CrowdStrike Falcon CrowdStrike Subreddit

Using the Sensor Download service collection

Uber class support Service class support Documentation Version Page Updated Samples Available

This service collection has code examples posted to the repository.

Table of Contents

Operation IDDescription
GetCombinedSensorInstallersByQuery
PEP 8get_combined_sensor_installers_by_query
Get sensor installer details by provided query
DownloadSensorInstallerById
PEP 8download_sensor_installer
Download sensor installer by SHA256 ID
GetSensorInstallersEntities
PEP 8get_sensor_installer_entities
Get sensor installer details by provided SHA256 IDs
GetSensorInstallersCCIDByQuery
PEP 8get_sensor_installer_ccid
Get CCID to use with sensor installers
GetSensorInstallersByQuery
PEP 8get_sensor_installers_by_query
Get sensor installer IDs by provided query

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetCombinedSensorInstallersByQuery

Get sensor installer details by provided query

PEP8 method name

get_combined_sensor_installers_by_query

Endpoint

MethodRoute
GET/sensors/combined/installers/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
limit
Service Class Support

Uber Class Support
queryintegerThe number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results.
filter
Service Class Support

Uber Class Support
querystringFilter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include:
  • platform:"windows"
  • version:>"5.2"
offset
Service Class Support

Uber Class Support
queryintegerThe first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
sort
Service Class Support

Uber Class Support
querystringSort items using their properties. Common sort options include:
  • version|asc
  • release_date|desc

Usage

Service class example (PEP8 syntax)
from falconpy import SensorDownload

# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.get_combined_sensor_installers_by_query(offset=integer,
                                                          limit=integer,
                                                          sort="string",
                                                          filter="string"
                                                          )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorDownload

# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.GetCombinedSensorInstallersByQuery(offset=integer,
                                                     limit=integer,
                                                     sort="string",
                                                     filter="string"
                                                     )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCombinedSensorInstallersByQuery",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

DownloadSensorInstallerById

Download sensor installer by SHA256 ID

PEP8 method name

download_sensor_installer

Endpoint

MethodRoute
GET/sensors/entities/download-installer/v1

Content-Type

  • Consumes: application/json
  • Produces: application/octet-stream

Keyword Arguments

NameServiceUberTypeData typeDescription
download_path
Service Class Support

Uber Class Support
querystringFile path to use for the saved file. Must be present to trigger a file download.
id
Service Class Support

Uber Class Support
querystringSHA256 of the installer to download
file_name
Service Class Support

Uber Class Support
querystringFile name to use for the saved file. Must be present to trigger a file download.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorDownload

# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

# Also ask the service class to go ahead and download the file for us
response = falcon.download_sensor_installer(id="string",
                                            download_path="/tmp/",
                                            file_name="cs_installer.bin"
                                            )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorDownload

# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

# Also ask the service class to go ahead and download the file for us
response = falcon.DownloadSensorInstallerById(id="string",
                                              download_path="C:\Temp",
                                              file_name="cs_installer.exe"
                                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

filename = "cs_installer.exe"
response = falcon.command("DownloadSensorInstallerById", id="string")
if not isinstance(response, dict):
    # If our response is a dictionary, there is an error
    with open(filename, "wb") as download_file:
        download_file.write(response)

GetSensorInstallersEntities

Get sensor installer details by provided SHA256 IDs

PEP8 method name

get_sensor_installer_entities

Endpoint

MethodRoute
GET/sensors/entities/installers/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsThe IDs of the installers to retrieve details for.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorDownload

# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_sensor_installer_entities(ids=id_list)
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorDownload

# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetSensorInstallersEntities(ids=id_list)
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetSensorInstallersEntities", ids=id_list)
print(response)

GetSensorInstallersCCIDByQuery

Get CCID to use with sensor installers

PEP8 method name

get_sensor_installer_ccid

Endpoint

MethodRoute
GET/sensors/queries/installers/ccid/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorDownload

# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.get_sensor_installer_ccid()
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorDownload

# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.GetSensorInstallersCCIDByQuery()
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetSensorInstallersCCIDByQuery")
print(response)

GetSensorInstallersByQuery

Get sensor installer IDs by provided query

PEP8 method name

get_sensor_installers_by_query

Endpoint

MethodRoute
GET/sensors/queries/installers/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include:
  • platform:"windows"
  • version:>"5.2"
limit
Service Class Support

Uber Class Support
queryintegerThe number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results.
offset
Service Class Support

Uber Class Support
queryintegerThe first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
sort
Service Class Support

Uber Class Support
querystringSort items using their properties. Common sort options include:
  • version|asc
  • release_date|desc

Usage

Service class example (PEP8 syntax)
from falconpy import SensorDownload

# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.get_sensor_installers_by_query(offset=integer,
                                                 limit=integer,
                                                 sort="string",
                                                 filter="string"
                                                 )
print(response)

Service class example (Operation ID syntax)
from falconpy import SensorDownload

# Do not hardcode API credentials!
falcon = SensorDownload(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.GetSensorInstallersByQuery(offset=integer,
                                             limit=integer,
                                             sort="string",
                                             filter="string"
                                             )
print(response)

Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetSensorInstallersByQuery",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string"
                          )
print(response)