| Operation ID | Description |
|---|
| Executes an on-demand Workflow, the body is JSON used to trigger the execution, the response the execution ID(s) |
| Allows a user to resume/retry a failed workflow execution. |
| Get execution result of a given execution |
| Deprovisions a system definition that was previously provisioned on the target CID |
| Promote a version of a system definition |
| Provisions a system definition onto the target CID by using the template and provided parameters |
WARNING
client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Execute an on-demand workflow. Response will contain the execution ID.
execute
| Method | Route |
|---|
 | /workflows/entities/execute/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| definition_id | ![]()
![]() | ![]()
![]() | query | string or list of strings | Definition ID to execute, either a name or an ID can be specified. |
| name | ![]()
![]() | ![]()
![]() | query | string | Workflow name to execute, either a name or an ID can be specified. |
| key | ![]()
![]() | ![]()
![]() | query | string | Key used to help deduplicate executions, if unset a new UUID is used |
| depth | ![]()
![]() | ![]()
![]() | query | integer | Used to record the execution depth to help limit execution loops when a workflow triggers another. The maximum depth is 4. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| source_event_url | ![]()
![]() | ![]()
![]() | query | string | Used to record a URL to the source that led to triggering this workflow |
| body | ![]()
![]() | ![]()
![]() | body | string | Full body payload in JSON format. |
from falconpy.workflows import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
workflow_schema = {
"schema details": "go here"
}
response = falcon.execute(definition_id=["string", "string"],
name="string",
key="string",
depth=integer,
source_event_url="string",
body=workflow_schema
)
print(response)
from falconpy import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
workflow_schema = {
"schema details": "go here"
}
response = falcon.WorkflowExecute(definition_id=["string", "string"],
name="string",
key="string",
depth=integer,
source_event_url="string",
body=workflow_schema
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
workflow_schema = {
"schema details": "go here"
}
response = falcon.command("WorkflowExecute",
definition_id=["string", "string"],
name="string",
key="string",
depth=integer,
source_event_url="string",
body=workflow_schema
)
print(response)
Allows a user to resume/retry a failed workflow execution.
execution_action
| Method | Route |
|---|
| /workflows/entities/execution-actions/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| action_name | ![]()
![]() | ![]()
![]() | query | string | Specify one of these actions: - resume: resume/retry the workflow execution(s) specified in ids |
| action_parameters | ![]()
![]() | ![]()
![]() | body | list of dictionaries | List of actions to perform. |
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. Not required when using other keywords. |
| ids | ![]()
![]() | ![]()
![]() | body | string or list of strings | Execution IDs. |
| name | ![]()
![]() | ![]()
![]() | body (action_parameters) | string | Action parameter name. |
| value | ![]()
![]() | ![]()
![]() | body (action_parameters) | string | Action parameter value. |
from falconpy.workflows import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
response = falcon.execution_action(action_name="string",
ids="string",
name="string",
value="string"
)
print(response)
from falconpy import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
response = falcon.WorkflowExecutionsAction(action_name="string",
ids="string",
name="string",
value="string"
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
body_payload = {
"action_parameters": [
{
"name": "string",
"value": "string"
}
],
"ids": [
"string"
]
}
response = falcon.command("WorkflowExecutionsAction", action_name="string", body=body_payload)
print(response)
Get execution result of a given execution
execution_results
| Method | Route |
|---|
 | /workflows/entities/execution-results/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | Workflow execution ID to return results for. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy.workflows import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.execution_results(ids=id_list)
print(response)
from falconpy import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.WorkflowExecutionResults(ids=id_list)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("WorkflowExecutionResults", ids=id_list)
print(response)
Deprovisions a system definition that was previously provisioned on the target CID.
deprovision
| Method | Route |
|---|
| /workflows/system-definitions/deprovision/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. Not required when using other keywords. |
| definition_id | ![]()
![]() | ![]()
![]() | body | string | Workflow definition ID. |
| deprovision_all | ![]()
![]() | ![]()
![]() | body | boolean | Flag indicating if all workflows should be deprovisioned. |
| template_id | ![]()
![]() | ![]()
![]() | body | string | Template ID. |
| template_name | ![]()
![]() | ![]()
![]() | body | string | Template name. |
from falconpy.workflows import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
response = falcon.deprovision(definition_id="string",
deprovision_all=boolean,
template_id="string",
template_name="string",
)
print(response)
from falconpy import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
response = falcon.WorkflowSystemDefinitionsDeProvision(definition_id="string",
deprovision_all=boolean,
template_id="string",
template_name="string",
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
body_payload = {
"definition_id": "string",
"deprovision_all": boolean,
"template_id": "string",
"template_name": "string"
}
response = falcon.command("WorkflowSystemDefinitionsDeProvision", body=body_payload)
print(response)
Promote a version of a system definition.
Tenant must be already provisioned. This allows the caller to apply an updated template
version on a CID and expects all parameters to be supplied. If the template supports
multi-instance, the customer scope definition ID must be supplied to determine which
customer workflow should be update.
promote
| Method | Route |
|---|
| /workflows/system-definitions/promote/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| activities | ![]()
![]() | ![]()
![]() | body | dictionary | Dictionary of workflow activities. |
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. Not required when using other keywords. |
| conditions | ![]()
![]() | ![]()
![]() | body | list of dictionaries | List of workflow conditions. |
| customer_definition_id | ![]()
![]() | ![]()
![]() | body | string | Customer definition ID. |
| name | ![]()
![]() | ![]()
![]() | body | string | Name of the workflow. |
| parameters | ![]()
![]() | ![]()
![]() | body | dictionary | Overrides specified activities, conditions and trigger keywords. |
| template_id | ![]()
![]() | ![]()
![]() | body | string | Template ID. |
| template_name | ![]()
![]() | ![]()
![]() | body | string | Template name. |
| template_version | ![]()
![]() | ![]()
![]() | body | string | Template version. |
| trigger | ![]()
![]() | ![]()
![]() | body | dictionary | Workflow trigger definition. |
from falconpy.workflows import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
activities = {
"configuration": [
{
"node_id": "string",
"properties": {}
}
],
"selection": [
{
"id": "string",
"properties": {},
"source": "string"
}
]
}
conditions = [
{
"fields": [
{
"name": "string",
"operator": "string"
}
],
"node_id": "string"
}
]
trigger = {
"fields": {},
"node_id": "string"
}
response = falcon.promote(activities=activities,
conditions=conditions,
customer_definition_id="string",
name="string",
template_id="string",
template_name="string",
template_version="string",
trigger=trigger
)
print(response)
from falconpy import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
activities = {
"configuration": [
{
"node_id": "string",
"properties": {}
}
],
"selection": [
{
"id": "string",
"properties": {},
"source": "string"
}
]
}
conditions = [
{
"fields": [
{
"name": "string",
"operator": "string"
}
],
"node_id": "string"
}
]
trigger = {
"fields": {},
"node_id": "string"
}
response = falcon.WorkflowSystemDefinitionsPromote(activities=activities,
conditions=conditions,
customer_definition_id="string",
name="string",
template_id="string",
template_name="string",
template_version="string",
trigger=trigger
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
activities = {
"configuration": [
{
"node_id": "string",
"properties": {}
}
],
"selection": [
{
"id": "string",
"properties": {},
"source": "string"
}
]
}
conditions = [
{
"fields": [
{
"name": "string",
"operator": "string"
}
],
"node_id": "string"
}
]
trigger = {
"fields": {},
"node_id": "string"
}
body_payload = {
"customer_definition_id": "string",
"name": "string",
"parameters": {
"activities": activities,
"conditions": conditions,
"trigger": trigger
},
"template_id": "string",
"template_name": "string",
"template_version": "string"
}
response = falcon.command("WorkflowSystemDefinitionsPromote", body=body_payload)
print(response)
Provisions a system definition onto the target CID by using the template and provided parameters.
provision
| Method | Route |
|---|
| /workflows/system-definitions/provision/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| activities | ![]()
![]() | ![]()
![]() | body | dictionary | Dictionary of workflow activities. |
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. Not required when using other keywords. |
| conditions | ![]()
![]() | ![]()
![]() | body | list of dictionaries | List of workflow conditions. |
| customer_definition_id | ![]()
![]() | ![]()
![]() | body | string | Customer definition ID. |
| name | ![]()
![]() | ![]()
![]() | body | string | Workflow name. |
| parameters | ![]()
![]() | ![]()
![]() | body | dictionary | Overrides specified activities, conditions and trigger keywords. |
| template_id | ![]()
![]() | ![]()
![]() | body | string | Template ID. |
| template_name | ![]()
![]() | ![]()
![]() | body | string | Template name. |
| template_version | ![]()
![]() | ![]()
![]() | body | string | Template version. |
| trigger | ![]()
![]() | ![]()
![]() | body | dictionary | Workflow trigger definition. |
from falconpy.workflows import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
activities = {
"configuration": [
{
"node_id": "string",
"properties": {}
}
],
"selection": [
{
"id": "string",
"properties": {},
"source": "string"
}
]
}
conditions = [
{
"fields": [
{
"name": "string",
"operator": "string"
}
],
"node_id": "string"
}
]
trigger = {
"fields": {},
"node_id": "string"
}
response = falcon.provision(activities=activities,
conditions=conditions,
customer_definition_id="string",
name="string",
template_id="string",
template_name="string",
template_version="string",
trigger=trigger
)
print(response)
from falconpy import Workflows
falcon = Workflows(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
activities = {
"configuration": [
{
"node_id": "string",
"properties": {}
}
],
"selection": [
{
"id": "string",
"properties": {},
"source": "string"
}
]
}
conditions = [
{
"fields": [
{
"name": "string",
"operator": "string"
}
],
"node_id": "string"
}
]
trigger = {
"fields": {},
"node_id": "string"
}
response = falcon.WorkflowSystemDefinitionsProvision(activities=activities,
conditions=conditions,
customer_definition_id="string",
name="string",
template_id="string",
template_name="string",
template_version="string",
trigger=trigger
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
activities = {
"configuration": [
{
"node_id": "string",
"properties": {}
}
],
"selection": [
{
"id": "string",
"properties": {},
"source": "string"
}
]
}
conditions = [
{
"fields": [
{
"name": "string",
"operator": "string"
}
],
"node_id": "string"
}
]
trigger = {
"fields": {},
"node_id": "string"
}
body_payload = {
"customer_definition_id": "string",
"name": "string",
"parameters": {
"activities": activities,
"conditions": conditions,
"trigger": trigger
},
"template_id": "string",
"template_name": "string",
"template_version": "string"
}
response = falcon.command("WorkflowSystemDefinitionsProvision", body=body_payload)
print(response)