Skip to content

Incidents

Joshua Hiller edited this page Apr 11, 2021 · 22 revisions

CrowdStrike Falcon Twitter URL

Using the Incidents service collection

Uber class support Uber class support

Table of Contents

API Function Description
CrowdScore Query environment wide CrowdScore and return the entity data
GetBehaviors Get details on behaviors by providing behavior IDs
PerformIncidentAction Perform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description
GetIncidents Get details on incidents by providing incident IDs
QueryBehaviors Search for behaviors by providing an FQL filter, sorting, and paging details
QueryIncidents Search for incidents by providing an FQL filter, sorting, and paging details

CrowdScore

Query environment wide CrowdScore and return the entity data

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
filter query string Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.
offset query string Starting index of overall result set from which to return ids.
limit query integer The maximum records to return. [1-2500]
sort query string The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".

Usage

Service class example
from falconpy import incidents as FalconIncidents

falcon = FalconIncidents.Incidents(creds={
     'client_id': falcon_client_id,
     'client_secret': falcon_client_secret
})

PARAMS = {
    'filter': 'string',
    'offset': 'string',
    'limit': integer,
    'sort': 'string'
}

response = falcon.CrowdScore(parameters=PARAMS)
print(response)
Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

PARAMS = {
    'filter': 'string',
    'offset': 'string',
    'limit': integer,
    'sort': 'string'
}

response = falcon.command('CrowdScore', parameters=PARAMS)
print(response)
falcon.deauthenticate()

GetBehaviors

Get details on behaviors by providing behavior IDs

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
body body string

Usage

Service class example
from falconpy import incidents as FalconIncidents

falcon = FalconIncidents.Incidents(creds={
     'client_id': falcon_client_id,
     'client_secret': falcon_client_secret
})

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.GetBehaviors(body=BODY)
print(response)
Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.command('GetBehaviors', body=BODY)
print(response)
falcon.deauthenticate()

PerformIncidentAction

Perform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
body body string

Usage

Service class example
from falconpy import incidents as FalconIncidents

falcon = FalconIncidents.Incidents(creds={
     'client_id': falcon_client_id,
     'client_secret': falcon_client_secret
})

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.PerformIncidentAction(body=BODY)
print(response)
Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.command('PerformIncidentAction', body=BODY)
print(response)
falcon.deauthenticate()

GetIncidents

Get details on incidents by providing incident IDs

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
body body string

Usage

Service class example
from falconpy import incidents as FalconIncidents

falcon = FalconIncidents.Incidents(creds={
     'client_id': falcon_client_id,
     'client_secret': falcon_client_secret
})

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.GetIncidents(body=BODY)
print(response)
Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

BODY = {
    'Body Payload': 'See body description above'
}

response = falcon.command('GetIncidents', body=BODY)
print(response)
falcon.deauthenticate()

QueryBehaviors

Search for behaviors by providing an FQL filter, sorting, and paging details

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
filter query string Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.
offset query string Starting index of overall result set from which to return ids.
limit query integer The maximum records to return. [1-500]
sort query string The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".

Usage

Service class example
from falconpy import incidents as FalconIncidents

falcon = FalconIncidents.Incidents(creds={
     'client_id': falcon_client_id,
     'client_secret': falcon_client_secret
})

PARAMS = {
    'filter': 'string',
    'offset': 'string',
    'limit': integer,
    'sort': 'string'
}

response = falcon.QueryBehaviors(parameters=PARAMS)
print(response)
Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

PARAMS = {
    'filter': 'string',
    'offset': 'string',
    'limit': integer,
    'sort': 'string'
}

response = falcon.command('QueryBehaviors', parameters=PARAMS)
print(response)
falcon.deauthenticate()

QueryIncidents

Search for incidents by providing an FQL filter, sorting, and paging details

Content-Type

  • Consumes: application/json
  • Produces: application/json

Parameters

Required Name Type Datatype Description
sort query string The property to sort on, followed by a dot (.), followed by the sort direction, either "asc" or "desc".
filter query string Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see our FQL documentation in Falcon.
offset query string Starting index of overall result set from which to return ids.
limit query integer The maximum records to return. [1-500]

Usage

Service class example
from falconpy import incidents as FalconIncidents

falcon = FalconIncidents.Incidents(creds={
     'client_id': falcon_client_id,
     'client_secret': falcon_client_secret
})

PARAMS = {
    'sort': 'string',
    'filter': 'string',
    'offset': 'string',
    'limit': integer
}

response = falcon.QueryIncidents(parameters=PARAMS)
print(response)
Uber class example
from falconpy import api_complete as FalconSDK

falcon = FalconSDK.APIHarness(creds={
      'client_id': falcon_client_id,
      'client_secret': falcon_client_secret
   }
)

PARAMS = {
    'sort': 'string',
    'filter': 'string',
    'offset': 'string',
    'limit': integer
}

response = falcon.command('QueryIncidents', parameters=PARAMS)
print(response)
falcon.deauthenticate()

CrowdStrike Falcon

Clone this wiki locally