Using the Identity Protection service collection
Table of Contents
Operation ID | Description | ||||
---|---|---|---|---|---|
| Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents. |
Passing credentials
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
api_preempt_proxy_post_graphql
Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents.
PEP8 method name
graphql
Endpoint
Method | Route |
---|---|
/identity-protection/combined/graphql/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
query | body | string | JSON-similar formatted query to perform. | ||
variables | body | dictionary | Dictionary of variables to provide to the query. |
Usage
Service class example (PEP8 syntax)
from falconpy import IdentityProtection
# Do not hardcode API credentials!
falcon = IdentityProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
idp_query = """
query ($after: Cursor) {
entities(types: [USER], archived: false, learned: false, first: 5, after: $after) {
nodes {
primaryDisplayName
secondaryDisplayName
accounts {
... on ActiveDirectoryAccountDescriptor {
domain
}
}
}
pageInfo {
hasNextPage
endCursor
}
}
}
"""
variables = {
"string": "string, int, float"
}
response = falcon.graphql(query=idp_query, variables=variables)
print(response)
Service class example (Operation ID syntax)
from falconpy import IdentityProtection
# Do not hardcode API credentials!
falcon = IdentityProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
idp_query = """
query ($after: Cursor) {
entities(types: [USER], archived: false, learned: false, first: 5, after: $after) {
nodes {
primaryDisplayName
secondaryDisplayName
accounts {
... on ActiveDirectoryAccountDescriptor {
domain
}
}
}
pageInfo {
hasNextPage
endCursor
}
}
}
"""
variables = {
"string": "string, int, float"
}
response = falcon.api_preempt_proxy_post_graphql(query=idp_query, variables=variables)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
idp_query = """
query ($after: Cursor) {
entities(types: [USER], archived: false, learned: false, first: 5, after: $after) {
nodes {
primaryDisplayName
secondaryDisplayName
accounts {
... on ActiveDirectoryAccountDescriptor {
domain
}
}
}
pageInfo {
hasNextPage
endCursor
}
}
}
"""
variables = {
"string": "string, int, float"
}
BODY = {
"query": idp_query,
"variables" variables
}
response = falcon.command("api_preempt_proxy_post_graphql", body=BODY)
print(response)