Sensor Visibility Exclusions

Using the Sensor Visibility Exclusions service collection

Table of Contents

Operation ID	Description
getSensorVisibilityExclusionsV1 PEP 8 get_exclusions	Get a set of Sensor Visibility Exclusions by specifying their IDs.
createSVExclusionsV1 PEP 8 create_exclusions	Create a sensor visibility exclusion.
deleteSensorVisibilityExclusionsV1 PEP 8 delete_exclusions	Delete the sensor visibility exclusions by ID.
updateSensorVisibilityExclusionsV1 PEP 8 update_exclusions	Update a sensor visibility exclusion.
querySensorVisibilityExclusionsV1 PEP 8 query_exclusions	Search for sensor visibility exclusions.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

getSensorVisibilityExclusionsV1

Get a set of Sensor Visibility Exclusions by specifying their IDs

PEP8 method name

get_exclusions

Endpoint

Method	Route
	/policy/entities/sv-exclusions/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	The IDs of the exclusions to retrieve.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_exclusions(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getSensorVisibilityExclusionsV1(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getSensorVisibilityExclusionsV1", ids=id_list)
print(response)

Back to Table of Contents

createSVExclusionsV1

Create the sensor visibility exclusions

PEP8 method name

create_exclusions

Endpoint

Method	Route
	/policy/entities/sv-exclusions/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
body			body	dictionary	Full body payload in JSON format.
comment			body	string	String comment describing why the exclusions was created.
groups			body	list of strings	Group ID(s) impacted by the exclusion.
value			body	string	Value to match for the exclusion.

Usage

Service class example (PEP8 syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )
group_list = ['ID1', 'ID2', 'ID3']

response = falcon.create_exclusions(comment="string",
                                    groups=group_list,
                                    value="string"
                                    )
print(response)

Service class example (Operation ID syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

group_list = ['ID1', 'ID2', 'ID3']

response = falcon.createSVExclusionsV1(comment="string",
                                       groups=group_list,
                                       value="string"
                                       )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

group_list = ['ID1', 'ID2', 'ID3']

BODY = {
    "comment": "string",
    "groups": [
        "string"
    ],
    "value": "string"
}

response = falcon.command("createSVExclusionsV1", body=BODY)
print(response)

Back to Table of Contents

deleteSensorVisibilityExclusionsV1

Delete the sensor visibility exclusions by id

PEP8 method name

delete_exclusions

Endpoint

Method	Route
	/policy/entities/sv-exclusions/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
comment			query	string	Explains why this exclusion was deleted.
ids			query	string or list of strings	The IDs of the exclusions to retrieve.
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_exclusions(comment="string", ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteSensorVisibilityExclusionsV1(comment="string", ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "comment": "string"
}

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteSensorVisibilityExclusionsV1", parameters=PARAMS, ids=id_list)
print(response)

Back to Table of Contents

updateSensorVisibilityExclusionsV1

Update the sensor visibility exclusions

PEP8 method name

update_exclusions

Endpoint

Method	Route
	/policy/entities/sv-exclusions/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
body			body	dictionary	Full body payload in JSON format.
comment			body	string	String comment describing why the exclusions was created.
groups			body	list of strings	Group ID(s) impacted by the exclusion.
id			body	string	The ID of the exclusion to update.
is_descendent_process			body	boolean	Flag to determine if an exclusion should apply to all descendant processes.
value			body	string	Value to match for the exclusion.

Usage

Service class example (PEP8 syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

group_list = ['ID1', 'ID2', 'ID3']

response = falcon.update_exclusions(comment="string",
                                    groups=group_list,
                                    value="string",
                                    id="string",
                                    is_descendent_process=boolean
                                    )
print(response)

Service class example (Operation ID syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

group_list = ['ID1', 'ID2', 'ID3']

response = falcon.updateSensorVisibilityExclusionsV1(comment="string",
                                                     groups=group_list,
                                                     value="string",
                                                     id="string",
                                                     is_descendent_process=boolean
                                                     )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

group_list = ['ID1', 'ID2', 'ID3']

BODY = {
    "comment": "string",
    "groups": group_list,
    "id": "string",
    "is_descendent_process": boolean
    "value": "string"
}

response = falcon.command("updateSensorVisibilityExclusionsV1", body=BODY)
print(response)

Back to Table of Contents

querySensorVisibilityExclusionsV1

Search for sensor visibility exclusions.

PEP8 method name

query_exclusions

Endpoint

Method	Route
	/policy/queries/sv-exclusions/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	The filter expression that should be used to limit the results. FQL syntax. Available filters: applied_globally created_by created_on last_modified modified_by value
limit			query	integer	The maximum number of records to return. [1-500]
offset			query	integer	The offset to start retrieving records from.
parameters			query	dictionary	Full query string parameters payload in JSON format.
sort			query	string	The property to sort by. FQL syntax. (e.g. last_behavior|asc) Available sort fields: applied_globally created_by created_on last_modified modified_by value

Usage

Service class example (PEP8 syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.query_exclusions(filter="string",
                                   offset=integer,
                                   limit=integer,
                                   sort="string"
                                   )
print(response)

Service class example (Operation ID syntax)

from falconpy import SensorVisibilityExclusions

# Do not hardcode API credentials!
falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.querySensorVisibilityExclusionsV1(filter="string",
                                                    offset=integer,
                                                    limit=integer,
                                                    sort="string"
                                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("querySensorVisibilityExclusionsV1",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )

print(response)

Back to Table of Contents