes=boolean,
                              watch_permissions_file_changes=boolean,
                              watch_rename_directory_changes=boolean,
                              watch_rename_file_changes=boolean,
                              watch_rename_key_changes=boolean,
                              watch_set_value_changes=boolean,
                              watch_write_file_changes=boolean
                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "depth": "string",
    "description": "string",
    "exclude": "string",
    "exclude_processes": "string",
    "exclude_users": "string",
    "id": "string",
    "include": "string",
    "include_processes": "string",
    "include_users": "string",
    "path": "string",
    "precedence": 0,
    "rule_group_id": "string",
    "severity": "string",
    "watch_attributes_directory_changes": boolean,
    "watch_attributes_file_changes": boolean,
    "watch_create_directory_changes": boolean,
    "watch_create_file_changes": boolean,
    "watch_create_key_changes": boolean,
    "watch_delete_directory_changes": boolean,
    "watch_delete_file_changes": boolean,
    "watch_delete_key_changes": boolean,
    "watch_delete_value_changes": boolean,
    "watch_permissions_directory_changes": boolean,
    "watch_permissions_file_changes": boolean,
    "watch_rename_directory_changes": boolean,
    "watch_rename_file_changes": boolean,
    "watch_rename_key_changes": boolean,
    "watch_set_value_changes": boolean,
    "watch_write_file_changes": boolean
}

response = falcon.command("updateRules", body=body_payload)

print(response)

getRuleGroups

Retrieves the rule group details for 1 or more rule groups.

PEP8 method name

get_rule_groups

Endpoint

MethodRoute
GET/filevantage/entities/rule-groups/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
queryarray (string)One or more (up to 500) rule group ids.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_rule_groups(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getRuleGroups(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getRuleGroups", ids=id_list)
print(response)

createRuleGroups

Creates a new rule group of the specified type.

PEP8 method name

create_rule_group

Endpoint

MethodRoute
POST/filevantage/entities/rule-groups/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodylist of dictionariesFull body payload in JSON format.
description
Service Class Support

Uber Class Support
bodystringThe policy description (Max: 500 characters)
name
Service Class Support

Uber Class Support
bodystringName of the policy (Max: 100 characters)
type
Service Class Support

Uber Class Support
bodystringRule group type. Must be one of:
  • WindowsFiles
  • WindowsRegistry
  • LinuxFiles
  • MacFiles

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.create_rule_group(description="string",
                                    name="string",
                                    type="string"
                                    )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.createRuleGroups(description="string",
                                   name="string",
                                   type="string"
                                   )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "name": "string",
    "type": "string"
}

response = falcon.command("createRuleGroups", body=body_payload)

print(response)

deleteRuleGroups

Deletes 1 or more rule groups

PEP8 method name

delete_rule_groups

Endpoint

MethodRoute
DELETE/filevantage/entities/rule-groups/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
queryarray (string)One or more (up to 500) rule group ids.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_rule_groups(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteRuleGroups(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteRuleGroups", ids=id_list)

print(response)

updateRuleGroups

Updates the provided rule group.

PEP8 method name

update_rule_group

Endpoint

MethodRoute
PATCH/filevantage/entities/rule-groups/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodylist of dictionariesFull body payload in JSON format.
description
Service Class Support

Uber Class Support
bodystringThe policy description (Max: 500 characters)
name
Service Class Support

Uber Class Support
bodystringName of the policy (Max: 100 characters)
id
Service Class Support

Uber Class Support
bodystringRule group ID to update.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.update_rule_group(description="string",
                                    name="string",
                                    id="string"
                                    )

print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.updateRuleGroups(description="string",
                                   name="string",
                                   id="string"
                                   )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "name": "string",
    "id": "string"
}

response = falcon.command("updateRuleGroups", body=body_payload)
print(response)

queryChanges

Returns 1 or more change ids

PEP8 method name

query_changes

Endpoint

MethodRoute
GET/filevantage/queries/changes/v2

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
offset
Service Class Support

Uber Class Support
queryintegerThe offset to start retrieving records from. Defaults to 0 if not specified.
limit
Service Class Support

Uber Class Support
queryintegerThe maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.
sort
Service Class Support

Uber Class Support
querystringSort results using options like: - action_timestamp (timestamp of the change occurrence) Sort either asc (ascending) or desc (descending). For example: action_timestamp|asc. The full list of allowed sorting options can be reviewed in our API documentation.
filter
Service Class Support

Uber Class Support
querystringFilter changes using a query in Falcon Query Language (FQL). Common filter options include: - host.name - action_timestamp The full list of allowed filter parameters can be reviewed in our API documentation.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.query_changes(offset=integer,
                                limit=integer,
                                sort="string",
                                filter="string"
                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.queryChanges(offset=integer,
                               limit=integer,
                               sort="string",
                               filter="string"
                               )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryChanges",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

highVolumeQueryChanges

Returns 1 or more change ids

PEP8 method name

query_changes_scroll

Endpoint

MethodRoute
GET/filevantage/queries/changes/v3

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
after
Service Class Support

Uber Class Support
querystringA pagination token used with the limit parameter to manage pagination of results. On your first request don't provide a value for the after token. On subsequent requests provide the after token value from the previous response to continue pagination from where you left. If the response returns an empty after token it means there are no more results to return.
limit
Service Class Support

Uber Class Support
queryintegerThe maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 5000.
sort
Service Class Support

Uber Class Support
querystringSort results using options like: - action_timestamp (timestamp of the change occurrence) Sort either asc (ascending) or desc (descending). For example: action_timestamp|asc. Defaults to action_timestamp|desc no value is specified. The full list of allowed sorting options can be reviewed in our API documentation.
filter
Service Class Support

Uber Class Support
querystringFilter changes using a query in Falcon Query Language (FQL). Common filter options include: - host.name - action_timestamp The full list of allowed filter parameters can be reviewed in our API documentation.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.query_changes_scroll(after="string",
                                       limit=integer,
                                       sort="string",
                                       filter="string"
                                       )
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.highVolumeQueryChanges(after="string",
                                         limit=integer,
                                         sort="string",
                                         filter="string"
                                         )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("highVolumeQueryChanges",
                          after="string",
                          limit=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

queryPolicies

Retrieve the ids of all policies that are assigned the provided policy type.

PEP8 method name

query_policies

Endpoint

MethodRoute
GET/filevantage/queries/policies/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
offset
Service Class Support

Uber Class Support
queryintegerThe offset to start retrieving records from. Defaults to 0 if not specified.
limit
Service Class Support

Uber Class Support
queryintegerThe maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.
sort
Service Class Support

Uber Class Support
querystringSort the returned ids based on one of the following properties: precedence, created_timestamp or modified_timestamp Sort either asc (ascending) or desc (descending); for example: precedence|asc.
type
Service Class Support

Uber Class Support
querystringThe types of policies to retrieve. Allowed values are: Windows, Linux or Mac.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.query_policies(offset=integer,
                                 limit=integer,
                                 sort="string",
                                 type="string"
                                 )
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.queryPolicies(offset=integer,
                                limit=integer,
                                sort="string",
                                type="string"
                                )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryPolicies",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          type="string"
                          )
print(response)

queryScheduledExclusions

Retrieve the ids of all scheduled exclusions contained within the provided policy id.

PEP8 method name

query_scheduled_exclusions

Endpoint

MethodRoute
GET/filevantage/queries/policy-scheduled-exclusions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
policy_id
Service Class Support

Uber Class Support
querystringThe id of the policy from which to retrieve the scheduled exclusion ids.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.query_scheduled_exclusions(policy_id="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.queryScheduledExclusions(policy_id="string")
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
response = falcon.command("queryScheduledExclusions", policy_id="string")

print(response)

queryRuleGroups

Retrieve the ids of all rule groups that are of the provided rule group type.

PEP8 method name

query_rule_groups

Endpoint

MethodRoute
GET/filevantage/queries/rule-groups/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
offset
Service Class Support

Uber Class Support
queryintegerThe offset to start retrieving records from. Defaults to 0 if not specified.
limit
Service Class Support

Uber Class Support
queryintegerThe maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.
sort
Service Class Support

Uber Class Support
querystringSort the returned ids based on one of the following properties: created_timestamp or modified_timestamp Sort either asc (ascending) or desc (descending); for example: created_timestamp|asc.
type
Service Class Support

Uber Class Support
querystringThe rule group type to retrieve the ids of. Allowed values are: WindowsFiles, WindowsRegistry, LinuxFiles or MacFiles.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.query_rule_groups(offset=integer,
                                    limit=integer,
                                    sort="string",
                                    type="string"
                                    )
print(response)

Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.queryRuleGroups(offset=integer,
                                  limit=integer,
                                  sort="string",
                                  type="string"
                                  )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryRuleGroups",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          type="string"
                          )
print(response)