Using the ML Exclusions service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Get a set of ML Exclusions by specifying their IDs. | ||||
| Create the ML exclusions. | ||||
| Delete the ML exclusions by ID. | ||||
| Update the ML exclusions. | ||||
| Search for ML exclusions. | ||||
| Get exclusion aggregates as specified via json in request body. | ||||
| Get all exclusions. | ||||
| Actions used to manipulate the content of exclusions, with ancestor fields. | ||||
| Create a report of ML exclusions scoped by the given filters. | ||||
| Get the exclusions by id, with ancestor fields. | ||||
| Create the exclusions, with ancestor fields. | ||||
| Update the exclusions by id, with ancestor fields. | ||||
| Delete the exclusions by id, with ancestor fields. | ||||
| Search for exclusions, with ancestor fields. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
getMLExclusionsV1
Get a set of ML Exclusions by specifying their IDs
PEP8 method name
get_exclusions
Endpoint
| Method | Route |
|---|---|
 | /policy/entities/ml-exclusions/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |  | | query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_exclusions(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getMLExclusionsV1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getMLExclusionsV1", ids=id_list)
print(response)
Back to Table of Contents
createMLExclusionsV1
Create the ML exclusions
PEP8 method name
create_exclusions
Endpoint
| Method | Route |
|---|---|
 | /policy/entities/ml-exclusions/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |  | body | dictionary | Full body payload in JSON format. |
| comment | |  | body | string | String comment describing why the exclusions was created. |
| excluded_from | | | body | list of strings | Group ID(s) explicitly excluded from the exclusion. |
| groups | | | body | list of strings | Group ID(s) impacted by the exclusion. Defaults to ["all"] when not specified while using a Service Class. This default must be provided by the developer when using the Uber Class. |
| value | | | body | string | Value to match for the exclusion. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.create_exclusions(comment="string",
groups=group_list,
excluded_from=exclude_list,
value="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.createMLExclusionsV1(comment="string",
groups=group_list,
excluded_from=exclude_list,
value="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3'] # If not specifying a group ID, you must submit ["all"].
exclude_list = ['EX1', 'EX2', 'EX3']
BODY = {
"comment": "string",
"excluded_from": exclude_list,
"groups": group_list,
"value": "string"
}
response = falcon.command("createMLExclusionsV1", body=BODY)
print(response)
Back to Table of Contents
deleteMLExclusionsV1
Delete the ML exclusions by id
PEP8 method name
delete_exclusions
Endpoint
| Method | Route |
|---|---|
 | /policy/entities/ml-exclusions/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comment | | | query | string | Explains why this exclusion was deleted. |
| ids | | | query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_exclusions(comment="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteMLExclusionsV1(comment="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteMLExclusionsV1", comment="string", ids=id_list)
print(response)
Back to Table of Contents
updateMLExclusionsV1
Update the ML exclusions
PEP8 method name
update_exclusions
Endpoint
| Method | Route |
|---|---|
 | /policy/entities/ml-exclusions/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| comment | | | body | string | String comment describing why the exclusions was created. |
| groups | | | body | list of strings | Group ID(s) impacted by the exclusion. |
| id | | | body | string | The ID of the exclusion to update. |
| value | | | body | string | Value to match for the exclusion. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.update_exclusions(comment="string",
groups=group_list,
value="string",
id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.updateMLExclusionsV1(comment="string",
groups=group_list,
value="string",
id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
BODY = {
"comment": "string",
"groups": group_list,
"id": "string",
"value": "string"
}
response = falcon.command("updateMLExclusionsV1", body=BODY)
print(response)
Back to Table of Contents
queryMLExclusionsV1
Search for ML exclusions.
PEP8 method name
query_exclusions
Endpoint
| Method | Route |
|---|---|
| /policy/queries/ml-exclusions/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | The filter expression that should be used to limit the results. FQL syntax. Available filters:
|
| limit | | | query | integer | The maximum number of records to return. [1-500] |
| offset | | | query | integer | The offset to start retrieving records from. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| sort | | | query | string | The property to sort by. FQL syntax. (e.g. last_behavior|asc) Available sort fields:
|
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_exclusions(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryMLExclusionsV1(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryMLExclusionsV1",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Back to Table of Contents
exclusions_aggregates_v2
Get exclusion aggregates as specified via json in request body.
PEP8 method name
get_exclusion_aggregates
Endpoint
| Method | Route |
|---|---|
| /exclusions/aggregates/exclusions/GET/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | list of dictionaries | Full body payload as a JSON formatted list. |
| date_ranges | | | body | list of dictionaries | List of date ranges for the aggregate. |
| exclude | | | body | string | Exclusion string for the aggregate query. |
| extended_bounds | | | body | dictionary | Extended bounds for the aggregate. |
| field | | | body | string | The field to aggregate on. |
| filter | | | body | string | FQL filter to limit aggregation results. |
| filters_spec | | | body | dictionary | Specification for additional filters. |
| from | | | body | integer | Starting position for pagination. |
| include | | | body | string | Inclusion string for the aggregate query. |
| interval | | | body | string | Time interval for date histogram aggregates. |
| max_doc_count | | | body | integer | Maximum number of documents per bucket. |
| min_doc_count | | | body | integer | Minimum number of documents per bucket. |
| missing | | | body | string | Value for documents missing the field. |
| name | | | body | string | The name of the aggregate query. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| percents | | | body | list of numbers | List of percentiles to calculate. |
| q | | | body | string | Full text query string. |
| ranges | | | body | list of dictionaries | List of range specifications. |
| size | | | body | integer | Maximum number of results to return per aggregate. |
| sort | | | body | string | The field to sort results on. |
| sub_aggregates | | | body | list of dictionaries | Nested sub-aggregation definitions. |
| time_zone | | | body | string | The time zone for date operations. |
| type | | | body | string | The type of aggregate query to perform. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_range_list = [{"from": "string", "to": "string"}]
range_list = [{"From": 1, "To": 2}]
response = falcon.get_exclusion_aggregates(date_ranges=date_range_list,
exclude="string",
field="string",
filter="string",
include="string",
interval="string",
max_doc_count=integer,
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=range_list,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_range_list = [{"from": "string", "to": "string"}]
range_list = [{"From": 1, "To": 2}]
response = falcon.exclusions_aggregates_v2(date_ranges=date_range_list,
exclude="string",
field="string",
filter="string",
include="string",
interval="string",
max_doc_count=integer,
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=range_list,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_range_list = [{"from": "string", "to": "string"}]
range_list = [{"From": 1, "To": 2}]
BODY = [
{
"date_ranges": date_range_list,
"exclude": "string",
"field": "string",
"filter": "string",
"include": "string",
"interval": "string",
"max_doc_count": integer,
"min_doc_count": integer,
"missing": "string",
"name": "string",
"q": "string",
"ranges": range_list,
"size": integer,
"sort": "string",
"time_zone": "string",
"type": "string"
}
]
response = falcon.command("exclusions_aggregates_v2", body=BODY)
print(response)
Back to Table of Contents
exclusions_get_all_v2
Get all exclusions.
PEP8 method name
get_all_exclusions
Endpoint
| Method | Route |
|---|---|
| /exclusions/entities/all-exclusions/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_all_exclusions()
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.exclusions_get_all_v2()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("exclusions_get_all_v2")
print(response)
Back to Table of Contents
exclusions_perform_action_v2
Actions used to manipulate the content of exclusions, with ancestor fields.
PEP8 method name
perform_exclusion_action
Endpoint
| Method | Route |
|---|---|
| /exclusions/entities/exclusion-actions/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| action_name | | | query | string | The action to perform. Available values: add_item, remove_item, validate_filepath. |
| action_parameters | | | body | list of dictionaries | List of action parameter name/value pairs. |
| available | | | body | boolean | Flag indicating if the action is available. |
| body | | | body | dictionary | Full body payload in JSON format. |
| description | | | body | string | Description of the action to perform. |
| group | | | body | string | The group associated with this action. |
| label | | | body | string | The label associated with this action. |
| name | | | body | string | The name associated with this action. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
action_param_list = [{"name": "string", "value": "string"}]
response = falcon.perform_exclusion_action(action_name="string",
action_parameters=action_param_list,
available=boolean,
description="string",
group="string",
label="string",
name="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
action_param_list = [{"name": "string", "value": "string"}]
response = falcon.exclusions_perform_action_v2(action_name="string",
action_parameters=action_param_list,
available=boolean,
description="string",
group="string",
label="string",
name="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"action_parameters": [
{
"name": "string",
"value": "string"
}
],
"available": boolean,
"description": "string",
"group": "string",
"label": "string",
"name": "string"
}
response = falcon.command("exclusions_perform_action_v2",
action_name="string",
body=BODY
)
print(response)
Back to Table of Contents
exclusions_get_reports_v2
Create a report of ML exclusions scoped by the given filters.
PEP8 method name
get_exclusion_reports
Endpoint
| Method | Route |
|---|---|
| /exclusions/entities/exclusions/reports/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| filter | | | body | string | FQL filter to limit the report results. |
| report_format | | | body | string | The format for the report output. |
| search | | | body | dictionary | Search criteria for the report. |
| sort | | | body | string | The field to sort report results on. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_exclusion_reports(report_format="string",
filter="string",
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.exclusions_get_reports_v2(report_format="string",
filter="string",
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"report_format": "string",
"search": {
"filter": "string",
"sort": "string"
}
}
response = falcon.command("exclusions_get_reports_v2", body=BODY)
print(response)
Back to Table of Contents
exclusions_get_v2
Get the exclusions by id, with ancestor fields.
PEP8 method name
get_exclusions_v2
Endpoint
| Method | Route |
|---|---|
| /exclusions/entities/exclusions/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_exclusions_v2(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.exclusions_get_v2(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("exclusions_get_v2", ids=id_list)
print(response)
Back to Table of Contents
exclusions_create_v2
Create the exclusions, with ancestor fields.
PEP8 method name
create_exclusions_v2
Endpoint
| Method | Route |
|---|---|
| /exclusions/entities/exclusions/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| comment | | | body | string | Descriptive comment for the exclusion. |
| excluded_from | | | body | string or list of strings | Sources to exclude from. |
| exclusions | | | body | list of dictionaries | List of exclusion definition dictionaries. |
| grandparent_value | | | body | string | The grandparent value for the exclusion. |
| groups | | | body | string or list of strings | Group IDs to apply this exclusion to. |
| parent_value | | | body | string | The parent value for the exclusion. |
| value | | | body | string | The value to exclude. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.create_exclusions_v2(comment="string",
excluded_from=exclude_list,
grandparent_value="string",
groups=group_list,
parent_value="string",
value="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.exclusions_create_v2(comment="string",
excluded_from=exclude_list,
grandparent_value="string",
groups=group_list,
parent_value="string",
value="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
BODY = {
"exclusions": [
{
"comment": "string",
"excluded_from": exclude_list,
"grandparent_value": "string",
"groups": group_list,
"parent_value": "string",
"value": "string"
}
]
}
response = falcon.command("exclusions_create_v2", body=BODY)
print(response)
Back to Table of Contents
exclusions_update_v2
Update the exclusions by id, with ancestor fields.
PEP8 method name
update_exclusions_v2
Endpoint
| Method | Route |
|---|---|
| /exclusions/entities/exclusions/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| comment | | | body | string | Descriptive comment for the exclusion update. |
| excluded_from | | | body | string or list of strings | Sources to exclude from. |
| grandparent_value | | | body | string | The grandparent value for the exclusion. |
| groups | | | body | string or list of strings | Group IDs to apply this exclusion to. |
| id | | | body | string | The ID of the exclusion to update. |
| parent_value | | | body | string | The parent value for the exclusion. |
| value | | | body | string | The value to exclude. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.update_exclusions_v2(comment="string",
excluded_from=exclude_list,
grandparent_value="string",
groups=group_list,
id="string",
parent_value="string",
value="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
response = falcon.exclusions_update_v2(comment="string",
excluded_from=exclude_list,
grandparent_value="string",
groups=group_list,
id="string",
parent_value="string",
value="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_list = ['ID1', 'ID2', 'ID3']
exclude_list = ['EX1', 'EX2', 'EX3']
BODY = {
"comment": "string",
"excluded_from": exclude_list,
"grandparent_value": "string",
"groups": group_list,
"id": "string",
"parent_value": "string",
"value": "string"
}
response = falcon.command("exclusions_update_v2", body=BODY)
print(response)
Back to Table of Contents
exclusions_delete_v2
Delete the exclusions by id, with ancestor fields.
PEP8 method name
delete_exclusions_v2
Endpoint
| Method | Route |
|---|---|
| /exclusions/entities/exclusions/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comment | | | query | string | The comment why these exclusions were deleted. |
| ids | | | query | string or list of strings | The IDs of the exclusions to delete. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_exclusions_v2(comment="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.exclusions_delete_v2(comment="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("exclusions_delete_v2", comment="string", ids=id_list)
print(response)
Back to Table of Contents
exclusions_search_v2
Search for exclusions, with ancestor fields.
PEP8 method name
search_exclusions
Endpoint
| Method | Route |
|---|---|
| /exclusions/queries/exclusions/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | The filter expression that should be used to limit the results. FQL syntax. |
| limit | | | query | integer | The maximum records to return. [1-500] |
| offset | | | query | integer | The offset to start retrieving records from. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| sort | | | query | string | The sort expression that should be used to sort the results. Available sort fields:
|
Usage
Service class example (PEP8 syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_exclusions(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import MLExclusions
# Do not hardcode API credentials!
falcon = MLExclusions(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.exclusions_search_v2(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("exclusions_search_v2",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Back to Table of Contents