Using the ThreatGraph service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Retrieve edges for a given vertex id. One edge type must be specified | ||||
| Look up instances of indicators such as hashes, domain names, and ip addresses that have been seen on devices in your environment. | ||||
| Retrieve summary for a given vertex ID | ||||
| Retrieve metadata for a given vertex ID | ||||
| Retrieve metadata for a given vertex ID | ||||
| Show all available edge types | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
combined_edges_get
Retrieve edges for a given vertex id. One edge type must be specified
PEP8 method name
get_edges
Endpoint
| Method | Route |
|---|---|
 | /threatgraph/combined/edges/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |  | | query | string | Vertex ID to get details for. Only one value is supported |
| limit | | | query | integer | How many edges to return in a single request [1-100] |
| offset | | | query | string | The offset to use to retrieve the next page of results |
| edge_type | | | query | string | The type of edges that you would like to retrieve |
| direction | | | query | string | The direction of edges that you would like to retrieve. |
| scope | | | query | string | Scope of the request |
| nano | | | query | boolean | Return nano-precision entity timestamps |
Usage
Service class example (PEP8 syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_edges(limit=integer,
offset="string",
edge_type="string",
direction="string",
scope="string",
nano=boolean,
ids=id_list
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.combined_edges_get(limit=integer,
offset="string",
edge_type="string",
direction="string",
scope="string",
nano=boolean,
ids=id_list
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("combined_edges_get",
limit=integer,
offset="string",
edge_type="string",
direction="string",
scope="string",
nano=boolean,
ids=id_list
)
print(response)
Back to Table of Contents
combined_ran_on_get
Look up instances of indicators such as hashes, domain names, and ip addresses that have been seen on devices in your environment.
PEP8 method name
get_ran_on
Endpoint
| Method | Route |
|---|---|
| /threatgraph/combined/ran-on/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| value | | | query | string | The value of the indicator to search by. |
| type | | | query | string | The type of indicator that you would like to retrieve |
| limit | | | query | integer | How many edges to return in a single request [1-100] |
| offset | | | query | string | The offset to use to retrieve the next page of results |
| nano | | | query | boolean | Return nano-precision entity timestamps |
Usage
Service class example (PEP8 syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_ran_on(value="string",
type="string",
limit=integer,
offset="string",
nano=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combined_ran_on_get(value="string",
type="string",
limit=integer,
offset="string",
nano=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("combined_ran_on_get",
value="string",
type="string",
limit=integer,
offset="string",
nano=boolean
)
print(response)
Back to Table of Contents
combined_summary_get
Retrieve summary for a given vertex ID
PEP8 method name
get_summary
Endpoint
| Method | Route |
|---|---|
| /threatgraph/combined/{vertex-type}/summary/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| vertex_type | | | path | string | Type of vertex to get properties for |
| ids | | | query | array (string) | Vertex ID to get details for |
| scope | | | query | string | Scope of the request |
| nano | | | query | boolean | Return nano-precision entity timestamps |
Usage
Service class example (PEP8 syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_summary(scope="string", nano=boolean, ids=id_list, vertex_type="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.combined_summary_get(scope="string",
nano=boolean,
ids=id_list,
vertex_type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("combined_summary_get",
scope="string",
nano=boolean,
ids=id_list,
vertex_type="string"
)
print(response)
Back to Table of Contents
entities_vertices_get
Retrieve metadata for a given vertex ID
PEP8 method name
get_vertices_v1
Endpoint
| Method | Route |
|---|---|
| /threatgraph/entities/{vertex-type}/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| vertex_type | | | path | string | Type of vertex to get properties for |
| ids | | | query | array (string) | Vertex ID to get details for |
| scope | | | query | string | Scope of the request |
| nano | | | query | boolean | Return nano-precision entity timestamps |
Usage
Service class example (PEP8 syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_vertices_v1(scope="string", nano=boolean, ids=id_list, vertex_type="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_vertices_get(scope="string",
nano=boolean,
ids=id_list,
vertex_type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_vertices_get",
scope="string",
nano="string",
ids=id_list,
vertex_type="string"
)
print(response)
Back to Table of Contents
entities_vertices_getv2
Retrieve metadata for a given vertex ID
PEP8 method name
get_vertices
Endpoint
| Method | Route |
|---|---|
| /threatgraph/entities/{vertex-type}/v2 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| vertex_type | | | path | string | Type of vertex to get properties for |
| ids | | | query | array (string) | Vertex ID to get details for |
| scope | | | query | string | Scope of the request |
| nano | | | query | boolean | Return nano-precision entity timestamps |
Usage
Service class example (PEP8 syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_vertices(scope="string", nano=boolean, ids=id_list, vertex_type="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_vertices_getv2(scope="string",
nano=boolean,
ids=id_list,
vertex_type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_vertices_getv2",
scope="string",
nano=boolean,
ids=id_list,
vertex_type="string"
)
print(response)
Back to Table of Contents
queries_edgetypes_get
Show all available edge types
PEP8 method name
get_edge_types
Endpoint
| Method | Route |
|---|---|
| /threatgraph/queries/edge-types/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
No keywords or arguments accepted
Usage
Service class example (PEP8 syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_edge_types()
print(response)
Service class example (Operation ID syntax)
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_edgetypes_get()
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_edgetypes_get")
print(response)
Back to Table of Contents