CrowdStrike Falcon Twitter URL

Environment Configuration

Documentation Version Page Updated

The following keywords can be provided to Service Classes and the Uber Class during instantiation to customize behavior to meet your specific environment requirements.

These keywords may be mixed in any order or combination when creating an instance of the class. You will still need to provide authentication details based upon your selected authentication method. For most scenarios, none of the keywords listed below are required in order to create an instance of a class.

NameData typeDescription
base_urlStringThe CrowdStrike base address target for API operations performed using this class.

Defaults to https://api.crowdstrike.com.
proxyDictionaryA dictionary containing a list of proxy servers to utilize for making requests to the CrowdStrike API.
ssl_verifyBooleanBoolean flag used to specify SSL verification configuration.

Defaults to True
timeoutFloat or TupleConnect / Read or Total timeout for requests made to the CrowdStrike API.
user_agentStringCustom User-Agent string to use for requests to the API.

Recommended format: vendor-productname/version.
renew_windowIntegerAmount of buffer time allotted before token expiration where a token is refreshed automatically.

Minimum: 120 seconds
Maximum: 1,200 seconds
Default: 120
ext_headersStringExtended headers that are pre-pended to the default headers dictionary for the newly created Service Class.

Service Classes only

Usage examples

Simple examples of these keywords being used to configure an environment.

WARNING

client_id and client_secret are input variables that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does NOT recommend hard coding API credentials or customer identifiers within source code.

Base URL

The base_url keyword allows you to point your requests to the CrowdStrike cloud where your environment resides. You may specify your base URL by using the address or the short name. Short names are not case-sensitive.

When not provided, the base_url keyword defaults to https://api.crowdstrike.com (US1) when creating an instance of any class using v0.8.5 or below.

Cloud region autodiscovery

Starting in v0.8.6, developers using the US1, US2 or EU1 regions no longer need to specify their base_url as this value is auto-discovered as part of the authentication process.

Please note: USGOV1 users will still need to provide this value.

Short nameBase URLAuto discovery support?
US1https://api.crowdstrike.comYes
US2https://api.us-2.crowdstrike.comYes
EU1https://api.eu-1.crowdstrike.comYes
USGOV1https://api.laggar.gcw.crowdstrike.comNo

You may provide your base URL with or without the https:// protocol specification.

Service Class examples

Specifying EU1 using the full Base URL.

from falconpy import Recon

falcon = Recon(client_id=CLIENT_ID,
               client_secret=CLIENT_SECRET,
               base_url="https://api.eu-1.crowdstrike.com"
               )

response = falcon.query_rules(limit=100, q="search-string")
print(response)

Specifying US2 using the short name.

from falconpy import Recon

falcon = Recon(client_id=CLIENT_ID,
               client_secret=CLIENT_SECRET,
               base_url="us2"
               )

response = falcon.query_rules(limit=100, q="search-string")
print(response)

Uber Class examples

Specifying EU1 using the full Base URL.

from falconpy import APIHarness

falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET,
                    base_url="https://api.eu-1.crowdstrike.com"
                    )
PARAMS = {
    "limit": 100,
    "q": "search-string"
}

result = falcon.command("QueryRulesV1", parameters=PARAMS)
print(result)

Specifying US2 using the short name.

from falconpy import APIHarness

falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET,
                    base_url="us2"
                    )

# This example also demonstrates Parameter Abstraction within the Uber Class (v0.8.0+)
result = falcon.command("QueryRulesV1", limit=100, q="search-string")
print(result)

Proxy

For scenarios where you wish to route API request traffic through a proxy, or list of proxies, the proxy keyword may be utilized.

Service Class example

from falconpy import Detects

falcon = Detects(client_id=CLIENT_ID,
                 client_secret=CLIENT_SECRET,
                 proxy={"http": "http://myproxy:8888",
                        "https": "https://myotherproxy:8080"
                        }
                 )

# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_detects()
print(result)

Uber Class example

from falconpy import APIHarness

falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET,
                    proxy={"http": "http://myproxy:8888",
                           "https": "https://myotherproxy:8080"
                           }
                    )

result = falcon.command("QueryDetects")
print(result)

SSL Verify

For environments where SSL verification cannot be performed at the application layer, you may disable SSL verification when creating your instance of the class using the ssl_verify keyword.

When not specifically disabled, SSL Verification defaults to True when creating an instance of any class.

Service Class example

from falconpy import Hosts

falcon = Hosts(client_id=CLIENT_ID,
               client_secret=CLIENT_SECRET,
               ssl_verify=False
               )

# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_devices_by_filter()
print(result)

Uber Class example

from falconpy import APIHarness

falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET,
                    ssl_verify=False
                    )

result = falcon.command("QueryDevicesByFilter")
print(result)

Timeout

The timeout keyword can be used to specify timeouts for connect and read, or the entire operation.

Service Class examples

Specifying a global timeout for the entire operation.

# Times out after thirty seconds for the entire operation
from falconpy import CloudConnectAWS

falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET,
                         timeout=30
                         )

# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_aws_accounts()
print(result)

Specifying individual timeouts for connect and read operations.

# Times out after 3 seconds for connect and 27 seconds for read
from falconpy import CloudConnectAWS

falcon = CloudConnectAWS(client_id=CLIENT_ID,
                   client_secret=CLIENT_SECRET
                   timeout=(3.05,26.95)
                   )

# You can use PEP8 or Operation ID syntax for this call
result = falcon.QueryAWSAccounts()
print(result)

Uber Class examples

Specifying a global timeout for the entire operation.

# Times out after thirty seconds for the entire operation
from falconpy import APIHarness

falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET,
                    timeout=30
                    )

result = falcon.command("QueryAWSAccounts")
print(result)

Specifying individual timeouts for connect and read operations.

# Times out after 3 seconds for connect and 27 seconds for read
from falconpy import APIHarness

falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET,
                    timeout=(3.05,26.95)
                    )

result = falcon.command("QueryAWSAccounts")
print(result)

User-Agent

Using the user_agent keyword, a custom string may be specified for the User-Agent HTTP request header. This allows developers to properly identify their integrations as per CrowdStrike documented best practice.

Service Class example

from falconpy import CloudConnectAWS

falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET,
                         user_agent="company-productname/1.0"
                         )

# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_aws_accounts()
print(result)

Uber Class example

from falconpy import APIHarness

falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET,
                    user_agent="company-productname/1.0"
                    )

result = falcon.command("QueryAWSAccounts")
print(result)

Renew Window

The token renewal window is designed to allow developers to specify the amount of time to use for a buffer between token expiration and automatic token renewal. This value is represented by an integer and expressed in seconds. The minimum allowed value is 120 and the maximum allowed value is 1200 with 120 being the default.

Service Class example

from falconpy import CloudConnectAWS

falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET,
                         renew_window=180
                         )

# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_aws_accounts()
print(result)

Uber Class example

from falconpy import APIHarness

falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET,
                    renew_window=300
                    )

result = falcon.command("QueryAWSAccounts")
print(result)

Extended Headers

You can provided additional headers that will be included in all requests made to the API by providing the ext_headers keyword. Values should be provided to the Service Class constructor as a dictionary.

This keyword is not supported in the Uber Class as the Uber Class already supports providing custom headers using the headers keyword within the command method.

from falconpy import Hosts

falcon = Hosts(client_id=CLIENT_ID,
               client_secret=CLIENT_SECRET,
               ext_headers={"X-SOME-HEADER", "Value"}
               )

result = falcon.query_devices_by_filter_scroll()
print(result)