-
Notifications
You must be signed in to change notification settings - Fork 119
D4C Registration
This service collection has been superseded by the D4CRegistration service collection and is now deprecated. Developers should move code over to use the new operations available within the updated collection.
Operation ID | Description | ||||
---|---|---|---|---|---|
|
Returns information about the current status of an AWS account. | ||||
|
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. | ||||
|
Deletes an existing AWS account or organization in our system. | ||||
|
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. | ||||
|
Return information about Azure account registration | ||||
|
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. | ||||
|
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their Azure environment | ||||
|
Returns information about the current status of an GCP account. | ||||
|
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. | ||||
|
Returns JSON object(s) that contain the base64 encoded certificate for a service principal. | ||||
|
Return all available Azure tenant IDs. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their GCP environment | ||||
|
Returns static install scripts for Horizon. | ||||
|
Deletes a GCP account from the system. | ||||
|
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id | ||||
|
Returns the service account id and client email for external clients. | ||||
|
Updates an existing GCP service account. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment |
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Returns information about the current status of an AWS account.
This operation has been superseded by the GetCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
get_aws_account
Method | Route |
---|---|
/cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | AWS account ID(s). When empty, all accounts are returned. |
organization_ids |
|
|
query | string or list of strings | AWS organization ID(s). |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
scan_type |
|
|
query | string | Type of scan to perform, dry or full . |
status |
|
|
query | string | Account status to filter results by. |
limit |
|
|
query | integer | The maximum number of records to return. Defaults to 100. |
offset |
|
|
query | integer | The offset to start retrieving records from. |
migrated |
|
|
query | boolean | Only return migrated accounts. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_account(scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated="string",
ids=id_list
)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetD4CAwsAccount(scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated="string",
ids=id_list
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetD4CAwsAccount",
scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated=boolean,
ids=id_list
)
print(response)
Back to Table of Contents
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
This operation has been superseded by the CreateCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
create_aws_account
Method | Route |
---|---|
/cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id |
|
|
body | string | AWS account ID. |
account_type |
|
|
body | string | AWS account type. |
body |
|
|
body | dictionary | Full body payload in JSON format. |
cloudtrail_region |
|
|
body | string | AWS region for CloudTrail access. |
iam_role_arn |
|
|
body | string | AWS IAM Role ARN. |
is_master |
|
|
body | boolean | Flag indicating if this is the master account. |
organization_id |
|
|
body | string | AWS organization ID. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_aws_account(account_id="string",
account_type="string",
cloudtrail_region="string",
iam_role_arn="string",
is_master=boolean,
organization_id="string"
)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateD4CAwsAccount(account_id="string",
account_type="string",
cloudtrail_region="string",
iam_role_arn="string",
is_master=boolean,
organization_id="string"
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"account_type": "string",
"cloudtrail_region": "string",
"iam_role_arn": "string",
"is_master": boolean,
"organization_id": "string"
}
]
}
response = falcon.command("CreateD4CAwsAccount", body=BODY)
print(response)
Back to Table of Contents
Deletes an existing AWS account or organization in our system.
This operation has been superseded by the DeleteCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
delete_aws_account
Method | Route |
---|---|
/cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | AWS account ID(s). |
organization_ids |
|
|
query | string or list of strings | AWS organization ID(s). |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_account(organization_ids=["string", "string"], ids=id_list)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteD4CAwsAccount(organization_ids=["string", "string"], ids=id_list)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"organization-ids": [
"string",
"string"
]
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteD4CAwsAccount",
organization_ids=["string", "string"],
ids=id_list
)
print(response)
Back to Table of Contents
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
This operation has been superseded by the GetCSPMAwsConsoleSetupURLs operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
get_aws_console_setup
Method | Route |
---|---|
/cloud-connect-aws/entities/console-setup-urls/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
region |
|
|
query | string | AWS region to generate URL for. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_aws_console_setup(region="string")
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetD4CAwsConsoleSetupURLs(region="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetD4CAwsConsoleSetupURLs", region="string")
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
This operation has been superseded by the GetCSPMAwsAccountScriptsAttachment operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
get_aws_account_scripts
Method | Route |
---|---|
/cloud-connect-aws/entities/user-scripts-download/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
accounts |
|
|
query | string or list of strings | List of accounts to register. |
aws_profile |
|
|
query | string | The AWS profile to be used during registration. |
behavior_assessment_enabled |
|
|
query | string | Enable behavior assessment. Allowed values: true or false
|
custom_role_name |
|
|
query | string | The custom IAM role to be used during registration. |
ids |
|
|
query | string or list of strings | The AWS account ID(s) to retrieve script attachments. |
organization_id |
|
|
query | string or list of strings | The AWS organization ID to be registered. |
parameters |
|
|
query | dictionary | Full query string parameters payload as a dictionary. |
sensor_management_enabled |
|
|
query | string | Enable sensor management. Allowed values: true or false
|
template |
|
|
query | string | Template to be rendered. Allowed values: aws-bash or aws-terraform
|
use_existing_cloudtrail |
|
|
query | string | Use the existing cloudtrail log. Allowed values: true or false
|
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list = "AC1,AC2,AC3" # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3" # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
response = falcon.get_aws_account_scripts(accounts=account_list,
aws_profile="string",
behavior_assessment_enabled="string",
custom_role_name="string",
ids=id_list,
organization_id=org_id_list,
sensor_management_enabled="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list = "AC1,AC2,AC3" # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3" # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
response = falcon.GetD4CAWSAccountScriptsAttachment(accounts=account_list,
aws_profile="string",
behavior_assessment_enabled="string",
custom_role_name="string",
ids=id_list,
organization_id=org_id_list,
sensor_management_enabled="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list = "AC1,AC2,AC3" # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3" # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
response = falcon.command("GetD4CAWSAccountScriptsAttachment",
accounts=account_list,
aws_profile="string",
behavior_assessment_enabled="string",
custom_role_name="string",
ids=id_list,
organization_id=org_id_list,
sensor_management_enabled="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)
Back to Table of Contents
Return information about Azure account registration
This operation has been superseded by the GetCSPMAzureAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
get_azure_account
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMAzureAccount
Method | Route |
---|---|
/cloud-connect-azure/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Subscription ID(s). When empty, all accounts are returned. |
tenant_ids |
|
|
query | string or list of strings | Tenant IDs to use to filter Azure accounts returned. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
scan_type |
|
|
query | string | Type of scan to perform, dry or full . |
status |
|
|
query | string | Account status to filter results by. |
limit |
|
|
query | integer | The maximum number of records to return. Defaults to 100. |
offset |
|
|
query | integer | The offset to start retrieving records from. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.get_azure_account(scan_type="string",
ids=id_list,
tenant_ids=tenants,
status="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.GetDiscoverCloudAzureAccount(scan_type="string",
ids=id_list,
tenant_ids=tenants,
status="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.command("GetDiscoverCloudAzureAccount",
scan_type="string",
ids=id_list,
tenant_ids=tenants,
status="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
This operation has been superseded by the CreateCSPMAzureAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
create_azure_account
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
CreateCSPMAzureAccount
Method | Route |
---|---|
/cloud-connect-azure/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_type |
|
|
body | string | Azure account type. |
body |
|
|
body | dictionary | Full body payload in JSON format. |
client_id |
|
|
body | string | Client ID. |
default_subscription |
|
|
body | boolean | Flag indicating if this is the default Azure subscription. |
subscription_id |
|
|
body | string | Azure Subscription ID. |
tenant_id |
|
|
body | string | Azure tenant ID. |
years_valid |
|
|
body | integer | Years valid. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_account(account_type="string",
client_id="string",
default_subscription=boolean,
subscription_id="string",
tenant_id="string",
years_valid=integer
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateDiscoverCloudAzureAccount(account_type="string",
client_id="string",
default_subscription=boolean,
subscription_id="string",
tenant_id="string",
years_valid=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_type": "string",
"client_id": "string",
"default_subscription": boolean,
"subscription_id": "string",
"tenant_id": "string",
"years_valid": integer
}
]
}
response = falcon.command("CreateDiscoverCloudAzureAccount", body=BODY)
print(response)
Back to Table of Contents
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
This operation has been superseded by the UpdateCSPMAzureAccountClientID operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
update_azure_account_client_id
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
UpdateCSPMAzureAccountClientID
Method | Route |
---|---|
/cloud-connect-azure/entities/client-id/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | Client ID to use for the Service Principal associated with the registered Azure account. |
object_id |
|
|
query | string | Object ID to use for the Service Principal associated with the registered Azure account. |
tenant_id |
|
|
query | string | Tenant ID to update Client ID for. Required if multiple tenants are registered. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_account_client_id(id="string",
object_id="string",
tenant_id="string"
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateDiscoverCloudAzureAccountClientID(id="string",
object_id="string",
tenant_id="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UpdateDiscoverCloudAzureAccountClientID",
id="string",
object_id="string",
tenant_id="string"
)
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
This operation has been superseded by the GetCSPMAzureUserScriptsAttachment operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
get_azure_user_scripts_attachment
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMAzureUserScriptsAttachment
Method | Route |
---|---|
/cloud-connect-azure/entities/user-scripts-download/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
azure_management_group |
|
|
query | boolean | Use Azure Management Group. |
subscription_ids |
|
|
query | string or list of strings | Azure Subscription IDs. |
template |
|
|
query | string or list of strings | Template to be rendered. |
tenant_id |
|
|
query | string | Azure Tenant IDs. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.get_azure_user_scripts_attachment(subscription_ids=subscriptions,
azure_management_group=True,
tenant_id=tenants,
template="string"
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.GetDiscoverCloudAzureUserScriptsAttachment(subscription_ids=subscriptions,
azure_management_group=True,
tenant_id=tenants,
template="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.command("GetDiscoverCloudAzureUserScriptsAttachment",
subscription_ids=subscriptions,
azure_management_group=True,
tenant_id=tenants,
template="string"
)
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their Azure environment
get_azure_user_scripts
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMAzureUserScripts
Method | Route |
---|---|
/cloud-connect-azure/entities/user-scripts/v1 |
- Consumes: application/json
- Produces: application/json
No keywords or arguments accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_azure_user_scripts()
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDiscoverCloudAzureUserScripts()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDiscoverCloudAzureUserScripts")
print(response)
Back to Table of Contents
Returns information about the current status of an GCP account.
get_gcp_account
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMCGPAccount
Method | Route |
---|---|
/cloud-connect-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Parent ID(s). When empty, all accounts are returned. |
limit |
|
|
query | integer | The maximum number of records to return. Defaults to 100. |
offset |
|
|
query | integer | The offset to start retrieving records from. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
parent_type |
|
|
query | string | GCP Hierarchy Parent Type. (Folder , Organization or Project ). |
scan_type |
|
|
query | string | Type of scan to perform, dry or full . |
sort |
|
|
query | string |
FQL formatted string that sets the sort order. Example: parent_type|asc . |
status |
|
|
query | string | Account status to filter results by. operational or provisioned . |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_gcp_account(ids=id_list,
limit=integer,
scan_type="string",
offset=integer,
parent_type="string",
sort="string",
status="string"
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetDiscoverCloudCGPAccount(ids=id_list,
limit=integer,
scan_type="string",
offset=integer,
parent_type="string",
sort="string",
status="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetDiscoverCloudCGPAccount",
ids=id_list,
limit=integer,
scan_type="string",
offset=integer,
parent_type="string",
sort="string",
status="string"
)
print(response)
Back to Table of Contents
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
create_gcp_account
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
CreateCSPMGCPAccount
Method | Route |
---|---|
/cloud-connect-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
parent_id |
|
|
body | string | GCP Parent ID. |
parent_type |
|
|
query | string | GCP Hierarchy Parent Type. (Folder , Organization or Project ). |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_gcp_account(parent_id="string", parent_type="string")
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateDiscoverCloudGCPAccount(parent_id="string", parent_type="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"parent_id": "string",
"parent_type": "string"
}
]
}
response = falcon.command("CreateDiscoverCloudGCPAccount", body=BODY)
print(response)
Back to Table of Contents
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
This operation has been superseded by the AzureDownloadCertificate operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
azure_download_certificate
Method | Route |
---|---|
/cloud-connect-azure/entities/download-certificate/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
refresh |
|
|
query | boolean | Force a refresh of the certificate. Defaults to False . |
tenant_id |
|
|
query | string or list of strings | The Azure Client ID to generate script for. Defaults to the most recently registered tenant. |
years_valid |
|
|
body | integer | Years the certificate should be valid. Only used when refresh is set to True. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.azure_download_certificate(refresh=boolean,
tenant_id="string",
years_valid=integer
)
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DiscoverCloudAzureDownloadCertificate(refresh=boolean,
tenant_id="string",
years_valid=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DiscoverCloudAzureDownloadCertificate",
refresh=boolean,
tenant_id="string",
years_valid=integer
)
print(response)
Back to Table of Contents
Return available tenant ids for discover for cloud
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
get_azure_tenant_ids
Method | Route |
---|---|
/cloud-connect-azure/entities/tenant-id/v1 |
- Produces: application/json
No keywords or arguments accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_azure_tenant_ids()
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDiscoverCloudAzureTenantIDs()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDiscoverCloudAzureTenantIDs")
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
get_gcp_user_scripts_attachment
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMGCPUserScriptsAttachment
Method | Route |
---|---|
/cloud-connect-gcp/entities/user-scripts-download/v1 |
- Produces: application/json
No keywords or arguments are accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_user_scripts_attachment()
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDiscoverCloudGCPUserScriptsAttachment()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDiscoverCloudCPUserScriptsAttachment")
print(response)
Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their GCP environment.
get_gcp_user_scripts
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMGCPUserScripts
Method | Route |
---|---|
/cloud-connect-gcp/entities/user-scripts/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
parent_type |
|
|
query | string | GCP Hierarchy Parent Type. (Folder , Organization or Project ). |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_user_scripts(parent_type="string")
print(response)
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDiscoverCloudGCPUserScripts(parent_type="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDiscoverCloudGCPUserScripts", parent_type="string")
print(response)
Back to Table of Contents
Returns static install scripts for Horizon.
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
get_aws_horizon_scripts
Method | Route |
---|---|
/settings-discover/entities/gen/scripts/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_type |
|
|
query | string | Account type (commercial, gov). Only applicable when registering AWS commercial accounts in a GovCloud environment. |
delete |
|
|
query | boolean | Generate a delete script. |
organization_ids |
|
|
query | string or list of strings | AWS organization ID(s). |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
single_account |
|
|
query | boolean | Generate a static script for a single account. |
from falconpy.d4c_registration import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_aws_horizon_scripts(single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetHorizonD4CScripts(single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetHorizonD4CScripts",
single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)
Back to Table of Contents
Deletes a GCP account from the system.
delete_gcp_account
Method | Route |
---|---|
/cloud-connect-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Hierarchical Resource IDs of accounts to delete. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_gcp_account(ids=id_list)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteD4CGCPAccount(ids=id_list)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteD4CGCPAccount", ids=id_list)
print(response)
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id
, parent_type
and service_account_id
.
connect_gcp_account
Method | Route |
---|---|
/cloud-connect-gcp/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
client_email |
|
|
body | string | GCP client email. |
client_id |
|
|
body | string | GCP client ID. |
parent_id |
|
|
body | string | Parent ID. |
parent_type |
|
|
body | string | Parent type. |
private_key |
|
|
body | string | GCP private key. |
private_key_id |
|
|
body | string | GCP private key ID. |
project_id |
|
|
body | string | GCP project ID. |
service_account_id |
|
|
body | integer | GCP service account ID. |
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.connect_gcp_account(client_email="string",
client_id="string",
parent_id="string",
parent_type="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_id=integer
)
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ConnectD4CGCPAccount(client_email="string",
client_id="string",
parent_id="string",
parent_type="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_id=integer
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"client_email": "string",
"client_id": "string",
"parent_id": "string",
"parent_type": "string",
"private_key": "string",
"private_key_id": "string",
"project_id": "string",
"service_account_id": integer
}
]
}
response = falcon.command("ConnectD4CGCPAccount", body=body_payload)
print(response)
Returns the service account id and client email for external clients.
get_gcp_service_account
Method | Route |
---|---|
/cloud-connect-gcp/entities/service-accounts/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | Service account ID to retrieve. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_service_account(id="string")
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetD4CGCPServiceAccountsExt(id="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetD4CGCPServiceAccountsExt", id="string")
print(response)
Updates an existing GCP service account.
update_gcp_service_account
Method | Route |
---|---|
/cloud-connect-gcp/entities/service-accounts/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
client_email |
|
|
body | string | Client email associated with the account. |
client_id |
|
|
body | string | GCP Client ID. |
private_key |
|
|
body | string | GCP private key. |
private_key_id |
|
|
body | string | GCP private key ID. |
project_id |
|
|
body | string | GCP project ID. |
service_account_conditions |
|
|
body | list of dictionaries | GCP service account conditions. |
service_account_id |
|
|
body | integer | GCP service account ID. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions = [
{
"feature": "string",
"is_visible": boolean,
"last_transition": "UTC date string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
]
response = falcon.update_gcp_service_account(client_email="string",
client_id="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_conditions=conditions,
service_account_id=integer
)
print(response)
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions = [
{
"feature": "string",
"is_visible": boolean,
"last_transition": "UTC date string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
]
response = falcon.UpdateD4CGCPServiceAccountsExt(client_email="string",
client_id="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_conditions=conditions,
service_account_id=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"client_email": "string",
"client_id": "string",
"private_key": "string",
"private_key_id": "string",
"project_id": "string",
"service_account_conditions": [
{
"feature": "string",
"is_visible": boolean,
"last_transition": "UTC date string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
],
"service_account_id": integer
}
]
}
response = falcon.command("UpdateD4CGCPServiceAccountsExt", body=body_payload)
print(response)
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
get_gcp_user_scripts_attachment
Method | Route |
---|---|
/cloud-connect-gcp/entities/user-scripts-download/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Hierarchical Resource IDs of accounts. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
parent_type |
|
|
query | string | GCP Hierarchy Parent Type. Allowed values: organization , folder or project
|
status |
|
|
query | string | Account status to filter results by. |
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_gcp_user_scripts_attachment(parent_type="string", ids=id_list, status="string")
print(response)
from falconpy import D4CRegistration
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetD4CGCPUserScriptsAttachment(parent_type="string",
ids=id_list,
status="string"
)
print(response)
from falconpy import APIHarness
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetD4CGCPUserScriptsAttachment",
parent_type="string",
ids=id_list,
status="string"
)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust