Using the Real Time Response service collection
This service collection has code examples posted to the repository.
Table of Contents
Operation ID | Description | ||||
---|---|---|---|---|---|
| Get aggregates on session data. | ||||
| Batch executes a RTR active-responder command across the hosts mapped to the given batch ID. | ||||
| Batch executes a RTR read-only command across the hosts mapped to the given batch ID. | ||||
| Retrieves the status of the specified batch get command. Will return successful files when they are finished processing. | ||||
| Batch executes get command across hosts to retrieve files. After this call is made BatchGetCmdStatus is used to query for the results. | ||||
| Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. | ||||
| Batch refresh a RTR session on multiple hosts. RTR sessions will expire after 5 minutes unless refreshed. | ||||
| Get status of an executed active-responder command on a single host. | ||||
| Execute an active responder command on a single host. | ||||
| Get status of an executed command on a single host. | ||||
| Execute a command on a single host. | ||||
| Get RTR extracted file contents for specified session and sha256. | ||||
| Get a list of files for the specified RTR session. | ||||
| Get a list of files for the specified RTR session. (Expanded output detail.) | ||||
| Delete a RTR session file. | ||||
| Delete a RTR session file. (Expanded output detail, use with RTR_ListFilesV2.) | ||||
| Get queued session metadata by session ID. | ||||
| Delete a queued session command | ||||
| Refresh a session timeout on a single host. | ||||
| Get session metadata by session id. | ||||
| Initialize a new session with the RTR cloud. | ||||
| Delete a session. | ||||
| Get a list of session_ids. |
Passing credentials
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
RTR_AggregateSessions
Get aggregates on session data.
PEP8 method name
aggregate_sessions
Endpoint
Method | Route |
---|---|
/real-time-response/aggregates/sessions/GET/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | list of dictionaries | Full body payload in JSON format. | ||
date_ranges | body | list of dictionaries | Applies to date_range aggregations. Example: [ { "from": "2016-05-28T09:00:31Z", "to": "2016-05-30T09:00:31Z" }, { "from": "2016-06-01T09:00:31Z", "to": "2016-06-10T09:00:31Z" } ] | ||
exclude | body | string | Elements to exclude. | ||
field | body | string | The field on which to compute the aggregation. | ||
filter | body | string | FQL syntax formatted string to use to filter the results. | ||
from | body | integer | Starting position. | ||
include | body | string | Elements to include. | ||
interval | body | string | Time interval for date histogram aggregations. Valid values include:
| ||
max_doc_count | body | integer | Only return buckets if values are less than or equal to the value here. | ||
min_doc_count | body | integer | Only return buckets if values are greater than or equal to the value here. | ||
missing | body | string | Missing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value. | ||
name | body | string | Name of the aggregate query, as chosen by the user. Used to identify the results returned to you. | ||
q | body | string | Full text search across all metadata fields. | ||
ranges | body | list of dictionaries | Applies to range aggregations. Ranges values will depend on field. For example, if max_severity is used, ranges might look like: [ { "From": 0, "To": 70 }, { "From": 70, "To": 100 } ] | ||
size | body | integer | The max number of term buckets to be returned. | ||
sub_aggregates | body | list of dictionaries | A nested aggregation, such as: [ { "name": "max_first_behavior", "type": "max", "field": "first_behavior" } ] There is a maximum of 3 nested aggregations per request. | ||
sort | body | string | FQL syntax string to sort bucket results.
asc and desc using | format. Example: _count|desc | ||
time_zone | body | string | Time zone for bucket results. | ||
type | body | string | Type of aggregation. Valid values include:
|
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
response = falcon.aggregate_sessions(date_ranges=date_ranges,
exclude="string",
field="string",
filter="string",
from=integer,
include="string",
interval="string",
max_doc_count=integer,
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=ranges,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
response = falcon.RTR_AggregateSessions(date_ranges=date_ranges,
exclude="string",
field="string",
filter="string",
from=integer,
include="string",
interval="string",
max_doc_count=integer,
min_doc_count=integer,
missing="string",
name="string",
q="string",
ranges=ranges,
size=integer,
sort="string",
time_zone="string",
type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
date_ranges = [
{
"from": "2021-05-15T14:55:21.892315096Z",
"to": "2021-05-17T13:42:16.493180643Z"
}
]
ranges = [
{
"From": 1,
"To": 100
}
]
BODY = {
"date_ranges": date_ranges,
"exclude": "string",
"field": "string",
"filter": "string",
"from": integer,
"include": "string",
"interval": "string",
"max_doc_count": integer,
"min_doc_count": integer,
"missing": "string",
"name": "string",
"q": "string",
"ranges": ranges,
"size": integer,
"sort": "string",
"sub_aggregates": [
null
]
"time_zone": "string",
"type": "string"
}
response = falcon.command("RTR_AggregateSessions", body=BODY)
print(response)
BatchActiveResponderCmd
Batch executes a RTR active-responder command across the hosts mapped to the given batch ID.
PEP8 method name
batch_active_responder_command
Endpoint
Method | Route |
---|---|
/real-time-response/combined/batch-active-responder-command/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
base_command | body | string | Active Responder base command to perform. For example: get or cp . Refer to this list for a complete listing of available commands. | ||
batch_id | body | string | RTR Batch ID to execute the command against. Received from batch_init_session . | ||
command_string | body | string | Full command line of the command to execute. Example: get some_file.txt . | ||
host_timeout_duration | query | string | Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 5 minutes. Example, 10s . Valid units: ns , us , ms , s , m , h . | ||
optional_hosts | body | string or list of strings | List of the subset of hosts we want to impact by this command. Allows for filtering of hosts from execution within the same batch. | ||
persist_all | body | boolean | Flag indicating if this command should be executed when the host returns to service. | ||
timeout | query | integer | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. | ||
timeout_duration | query | string | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 5 minutes. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Available base commands
Command | Description | Operating System |
---|---|---|
cat | View file contents | |
cd | Change directory | |
clear | Clear the screen | |
cp | Copy a file | |
encrypt | Encrypt a file | |
env | Display environment variables | |
eventlog | Inspect the event log. Subcommands:
eventlog backup is the recommended solution as opposed to eventlog export , as this method is faster and follows industry-standard file format. | |
filehash | Calculate a file hash (MD5 or SHA256) | |
get | Retrieve a file | |
getsid | Retrieve the current SID | |
help | Access help for a specific command or sub-command | |
history | Review command history for the current user | |
ipconfig | Review TCP configuration | |
kill | Kill a running process | |
ls | List the contents of a directory | |
map | Map a UNC (SMB) path to a drive letter | |
memdump | Dump memory of a running process | |
mkdir | Create a directory | |
mount | Mount a file system (MacOS, Linux) or list available drives (Windows) | |
mv | Move a file | |
netstat | Retrieve network connection detail | |
ps | List running processes | |
reg | Registry operations. Subcommands:
| |
restart | Restart the system | |
rm | Remove a file | |
runscript | Run a script | |
shutdown | Shutdown the system | |
unmap | Unmap a UNC (SMB) path from a drive letter | |
update | Install patches through Windows Update. Subcommands:
| |
xmemdump | Dump complete memory (kernel) for the system | |
zip | Create a zip archive |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
response = falcon.batch_active_responder_command(base_command="string",
batch_id="string",
command_string="string",
optional_hosts=target_hosts,
persist_all=boolean,
timeout=integer,
timeout_duration="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
response = falcon.BatchActiveResponderCmd(base_command="string",
batch_id="string",
command_string="string",
optional_hosts=target_hosts,
persist_all=boolean,
timeout=integer,
timeout_duration="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
BODY = {
"base_command": "string",
"batch_id": "string",
"command_string": "string",
"optional_hosts": target_hosts,
"persist_all": boolean
}
response = falcon.command("BatchActiveResponderCmd",
timeout=integer,
timeout_duration="string",
body=BODY
)
print(response)
BatchCmd
Batch executes a RTR read-only command across the hosts mapped to the given batch ID.
PEP8 method name
batch_command
Endpoint
Method | Route |
---|---|
/real-time-response/combined/batch-command/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
base_command | body | string | Active Responder base command to perform. For example: get or cp . Refer to this list for a complete listing of available commands. | ||
batch_id | body | string | RTR Batch ID to execute the command against. Received from batch_init_session . | ||
command_string | body | string | Full command line of the command to execute. Example: cat some_file.txt . | ||
host_timeout_duration | query | string | Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 5 minutes. Example, 10s . Valid units: ns , us , ms , s , m , h . | ||
optional_hosts | body | string or list of strings | List of the subset of hosts we want to impact by this command. Allows for filtering of hosts from execution within the same batch. | ||
persist_all | body | boolean | Flag indicating if this command should be executed when the host returns to service. | ||
timeout | query | integer | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. | ||
timeout_duration | query | string | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 5 minutes. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Available base commands (Read only)
Command | Description | Operating System |
---|---|---|
cat | View file contents | |
cd | Change directory | |
clear | Clear the screen | |
csrutil | Get system integrity protection status | |
env | Display environment variables | |
eventlog | Inspect the event log. Subcommands:
| |
filehash | Calculate a file hash (MD5 or SHA256) | |
getsid | Retrieve the current SID | |
help | Access help for a specific command or sub-command | |
history | Review command history for the current user | |
ipconfig | Review TCP configuration | |
ls | List the contents of a directory | |
mount | Mount a file system (MacOS, Linux) or list available drives (Windows) | |
netstat | Retrieve network connection detail | |
ps | List running processes | |
reg | Registry operations. Subcommands:
|
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
response = falcon.batch_command(base_command="string",
batch_id="string",
command_string="string",
optional_hosts=target_hosts,
persist_all=boolean,
timeout=integer,
timeout_duration="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
response = falcon.BatchCmd(base_command="string",
batch_id="string",
command_string="string",
optional_hosts=target_hosts,
persist_all=boolean,
timeout=integer,
timeout_duration="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
BODY = {
"base_command": "string",
"batch_id": "string",
"command_string": "string",
"optional_hosts": target_hosts,
"persist_all": boolean
}
response = falcon.command("BatchCmd",
timeout=integer,
timeout_duration="string",
body=BODY
)
print(response)
BatchGetCmdStatus
Retrieves the status of the specified batch get command. Will return successful files when they are finished processing.
PEP8 method name
batch_get_command_status
Endpoint
Method | Route |
---|---|
/real-time-response/combined/batch-get-command/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
batch_get_cmd_req_id | query | string | Batch Get Command Request ID (usually retrieved when making a call to BatchGetCmd ). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
timeout | query | integer | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. | ||
timeout_duration | query | string | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 5 minutes. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.batch_get_command_status(timeout=integer,
timeout_duration="string",
batch_get_cmd_req_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.BatchGetCmdStatus(timeout=integer,
timeout_duration="string",
batch_get_cmd_req_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("BatchGetCmdStatus",
timeout=integer,
timeout_duration="string",
batch_get_cmd_req_id="string"
)
print(response)
BatchGetCmd
Batch executes a get
command across hosts to retrieve files. After this call is made BatchGetCmdStatus
is used to query for the results.
PEP8 method name
batch_get_command
Endpoint
Method | Route |
---|---|
/real-time-response/combined/batch-get-command/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
batch_id | body | string | RTR Batch ID to execute the get command against. Received from batch_init_session . | ||
file_path | body | string | Full path to the file that is to be retrieved from each host in the batch. | ||
host_timeout_duration | query | string | Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 5 minutes. Example, 10s . Valid units: ns , us , ms , s , m , h . | ||
optional_hosts | body | string or list of strings | List of the subset of hosts we want to impact by this command. Allows for filtering of hosts from execution within the same batch. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
timeout | query | integer | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. | ||
timeout_duration | query | string | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 5 minutes. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
response = falcon.batch_get_command(batch_id="string",
file_path="string",
optional_hosts=target_hosts,
timeout=integer,
timeout_duration="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
response = falcon.BatchGetCmd(batch_id="string",
file_path="string",
optional_hosts=target_hosts,
timeout=integer,
timeout_duration="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
BODY = {
"batch_id": "string",
"file_path": "string",
"optional_hosts": target_hosts
}
response = falcon.command("BatchGetCmd",
timeout=integer,
timeout_duration="string",
body=BODY
)
print(response)
BatchInitSessions
Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host.
PEP8 method name
batch_init_sessions
Endpoint
Method | Route |
---|---|
/real-time-response/combined/batch-init-session/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
existing_batch_id | body | string | Optional existing RTR batch ID. Use this to initialize new hosts and add them to the existing batch. | ||
host_ids | body | string or list of strings | List of host agent IDs to initialize a RTR session on. | ||
host_timeout_duration | query | string | Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is < 5 minutes. Example, 10s . Valid units: ns , us , ms , s , m , h . | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
queue_offline | body | boolean | Flag indicating if the command should be queued for execution when the host returns to service. | ||
timeout | query | integer | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. | ||
timeout_duration | query | string | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 5 minutes. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
response = falcon.batch_init_sessions(existing_batch_id="string",
host_ids=target_hosts,
queue_offline=boolean,
timeout=integer,
timeout_duration="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
response = falcon.BatchInitSessions(existing_batch_id="string",
host_ids=target_hosts,
queue_offline=boolean,
timeout=integer,
timeout_duration="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
target_hosts = ["ID1", "ID2", "ID3"]
BODY = {
"existing_batch_id": "string",
"host_ids": target_hosts,
"queue_offline": boolean
}
response = falcon.command("BatchInitSessions",
timeout=integer,
timeout_duration="string"
body=BODY
)
print(response)
BatchRefreshSessions
Batch refresh a RTR session on multiple hosts. RTR sessions will expire after 5 minutes unless refreshed.
PEP8 method name
batch_refresh_sessions
Endpoint
Method | Route |
---|---|
/real-time-response/combined/batch-refresh-session/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
batch_id | body | string | Existing RTR batch ID to refresh. | ||
host_to_remove | body | string or list of strings | List of host agent IDs to remove from the batch. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
timeout | query | integer | Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. | ||
timeout_duration | query | string | Timeout duration for for how long to wait for the request in duration syntax. Example, 10s . Valid units: ns, us, ms, s, m, h . Maximum is 5 minutes. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
remove_hosts = ["ID1", "ID2", "ID3"]
response = falcon.batch_refresh_sessions(batch_id="string",
hosts_to_remove=remove_hosts,
timeout=integer,
timeout_duration="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
remove_hosts = ["ID1", "ID2", "ID3"]
response = falcon.BatchRefreshSessions(batch_id="string",
hosts_to_remove=remove_hosts,
timeout=integer,
timeout_duration="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
remove_hosts = ["ID1", "ID2", "ID3"]
BODY = {
"batch_id": "string",
"hosts_to_remove": remove_hosts
}
response = falcon.command("BatchRefreshSessions",
timeout=integer,
timeout_duration="string",
body=BODY
)
print(response)
RTR_CheckActiveResponderCommandStatus
Get status of an executed active-responder command on a single host.
PEP8 method name
check_active_responder_command_status
Endpoint
Method | Route |
---|---|
/real-time-response/entities/active-responder-command/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cloud_request_id | query | string | Cloud Request ID of the executed command to query. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
sequence_id | query | integer | Sequence ID that we want to retrieve. Command responses are chunked across sequences. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.check_active_responder_command_status(cloud_request_id="string",
sequence_id=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_CheckActiveResponderCommandStatus(cloud_request_id="string",
sequence_id=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_CheckActiveResponderCommandStatus",
cloud_request_id="string",
sequence_id=integer
)
print(response)
RTR_ExecuteActiveResponderCommand
Execute an active responder command on a single host.
PEP8 method name
execute_active_responder_command
Endpoint
Method | Route |
---|---|
/real-time-response/entities/active-responder-command/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
base_command | body | string | Active Responder base command to perform. For example: get or cp . Refer to this list for a complete listing of available commands. | ||
command_string | body | string | Full command line of the command to execute. Example: get some_file.txt . | ||
persist | body | boolean | Flag indicating if this command should be executed when the host returns to service. Unused | ||
session_id | body | string | RTR Session ID. |
Available base commands
Command | Description | Operating System |
---|---|---|
cat | View file contents | |
cd | Change directory | |
clear | Clear the screen | |
cp | Copy a file | |
encrypt | Encrypt a file | |
env | Display environment variables | |
eventlog | Inspect the event log. Subcommands:
eventlog backup is the recommended solution as opposed to eventlog export , as this method is faster and follows industry-standard file format. | |
filehash | Calculate a file hash (MD5 or SHA256) | |
get | Retrieve a file | |
getsid | Retrieve the current SID | |
help | Access help for a specific command or sub-command | |
history | Review command history for the current user | |
ipconfig | Review TCP configuration | |
kill | Kill a running process | |
ls | List the contents of a directory | |
map | Map a UNC (SMB) path to a drive letter | |
memdump | Dump memory of a running process | |
mkdir | Create a directory | |
mount | Mount a file system (MacOS, Linux) or list available drives (Windows) | |
mv | Move a file | |
netstat | Retrieve network connection detail | |
ps | List running processes | |
reg | Registry operations. Subcommands:
| |
restart | Restart the system | |
rm | Remove a file | |
runscript | Run a script | |
shutdown | Shutdown the system | |
unmap | Unmap a UNC (SMB) path from a drive letter | |
update | Install patches through Windows Update. Subcommands:
| |
xmemdump | Dump complete memory (kernel) for the system | |
zip | Create a zip archive |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.execute_active_responder_command(base_command="string",
command_string="string",
persist=boolean,
session_id="string",
timeout=integer,
timeout_duraction="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_ExecuteActiveResponderCommand(base_command="string",
command_string="string",
persist=boolean,
session_id="string",
timeout=integer,
timeout_duraction="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"base_command": "string",
"command_string": "string",
"persist": boolean,
"session_id": "string"
}
response = falcon.command("RTR_ExecuteActiveResponderCommand",
timeout=integer,
timeout_duration="string",
body=BODY
)
print(response)
RTR_CheckCommandStatus
Get status of an executed command on a single host.
PEP8 method name
check_command_status
Endpoint
Method | Route |
---|---|
/real-time-response/entities/command/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cloud_request_id | query | string | Cloud Request ID of the executed command to query. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
sequence_id | query | integer | Sequence ID that we want to retrieve. Command responses are chunked across sequences. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.check_command_status(cloud_request_id="string", sequence_id=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_CheckCommandStatus(cloud_request_id="string", sequence_id=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_CheckCommandStatus",
cloud_request_id="string",
sequence_id=integer
)
print(response)
RTR_ExecuteCommand
Execute a command on a single host.
PEP8 method name
execute_command
Endpoint
Method | Route |
---|---|
/real-time-response/entities/command/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
base_command | body | string | Read-only base command to perform. For example: ls or ps . Refer to this list for a complete listing of available commands. | ||
command_string | body | string | Full command line of the command to execute. Example: cat some_file.txt . | ||
persist | body | boolean | Flag indicating if this command should be executed when the host returns to service. | ||
session_id | body | string | RTR Session ID to execute the command against. |
Available base commands (Read only)
Command | Description | Operating System |
---|---|---|
cat | View file contents | |
cd | Change directory | |
clear | Clear the screen | |
csrutil | Get system integrity protection status | |
env | Display environment variables | |
eventlog | Inspect the event log. Subcommands:
| |
filehash | Calculate a file hash (MD5 or SHA256) | |
getsid | Retrieve the current SID | |
help | Access help for a specific command or sub-command | |
history | Review command history for the current user | |
ipconfig | Review TCP configuration | |
ls | List the contents of a directory | |
mount | Mount a file system (MacOS, Linux) or list available drives (Windows) | |
netstat | Retrieve network connection detail | |
ps | List running processes | |
reg | Registry operations. Subcommands:
|
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.execute_command(base_command="string",
command_string="string",
persist=boolean,
session_id="string",
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_ExecuteCommand(base_command="string",
command_string="string",
persist=boolean,
session_id="string",
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"base_command": "string",
"command_string": "string",
"persist": true,
"session_id": "string"
}
response = falcon.command("RTR_ExecuteCommand", body=BODY)
print(response)
RTR_GetExtractedFileContents
Get RTR extracted file contents for specified session and sha256.
PEP8 method name
get_extracted_file_contents
Endpoint
Method | Route |
---|---|
/real-time-response/entities/extracted-file-contents/v1 |
Required Scope
Content-Type
- Produces: application/x-7z-compressed
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
filename | query | string | Filename to use for the archive name and the file within the archive. | ||
session_id | query | string | RTR Session ID. | ||
sha256 | query | string | Extracted SHA256. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
save_file = "some_file.7z"
response = falcon.get_extracted_file_contents(session_id="string",
sha256="string",
filename="string"
)
open(save_file, 'wb').write(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
save_file = "some_file.7z"
response = falcon.RTR_GetExtractedFileContents(session_id="string",
sha256="string",
filename="string"
)
open(save_file, 'wb').write(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
save_file = "some_file.7z"
response = falcon.command("RTR_GetExtractedFileContents",
session_id="string",
sha256="string",
filename="string"
)
open(save_file, 'wb').write(response)
RTR_ListFiles
Get a list of files for the specified RTR session.
PEP8 method name
list_files
Endpoint
Method | Route |
---|---|
/real-time-response/entities/file/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
session_id | query | string | RTR Session ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_files(session_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_ListFiles(session_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_ListFiles", session_id="string")
print(response)
RTR_ListFilesV2
Get a list of files for the specified RTR session.
PEP8 method name
list_files_v2
Endpoint
Method | Route |
---|---|
/real-time-response/entities/file/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
session_id | query | string | RTR Session ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_files_v2(session_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_ListFilesV2(session_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_ListFilesV2", session_id="string")
print(response)
RTR_DeleteFile
Delete a RTR session file.
PEP8 method name
delete_file
Endpoint
Method | Route |
---|---|
/real-time-response/entities/file/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
ids | query | string | RTR Session file ID (SHA256). | ||
session_id | query | string | RTR Session ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_file(session_id="string", ids="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_DeleteFile(session_id="string", ids="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_DeleteFile", session_id="string", ids="string")
print(response)
RTR_DeleteFileV2
Delete a RTR session file.
PEP8 method name
delete_file_v2
Endpoint
Method | Route |
---|---|
/real-time-response/entities/file/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
ids | query | string | RTR Session file ID (SHA256). | ||
session_id | query | string | RTR Session ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_file_v2(session_id="string", ids="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_DeleteFileV2(session_id="string", ids="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_DeleteFileV2", session_id="string", ids="string")
print(response)
RTR_ListQueuedSessions
Get queued session metadata by session ID.
PEP8 method name
list_queued_sessions
Endpoint
Method | Route |
---|---|
/real-time-response/entities/queued-sessions/GET/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
ids | body | string or list of strings | List of RTR sessions to retrieve. Will only return sessions created by the calling user. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also use a list here ['ID1','ID2','ID3']
response = falcon.list_queued_sessions(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also use a list here ['ID1','ID2','ID3']
response = falcon.RTR_ListQueuedSessions(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = ['ID1','ID2','ID3']
BODY = {
"ids": id_list
}
response = falcon.command("RTR_ListQueuedSessions", body=BODY)
print(response)
RTR_DeleteQueuedSession
Delete a queued session command
PEP8 method name
delete_queued_session
Endpoint
Method | Route |
---|---|
/real-time-response/entities/queued-sessions/command/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cloud_request_id | query | string | Cloud Request ID of the executed command to query. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
session_id | query | string | RTR Session ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_queued_session(session_id="string", cloud_request_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_DeleteQueuedSession(session_id="string", cloud_request_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_DeleteQueuedSession",
session_id="string",
cloud_request_id="string"
)
print(response)
RTR_PulseSession
Refresh a session timeout on a single host.
PEP8 method name
pulse_session
Endpoint
Method | Route |
---|---|
/real-time-response/entities/refresh-session/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
device_id | body | string | The host agent ID to refresh the RTR session on. RTR will retrieve an existing session for the calling user on this host. | ||
origin | body | string | Origin of the request. | ||
queue_offline | body | boolean | Flag indicating if this should be queued to pulse after the host returns to service. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.pulse_session(device_id="string",
origin="string",
queue_offline=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_PulseSession(device_id="string",
origin="string",
queue_offline=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"device_id": "string",
"origin": "string",
"queue_offline": boolean
}
response = falcon.command("RTR_PulseSession", body=BODY)
print(response)
RTR_ListSessions
Get session metadata by session id.
PEP8 method name
list_sessions
Endpoint
Method | Route |
---|---|
/real-time-response/entities/sessions/GET/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
ids | body | string or list of strings | List of RTR sessions to retrieve. Will only return sessions created by the calling user. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also use a list here ['ID1','ID2','ID3']
response = falcon.list_sessions(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also use a list here ['ID1','ID2','ID3']
response = falcon.RTR_ListSessions(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = ['ID1','ID2','ID3']
BODY = {
"ids": id_list
}
response = falcon.command("RTR_ListSessions", body=BODY)
print(response)
RTR_InitSession
Initialize a new session with the RTR cloud.
PEP8 method name
init_session
Endpoint
Method | Route |
---|---|
/real-time-response/entities/sessions/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
device_id | body | string | The host agent ID to refresh the RTR session on. RTR will retrieve an existing session for the calling user on this host. | ||
origin | body | string | Origin of the request. | ||
queue_offline | body | boolean | Flag indicating if this should be queued to pulse after the host returns to service. | ||
timeout | body | integer | Timeout for how long to wait for the request in seconds. Default: 30 Maximum: 600 | ||
timeout_duration | body | string | Timeout duration for how long to wait for the request in duration syntax. Example: 10s Valid units: ns , us , ms , s , m , h Maximum timeout is 5 minutes. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.init_session(device_id="string",
origin="string",
queue_offline=boolean,
timeout=integer,
timeout_duration="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_InitSession(device_id="string",
origin="string",
queue_offline=boolean,
timeout=integer,
timeout_duration="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"device_id": "string",
"origin": "string",
"queue_offline": boolean,
"timeout": integer,
"timeout_duration": "string"
}
response = falcon.command("RTR_InitSession", body=BODY)
print(response)
RTR_DeleteSession
Delete a session.
PEP8 method name
delete_session
Endpoint
Method | Route |
---|---|
/real-time-response/entities/sessions/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
session_id | query | string | RTR Session ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_session(session_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_DeleteSession(session_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_DeleteSession", session_id="string")
print(response)
RTR_ListAllSessions
Get a list of session_ids.
You will only be able to retrieve sessions that were created using the same API credentials.
PEP8 method name
list_all_sessions
Endpoint
Method | Route |
---|---|
/real-time-response/queries/sessions/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | FQL query expression that should be used to limit the results. Available filters:
user_id can accept a special value ‘@me’ which will restrict results to records with current user’s ID. | ||
limit | query | integer | Maximum number of records to return. Max: 5000. | ||
offset | query | string | Starting index of overall result set from which to return ids. | ||
sort | query | string | The property to sort by. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_all_sessions(offset="string",
limit=integer,
sort="string",
filter="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import RealTimeResponse
# Do not hardcode API credentials!
falcon = RealTimeResponse(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RTR_ListAllSessions(offset="string",
limit=integer,
sort="string",
filter="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RTR_ListAllSessions",
offset="string",
limit=integer,
sort="string",
filter="string"
)
print(response)