Cloud Security Detections
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Return IOMs grouped by rule. | ||||
|
Gets IOMs based on the provided IDs | ||||
|
Gets a list of IOM IDs for the given parameters, filters and sort criteria. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Return IOMs grouped by rule.
get_combined_iom_by_rule
| Method | Route |
|---|---|
 |
/cloud-security-evaluations/combined/ioms-by-rule/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  |
|
query | string | FQL string to filter results in Falcon Query Language (FQL). Supported fields: account_id account_name applicable_profile attack_type benchmark_name benchmark_version business_impact cid cloud_group cloud_label cloud_label_id cloud_provider cloud_scope created_at environment extension_status first_detected framework last_detected policy_id policy_name region requirement resource_gcrn resource_id resource_parent resource_status resource_type resource_type_name rule_group rule_id rule_name rule_origin section service service_category severity status suppressed_by tactic_id tactic_name tag_key tag_value tags tags_string technique_id technique_name zone |
| limit | |
|
query | integer | The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used. |
| offset | |
|
query | integer | Offset returned assets. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| sort | |
|
query | string | The field to sort on. Sortable fields include: assessed_assets cloud_provider misconfigurations rule_id severity. Use |asc or |desc suffix to specify sort direction. |
from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_iom_by_rule(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.cspm_evaluations_combined_iom_by_rule(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("cspm_evaluations_combined_iom_by_rule",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Gets IOMs based on the provided IDs
get_iom_entities
| Method | Route |
|---|---|
|
/cloud-security-evaluations/entities/ioms/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | array (string) | List of IOMs to return (maximum 100 IDs allowed). Use POST method with same path if more entities are required. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_iom_entities(ids=id_list)
print(response)from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.cspm_evaluations_iom_entities(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("cspm_evaluations_iom_entities", ids=id_list)
print(response)Back to Table of Contents
Gets a list of IOM IDs for the given parameters, filters and sort criteria.
query_iom_entities
| Method | Route |
|---|---|
|
/cloud-security-evaluations/queries/ioms/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | |
|
query | string | token-based pagination. Use for paginating through an entire result set. Use only one of 'offset' and 'after' parameters for paginating |
| filter | |
|
query | string | FQL string to filter results in Falcon Query Language (FQL). Supported fields: account_id account_name applicable_profile attack_type benchmark_name benchmark_version business_impact cid cloud_group cloud_label cloud_label_id cloud_provider cloud_scope created_at environment extension_status first_detected framework last_detected policy_id policy_name policy_uuid region requirement requirement_name resource_gcrn resource_id resource_parent resource_status resource_type resource_type_name rule_group rule_id rule_name rule_origin rule_remediation section service service_category severity status suppressed_by suppression_reason tactic_id tactic_name tag_key tag_value tags tags_string technique_id technique_name |
| limit | |
|
query | integer | The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used. |
| offset | |
|
query | integer | Offset returned assets |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| sort | |
|
query | string | The field to sort on. Use |asc or |desc suffix to specify sort direction.Supported fields: account_id account_name applicable_profile attack_type benchmark_name benchmark_version business_impact cid cloud_group cloud_label cloud_label_id cloud_provider cloud_scope created_at environment extension_status first_detected framework last_detected policy_id policy_name policy_uuid region requirement requirement_name resource_gcrn resource_id resource_parent resource_status resource_type resource_type_name rule_group rule_id rule_name rule_origin rule_remediation section service service_category severity status suppressed_by suppression_reason tactic_id tactic_name tag_key tag_value tags tags_string technique_id technique_name |
from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_iom_entities(filter="string",
sort="string",
limit=integer,
offset=integer,
after="string"
)
print(response)from falconpy import CloudSecurityDetections
# Do not hardcode API credentials!
falcon = CloudSecurityDetections(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.cspm_evaluations_iom_queries(filter="string",
sort="string",
limit=integer,
offset=integer,
after="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("cspm_evaluations_iom_queries",
filter="string",
sort="string",
limit=integer,
offset=integer,
after="string"
)
print(response)Back to Table of Contents
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Admission Control Policies
- Alerts
- API Integrations
- ASPM
- CAO Hunting
- Case Management
- Certificate Based Exclusions
- Cloud AWS Registration
- Cloud Azure Registration
- Cloud GCP Registration
- Cloud OCI Registration
- Cloud Policies
- Cloud Connect AWS (deprecated)
- Cloud Security Assets
- Cloud Security
- Cloud Security Compliance
- Cloud Security Detections
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Image Compliance
- Container Images
- Container Packages
- Container Vulnerabilities
- Content Update Policies
- Correlation Rules
- Correlation Rules Admin
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Data Protection Configuration
- DataScanner (deprecated)
- Delivery Settings
- Deployments
- Detects (deprecated)
- Device Content
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- FaaS Execution
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- Intelligence Feeds
- Intelligence Indicator Graph
- IOA Exclusions
- IOC
- IOCs (deprecated)
- IT Automation
- Kubernetes Container Compliance
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- NGSIEM
- OAuth2
- ODS (On Demand Scan)
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- SaaS Security
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Serverless Exports
- Serverless Vulnerabilities
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Spotlight Vulnerability Metadata
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
