Using the Tailored Intelligence service collection

Table of Contents

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetEventsBody

Get event body for the provided event ID.

PEP8 method name

get_event_body

Endpoint

Method	Route
	/ti/events/entities/events-full-body/v2

Content-Type

• Produces: application/octet-stream

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
id			query	string or list of strings	Return the event body for event ID.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import TailoredIntelligence

falcon = TailoredIntelligence(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

save_file = "some_file.ext"

response = falcon.get_event_body(id="string")
open(save_file, 'wb').write(response)

Service class example (Operation ID syntax)

from falconpy import TailoredIntelligence

falcon = TailoredIntelligence(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

save_file = "some_file.ext"

response = falcon.GetEventsBody(id="string")
open(save_file, 'wb').write(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

save_file = "some_file.ext"

response = falcon.command("GetEventsBody", id="string")
open(save_file, 'wb').write(response)

Back to Table of Contents

GetEventsEntities

Get events entities for specified ids.

PEP8 method name

get_event_entities

Endpoint

Method	Route
	/ti/events/entities/events/GET/v2

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			body	string or list of strings	Return the event entities for specified ID.
body			body	dictionary	Full body payload in JSON format. Not required when using the ids keyword.

Usage

Service class example (PEP8 syntax)

from falconpy import TailoredIntelligence

falcon = TailoredIntelligence(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_event_entities(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import TailoredIntelligence

falcon = TailoredIntelligence(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetEventsEntities(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetEventsEntities", ids=id_list)
print(response)

Back to Table of Contents

QueryEvents

Get events ids that match the provided filter criteria.

PEP8 method name

query_events

Endpoint

Method	Route
	/ti/events/queries/events/v2

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	FQL query specifying the filter parameters. Wildcard character '*' means to not filter on anything.
limit			query	integer	The maximum number of IDs to return in this response. Use with the offset parameter to manage pagination of results.
offset			query	integer	Starting index of overall result set from which to return IDs.
parameters			query	dictionary	Full query string parameters payload in JSON format.
q			query	string	Match phrase_prefix query criteria
sort			query	string	Sort results using a FQL formatted string. Available options: source_type created_date updated_date

Usage

Service class example (PEP8 syntax)

from falconpy import TailoredIntelligence

falcon = TailoredIntelligence(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.query_events(offset="string",
                               limit=integer,
                               sort="string",
                               filter="string",
                               q="string"
                               )
print(response)

Service class example (Operation ID syntax)

from falconpy import TailoredIntelligence

falcon = TailoredIntelligence(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.QueryEvents(offset="string",
                              limit=integer,
                              sort="string",
                              filter="string",
                              q="string"
                              )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("QueryEvents",
                          offset="string",
                          limit=integer,
                          sort="string",
                          filter="string",
                          q="string"
                          )
print(response)

Back to Table of Contents

GetRulesEntities

Get rules entities for specified ids.

PEP8 method name

get_rule_entities

Endpoint

Method	Route
	/ti/rules/entities/rules/GET/v2

Content-Type

• Consumes: application/json
• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			body	string or list of strings	Return the rule entities for specified ID.
body			body	dictionary	Full body payload in JSON format. Not required when using the ids keyword.

Usage

Service class example (PEP8 syntax)

from falconpy import TailoredIntelligence

falcon = TailoredIntelligence(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_rule_entities(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import TailoredIntelligence

falcon = TailoredIntelligence(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetRulesEntities(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetRulesEntities", ids=id_list)
print(response)

Back to Table of Contents

QueryRules

Get rules ids that match the provided filter criteria.

PEP8 method name

query_rules

Endpoint

Method	Route
	/ti/rules/queries/rules/v2

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	FQL query specifying the filter parameters. Wildcard character '*' means to not filter on anything.
limit			query	integer	The maximum number of IDs to return in this response. Use with the offset parameter to manage pagination of results.
offset			query	integer	Starting index of overall result set from which to return IDs.
parameters			query	dictionary	Full query string parameters payload in JSON format.
q			query	string	Match phrase_prefix query criteria
sort			query	string	Sort results using a FQL formatted string. Available options: name value rule_type customer_id created_date updated_date

Usage

Service class example (PEP8 syntax)

from falconpy import TailoredIntelligence

falcon = TailoredIntelligence(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.query_rules(offset="string",
                              limit=integer,
                              sort="string",
                              filter="string",
                              q="string"
                              )
print(response)

Service class example (Operation ID syntax)

from falconpy import TailoredIntelligence

falcon = TailoredIntelligence(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.QueryRules(offset="string",
                             limit=integer,
                             sort="string",
                             filter="string",
                             q="string"
                             )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("QueryRules",
                          offset="string",
                          limit=integer,
                          sort="string",
                          filter="string",
                          q="string"
                          )
print(response)

Back to Table of Contents