Using the Identity Protection service collection

Documentation Version

Operation ID

Description

GetSensorAggregates
PEP 8	get_sensor_aggregates

Get sensor aggregates as specified via json in request body.

GetSensorDetails
PEP 8	get_sensor_details

Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.

QuerySensorsByFilter
PEP 8	query_sensors

Search for sensors in your environment by hostname, IP, and other criteria.

api_preempt_proxy_post_graphql
PEP 8	graphql

Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents.

Name	Type	Data type	Description
body	body	list of dictionaries	Full body payload in JSON format.
date_ranges	body	list of dictionaries	Applies to date_range aggregations. Example: [ { "from": "2016-05-28T09:00:31Z", "to": "2016-05-30T09:00:31Z" }, { "from": "2016-06-01T09:00:31Z", "to": "2016-06-10T09:00:31Z" } ]
exclude	body	string	Elements to exclude.
field	body	string	The field on which to compute the aggregation.
filter	body	string	FQL syntax formatted string to use to filter the results.
from	body	integer	Starting position.
include	body	string	Elements to include.
interval	body	string	Time interval for date histogram aggregations. Valid values include: `year` `month` `week` `day` `hour` `minute`
max_doc_count	body	integer	Only return buckets if values are less than or equal to the value here.
min_doc_count	body	integer	Only return buckets if values are greater than or equal to the value here.
missing	body	string	Missing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value.
name	body	string	Name of the aggregate query, as chosen by the user. Used to identify the results returned to you.
q	body	string	Full text search across all metadata fields.
ranges	body	list of dictionaries	Applies to range aggregations. Ranges values will depend on field. For example, if `max_severity` is used, ranges might look like: [ { "From": 0, "To": 70 }, { "From": 70, "To": 100 } ]
size	body	integer	The max number of term buckets to be returned.
sub_aggregates	body	list of dictionaries	A nested aggregation, such as: [ { "name": "max_first_behavior", "type": "max", "field": "first_behavior" } ] There is a maximum of 3 nested aggregations per request.
sort	body	string	FQL syntax string to sort bucket results. `_count` - sort by document count `_term` - sort by the string value alphabetically Supports `asc` and `desc` using `\|` format. Example: `_count\|desc`
time_zone	body	string	Time zone for bucket results.
type	body	string	Type of aggregation. Valid values include: `date_histogram` - Aggregates counts on a specified time interval. Requires use of “interval” field. `date_range` - Aggregates counts on custom defined date range buckets. Can include multiple ranges. (Similar to time series, but the bucket sizes are variable). Date formats to follow ISO 8601. `terms` - Buckets alerts by the value of a specified field. For example, if field used is scenario, then alerts will be bucketed by the various alert scenario names. `range` - Buckets alerts by specified (numeric) ranges of a specified field. For example, if doing a range aggregation on the max_severity field, the alerts will be counted by the specified ranges of severity. `cardinality` - Returns the count of distinct values in a specified field. `max` - Returns the maximum value of a specified field. `min` - Returns the minimum value of a specified field. `avg` - Returns the average value of the specified field. `sum` - Returns the total sum of all values for the specified field. `percentiles` - Returns the following percentiles for the specified field: `1`, `5`, `25`, `50`, `75`, `95`, `99`.

Name	Service	Uber	Type	Data type	Description
body			body	dictionary	Full body payload in JSON format.
ids			body	string or list of strings	The host agent IDs used to get details on. Maximum: 5000

Name	Type	Data type	Description
offset	query	integer	The offset to start retrieving records from
parameters	query	dictionary	Full query string parameters payload in JSON format.
limit	query	integer	The maximum records to return. [1-200]
sort	query	string	The property to sort by (e.g. status.desc or hostname.asc)
filter	query	string	The filter expression that should be used to limit the results.

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format.
query	body	string	JSON-similar formatted query to perform.
variables	body	dictionary	Dictionary of variables to provide to the query.

The CrowdStrike Falcon Wiki for Python