Skip to content

FileVantage

jshcodes edited this page Jul 15, 2024 · 12 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Using the Filevantage service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
getActionsMixin0
PEP8 get_actions
Retrieves the processing results for one or more actions.
startActions
PEP8 start_actions
Initiates the specified action on the provided change IDs.
getContents
PEP8 get_contents
Retrieves the content captured for the provided change ID.
getChanges
PEP8 get_changes
Retrieve information on changes
updatePolicyHostGroups
PEP8 update_policy_host_groups
Manage host groups assigned to a policy.
updatePolicyPrecedence
PEP8 update_policy_precedence
Updates the policy precedence for all policies of a specific type.
updatePolicyRuleGroups
PEP8 update_policy_rule_groups
Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.
getPolicies
PEP8 get_policies
Retrieves the configuration for 1 or more policies.
createPolicies
PEP8 create_policy
Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.
deletePolicies
PEP8 delete_policies
Deletes 1 or more policies.
updatePolicies
PEP8 update_policies
Updates the general information of the provided policy.
getScheduledExclusions
PEP8 get_scheduled_exclusions
Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.
createScheduledExclusions
PEP8 create_scheduled_exclusions
Creates a new scheduled exclusion configuration for the provided policy id.
deleteScheduledExclusions
PEP8 delete_scheduled_exclusions
Deletes 1 or more scheduled exclusions from the provided policy id.
updateScheduledExclusions
PEP8 update_scheduled_exclusions
Updates the provided scheduled exclusion configuration within the provided policy.
updateRuleGroupPrecedence
PEP8 update_rule_group_precedence
Updates the rule precedence for all rules in the identified rule group.
getRules
PEP8 get_rules
Retrieves the configuration for 1 or more rules.
createRules
PEP8 create_rule
Creates a new rule configuration within the specified rule group.
deleteRules
PEP8 delete_rules
Deletes 1 or more rules from the specified rule group.
updateRules
PEP8 update_rule
Updates the provided rule configuration within the specified rule group.
getRuleGroups
PEP8 get_rule_groups
Retrieves the rule group details for 1 or more rule groups.
createRuleGroups
PEP8 create_rule_group
Creates a new rule group of the specified type.
deleteRuleGroups
PEP8 delete_rule_groups
Deletes 1 or more rule groups
updateRuleGroups
PEP8 update_rule_group
Updates the provided rule group.
signalChangesExternal
PEP8 signal_changes
Initiates a workflow for the provided change IDs.
queryActionsMixin0
PEP8 query_actions
Returns 1 or more action ids
queryChanges
PEP8 query_changes
Returns 1 or more change ids
highVolumeQueryChanges
PEP8 query_changes_scroll
Returns 1 or more change ids
queryPolicies
PEP8 query_policies
Retrieve the ids of all policies that are assigned the provided policy type.
queryScheduledExclusions
PEP8 query_scheduled_exclusions
Retrieve the ids of all scheduled exclusions contained within the provided policy id.
queryRuleGroups
PEP8 query_rule_groups
Retrieve the ids of all rule groups that are of the provided rule group type.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

getActionsMixin0

Retrieves the processing results for one or more actions

PEP8 method name

get_actions

Endpoint

Method Route
GET /filevantage/entities/actions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings One or more change ids. The maximum number of ids that can be requested at once is 500.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_actions(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getActionsMixin0(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getActionsMixin0", ids=id_list)
print(response)

startActions

Initiates the specified action on the provided change IDs.

PEP8 method name

start_actions

Endpoint

Method Route
POST /filevantage/entities/actions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body list of dictionaries Full body payload in JSON format.
change_ids
Service Class Support

Uber Class Support
body string or list of strings The IDs of the changes the operation will perform. Maximum of 100 IDs per action.
comment
Service Class Support

Uber Class Support
body string Optional comment to describe reason for action.
operation
Service Class Support

Uber Class Support
body string Operation to perform. Must be one of:
  • suppress
  • unsuppress
  • purge

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

change_id_list = "ID1,ID2,ID3"  # Can also pass a list here ["ID1", "ID2", "ID3"]

response = falcon.start_actions(change_ids=change_id_list,
                                comment="string",
                                operation="string"
                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

change_id_list = "ID1,ID2,ID3"  # Can also pass a list here ["ID1", "ID2", "ID3"]

response = falcon.startActions(change_ids=change_id_list,
                               comment="string",
                               operation="string"
                               )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

change_id_list = "ID1,ID2,ID3"  # Can also pass a list here ["ID1", "ID2", "ID3"]

body_payload = {
  "change_ids": change_id_list,
  "comment": "string",
  "operation": "string"
}

response = falcon.command("startActions", body=body_payload)

print(response)

getContents

Retrieves the content captured for the provided change ID.

PEP8 method name

get_contents

Endpoint

Method Route
GET /filevantage/entities/change-content/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
compress
Service Class Support

Uber Class Support
query boolean Compress the response using gzip. Defaults to False.
id
Service Class Support

Uber Class Support
query string ID of the change.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.get_contents(compress=boolean, id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.getContents(compress=boolean, id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("getActionsMixin0", compress=boolean, ids="string")

print(response)

getChanges

Retrieve information on changes

PEP8 method name

get_changes

Endpoint

Method Route
GET /filevantage/entities/changes/v2

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings One or more change ids. The maximum number of ids that can be requested at once is 500.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_changes(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getChanges(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getChanges", ids=id_list)
print(response)

updatePolicyHostGroups

Manage host groups assigned to a policy.

PEP8 method name

update_policy_host_groups

Endpoint

Method Route
PATCH /filevantage/entities/policies-host-groups/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
policy_id
Service Class Support

Uber Class Support
query string The id of the policy for which to perform the action.
action
Service Class Support

Uber Class Support
query string The action to perform with the provided ids, must be one of: assign or unassign.
ids
Service Class Support

Uber Class Support
query string or list of strings One or more host group ids.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_policy_host_groups(policy_id="string", action="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updatePolicyHostGroups(policy_id="string", action="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updatePolicyHostGroups",
                          policy_id="string",
                          action="string",
                          ids=id_list
                          )
print(response)

updatePolicyPrecedence

Updates the policy precedence for all policies of a specific type.

PEP8 method name

update_policy_precedence

Endpoint

Method Route
PATCH /filevantage/entities/policies-precedence/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Precedence of the policies for the provided type. Precedence is determined by element position within the provided list.
type
Service Class Support

Uber Class Support
query string The policy type for which to set the precedence order, must be one of Windows, Linux or Mac.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_policy_precedence(type="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updatePolicyPrecedence(type="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updatePolicyPrecedence", type="string", ids=id_list)
print(response)

updatePolicyRuleGroups

Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.

PEP8 method name

update_policy_rule_groups

Endpoint

Method Route
PATCH /filevantage/entities/policies-rule-groups/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
policy_id
Service Class Support

Uber Class Support
query string The id of the policy for which to perform the action.
action
Service Class Support

Uber Class Support
query string The action to perform with the provided ids, must be one of: assign, unassign, or precedence.
ids
Service Class Support

Uber Class Support
query string or list of strings One or more rule group ids. Note, for the precedence action, precedence is controlled by the order of the ids as they are specified in the request.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_policy_rule_groups(policy_id="string", action="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updatePolicyRuleGroups(policy_id="string", action="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updatePolicyRuleGroups",
                          policy_id="string",
                          action="string",
                          ids=id_list
                          )
print(response)

getPolicies

Retrieves the configuration for 1 or more policies.

PEP8 method name

get_policies

Endpoint

Method Route
GET /filevantage/entities/policies/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings One or more (up to 500) policy IDs.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policies(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getPolicies(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getPolicies", ids=id_list)

print(response)

createPolicies

Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.

PEP8 method name

create_policy

Endpoint

Method Route
POST /filevantage/entities/policies/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body list of dictionaries Full body payload in JSON format.
description
Service Class Support

Uber Class Support
body string The policy description (Max: 500 characters)
name
Service Class Support

Uber Class Support
body string Name of the policy (Max: 100 characters)
platform
Service Class Support

Uber Class Support
body string Policy platform. Must be one of:
  • Windows
  • Linux
  • Mac

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.create_policy(description="string",
                                name="string",
                                platform="string"
                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.createPolicies(description="string",
                                 name="string",
                                 platform="string"
                                 )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "name": "string",
    "platform": "string"
}

response = falcon.command("createPolicies", body=body_payload)

print(response)

deletePolicies

Deletes 1 or more policies.

PEP8 method name

delete_policies

Endpoint

Method Route
DELETE /filevantage/entities/policies/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings One or more (up to 500) policy IDs.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deletePolicies(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deletePolicies", ids=id_list)

print(response)

updatePolicies

Updates the general information of the provided policy.

PEP8 method name

update_policies

Endpoint

Method Route
PATCH /filevantage/entities/policies/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body list of dictionaries Full body payload in JSON format.
description
Service Class Support

Uber Class Support
body string The policy description (Max: 500 characters)
id
Service Class Support

Uber Class Support
body string The ID of the policy to be updated
name
Service Class Support

Uber Class Support
body string Name of the policy (Max: 100 characters)
enabled
Service Class Support

Uber Class Support
body boolean Policy enablement status.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.update_policies(description="string",
                                  id="string",
                                  name="string",
                                  enabled=boolean
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.updatePolicies(description="string",
                                 id="string",
                                 name="string",
                                 enabled=boolean
                                 )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "id": "string",
    "name": "string",
    "enabled": boolean
}

response = falcon.command("updatePolicies", body=body_payload)

print(response)

getScheduledExclusions

Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.

PEP8 method name

get_scheduled_exclusions

Endpoint

Method Route
GET /filevantage/entities/policy-scheduled-exclusions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
policy_id
Service Class Support

Uber Class Support
query string The id of the policy to retrieve the scheduled exclusion configurations.
ids
Service Class Support

Uber Class Support
query string or list of strings One or more (up to 500) scheduled exclusion IDs.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_scheduled_exclusions(policy_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getScheduledExclusions(policy_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getScheduledExclusions", policy_id="string", ids=id_list)
print(response)

createScheduledExclusions

Creates a new scheduled exclusion configuration for the provided policy id.

PEP8 method name

create_scheduled_exclusions

Endpoint

Method Route
POST /filevantage/entities/policy-scheduled-exclusions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body list of dictionaries Full body payload in JSON format.
description
Service Class Support

Uber Class Support
body string The scheduled exclusion description (Max: 500 characters)
name
Service Class Support

Uber Class Support
body string Name of the scheduled exclusion (Max: 100 characters)
policy_id
Service Class Support

Uber Class Support
body string ID of the policy the schedule exclusion is assigned.
users
Service Class Support

Uber Class Support
body string Comma-delimited list of users to not monitor changes. (Max: 500 characters).

Example: admin* excludes changes made by all usernames that begin with admin.

Supports Falcon GLOB syntax
processes
Service Class Support

Uber Class Support
body string Comma-delimited list of processes to not monitor changes. (Max: 500 characters).

Example: **\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.
schedule_start
Service Class Support

Uber Class Support
body string Indicates the start of the schedule. (RFC3339 format)
schedule_end
Service Class Support

Uber Class Support
body string Indicates the end of the schedule. (RFC3339 format)

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.create_scheduled_exclusions(description="string",
                                              name="string",
                                              policy_id="string",
                                              users="string",
                                              processes="string",
                                              schedule_start="string",
                                              schedule_end="string"
                                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.createScheduledExclusions(description="string",
                                            name="string",
                                            policy_id="string",
                                            users="string",
                                            processes="string",
                                            schedule_start="string",
                                            schedule_end="string"
                                            )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
body_payload = {
    "description": "string",
    "name": "string",
    "policy_id": "string",
    "processes": "string",
    "schedule_end": "string",
    "schedule_start": "string",
    "users": "string"
}

response = falcon.command("createScheduledExclusions", body=body_payload)

print(response)

deleteScheduledExclusions

Deletes 1 or more scheduled exclusions from the provided policy id.

PEP8 method name

delete_scheduled_exclusions

Endpoint

Method Route
DELETE /filevantage/entities/policy-scheduled-exclusions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
policy_id
Service Class Support

Uber Class Support
query string ID of the policy to delete the scheduled exclusions from.
ids
Service Class Support

Uber Class Support
query string or list of strings One or more (up to 500) scheduled exclusion IDs.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_scheduled_exclusions(policy_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteScheduledExclusions(policy_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteScheduledExclusions", policy_id="string", ids=id_list)
print(response)

updateScheduledExclusions

Updates the provided scheduled exclusion configuration within the provided policy.

PEP8 method name

update_scheduled_exclusions

Endpoint

Method Route
PATCH /filevantage/entities/policy-scheduled-exclusions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body list of dictionaries Full body payload in JSON format.
description
Service Class Support

Uber Class Support
body string The scheduled exclusion description (Max: 500 characters)
id
Service Class Support

Uber Class Support
body string ID of the scheduled exclusion to update.
name
Service Class Support

Uber Class Support
body string Name of the scheduled exclusion (Max: 100 characters)
policy_id
Service Class Support

Uber Class Support
body string ID of the policy the schedule exclusion is assigned.
users
Service Class Support

Uber Class Support
body string Comma-delimited list of users to not monitor changes. (Max: 500 characters).

Example: admin* excludes changes made by all usernames that begin with admin.

Supports Falcon GLOB syntax
processes
Service Class Support

Uber Class Support
body string Comma-delimited list of processes to not monitor changes. (Max: 500 characters).

Example: **\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location.
schedule_start
Service Class Support

Uber Class Support
body string Indicates the start of the schedule. (RFC3339 format)
schedule_end
Service Class Support

Uber Class Support
body string Indicates the end of the schedule. (RFC3339 format)
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.update_scheduled_exclusions(description="string",
                                              name="string",
                                              id="string",
                                              policy_id="string",
                                              users="string",
                                              processes="string",
                                              schedule_start="string",
                                              schedule_end="string"
                                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.updateScheduledExclusions(description="string",
                                            name="string",
                                            id="string",
                                            policy_id="string",
                                            users="string",
                                            processes="string",
                                            schedule_start="string",
                                            schedule_end="string"
                                            )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "id": "string",
    "name": "string",
    "policy_id": "string",
    "processes": "string",
    "schedule_end": "string",
    "schedule_start": "string",
    "users": "string"
}

response = falcon.command("updateScheduledExclusions", body=body_payload)

print(response)

updateRuleGroupPrecedence

Updates the rule precedence for all rules in the identified rule group.

PEP8 method name

update_rule_group_precedence

Endpoint

Method Route
PATCH /filevantage/entities/rule-groups-rule-precedence/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
rule_group_id
Service Class Support

Uber Class Support
query string Rule group from which to set the precedence.
ids
Service Class Support

Uber Class Support
query string or list of strings One or more (up to 500) rule group IDs.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_rule_group_precedence(rule_group_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.updateRuleGroupPrecedence(rule_group_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("updateRuleGroupPrecedence", rule_group_id="string", ids=id_list)
print(response)

getRules

Retrieves the configuration for 1 or more rules.

PEP8 method name

get_rules

Endpoint

Method Route
GET /filevantage/entities/rule-groups-rules/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
rule_group_id
Service Class Support

Uber Class Support
query string Rule group from which to retrieve the rule configuration.
ids
Service Class Support

Uber Class Support
query string or list of strings One or more (up to 500) rule IDs.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_rules(rule_group_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getRules(rule_group_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getRules", rule_group_id="string", ids=id_list)
print(response)

createRules

Creates a new rule configuration within the specified rule group.

PEP8 method name

create_rule

Endpoint

Method Route
POST /filevantage/entities/rule-groups-rules/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body list of dictionaries Full body payload in JSON format.
description
Service Class Support

Uber Class Support
body string The rule description (Max: 500 characters)
rule_group_id
Service Class Support

Uber Class Support
body string Group ID containing the group configuration.
path
Service Class Support

Uber Class Support
body string The file system or registry path to monitor. (Max: 250 characters)

All paths must end with the path separator,
e.g. \ (Windows) or / (Linux/MacOS)
severity
Service Class Support

Uber Class Support
body string To categorize change events produced by this rule. Allowed values:
  • Low
  • Medium
  • High
  • Critical
depth
Service Class Support

Uber Class Support
body string Recursion levels below the base path to monitor (1 - 5, or ANY).
precedence
Service Class Support

Uber Class Support
body integer The order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result in this rule being placed before the existing rule.
include
Service Class Support

Uber Class Support
body string The files, directories, registry keys, or registry values that will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported
exclude
Service Class Support

Uber Class Support
body string The files, directories, registry keys, or registry values that will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported
include_users
Service Class Support

Uber Class Support
body string The changes performed by these specific users will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
exclude_users
Service Class Support

Uber Class Support
body string The changes performed by these specific users will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
include_processes
Service Class Support

Uber Class Support
body string The changes performed by these specific processes will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
exclude_processes
Service Class Support

Uber Class Support
body string The changes performed by these specific processes will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
content_files
Service Class Support

Uber Class Support
body string The files whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
content_registry_values
Service Class Support

Uber Class Support
body string The registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
enable_content_capture
Service Class Support

Uber Class Support
body boolean Enable content capturing.
enable_hash_capture
Service Class Support

Uber Class Support
body boolean Enable hash capturing.
watch_create_directory_changes
Service Class Support

Uber Class Support
body boolean File system directory monitoring.
watch_delete_directory_changes
Service Class Support

Uber Class Support
body boolean File system directory monitoring.
watch_rename_directory_changes
Service Class Support

Uber Class Support
body boolean File system directory monitoring.
watch_attributes_directory_changes
Service Class Support

Uber Class Support
body boolean File system directory monitoring.

MacOS is not supported at this time
watch_permissions_directory_changes
Service Class Support

Uber Class Support
body boolean File system directory monitoring.

MacOS is not supported at this time
watch_create_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.
watch_delete_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.
watch_write_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.
watch_rename_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.
watch_attributes_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.

MacOS is not supported at this time
watch_permissions_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.

MacOS is not supported at this time
watch_create_key_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.
watch_delete_key_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.
watch_permissions_key_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value permissions monitoring.
watch_set_value_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.
watch_delete_value_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.
watch_rename_key_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.
watch_create_file_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.create_rule(depth="string",
                              description="string",
                              exclude="string",
                              exclude_processes="string",
                              exclude_users="string",
                              include="string",
                              include_processes="string",
                              include_users="string",
                              path="string",
                              precedence=integer,
                              rule_group_id="string",
                              severity="string",
                              content_files="string",
                              content_registry_values="string",
                              enable_content_capture=boolean,
                              enable_hash_capture=boolean,
                              watch_attributes_directory_changes=boolean,
                              watch_attributes_file_changes=boolean,
                              watch_create_directory_changes=boolean,
                              watch_create_file_changes=boolean,
                              watch_create_key_changes=boolean,
                              watch_delete_directory_changes=boolean,
                              watch_delete_file_changes=boolean,
                              watch_delete_key_changes=boolean,
                              watch_delete_value_changes=boolean,
                              watch_permissions_directory_changes=boolean,
                              watch_permissions_file_changes=boolean,
                              watch_rename_directory_changes=boolean,
                              watch_rename_file_changes=boolean,
                              watch_rename_key_changes=boolean,
                              watch_set_value_changes=boolean,
                              watch_write_file_changes=boolean
                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.createRules(depth="string",
                              description="string",
                              exclude="string",
                              exclude_processes="string",
                              exclude_users="string",
                              include="string",
                              include_processes="string",
                              include_users="string",
                              path="string",
                              precedence=integer,
                              rule_group_id="string",
                              severity="string",
                              content_files="string",
                              content_registry_values="string",
                              enable_content_capture=boolean,
                              enable_hash_capture=boolean,
                              watch_attributes_directory_changes=boolean,
                              watch_attributes_file_changes=boolean,
                              watch_create_directory_changes=boolean,
                              watch_create_file_changes=boolean,
                              watch_create_key_changes=boolean,
                              watch_delete_directory_changes=boolean,
                              watch_delete_file_changes=boolean,
                              watch_delete_key_changes=boolean,
                              watch_delete_value_changes=boolean,
                              watch_permissions_directory_changes=boolean,
                              watch_permissions_file_changes=boolean,
                              watch_rename_directory_changes=boolean,
                              watch_rename_file_changes=boolean,
                              watch_rename_key_changes=boolean,
                              watch_set_value_changes=boolean,
                              watch_write_file_changes=boolean
                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "depth": "string",
    "description": "string",
    "exclude": "string",
    "exclude_processes": "string",
    "exclude_users": "string",
    "include": "string",
    "include_processes": "string",
    "include_users": "string",
    "path": "string",
    "precedence": 0,
    "rule_group_id": "string",
    "severity": "string",
    "content_files": "string",
    "content_registry_values": "string",
    "enable_content_capture": boolean,
    "enable_hash_capture": boolean,
    "watch_attributes_directory_changes": boolean,
    "watch_attributes_file_changes": boolean,
    "watch_create_directory_changes": boolean,
    "watch_create_file_changes": boolean,
    "watch_create_key_changes": boolean,
    "watch_delete_directory_changes": boolean,
    "watch_delete_file_changes": boolean,
    "watch_delete_key_changes": boolean,
    "watch_delete_value_changes": boolean,
    "watch_permissions_directory_changes": boolean,
    "watch_permissions_file_changes": boolean,
    "watch_rename_directory_changes": boolean,
    "watch_rename_file_changes": boolean,
    "watch_rename_key_changes": boolean,
    "watch_set_value_changes": boolean,
    "watch_write_file_changes": boolean
}

response = falcon.command("createRules", body=body_payload)

print(response)

deleteRules

Deletes 1 or more rules from the specified rule group.

PEP8 method name

delete_rules

Endpoint

Method Route
DELETE /filevantage/entities/rule-groups-rules/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
rule_group_id
Service Class Support

Uber Class Support
query string The id of the rule group from which the rules will be deleted.
ids
Service Class Support

Uber Class Support
query string or list of strings One or more (up to 500) rule IDs.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_rules(rule_group_id="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteRules(rule_group_id="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "rule_group_id": "string"
}

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteRules", parameters=PARAMS, ids=id_list)
print(response)

updateRules

Updates the provided rule configuration within the specified rule group.

PEP8 method name

update_rule

Endpoint

Method Route
PATCH /filevantage/entities/rule-groups-rules/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body list of dictionaries Full body payload in JSON format.
description
Service Class Support

Uber Class Support
body string The rule description (Max: 500 characters)
rule_group_id
Service Class Support

Uber Class Support
body string Group ID containing the group configuration.
path
Service Class Support

Uber Class Support
body string The file system or registry path to monitor. (Max: 250 characters)

All paths must end with the path separator,
e.g. \ (Windows) or / (Linux/MacOS)
severity
Service Class Support

Uber Class Support
body string To categorize change events produced by this rule. Allowed values:
  • Low
  • Medium
  • High
  • Critical
depth
Service Class Support

Uber Class Support
body string Recursion levels below the base path to monitor (1 - 5, or ANY).
precedence
Service Class Support

Uber Class Support
body integer The order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result in this rule being placed before the existing rule.
include
Service Class Support

Uber Class Support
body string The files, directories, registry keys, or registry values that will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported
exclude
Service Class Support

Uber Class Support
body string The files, directories, registry keys, or registry values that will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported
include_users
Service Class Support

Uber Class Support
body string The changes performed by these specific users will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
exclude_users
Service Class Support

Uber Class Support
body string The changes performed by these specific users will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
include_processes
Service Class Support

Uber Class Support
body string The changes performed by these specific processes will be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
exclude_processes
Service Class Support

Uber Class Support
body string The changes performed by these specific processes will not be monitored. Allowed rule group configuration is based on the type of rule the rule group is added to.

Falcon GLOB syntax is supported

MacOS is not supported at this time
content_files
Service Class Support

Uber Class Support
body string The files whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern.
content_registry_values
Service Class Support

Uber Class Support
body string The registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern.
enable_content_capture
Service Class Support

Uber Class Support
body boolean Enable content capturing.
enable_hash_capture
Service Class Support

Uber Class Support
body boolean Enable hash capturing.
watch_create_directory_changes
Service Class Support

Uber Class Support
body boolean File system directory monitoring.
watch_delete_directory_changes
Service Class Support

Uber Class Support
body boolean File system directory monitoring.
watch_rename_directory_changes
Service Class Support

Uber Class Support
body boolean File system directory monitoring.
watch_attributes_directory_changes
Service Class Support

Uber Class Support
body boolean File system directory monitoring.

MacOS is not supported at this time
watch_permissions_directory_changes
Service Class Support

Uber Class Support
body boolean File system directory monitoring.

MacOS is not supported at this time
watch_create_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.
watch_delete_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.
watch_write_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.
watch_rename_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.
watch_attributes_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.

MacOS is not supported at this time
watch_permissions_file_changes
Service Class Support

Uber Class Support
body boolean File system file monitoring.

MacOS is not supported at this time
watch_create_key_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.
watch_delete_key_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.
watch_set_value_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.
watch_delete_value_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.
watch_rename_key_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.
watch_create_file_changes
Service Class Support

Uber Class Support
body boolean Windows registry key and value monitoring.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.update_rule(depth="string",
                              description="string",
                              exclude="string",
                              exclude_processes="string",
                              exclude_users="string",
                              id="string",
                              include="string",
                              include_processes="string",
                              include_users="string",
                              path="string",
                              precedence=integer,
                              rule_group_id="string",
                              severity="string",
                              content_files="string",
                              content_registry_values="string",
                              enable_content_capture=boolean,
                              enable_hash_capture=boolean,
                              watch_attributes_directory_changes=boolean,
                              watch_attributes_file_changes=boolean,
                              watch_create_directory_changes=boolean,
                              watch_create_file_changes=boolean,
                              watch_create_key_changes=boolean,
                              watch_delete_directory_changes=boolean,
                              watch_delete_file_changes=boolean,
                              watch_delete_key_changes=boolean,
                              watch_delete_value_changes=boolean,
                              watch_permissions_directory_changes=boolean,
                              watch_permissions_file_changes=boolean,
                              watch_rename_directory_changes=boolean,
                              watch_rename_file_changes=boolean,
                              watch_rename_key_changes=boolean,
                              watch_set_value_changes=boolean,
                              watch_write_file_changes=boolean
                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.updateRules(depth="string",
                              description="string",
                              exclude="string",
                              exclude_processes="string",
                              exclude_users="string",
                              id="string",
                              include="string",
                              include_processes="string",
                              include_users="string",
                              path="string",
                              precedence=integer,
                              rule_group_id="string",
                              severity="string",
                              content_files="string",
                              content_registry_values="string",
                              enable_content_capture=boolean,
                              enable_hash_capture=boolean,
                              watch_attributes_directory_changes=boolean,
                              watch_attributes_file_changes=boolean,
                              watch_create_directory_changes=boolean,
                              watch_create_file_changes=boolean,
                              watch_create_key_changes=boolean,
                              watch_delete_directory_changes=boolean,
                              watch_delete_file_changes=boolean,
                              watch_delete_key_changes=boolean,
                              watch_delete_value_changes=boolean,
                              watch_permissions_directory_changes=boolean,
                              watch_permissions_file_changes=boolean,
                              watch_rename_directory_changes=boolean,
                              watch_rename_file_changes=boolean,
                              watch_rename_key_changes=boolean,
                              watch_set_value_changes=boolean,
                              watch_write_file_changes=boolean
                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "depth": "string",
    "description": "string",
    "exclude": "string",
    "exclude_processes": "string",
    "exclude_users": "string",
    "id": "string",
    "include": "string",
    "include_processes": "string",
    "include_users": "string",
    "path": "string",
    "precedence": 0,
    "rule_group_id": "string",
    "severity": "string",
    "content_files": "string",
    "content_registry_values": "string",
    "enable_content_capture": boolean,
    "enable_hash_capture": boolean,
    "watch_attributes_directory_changes": boolean,
    "watch_attributes_file_changes": boolean,
    "watch_create_directory_changes": boolean,
    "watch_create_file_changes": boolean,
    "watch_create_key_changes": boolean,
    "watch_delete_directory_changes": boolean,
    "watch_delete_file_changes": boolean,
    "watch_delete_key_changes": boolean,
    "watch_delete_value_changes": boolean,
    "watch_permissions_directory_changes": boolean,
    "watch_permissions_file_changes": boolean,
    "watch_rename_directory_changes": boolean,
    "watch_rename_file_changes": boolean,
    "watch_rename_key_changes": boolean,
    "watch_set_value_changes": boolean,
    "watch_write_file_changes": boolean
}

response = falcon.command("updateRules", body=body_payload)

print(response)

getRuleGroups

Retrieves the rule group details for 1 or more rule groups.

PEP8 method name

get_rule_groups

Endpoint

Method Route
GET /filevantage/entities/rule-groups/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings One or more (up to 500) rule group ids.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_rule_groups(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getRuleGroups(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getRuleGroups", ids=id_list)
print(response)

createRuleGroups

Creates a new rule group of the specified type.

PEP8 method name

create_rule_group

Endpoint

Method Route
POST /filevantage/entities/rule-groups/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body list of dictionaries Full body payload in JSON format.
description
Service Class Support

Uber Class Support
body string The policy description (Max: 500 characters)
name
Service Class Support

Uber Class Support
body string Name of the policy (Max: 100 characters)
type
Service Class Support

Uber Class Support
body string Rule group type. Must be one of:
  • WindowsFiles
  • WindowsRegistry
  • LinuxFiles
  • MacFiles

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.create_rule_group(description="string",
                                    name="string",
                                    type="string"
                                    )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.createRuleGroups(description="string",
                                   name="string",
                                   type="string"
                                   )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "name": "string",
    "type": "string"
}

response = falcon.command("createRuleGroups", body=body_payload)

print(response)

deleteRuleGroups

Deletes 1 or more rule groups

PEP8 method name

delete_rule_groups

Endpoint

Method Route
DELETE /filevantage/entities/rule-groups/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings One or more (up to 500) rule group ids.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_rule_groups(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteRuleGroups(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteRuleGroups", ids=id_list)

print(response)

updateRuleGroups

Updates the provided rule group.

PEP8 method name

update_rule_group

Endpoint

Method Route
PATCH /filevantage/entities/rule-groups/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body list of dictionaries Full body payload in JSON format.
description
Service Class Support

Uber Class Support
body string The policy description (Max: 500 characters)
name
Service Class Support

Uber Class Support
body string Name of the policy (Max: 100 characters)
id
Service Class Support

Uber Class Support
body string Rule group ID to update.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.update_rule_group(description="string",
                                    name="string",
                                    id="string"
                                    )

print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.updateRuleGroups(description="string",
                                   name="string",
                                   id="string"
                                   )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "description": "string",
    "name": "string",
    "id": "string"
}

response = falcon.command("updateRuleGroups", body=body_payload)
print(response)

signalChangesExternal

Initiates workflows for the provided change IDs.

PEP8 method name

signal_changes

Endpoint

Method Route
POST /filevantage/entities/workflow/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
ids
Service Class Support

Uber Class Support
body string or list of strings Change IDs to initiate the workflows, limited to 100 IDs per request.

Usage

Service class example (PEP8 syntax)
from falconpy import Hosts

# Do not hardcode API credentials!
falcon = Hosts(client_id=CLIENT_ID,
               client_secret=CLIENT_SECRET
               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.signal_changes(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import Hosts

# Do not hardcode API credentials!
falcon = Hosts(client_id=CLIENT_ID,
               client_secret=CLIENT_SECRET
               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.signalChangesExternal(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("signalChangesExternal", ids=id_list)

print(response)

queryActionsMixin0

Returns one or more action IDs.

PEP8 method name

query_actions

Endpoint

Method Route
GET /filevantage/queries/actions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
offset
Service Class Support

Uber Class Support
query integer The offset to start retrieving records from. Defaults to 0 if not specified.
limit
Service Class Support

Uber Class Support
query integer The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.
sort
Service Class Support

Uber Class Support
query string Sort results using options like: - created_date (timestamp of the change occurrence) Sort either asc (ascending) or desc (descending). For example: created_date|asc. The full list of allowed sorting options can be reviewed in our API documentation.
filter
Service Class Support

Uber Class Support
query string Filter changes using a query in Falcon Query Language (FQL). Common filter options include: - status - operation_type The full list of allowed filter parameters can be reviewed in our API documentation.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.query_actions(offset=integer,
                                limit=integer,
                                sort="string",
                                filter="string"
                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.queryActionsMixin0(offset=integer,
                                     limit=integer,
                                     sort="string",
                                     filter="string"
                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryActionsMixin0",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

queryChanges

Returns 1 or more change ids

PEP8 method name

query_changes

Endpoint

Method Route
GET /filevantage/queries/changes/v2

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
offset
Service Class Support

Uber Class Support
query integer The offset to start retrieving records from. Defaults to 0 if not specified.
limit
Service Class Support

Uber Class Support
query integer The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.
sort
Service Class Support

Uber Class Support
query string Sort results using options like: - action_timestamp (timestamp of the change occurrence) Sort either asc (ascending) or desc (descending). For example: action_timestamp|asc. The full list of allowed sorting options can be reviewed in our API documentation.
filter
Service Class Support

Uber Class Support
query string Filter changes using a query in Falcon Query Language (FQL). Common filter options include: - host.name - action_timestamp The full list of allowed filter parameters can be reviewed in our API documentation.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.query_changes(offset=integer,
                                limit=integer,
                                sort="string",
                                filter="string"
                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.queryChanges(offset=integer,
                               limit=integer,
                               sort="string",
                               filter="string"
                               )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryChanges",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

highVolumeQueryChanges

Returns 1 or more change ids

PEP8 method name

query_changes_scroll

Endpoint

Method Route
GET /filevantage/queries/changes/v3

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
after
Service Class Support

Uber Class Support
query string A pagination token used with the limit parameter to manage pagination of results. On your first request don't provide a value for the after token. On subsequent requests provide the after token value from the previous response to continue pagination from where you left. If the response returns an empty after token it means there are no more results to return.
limit
Service Class Support

Uber Class Support
query integer The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 5000.
sort
Service Class Support

Uber Class Support
query string Sort results using options like: - action_timestamp (timestamp of the change occurrence) Sort either asc (ascending) or desc (descending). For example: action_timestamp|asc. Defaults to action_timestamp|desc no value is specified. The full list of allowed sorting options can be reviewed in our API documentation.
filter
Service Class Support

Uber Class Support
query string Filter changes using a query in Falcon Query Language (FQL). Common filter options include: - host.name - action_timestamp The full list of allowed filter parameters can be reviewed in our API documentation.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.query_changes_scroll(after="string",
                                       limit=integer,
                                       sort="string",
                                       filter="string"
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.highVolumeQueryChanges(after="string",
                                         limit=integer,
                                         sort="string",
                                         filter="string"
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("highVolumeQueryChanges",
                          after="string",
                          limit=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

queryPolicies

Retrieve the ids of all policies that are assigned the provided policy type.

PEP8 method name

query_policies

Endpoint

Method Route
GET /filevantage/queries/policies/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
offset
Service Class Support

Uber Class Support
query integer The offset to start retrieving records from. Defaults to 0 if not specified.
limit
Service Class Support

Uber Class Support
query integer The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.
sort
Service Class Support

Uber Class Support
query string Sort the returned ids based on one of the following properties: precedence, created_timestamp or modified_timestamp Sort either asc (ascending) or desc (descending); for example: precedence|asc.
type
Service Class Support

Uber Class Support
query string The types of policies to retrieve. Allowed values are: Windows, Linux or Mac.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.query_policies(offset=integer,
                                 limit=integer,
                                 sort="string",
                                 type="string"
                                 )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.queryPolicies(offset=integer,
                                limit=integer,
                                sort="string",
                                type="string"
                                )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryPolicies",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          type="string"
                          )
print(response)

queryScheduledExclusions

Retrieve the ids of all scheduled exclusions contained within the provided policy id.

PEP8 method name

query_scheduled_exclusions

Endpoint

Method Route
GET /filevantage/queries/policy-scheduled-exclusions/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
policy_id
Service Class Support

Uber Class Support
query string The id of the policy from which to retrieve the scheduled exclusion ids.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.query_scheduled_exclusions(policy_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.queryScheduledExclusions(policy_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
response = falcon.command("queryScheduledExclusions", policy_id="string")

print(response)

queryRuleGroups

Retrieve the ids of all rule groups that are of the provided rule group type.

PEP8 method name

query_rule_groups

Endpoint

Method Route
GET /filevantage/queries/rule-groups/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
offset
Service Class Support

Uber Class Support
query integer The offset to start retrieving records from. Defaults to 0 if not specified.
limit
Service Class Support

Uber Class Support
query integer The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.
sort
Service Class Support

Uber Class Support
query string Sort the returned ids based on one of the following properties: created_timestamp or modified_timestamp Sort either asc (ascending) or desc (descending); for example: created_timestamp|asc.
type
Service Class Support

Uber Class Support
query string The rule group type to retrieve the ids of. Allowed values are: WindowsFiles, WindowsRegistry, LinuxFiles or MacFiles.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.query_rule_groups(offset=integer,
                                    limit=integer,
                                    sort="string",
                                    type="string"
                                    )
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage

# Do not hardcode API credentials!
falcon = FileVantage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.queryRuleGroups(offset=integer,
                                  limit=integer,
                                  sort="string",
                                  type="string"
                                  )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryRuleGroups",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          type="string"
                          )
print(response)

CrowdStrike Falcon

Clone this wiki locally