Event Streams
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Refresh an active event stream. Use the URL shown in a GET /sensors/entities/datafeed/v2 response. | ||||
|
Discover all event streams in your environment | ||||
Refresh an active event stream. Use the URL shown in a listAvailableStreamsOAuth2 response.
refresh_active_stream
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| action_name |
 |
|
query | string | The name of the action to perform. The only allowed value is refresh_active_stream_session. Defaults to this value if not present when using the Service Class. |
| app_id |
|
|
query | string | Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9). Will also accept the keyword appId to specify this value. |
| partition |
|
 |
path | integer | Partition to request data for. If you are using the Service Class, this will default to 0 when not specified. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import EventStreams
falcon = EventStreams(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARTITION = 0 #Refresh the partition we are working with
response = falcon.refresh_active_stream(action_name="string",
app_id="string",
partition=PARTITION
)
print(response)from falconpy import EventStreams
falcon = EventStreams(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARTITION = 0 #Refresh the partition we are working with
response = falcon.refreshActiveStreamSession(action_name="string",
app_id="string",
partition=PARTITION
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARTITION = 0 #Refresh the partition we are working with
response = falcon.command("refreshActiveStreamSession",
app_id="string",
partition=PARTITION,
action_name="string"
)
print(response)Discover all event streams in your environment
list_available_streams
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| app_id |
|
|
query | string | Label that identifies your connection. Max: 32 alphanumeric characters (a-z, A-Z, 0-9). Will also accept the keyword appId to specify this value. |
| format |
|
|
query | string | Format for streaming events. Valid values: json, flatjson
|
| parameters |
|
 |
query | string | Full query string parameters payload in JSON format. |
from falconpy import EventStreams
falcon = EventStreams(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.list_available_streams(app_id="string", format="string")
print(response)from falconpy import EventStreams
falcon = EventStreams(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.listAvailableStreamsOAuth2(app_id="string", format="string")
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("listAvailableStreamsOAuth2", app_id="string", format="string")
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
