CrowdStrike Falcon Twitter URL

Using the Identity Protection service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
api_preempt_proxy_post_graphql
PEP 8graphql
Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents.

Passing credentials

WARNING

client_id and client_secret are input variables that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

api_preempt_proxy_post_graphql

Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents.

PEP8 method name

graphql

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
query
Service Class Support

Uber Class Support
bodystringJSON-similar formatted query to perform.

Usage

Service class example (PEP8 syntax)
from falconpy import IdentityProtection

# Do not hardcode API credentials!
falcon = IdentityProtection(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

idp_query = "{\n  entities(first: 1)\n  {\n    nodes {\n      entityId    \n    }\n  }\n}"

response = falcon.graphql(query=idp_query)
print(response)
Service class example (Operation ID syntax)
from falconpy import IdentityProtection

# Do not hardcode API credentials!
falcon = IdentityProtection(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

idp_query = "{\n  entities(first: 1)\n  {\n    nodes {\n      entityId    \n    }\n  }\n}"

response = falcon.api_preempt_proxy_post_graphql(query=idp_query)
print(response)
Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )
BODY = {
    "query": "{\n  entities(first: 1)\n  {\n    nodes {\n      entityId    \n    }\n  }\n}"
}

response = falcon.command("api_preempt_proxy_post_graphql", body=BODY)
print(response)