D4C Registration
This service collection has been superseded by the CSPMRegistration service collection and is now deprecated. Developers should move code over to use the new operations available within the updated collection.
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Returns information about the current status of an AWS account. | ||||
|
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. | ||||
|
Deletes an existing AWS account or organization in our system. | ||||
|
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. | ||||
|
Return information about Azure account registration | ||||
|
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. | ||||
|
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their Azure environment | ||||
|
Returns JSON object(s) that contain the base64 encoded certificate for a service principal. | ||||
|
Return all available Azure tenant IDs. | ||||
|
Returns static install scripts for Horizon. | ||||
|
Deletes a GCP account from the system. | ||||
|
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id | ||||
|
Returns the service account id and client email for external clients. | ||||
|
Updates an existing GCP service account. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment | ||||
|
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment | ||||
|
Returns information about the current status of an GCP account. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their GCP environment | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Returns information about the current status of an AWS account.
This operation has been superseded by the GetCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
get_aws_account
| Method | Route |
|---|---|
 |
/cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
 |
|
query | string or list of strings | AWS account ID(s). When empty, all accounts are returned. |
| organization_ids |
|
|
query | string or list of strings | AWS organization ID(s). |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| scan_type |
|
|
query | string | Type of scan to perform, dry or full. |
| status |
|
|
query | string | Account status to filter results by. |
| limit |
|
|
query | integer | The maximum number of records to return. Defaults to 100. |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| migrated |
|
|
query | boolean | Only return migrated accounts. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_account(scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated="string",
ids=id_list
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetD4CAwsAccount(scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated="string",
ids=id_list
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetD4CAwsAccount",
scan_type="string",
organization_ids=["string", "string"],
status="string",
limit=integer,
offset=integer,
migrated=boolean,
ids=id_list
)
print(response)Back to Table of Contents
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
This operation has been superseded by the CreateCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
create_aws_account
| Method | Route |
|---|---|
 |
/cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_id |
|
 |
body | string | AWS account ID. |
| account_type |
|
|
body | string | AWS account type. |
| body |
|
 |
body | dictionary | Full body payload in JSON format. |
| cloudtrail_region |
|
|
body | string | AWS region for CloudTrail access. |
| iam_role_arn |
|
|
body | string | AWS IAM Role ARN. |
| is_master |
|
|
body | boolean | Flag indicating if this is the master account. |
| organization_id |
|
|
body | string | AWS organization ID. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_aws_account(account_id="string",
account_type="string",
cloudtrail_region="string",
iam_role_arn="string",
is_master=boolean,
organization_id="string"
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateD4CAwsAccount(account_id="string",
account_type="string",
cloudtrail_region="string",
iam_role_arn="string",
is_master=boolean,
organization_id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"account_type": "string",
"cloudtrail_region": "string",
"iam_role_arn": "string",
"is_master": boolean,
"organization_id": "string"
}
]
}
response = falcon.command("CreateD4CAwsAccount", body=BODY)
print(response)Back to Table of Contents
Deletes an existing AWS account or organization in our system.
This operation has been superseded by the DeleteCSPMAwsAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
delete_aws_account
| Method | Route |
|---|---|
 |
/cloud-connect-aws/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | AWS account ID(s). |
| organization_ids |
|
|
query | string or list of strings | AWS organization ID(s). |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_account(organization_ids=["string", "string"], ids=id_list)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteD4CAwsAccount(organization_ids=["string", "string"], ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"organization-ids": [
"string",
"string"
]
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteD4CAwsAccount",
organization_ids=["string", "string"],
ids=id_list
)
print(response)Back to Table of Contents
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
This operation has been superseded by the GetCSPMAwsConsoleSetupURLs operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
get_aws_console_setup
| Method | Route |
|---|---|
|
/cloud-connect-aws/entities/console-setup-urls/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| region |
|
|
query | string | AWS region to generate URL for. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_aws_console_setup(region="string")
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetD4CAwsConsoleSetupURLs(region="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetD4CAwsConsoleSetupURLs", region="string")
print(response)Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
This operation has been superseded by the GetCSPMAwsAccountScriptsAttachment operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
get_aws_account_scripts
| Method | Route |
|---|---|
|
/cloud-connect-aws/entities/user-scripts-download/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| accounts |
|
|
query | string or list of strings | List of accounts to register. |
| aws_profile |
|
|
query | string | The AWS profile to be used during registration. |
| aws_region |
|
|
query | string | The AWS region to be used during registration. |
| behavior_assessment_enabled |
|
|
query | string | Enable behavior assessment. Allowed values: true or false
|
| dspm_enabled |
|
|
query | string | Enable DSPM. Allowed values: true or false
|
| dspm_host_account_id |
|
|
query | string | DSPM host account ID. |
| dspm_host_integration_role_name |
|
|
query | string | DSPM host integration role name. |
| dspm_host_scanner_role_name |
|
|
query | string | DSPM host scanner role name. |
| dspm_regions |
|
|
query | string or list of strings | DSPM regions. |
| dspm_role |
|
|
query | string | DSPM role. |
| falcon_client_id |
|
|
query | string | The Falcon client ID used during registration. |
| iam_role_arn |
|
|
query | string | The custom IAM role to be used during registration. |
| ids |
|
|
query | string or list of strings | The AWS account ID(s) to retrieve script attachments. |
| organization_id |
|
|
query | string or list of strings | The AWS organization ID to be registered. |
| organization_unit_ids |
|
|
query | string or list of strings | The AWS organization ID to be registered. |
| parameters |
|
|
query | dictionary | Full query string parameters payload as a dictionary. |
| sensor_management_enabled |
|
|
query | string | Enable sensor management. Allowed values: true or false
|
| tags |
|
|
query | string | Base64 encoded JSON string to be used as AWS tags. |
| template |
|
|
query | string | Template to be rendered. Allowed values: aws-bash or aws-terraform
|
| use_existing_cloudtrail |
|
|
query | string | Use the existing cloudtrail log. Allowed values: true or false
|
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list = "AC1,AC2,AC3" # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3" # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
org_role_id_list = "ROLE1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.
response = falcon.get_aws_account_scripts(accounts=account_list,
aws_profile="string",
aws_region="string",
behavior_assessment_enabled="string",
dspm_enabled="string",
dspm_host_account_id="string",
dspm_host_integration_role_name="string",
dspm_host_scanner_role_name="string",
dspm_regions=dspm_region_list,
dspm_role="string",
falcon_client_id="string",
iam_role_arn="string",
ids=id_list,
organization_id=org_id_list,
organization_role_ids=org_role_id_list,
sensor_management_enabled="string",
tags="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list = "AC1,AC2,AC3" # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3" # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
org_role_id_list = "ROLE1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.
response = falcon.GetD4CAWSAccountScriptsAttachment(accounts=account_list,
aws_profile="string",
aws_region="string",
behavior_assessment_enabled="string",
dspm_enabled="string",
dspm_host_account_id="string",
dspm_host_integration_role_name="string",
dspm_host_scanner_role_name="string",
dspm_regions=dspm_region_list,
dspm_role="string",
falcon_client_id="string",
iam_role_arn="string",
ids=id_list,
organization_id=org_id_list,
organization_unit_ids=org_role_id_list,
sensor_management_enabled="string",
tags="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
account_list = "AC1,AC2,AC3" # Can also pass a list here: ["AC1", "AC2", "AC3"]
id_list = "ID1,ID2,ID3" # Can also pass a list here: ["ID1", "ID2", "ID3"]
org_id_list = "ORG1" # Can also pass a list or comma delimited string here.
org_role_id_list = "ROLE1" # Can also pass a list or comma delimited string here.
dspm_region_list = "REGION1" # Can also pass a list or comma delimited string here.
response = falcon.command("GetD4CAWSAccountScriptsAttachment",
accounts=account_list,
aws_profile="string",
aws_region="string",
behavior_assessment_enabled="string",
dspm_enabled="string",
dspm_host_account_id="string",
dspm_host_integration_role_name="string",
dspm_host_scanner_role_name="string",
dspm_regions=dspm_region_list,
dspm_role="string",
falcon_client_id="string",
iam_role_arn="string",
ids=id_list,
organization_id=org_id_list,
organization_role_ids=org_role_id_list,
sensor_management_enabled="string",
tags="string",
template="string",
use_existing_cloudtrail="string"
)
print(response)Back to Table of Contents
Return information about Azure account registration
This operation has been superseded by the GetCSPMAzureAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
get_azure_account
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMAzureAccount
| Method | Route |
|---|---|
|
/cloud-connect-azure/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | Subscription ID(s). When empty, all accounts are returned. |
| tenant_ids |
|
|
query | string or list of strings | Tenant IDs to use to filter Azure accounts returned. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| scan_type |
|
|
query | string | Type of scan to perform, dry or full. |
| status |
|
|
query | string | Account status to filter results by. |
| limit |
|
|
query | integer | The maximum number of records to return. Defaults to 100. |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.get_azure_account(scan_type="string",
ids=id_list,
tenant_ids=tenants,
status="string",
limit=integer,
offset=integer
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.GetDiscoverCloudAzureAccount(scan_type="string",
ids=id_list,
tenant_ids=tenants,
status="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.command("GetDiscoverCloudAzureAccount",
scan_type="string",
ids=id_list,
tenant_ids=tenants,
status="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
This operation has been superseded by the CreateCSPMAzureAccount operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
create_azure_account
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
CreateCSPMAzureAccount
| Method | Route |
|---|---|
|
/cloud-connect-azure/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_type |
|
|
body | string | Azure account type. |
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| client_id |
|
|
body | string | Client ID. |
| default_subscription |
|
|
body | boolean | Flag indicating if this is the default Azure subscription. |
| subscription_id |
|
|
body | string | Azure Subscription ID. |
| tenant_id |
|
|
body | string | Azure tenant ID. |
| years_valid |
|
|
body | integer | Years valid. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_account(account_type="string",
client_id="string",
default_subscription=boolean,
subscription_id="string",
tenant_id="string",
years_valid=integer
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateDiscoverCloudAzureAccount(account_type="string",
client_id="string",
default_subscription=boolean,
subscription_id="string",
tenant_id="string",
years_valid=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_type": "string",
"client_id": "string",
"default_subscription": boolean,
"subscription_id": "string",
"tenant_id": "string",
"years_valid": integer
}
]
}
response = falcon.command("CreateDiscoverCloudAzureAccount", body=BODY)
print(response)Back to Table of Contents
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
This operation has been superseded by the UpdateCSPMAzureAccountClientID operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
update_azure_account_client_id
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
UpdateCSPMAzureAccountClientID
| Method | Route |
|---|---|
 |
/cloud-connect-azure/entities/client-id/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |
|
|
query | string | Client ID to use for the Service Principal associated with the registered Azure account. |
| object_id |
|
|
query | string | Object ID to use for the Service Principal associated with the registered Azure account. |
| tenant_id |
|
|
query | string | Tenant ID to update Client ID for. Required if multiple tenants are registered. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_account_client_id(id="string",
object_id="string",
tenant_id="string"
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateDiscoverCloudAzureAccountClientID(id="string",
object_id="string",
tenant_id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UpdateDiscoverCloudAzureAccountClientID",
id="string",
object_id="string",
tenant_id="string"
)
print(response)Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
This operation has been superseded by the GetCSPMAzureUserScriptsAttachment operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
get_azure_user_scripts_attachment
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMAzureUserScriptsAttachment
| Method | Route |
|---|---|
|
/cloud-connect-azure/entities/user-scripts-download/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| azure_management_group |
|
|
query | boolean | Use Azure Management Group. |
| subscription_ids |
|
|
query | string or list of strings | Azure Subscription IDs. |
| template |
|
|
query | string or list of strings | Template to be rendered. |
| tenant_id |
|
|
query | string | Azure Tenant IDs. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.get_azure_user_scripts_attachment(subscription_ids=subscriptions,
azure_management_group=boolean,
tenant_id=tenants,
template="string"
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.GetDiscoverCloudAzureUserScriptsAttachment(subscription_ids=subscriptions,
azure_management_group=boolean,
tenant_id=tenants,
template="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
subscriptions = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
tenants = 'TENANT1,TENANT2,TENANT3' # Can also pass a list here: ['TENANT1', 'TENANT2', 'TENANT3']
response = falcon.command("GetDiscoverCloudAzureUserScriptsAttachment",
subscription_ids=subscriptions,
azure_management_group=boolean,
tenant_id=tenants,
template="string"
)
print(response)Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their Azure environment
get_azure_user_scripts
This operation ID has recently been changed. The PEP8 method name remains unaffected by this update.
FalconPy supports deprecated IDs and method names via aliases. Developers should consider moving code to leverage the updated ID for this operation whenever possible.
- Legacy Operation ID:
GetCSPMAzureUserScripts
| Method | Route |
|---|---|
|
/cloud-connect-azure/entities/user-scripts/v1 |
- Consumes: application/json
- Produces: application/json
No keywords or arguments accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_azure_user_scripts()
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDiscoverCloudAzureUserScripts()
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDiscoverCloudAzureUserScripts")
print(response)Back to Table of Contents
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
This operation has been superseded by the AzureDownloadCertificate operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.
azure_download_certificate
| Method | Route |
|---|---|
|
/cloud-connect-azure/entities/download-certificate/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| refresh |
|
|
query | boolean | Force a refresh of the certificate. Defaults to False. |
| tenant_id |
|
|
query | string or list of strings | The Azure Client ID to generate script for. Defaults to the most recently registered tenant. |
| years_valid |
|
|
body | integer | Years the certificate should be valid. Only used when refresh is set to True. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.azure_download_certificate(refresh=boolean,
tenant_id="string",
years_valid=integer
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DiscoverCloudAzureDownloadCertificate(refresh=boolean,
tenant_id="string",
years_valid=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DiscoverCloudAzureDownloadCertificate",
refresh=boolean,
tenant_id="string",
years_valid=integer
)
print(response)Back to Table of Contents
Return available tenant ids for discover for cloud
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
get_azure_tenant_ids
| Method | Route |
|---|---|
|
/cloud-connect-azure/entities/tenant-id/v1 |
- Produces: application/json
No keywords or arguments accepted.
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_azure_tenant_ids()
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDiscoverCloudAzureTenantIDs()
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDiscoverCloudAzureTenantIDs")
print(response)Back to Table of Contents
Returns static install scripts for Horizon.
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
get_aws_horizon_scripts
| Method | Route |
|---|---|
|
/settings-discover/entities/gen/scripts/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_type |
|
|
query | string | Account type (commercial, gov). Only applicable when registering AWS commercial accounts in a GovCloud environment. |
| delete |
|
|
query | boolean | Generate a delete script. |
| organization_ids |
|
|
query | string or list of strings | AWS organization ID(s). |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format, not required when using other keywords. |
| single_account |
|
|
query | boolean | Generate a static script for a single account. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_aws_horizon_scripts(single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetHorizonD4CScripts(single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetHorizonD4CScripts",
single_account="string",
organization_id="string",
delete="string",
account_type="string"
)
print(response)Back to Table of Contents
Deletes a GCP account from the system.
delete_gcp_account
| Method | Route |
|---|---|
|
/cloud-connect-gcp/entities/account/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | Hierarchical Resource IDs of accounts to delete. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_gcp_account(ids=id_list)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteD4CGCPAccount(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteD4CGCPAccount", ids=id_list)
print(response)Back to Table of Contents
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id.
connect_gcp_account
| Method | Route |
|---|---|
|
/cloud-connect-gcp/entities/account/v2 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| client_email |
|
|
body | string | GCP client email. |
| client_id |
|
|
body | string | GCP client ID. |
| parent_id |
|
|
body | string | Parent ID. |
| parent_type |
|
|
body | string | Parent type. |
| private_key |
|
|
body | string | GCP private key. |
| private_key_id |
|
|
body | string | GCP private key ID. |
| project_id |
|
|
body | string | GCP project ID. |
| service_account_id |
|
|
body | integer | GCP service account ID. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.connect_gcp_account(client_email="string",
client_id="string",
parent_id="string",
parent_type="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_id=integer
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ConnectD4CGCPAccount(client_email="string",
client_id="string",
parent_id="string",
parent_type="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_id=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"client_email": "string",
"client_id": "string",
"parent_id": "string",
"parent_type": "string",
"private_key": "string",
"private_key_id": "string",
"project_id": "string",
"service_account_id": integer
}
]
}
response = falcon.command("ConnectD4CGCPAccount", body=body_payload)
print(response)Back to Table of Contents
Returns the service account id and client email for external clients.
get_gcp_service_account
| Method | Route |
|---|---|
|
/cloud-connect-gcp/entities/service-accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |
|
|
query | string | Service account ID to retrieve. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_service_account(id="string")
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetD4CGCPServiceAccountsExt(id="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetD4CGCPServiceAccountsExt", id="string")
print(response)Back to Table of Contents
Updates an existing GCP service account.
update_gcp_service_account
| Method | Route |
|---|---|
|
/cloud-connect-gcp/entities/service-accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| client_email |
|
|
body | string | Client email associated with the account. |
| client_id |
|
|
body | string | GCP Client ID. |
| private_key |
|
|
body | string | GCP private key. |
| private_key_id |
|
|
body | string | GCP private key ID. |
| project_id |
|
|
body | string | GCP project ID. |
| service_account_conditions |
|
|
body | list of dictionaries | GCP service account conditions. |
| service_account_id |
|
|
body | integer | GCP service account ID. |
from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions = [
{
"feature": "string",
"is_visible": boolean,
"last_transition": "string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
]
response = falcon.update_gcp_service_account(client_email="string",
client_id="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_conditions=conditions,
service_account_id=integer
)
print(response)from falconpy import CSPMRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions = [
{
"feature": "string",
"is_visible": boolean,
"last_transition": "string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
]
response = falcon.UpdateD4CGCPServiceAccountsExt(client_email="string",
client_id="string",
private_key="string",
private_key_id="string",
project_id="string",
service_account_conditions=conditions,
service_account_id=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"client_email": "string",
"client_id": "string",
"private_key": "string",
"private_key_id": "string",
"project_id": "string",
"service_account_conditions": [
{
"feature": "string",
"is_visible": boolean,
"last_transition": "string",
"message": "string",
"reason": "string",
"status": "string",
"type": "string"
}
],
"service_account_id": integer
}
]
}
response = falcon.command("UpdateD4CGCPServiceAccountsExt", body=body_payload)
print(response)Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
get_gcp_user_scripts_attachment
| Method | Route |
|---|---|
|
/cloud-connect-gcp/entities/user-scripts-download/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | Hierarchical Resource IDs of accounts. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| parent_type |
|
|
query | string | GCP Hierarchy Parent Type. Allowed values: organization, folder or project
|
| status |
|
|
query | string | Account status to filter results by. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_gcp_user_scripts_attachment(parent_type="string", ids=id_list, status="string")
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetD4CGCPUserScriptsAttachment(parent_type="string",
ids=id_list,
status="string"
)
print(response)from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetD4CGCPUserScriptsAttachment",
parent_type="string",
ids=id_list,
status="string"
)
print(response)Back to Table of Contents
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
create_gcp_account
| Method | Route |
|---|---|
|
/cloud-connect-gcp/entities/account/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | string | |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| body |
|
|
body | dictionary | Full body payload as a JSON formatted dictionary. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_gcp_account(body="string"
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateD4CGCPAccount(body="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CreateD4CGCPAccount",
body={
"body": "string"
}
)
print(response)Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
get_gcp_user_scripts_attachment
| Method | Route |
|---|---|
|
/cloud-connect-gcp/entities/user-scripts-download/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_user_scripts_attachment()
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCSPMGCPUserScriptsAttachment()
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCSPMGCPUserScriptsAttachment")
print(response)Back to Table of Contents
Returns information about the current status of an GCP account.
get_gcp_account
| Method | Route |
|---|---|
|
/cloud-connect-gcp/entities/account/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parent_type |
|
|
query | string | GCP Hierarchy Parent Type, organization/folder/project |
| ids |
|
|
query | list | Hierarchical Resource IDs of accounts |
| scan-type |
|
|
query | string | Type of scan, dry or full, to perform on selected accounts |
| status |
|
|
query | string | Account status to filter results by. |
| limit |
|
|
query | integer | The maximum records to return. Defaults to 100. |
| offset |
|
|
query | integer | The offset to start retrieving records from |
| sort |
|
|
query | string | Order fields in ascending or descending order. Ex: parent_type |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_account(parent_type="string",
ids=["string"],
scan-type="string",
status="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetD4CCGPAccount(parent_type="string",
ids=["string"],
scan-type="string",
status="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetD4CCGPAccount",
parent_type="string",
ids=["string"],
scan-type="string",
status="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)Back to Table of Contents
Return a script for customer to run in their cloud environment to grant us access to their GCP environment
get_gcp_user_scripts
| Method | Route |
|---|---|
|
/cloud-connect-gcp/entities/user-scripts/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parent_type |
|
|
query | string | GCP Hierarchy Parent Type, organization/folder/project |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_gcp_user_scripts(parent_type="string"
)
print(response)from falconpy import D4CRegistration
# Do not hardcode API credentials!
falcon = D4CRegistration(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetD4CGCPUserScripts(parent_type="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetD4CGCPUserScripts",
parent_type="string"
)
print(response)Back to Table of Contents
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Admission Control Policies
- Alerts
- API Integrations
- ASPM
- CAO Hunting
- Case Management
- Certificate Based Exclusions
- Cloud AWS Registration
- Cloud Azure Registration
- Cloud GCP Registration
- Cloud OCI Registration
- Cloud Policies
- Cloud Connect AWS (deprecated)
- Cloud Security Assets
- Cloud Security
- Cloud Security Compliance
- Cloud Security Detections
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Image Compliance
- Container Images
- Container Packages
- Container Vulnerabilities
- Content Update Policies
- Correlation Rules
- Correlation Rules Admin
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Data Protection Configuration
- DataScanner (deprecated)
- Delivery Settings
- Deployments
- Detects (deprecated)
- Device Content
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- FaaS Execution
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- Intelligence Feeds
- Intelligence Indicator Graph
- IOA Exclusions
- IOC
- IOCs (deprecated)
- IT Automation
- Kubernetes Container Compliance
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- NGSIEM
- OAuth2
- ODS (On Demand Scan)
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- SaaS Security
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Serverless Exports
- Serverless Vulnerabilities
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Spotlight Vulnerability Metadata
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
