Using the Spotlight Evaluation Logic service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria. | ||||
| Perform a combined query and get for RiskSupportedEvaluation entities. | ||||
| Get details on evaluation logic items by providing one or more IDs. | ||||
| Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
combinedQueryEvaluationLogic
Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.
PEP8 method name
query_evaluation_logic_combined
Endpoint
| Method | Route |
|---|---|
 | /spotlight/combined/evaluation-logic/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after |  | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
| limit | | | query | integer | Maximum number of entities to return. |
| filter | | | query | string | FQL query specifying the filter parameters. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| sort | | | query | string | Sort evaluation logic by their properties. |
Usage
Service class example (PEP8 syntax)
from falconpy import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_evaluation_logic_combined(after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combinedQueryEvaluationLogic(after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("combinedQueryEvaluationLogic",
after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)
Back to Table of Contents
combinedSupportedEvaluationExt
Perform a combined query and get for RiskSupportedEvaluation entities.
PEP8 method name
get_supported_evaluations
Endpoint
| Method | Route |
|---|---|
| /spotlight/combined/supported-evaluation-external/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
| filter | | | query | string | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that support exact match: id, risk_id, risk_provider, finding_provider, platform. Available filter fields that support range comparisons (>, <, >=, <=): created_timestamp, updated_timestamp. Required. |
| limit | | | query | integer | The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results. |
| offset | | | query | string | Starting index of overall result set from which to return ids. |
| risk_provider | | | query | string or list of strings | Zero or more risk providers. Zero means all. Supported values: S (for Falcon sensor). |
| sort | | | query | string | Sort vulnerabilities by their properties. Available sort options: created_timestamp|asc/desc, updated_timestamp|asc/desc. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_supported_evaluations(after="string",
filter="string",
limit=integer,
offset="string",
risk_provider="string",
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combinedSupportedEvaluationExt(after="string",
filter="string",
limit=integer,
offset="string",
risk_provider="string",
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("combinedSupportedEvaluationExt",
after="string",
filter="string",
limit=integer,
offset="string",
risk_provider="string",
sort="string"
)
print(response)
Back to Table of Contents
getEvaluationLogic
Get details on evaluation logic items by providing one or more IDs.
PEP8 method name
get_evaluation_logic
Endpoint
| Method | Route |
|---|---|
| /spotlight/entities/evaluation-logic/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | list of strings | One or more evaluation logic IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_evaluation_logic(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getEvaluationLogic(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getEvaluationLogic", ids=id_list)
print(response)
Back to Table of Contents
queryEvaluationLogic
Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.
PEP8 method name
query_evaluation_logic
Endpoint
| Method | Route |
|---|---|
| /spotlight/queries/evaluation-logic/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
| limit | | | query | integer | Maximum number of entities to return. |
| filter | | | query | string | FQL query specifying the filter parameters. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| sort | | | query | string | Sort evaluation logic by their properties. |
Usage
Service class example (PEP8 syntax)
from falconpy import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_evaluation_logic(after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryEvaluationLogic(after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryEvaluationLogic",
after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)
Back to Table of Contents