-
Notifications
You must be signed in to change notification settings - Fork 0
Host Group
Operation ID | Description | ||||
---|---|---|---|---|---|
|
Search for members of a Host Group in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria | ||||
|
Search for Host Groups in your environment by providing a FQL filter and paging details. Returns a set of Host Groups which match the filter criteria | ||||
|
Perform the specified action on the Host Groups specified in the request | ||||
|
Retrieve a set of Host Groups by specifying their IDs | ||||
|
Create Host Groups by specifying details about the group to create | ||||
|
Delete a set of Host Groups by specifying their IDs | ||||
|
Update Host Groups by specifying the ID of the group and details to update | ||||
|
Search for members of a Host Group in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria | ||||
|
Search for Host Groups in your environment by providing a FQL filter and paging details. Returns a set of Host Group IDs which match the filter criteria |
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Search for members of a Host Group in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
query_combined_group_members
Method | Route |
---|---|
/devices/combined/host-group-members/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | FQL query expression that should be used to limit the results. |
limit |
|
|
query | integer | Maximum number of records to return. Max: 5000. |
offset |
|
|
query | string | Starting index of overall result set from which to return ids. |
id |
|
|
query | string | The ID of the Host Group to search for members of. |
sort |
|
|
query | string | The property to sort by. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_group_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedGroupMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedGroupMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Search for Host Groups in your environment by providing a FQL filter and paging details. Returns a set of Host Groups which match the filter criteria
query_combined_host_groups
Method | Route |
---|---|
/devices/combined/host-groups/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | FQL query expression that should be used to limit the results. |
limit |
|
|
query | integer | Maximum number of records to return. Max: 5000. |
offset |
|
|
query | string | Starting index of overall result set from which to return ids. |
sort |
|
|
query | string | The property to sort by. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_host_groups(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedHostGroups(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedHostGroups",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Perform the specified action on the Host Groups specified in the request
perform_group_action
Method | Route |
---|---|
/devices/entities/host-group-actions/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
action_name |
|
|
query | string | The action to be performed. Allowed values:add-hosts disable-hostname-check remove-hosts |
action_parameters |
|
|
body | list of dictionaries | Action specific parameters. Multiple action parameters may be specified. Example:
"name": "filter", "value": "(device_id:['ID1', 'ID2','ID3'])" }] |
body |
|
|
body | dictionary | Full body payload in JSON format. |
filter |
|
|
body action_parameters |
string | Filter to use to specify hosts to apply this action to. FQL formatted string. Overridden if action_parameters is specified. |
ids |
|
|
body | string or list of strings | The ID(s) of the Host Group to perform the action against. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.perform_group_action(action_name="string",
ids="ID_TO_UPDATE",
filter="string"
)
print(response)
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Can also be provided using the keyword `filter`
act_params = [{
"name": "filter",
"value": "string"
}]
response = falcon.performGroupAction(action_name="string",
ids="ID_TO_UPDATE",
action_parameters=act_params
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"action_name": "string" # Can also pass this using the action_name keyword
}
# Only one ID may be updated at a time
BODY = {
"action_parameters": [
{
"name": "filter",
"value": "string"
}
],
"ids": ["ID_TO_UPDATE"]
}
response = falcon.command("performGroupAction", parameters=PARAMS, body=BODY)
print(response)
Retrieve a set of Host Groups by specifying their IDs
get_host_groups
Method | Route |
---|---|
/devices/entities/host-groups/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | The ID(s) of the Host Groups to retrieve. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_host_groups(ids=id_list)
print(response)
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getHostGroups(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getHostGroups", ids=id_list)
print(response)
Create Host Groups by specifying details about the group to create
create_host_groups
Method | Route |
---|---|
/devices/entities/host-groups/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
assignment_rule |
|
|
body | string | Assignment rule to apply. |
body |
|
|
body | dictionary | Full body payload in JSON format. |
description |
|
|
body | string | Description for the host group. |
group_type |
|
|
body | string | Type of Host Group to create. Allowed Values: dynamic static staticByID |
name |
|
|
body | string | The name of the Host Group. |
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_host_groups(assignment_rule="string",
description="string",
group_type="string",
name="string"
)
print(response)
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.createHostGroups(assignment_rule="string",
description="string",
group_type="string",
name="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"assignment_rule": "string",
"description": "string",
"group_type": "static",
"name": "string"
}
]
}
response = falcon.command("createHostGroups", body=BODY)
print(response)
Delete a set of Host Groups by specifying their IDs
delete_host_groups
Method | Route |
---|---|
/devices/entities/host-groups/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | The ID(s) of the Host Groups to delete. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_host_groups(ids=id_list)
print(response)
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteHostGroups(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteHostGroups", ids=id_list)
print(response)
Update Host Groups by specifying the ID of the group and details to update
update_host_groups
Method | Route |
---|---|
/devices/entities/host-groups/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
assignment_rule |
|
|
body | string | Assignment rule to apply. |
body |
|
|
body | dictionary | Full body payload in JSON format. |
description |
|
|
body | string | Description for the host group. |
id |
|
|
body | string | The ID of the Host Group to update. |
name |
|
|
body | string | The name of the Host Group. |
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_host_groups(assignment_rule="string",
description="string",
id="string",
name="string"
)
print(response)
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.updateHostGroups(assignment_rule="string",
description="string",
id="string",
name="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"assignment_rule": "string",
"description": "string",
"id": "string",
"name": "string"
}
]
}
response = falcon.command("updateHostGroups", body=BODY)
print(response)
Search for members of a Host Group in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
query_group_members
Method | Route |
---|---|
/devices/queries/host-group-members/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | FQL query expression that should be used to limit the results. |
limit |
|
|
query | integer | Maximum number of records to return. Max: 5000. |
offset |
|
|
query | string | Starting index of overall result set from which to return ids. |
id |
|
|
query | string | The ID of the Host Group to search for members of. |
sort |
|
|
query | string | The property to sort by. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_group_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryGroupMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryGroupMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Search for Host Groups in your environment by providing a FQL filter and paging details. Returns a set of Host Group IDs which match the filter criteria
query_host_groups
Method | Route |
---|---|
/devices/queries/host-groups/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | FQL query expression that should be used to limit the results. |
limit |
|
|
query | integer | Maximum number of records to return. Max: 5000. |
offset |
|
|
query | string | Starting index of overall result set from which to return ids. |
sort |
|
|
query | string | The property to sort by. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_host_groups(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import HostGroup
# Do not hardcode API credentials!
falcon = HostGroup(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryHostGroups(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryHostGroups",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust