CrowdStrike Falcon Twitter URL

Using the Installation Tokens service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
audit_events_read
PEP 8audit_events_read
Gets the details of one or more audit events by id.
customer_settings_read
PEP 8customer_settings_read
Check current installation token settings.
tokens_read
PEP 8tokens_read
Gets the details of one or more tokens by id.
tokens_create
PEP 8tokens_create
Creates a token.
tokens_delete
PEP 8tokens_delete
Deletes a token immediately. To revoke a token, use tokens_update instead.
tokens_update
PEP 8tokens_update
Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.
audit_events_query
PEP 8audit_events_query
Search for audit events by providing a FQL filter and paging details.
tokens_query
PEP 8tokens_query
Search for tokens by providing a FQL filter and paging details.

Passing credentials

WARNING

client_id and client_secret are input variables that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

audit_events_read

Gets the details of one or more audit events by id.

PEP8 method name

audit_events_read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsID(s) of the audit events to retrieve details for.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.audit_events_read(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("audit_events_read", ids=id_list)
print(response)

customer_settings_read

Check current installation token settings.

PEP8 method name

customer_settings_read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.customer_settings_read()
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("customer_settings_read")
print(response)

tokens_read

Gets the details of one or more tokens by id.

PEP8 method name

tokens_read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsID(s) of the tokens to retrieve details for.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.tokens_read(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("tokens_read", ids=id_list)
print(response)

tokens_create

Creates a token.

PEP8 method name

tokens_create

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
expires_timestamp
Service Class Support

Uber Class Support
bodystringExpiration timestamp. UTC format.
label
Service Class Support

Uber Class Support
bodystringInstallation token label.
revoked
Service Class Support

Uber Class Support
bodybooleanFlag indicating if the token is revoked.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.tokens_create(expires_timestamp="string",
                                label="string",
                                revoked=boolean
                                )
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

BODY = {
    "expires_timestamp": "2021-09-22T02:28:11.762Z",
    "label": "string",
    "revoked": boolean
}

response = falcon.command("tokens_create", body=BODY)
print(response)

tokens_delete

Deletes a token immediately. To revoke a token, use tokens_update instead.

PEP8 method name

tokens_delete

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsID(s) of the tokens to delete.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.tokens_delete(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("tokens_delete", ids=id_list)
print(response)

tokens_update

Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.

PEP8 method name

tokens_update

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
expires_timestamp
Service Class Support

Uber Class Support
bodystringExpiration timestamp. UTC format.
label
Service Class Support

Uber Class Support
bodystringInstallation token label.
ids
Service Class Support

Uber Class Support
querystring or list of stringsID(s) of the tokens to update.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
revoked
Service Class Support

Uber Class Support
bodybooleanFlag indicating if the token is revoked.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.tokens_update(expires_timestamp="string",
                                label="string",
                                ids=id_list,
                                revoked=boolean
                                )
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

BODY = {
    "expires_timestamp": "2021-09-22T02:28:11.762Z",
    "label": "string",
    "revoked": boolean
}

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("tokens_update", body=BODY, ids=id_list)
print(response)

audit_events_query

Search for audit events by providing a FQL filter and paging details.

PEP8 method name

audit_events_query

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFQL Syntax formatted string used to limit the results.
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of records to return.

(Max: 1000, Default: 10)
offset
Service Class Support

Uber Class Support
queryintegerStarting index of overall result set from which to return ids.
sort
Service Class Support

Uber Class Support
querystringThe property to sort by. (Ex: timestamp.desc)
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.audit_events_query(offset=integer,
                                     limit=integer,
                                     sort="string",
                                     filter="string"
                                     )
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("audit_events_query",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

tokens_query

Search for tokens by providing a FQL filter and paging details.

PEP8 method name

tokens_query

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFQL Syntax formatted string used to limit the results.
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of records to return.

(Max: 1000, Default: 10)
offset
Service Class Support

Uber Class Support
queryintegerStarting index of overall result set from which to return ids.
sort
Service Class Support

Uber Class Support
querystringThe property to sort by. (Ex: created_timestamp.desc)
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.tokens_query(offset=integer,
                               limit=integer,
                               sort="string",
                               filter="string"
                               )
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("tokens_query",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string"
                          )
print(response)