Skip to content

Sensor Update Policy

Joshua Hiller edited this page Dec 10, 2024 · 24 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Using the Sensor Update Policy service collection

Uber class support Service class support Documentation Version Page Updated Samples Available

This service collection has code examples posted to the repository.

Table of Contents

Operation ID Description
revealUninstallToken
PEP 8 reveal_uninstall_token
Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id'
queryCombinedSensorUpdateBuilds
PEP 8 query_combined_builds
Retrieve available builds for use with Sensor Update Policies
queryCombinedSensorUpdateKernels
PEP 8 query_combined_kernels
Retrieve kernel compatibility info for Sensor Update Builds
queryCombinedSensorUpdatePolicyMembers
PEP 8 query_combined_policy_members
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
queryCombinedSensorUpdatePolicies
PEP 8 query_combined_policies
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
queryCombinedSensorUpdatePoliciesV2
PEP 8 query_combined_policies_v2
Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
performSensorUpdatePoliciesAction
PEP 8 perform_policies_action
Perform the specified action on the Sensor Update Policies specified in the request
setSensorUpdatePoliciesPrecedence
PEP 8 set_policies_precedence
Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
getSensorUpdatePolicies
PEP 8 get_policies
Retrieve a set of Sensor Update Policies by specifying their IDs
createSensorUpdatePolicies
PEP 8 create_policies
Create Sensor Update Policies by specifying details about the policy to create
deleteSensorUpdatePolicies
PEP 8 delete_policies
Delete a set of Sensor Update Policies by specifying their IDs
updateSensorUpdatePolicies
PEP 8 update_policies
Update Sensor Update Policies by specifying the ID of the policy and details to update
getSensorUpdatePoliciesV2
PEP 8 get_policies_v2
Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs
createSensorUpdatePoliciesV2
PEP 8 create_policies_v2
Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection
updateSensorUpdatePoliciesV2
PEP 8 update_policies_v2
Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection
querySensorUpdateKernelsDistinct
PEP 8 query_kernels
Retrieve kernel compatibility info for Sensor Update Builds
querySensorUpdatePolicyMembers
PEP 8 query_policy_members
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
querySensorUpdatePolicies
PEP 8 query_policies
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

revealUninstallToken

Reveals an uninstall token for a specific device or the bulk maintenace token.

To retrieve the bulk maintenance token pass the value MAINTENANCE as the value for device_id.

PEP8 method name

reveal_uninstall_token

Endpoint

Method Route
POST /policy/combined/reveal-uninstall-token/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
audit_message
Service Class Support

Uber Class Support
body string Message to list in the audit log for this action.
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
device_id
Service Class Support

Uber Class Support
body string Device ID to retrieve the uninstall token for.

Pass the value MAINTENANCE here to retrieve the bulk maintenance token.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.reveal_uninstall_token(audit_message="string",
                                         device_id="string"
                                         )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.revealUninstallToken(audit_message="string",
                                       device_id="string"
                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "audit_message": "string",
    "device_id": "string"
}

response = falcon.command("revealUninstallToken", body=BODY)
print(response)

queryCombinedSensorUpdateBuilds

Retrieve available builds for use with Sensor Update Policies

PEP8 method name

query_combined_builds

Endpoint

Method Route
GET /policy/combined/sensor-update-builds/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
platform
Service Class Support

Uber Class Support
query string The platform to return builds for.

Allowed values:
  • linux
  • mac
  • windows
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
stage
Service Class Support

Uber Class Support
query string or list of strings The stages to return builds for.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

stages = 'STAGE1,STAGE2,STAGE3'  # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']

response = falcon.query_combined_builds(platform="string", stage=stages)

print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

stages = 'STAGE1,STAGE2,STAGE3'  # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']

response = falcon.queryCombinedSensorUpdateBuilds(platform="string", stage=stages)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

stages = 'STAGE1,STAGE2,STAGE3'  # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']

response = falcon.command("queryCombinedSensorUpdateBuilds", platform="string", stage=stages)

print(response)

queryCombinedSensorUpdateKernels

Retrieve kernel compatibility info for Sensor Update Builds

PEP8 method name

query_combined_kernels

Endpoint

Method Route
GET /policy/combined/sensor-update-kernels/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

No Uber Class Support
query string The filter expression that should be used to limit the results using FQL syntax.
limit
Service Class Support

No Uber Class Support
query integer The maximum number of records to return. [1-500]
offset
Service Class Support

No Uber Class Support
query integer The offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_combined_kernels(filter="string",
                                         offset=integer,
                                         limit=integer,
                                         )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.queryCombinedSensorUpdateKernels(filter="string",
                                                   offset=integer,
                                                   limit=integer,
                                                   )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedSensorUpdateKernels",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          )
print(response)

queryCombinedSensorUpdatePolicyMembers

Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria

PEP8 method name

query_combined_policy_members

Endpoint

Method Route
GET /policy/combined/sensor-update-members/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
id
Service Class Support

No Uber Class Support
query string The ID of the Sensor Update Policy to search for members of.
filter
Service Class Support

No Uber Class Support
query string The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail.
limit
Service Class Support

No Uber Class Support
query integer The maximum number of records to return. [1-5000]
offset
Service Class Support

No Uber Class Support
query integer The offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
sort
Service Class Support

No Uber Class Support
query string The property to sort by in FQL syntax. Supports asc or desc.

Available sort options:
  • created_by
  • created_timestamp
  • enabled
  • modified_by
  • modified_timestamp
  • name
  • platform_name
  • precedence
Available filters

The following fields can be used to filter results retrieved from the API.

Name Description
created_by The username, email, or API client ID of the person who created the policy, as identified in the policy object.

When specifying an email address, use a letter p as an operator so that the @ sign is accepted.

You can also search by using the email username or the domain as the value.

For example, to filter on policies created by the email address [email protected]:
filter=created_by:p'[email protected]' (correct)
filter=created_by:'diana.hudson' (correct)
filter=created_by:'email.com' (correct)

filter=created_by:'diana' (incorrect)

Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b:
filter=created_by:'7a12....721b' (correct)

filter=created_by:'api-client-id:7a12....721b' (incorrect)
filter=created_by:'api-client-id' (incorrect)
created_timestamp The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ)

The timezone is always UTC as denoted by the suffix "Z".

filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
description Search for a term found in the policy description. The value must be entered in lowercase.

filter=description:'policy'
enabled Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.

filter=enabled:'true'
groups Enter a host group ID to find the policy it's been assigned to.

filter=groups:'1ef3....b0fe'
modified_by The username, email, or API client ID of the person who modified the policy, as identified in the policy object.

Values for this field follow the same rules as the created_by filter.
modified_timestamp The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ)

The timezone is always UTC as denoted by the suffix "Z".

Values for this field follow the same rules as the created_timestamp filter.
name Performs a free text search on single words found in a policy name.

Values must be entered as lowercase and enclosed in single quotes.

You can provide multiple name values separated by an &.

filter=name:'test'
name.raw Filters on exact matches to the full policy name.

Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters.

filter=name.raw:'Test sensor update Policy'
platform_name The name of the operating system listed in the policy.

One of:
  • Windows
  • Mac
  • Linux
filter=platform_name:'Windows'

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_combined_policy_members(id="string",
                                                filter="string",
                                                offset=integer,
                                                limit=integer,
                                                sort="string"
                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.queryCombinedSensorUpdatePolicyMembers(id="string",
                                                         filter="string",
                                                         offset=integer,
                                                         limit=integer,
                                                         sort="string"
                                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedSensorUpdatePolicyMembers",
                          id="string",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

queryCombinedSensorUpdatePolicies

Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria

PEP8 method name

query_combined_policies

Endpoint

Method Route
GET /policy/combined/sensor-update/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

No Uber Class Support
query string The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail.
limit
Service Class Support

No Uber Class Support
query integer The maximum number of records to return. [1-5000]
offset
Service Class Support

No Uber Class Support
query integer The offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
sort
Service Class Support

No Uber Class Support
query string The property to sort by in FQL syntax. Supports asc or desc.

Available sort options:
  • created_by
  • created_timestamp
  • enabled
  • modified_by
  • modified_timestamp
  • name
  • platform_name
  • precedence
Available filters

The following fields can be used to filter results retrieved from the API.

Name Description
created_by The username, email, or API client ID of the person who created the policy, as identified in the policy object.

When specifying an email address, use a letter p as an operator so that the @ sign is accepted.

You can also search by using the email username or the domain as the value.

For example, to filter on policies created by the email address [email protected]:
filter=created_by:p'[email protected]' (correct)
filter=created_by:'diana.hudson' (correct)
filter=created_by:'email.com' (correct)

filter=created_by:'diana' (incorrect)

Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b:
filter=created_by:'7a12....721b' (correct)

filter=created_by:'api-client-id:7a12....721b' (incorrect)
filter=created_by:'api-client-id' (incorrect)
created_timestamp The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ)

The timezone is always UTC as denoted by the suffix "Z".

filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
description Search for a term found in the policy description. The value must be entered in lowercase.

filter=description:'policy'
enabled Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.

filter=enabled:'true'
groups Enter a host group ID to find the policy it's been assigned to.

filter=groups:'1ef3....b0fe'
modified_by The username, email, or API client ID of the person who modified the policy, as identified in the policy object.

Values for this field follow the same rules as the created_by filter.
modified_timestamp The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ)

The timezone is always UTC as denoted by the suffix "Z".

Values for this field follow the same rules as the created_timestamp filter.
name Performs a free text search on single words found in a policy name.

Values must be entered as lowercase and enclosed in single quotes.

You can provide multiple name values separated by an &.

filter=name:'test'
name.raw Filters on exact matches to the full policy name.

Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters.

filter=name.raw:'Test sensor update Policy'
platform_name The name of the operating system listed in the policy.

One of:
  • Windows
  • Mac
  • Linux
filter=platform_name:'Windows'

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_combined_policies(filter="string",
                                          offset=integer,
                                          limit=integer,
                                          sort="string"
                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.queryCombinedSensorUpdatePolicies(filter="string",
                                                    offset=integer,
                                                    limit=integer,
                                                    sort="string"
                                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedSensorUpdatePolicies",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

queryCombinedSensorUpdatePoliciesV2

Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria

PEP8 method name

query_combined_policies_v2

Endpoint

Method Route
GET /policy/combined/sensor-update/v2

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

No Uber Class Support
query string The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail.
limit
Service Class Support

No Uber Class Support
query integer The maximum number of records to return. [1-5000]
offset
Service Class Support

No Uber Class Support
query integer The offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
sort
Service Class Support

No Uber Class Support
query string The property to sort by in FQL syntax. Supports asc or desc.

Available sort options:
  • created_by
  • created_timestamp
  • enabled
  • modified_by
  • modified_timestamp
  • name
  • platform_name
  • precedence
Available filters

The following fields can be used to filter results retrieved from the API.

Name Description
created_by The username, email, or API client ID of the person who created the policy, as identified in the policy object.

When specifying an email address, use a letter p as an operator so that the @ sign is accepted.

You can also search by using the email username or the domain as the value.

For example, to filter on policies created by the email address [email protected]:
filter=created_by:p'[email protected]' (correct)
filter=created_by:'diana.hudson' (correct)
filter=created_by:'email.com' (correct)

filter=created_by:'diana' (incorrect)

Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b:
filter=created_by:'7a12....721b' (correct)

filter=created_by:'api-client-id:7a12....721b' (incorrect)
filter=created_by:'api-client-id' (incorrect)
created_timestamp The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ)

The timezone is always UTC as denoted by the suffix "Z".

filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
description Search for a term found in the policy description. The value must be entered in lowercase.

filter=description:'policy'
enabled Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.

filter=enabled:'true'
groups Enter a host group ID to find the policy it's been assigned to.

filter=groups:'1ef3....b0fe'
modified_by The username, email, or API client ID of the person who modified the policy, as identified in the policy object.

Values for this field follow the same rules as the created_by filter.
modified_timestamp The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ)

The timezone is always UTC as denoted by the suffix "Z".

Values for this field follow the same rules as the created_timestamp filter.
name Performs a free text search on single words found in a policy name.

Values must be entered as lowercase and enclosed in single quotes.

You can provide multiple name values separated by an &.

filter=name:'test'
name.raw Filters on exact matches to the full policy name.

Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters.

filter=name.raw:'Test sensor update Policy'
platform_name The name of the operating system listed in the policy.

One of:
  • Windows
  • Mac
  • Linux
filter=platform_name:'Windows'

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_combined_policies_v2(filter="string",
                                             offset=integer,
                                             limit=integer,
                                             sort="string"
                                             )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.queryCombinedSensorUpdatePoliciesV2(filter="string",
                                                      offset=integer,
                                                      limit=integer,
                                                      sort="string"
                                                      )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedSensorUpdatePoliciesV2",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

performSensorUpdatePoliciesAction

Perform the specified action on the Sensor Update Policies specified in the request

PEP8 method name

perform_policies_action

Endpoint

Method Route
POST /policy/entities/sensor-update-actions/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
action_name
Service Class Support

Uber Class Support
query string Specify one of these actions:
  • add-host-group
  • add-rule-group
  • disable
  • enable
  • remove-host-group
  • remove-rule-group
action_parameters
Service Class Support

No Uber Class Support
body list of dictionaries Action specific parameter options.

{
    "name": "string",
    "value": "string"
}
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
group_id
Service Class Support

Uber Class Support
body
action_parameters
string Host Group ID to apply the policy to. String. Overridden if action_parameters is specified.
ids
Service Class Support

No Uber Class Support
body string or list of strings The ID of the Sensor Update Policy you want to impact. If you provide IDs to the method using this keyword, you do not have to provide a body payload. (Service class usage only)
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.perform_policies_action(action_name="string",
                                          group_id="HOST_GROUP_ID",
                                          ids="ID_TO_UPDATE"
                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

# Can also be provided as the keyword `group_id`
act_params = [{
    "name": "group_id",
    "value": "HOST_GROUP_ID"
}]

response = falcon.performSensorUpdatePoliciesAction(action_name="string",
                                                    action_parameters=act_params,
                                                    ids="ID_TO_UPDATE"
                                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

# Only one ID may be updated at a time
BODY = {
    "action_parameters": [
        {
            "name": "group_id",
            "value": "HOST_GROUP_ID"
        }
    ],
    "ids": ["ID_TO_UPDATE"]
}

response = falcon.command("performSensorUpdatePoliciesAction", action_name="string", body=BODY)
print(response)

# Can also use the following syntax
response = falcon.command("performSensorUpdatePoliciesAction",
                          action_name="string",
                          parameters=PARAMS,
                          body=BODY
                          )
print(response)

setSensorUpdatePoliciesPrecedence

Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence

PEP8 method name

set_policies_precedence

Endpoint

Method Route
POST /policy/entities/sensor-update-precedence/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
ids
Service Class Support

No Uber Class Support
body string or list of strings The ID of the Sensor Update Policy you want to impact. If you provide IDs to the method using this keyword, you do not have to provide a body payload. (Service class usage only)
platform_name
Service Class Support

Uber Class Support
body string Operating System platform name.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.set_policies_precedence(ids=id_list, platform_name="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.setSensorUpdatePoliciesPrecedence(ids=id_list, platform_name="string")
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = ['ID1', 'ID2', 'ID3']

BODY = {
    "ids": id_list,
    "platform_name": "Windows"
}

response = falcon.command("setSensorUpdatePoliciesPrecedence", body=BODY)
print(response)

getSensorUpdatePolicies

Retrieve a set of Sensor Update Policies by specifying their IDs

PEP8 method name

get_policies

Endpoint

Method Route
GET /policy/entities/sensor-update/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings The IDs of the Sensor Update Policy to retrieve.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getSensorUpdatePolicies(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getSensorUpdatePolicies", ids=id_list)
print(response)

createSensorUpdatePolicies

Create Sensor Update Policies by specifying details about the policy to create

PEP8 method name

create_policies

Endpoint

Method Route
POST /policy/entities/sensor-update/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
build
Service Class Support

Uber Class Support
body string Build this Sensor update policy applies to.
description
Service Class Support

Uber Class Support
body string Sensor update policy description.
name
Service Class Support

Uber Class Support
body string Name of the Sensor Update policy.
platform_name
Service Class Support

Uber Class Support
body string Name of the OS platform the Sensor Update policy applies to.
settings
Service Class Support

Uber Class Support
body dictionary Sensor Update policy specific settings.

Overrides the value of build if present.

{
    "build": "string"
}

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.create_policies(build="string",
                                  description="string",
                                  name="string",
                                  platform_name="string"
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.createSensorUpdatePolicies(build="string",
                                             description="string",
                                             name="string",
                                             platform_name="string"
                                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "description": "string",
            "name": "string",
            "platform_name": "string",
            "settings": {
                    "build": "string"
            }
        }
    ]
}

response = falcon.command("createSensorUpdatePolicies", body=BODY)
print(response)

deleteSensorUpdatePolicies

Delete a set of Sensor Update Policies by specifying their IDs

PEP8 method name

delete_policies

Endpoint

Method Route
DELETE /policy/entities/sensor-update/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings The IDs of the Sensor Update policies to delete.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_policies(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteSensorUpdatePolicies(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteSensorUpdatePolicies", ids=id_list)
print(response)

updateSensorUpdatePolicies

Update Sensor Update Policies by specifying the ID of the policy and details to update

PEP8 method name

update_policies

Endpoint

Method Route
PATCH /policy/entities/sensor-update/v1

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
build
Service Class Support

Uber Class Support
body string Build this Sensor update policy applies to.
description
Service Class Support

Uber Class Support
body string Sensor update policy description.
id
Service Class Support

Uber Class Support
body string ID the Sensor Update policy to update.
name
Service Class Support

Uber Class Support
body string Name of the Sensor Update policy.
settings
Service Class Support

Uber Class Support
body dictionary Sensor Update policy specific settings.

Overrides the value of build if present.

{
    "build": "string"
}

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.update_policies(build="string",
                                  description="string",
                                  name="string",
                                  id="string"
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

BODY = {
    "Body Payload": "See body description above"
}

response = falcon.updateSensorUpdatePolicies(build="string",
                                             description="string",
                                             name="string",
                                             id="string"
                                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "description": "string",
            "id": "string",
            "name": "string",
            "settings": {
                    "build": "string"
            }
        }
    ]
}

response = falcon.command("updateSensorUpdatePolicies", body=BODY)
print(response)

getSensorUpdatePoliciesV2

Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs

PEP8 method name

get_policies_v2

Endpoint

Method Route
GET /policy/entities/sensor-update/v2

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings The IDs of the Sensor Update policies to retrieve.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policies_v2(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getSensorUpdatePoliciesV2(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getSensorUpdatePoliciesV2", ids=id_list)
print(response)

createSensorUpdatePoliciesV2

Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection

PEP8 method name

create_policies_v2

Endpoint

Method Route
POST /policy/entities/sensor-update/v2

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
build
Service Class Support

Uber Class Support
body string Build this Sensor update policy applies to. Ignored if settings is provided.
description
Service Class Support

Uber Class Support
body string Sensor update policy description.
name
Service Class Support

Uber Class Support
body string Name of the Sensor Update policy.
platform_name
Service Class Support

Uber Class Support
body string Name of the OS platform the Sensor Update policy applies to.
scheduler
Service Class Support

Uber Class Support
body dictionary Dictionary containing details for the schedule. Ignored if settings is provided.
settings
Service Class Support

Uber Class Support
body dictionary Sensor Update policy specific settings.

Overrides the value of build, scheduler, show_early_adopter_builds, uninstall_protection, and variants if present.
show_early_adopter_builds
Service Class Support

Uber Class Support
body boolean Flag indicating if early adopter builds should be shown as part of this policy. Ignored if settings is provided.
uninstall_protection
Service Class Support

Uber Class Support
body string Boolean indicating if uninstall protection should be enabled. Ignored if settings is provided.

Allowed values:
  • ENABLED
  • DISABLED
variants
Service Class Support

Uber Class Support
body list of dictionaries List of dictionaries containing details for variants to include in the policy. Ignored if settings is provided.

[{
    "build": "string",
    "platform": "string"
}]

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

schedule = {
    "enabled": boolean,
    "schedules": [
        {
            "days": [
                integer
            ],
            "end": "string",
            "start": "string"
        }
    ],
    "timezone": "string"
}

settings = {
    "build": "string",
    "scheduler": {
        "enabled": boolean,
        "schedules": [
            {
                "days": [
                    integer
                ],
                "end": "string",
                "start": "string"
            }
        ],
        "timezone": "string"
    },
    "show_early_adopter_builds": boolean,
    "uninstall_protection": "ENABLED",
    "variants": [
        {
            "build": "string",
            "platform": "string"
        }
    ]
}

variants = [
    {
        "build": "string",
        "platform": "string"
    }
]

response = falcon.create_policies_v2(build="string",
                                     description="string",
                                     name="string",
                                     platform_name="string",
                                     scheduler=schedule
                                     settings=settings,
                                     show_early_adopter_builds=boolean,
                                     uninstall_protection="ENABLED",
                                     variants=variants
                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

schedule = {
    "enabled": boolean,
    "schedules": [
        {
            "days": [
                integer
            ],
            "end": "string",
            "start": "string"
        }
    ],
    "timezone": "string"
}

settings = {
    "build": "string",
    "scheduler": {
        "enabled": boolean,
        "schedules": [
            {
                "days": [
                    integer
                ],
                "end": "string",
                "start": "string"
            }
        ],
        "timezone": "string"
    },
    "show_early_adopter_builds": boolean,
    "uninstall_protection": "ENABLED",
    "variants": [
        {
            "build": "string",
            "platform": "string"
        }
    ]
}

variants = [
    {
        "build": "string",
        "platform": "string"
    }
]

response = falcon.createSensorUpdatePoliciesV2(build="string",
                                               description="string",
                                               name="string",
                                               platform_name="string",
                                               scheduler=schedule,
                                               settings=settings,
                                               show_early_adopter_builds=boolean,
                                               uninstall_protection="ENABLED",
                                               variants=variants
                                               )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
  "resources": [
    {
      "description": "string",
      "name": "string",
      "platform_name": "string",
      "settings": {
        "build": "string",
        "scheduler": {
          "enabled": boolean,
          "schedules": [
            {
              "days": [
                integer
              ],
              "end": "string",
              "start": "string"
            }
          ],
          "timezone": "string"
        },
        "show_early_adopter_builds": boolean,
        "uninstall_protection": "ENABLED",
        "variants": [
          {
            "build": "string",
            "platform": "string"
          }
        ]
      }
    }
  ]
}

response = falcon.command("createSensorUpdatePoliciesV2", body=BODY)
print(response)

updateSensorUpdatePoliciesV2

Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection

PEP8 method name

update_policies_v2

Endpoint

Method Route
PATCH /policy/entities/sensor-update/v2

Required Scope

sensor-update-policies:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
build
Service Class Support

Uber Class Support
body string Build this Sensor update policy applies to. Ignored if settings is provided.
description
Service Class Support

Uber Class Support
body string Sensor update policy description.
id
Service Class Support

Uber Class Support
body string ID of the Sensor Update policy to update.
name
Service Class Support

Uber Class Support
body string Name of the Sensor Update policy.
scheduler
Service Class Support

Uber Class Support
body dictionary Dictionary containing details for the schedule. Ignored if settings is provided.
settings
Service Class Support

Uber Class Support
body dictionary Sensor Update policy specific settings.

Overrides the value of build, scheduler, show_early_adopter_builds, uninstall_protection, and variants if present.
show_early_adopter_builds
Service Class Support

Uber Class Support
body boolean Flag indicating if early adopter builds should be shown as part of this policy. Ignored if settings is provided.
uninstall_protection
Service Class Support

Uber Class Support
body string Boolean indicating if uninstall protection should be enabled. Ignored if settings is provided.

Allowed values:
  • ENABLED
  • DISABLED
variants
Service Class Support

Uber Class Support
body list of dictionaries List of dictionaries containing details for variants to include in the policy. Ignored if settings is provided.

[{
    "build": "string",
    "platform": "string"
}]

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

schedule = {
    "enabled": boolean,
    "schedules": [
        {
            "days": [
                integer
            ],
            "end": "string",
            "start": "string"
        }
    ],
    "timezone": "string"
}

settings = {
    "build": "string",
    "scheduler": {
        "enabled": boolean,
        "schedules": [
            {
                "days": [
                    integer
                ],
                "end": "string",
                "start": "string"
            }
        ],
        "timezone": "string"
    },
    "show_early_adopter_builds": boolean,
    "uninstall_protection": "ENABLED",
    "variants": [
        {
            "build": "string",
            "platform": "string"
        }
    ]
}

variants = [
    {
        "build": "string",
        "platform": "string"
    }
]

response = falcon.update_policies_v2(build="string",
                                     description="string",
                                     name="string",
                                     platform_name="string",
                                     scheduler=schedule,
                                     settings=settings,
                                     show_early_adopter_builds=boolean,
                                     uninstall_protection="ENABLED",
                                     variants=variants
                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

schedule = {
    "enabled": boolean,
    "schedules": [
        {
            "days": [
                integer
            ],
            "end": "string",
            "start": "string"
        }
    ],
    "timezone": "string"
}

settings = {
    "build": "string",
    "scheduler": {
        "enabled": boolean,
        "schedules": [
            {
                "days": [
                    integer
                ],
                "end": "string",
                "start": "string"
            }
        ],
        "timezone": "string"
    },
    "show_early_adopter_builds": boolean,
    "uninstall_protection": "ENABLED",
    "variants": [
        {
            "build": "string",
            "platform": "string"
        }
    ]
}

variants = [
    {
        "build": "string",
        "platform": "string"
    }
]

response = falcon.updateSensorUpdatePoliciesV2(build="string",
                                               description="string",
                                               name="string",
                                               platform_name="string",
                                               scheduler=schedule,
                                               settings=settings,
                                               show_early_adopter_builds=boolean,
                                               uninstall_protection="ENABLED",
                                               variants=variants
                                               )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
  "resources": [
    {
      "description": "string",
      "name": "string",
      "platform_name": "string",
      "settings": {
        "build": "string",
        "scheduler": {
          "enabled": boolean,
          "schedules": [
            {
              "days": [
                integer
              ],
              "end": "string",
              "start": "string"
            }
          ],
          "timezone": "string"
        },
        "show_early_adopter_builds": boolean,
        "uninstall_protection": "ENABLED",
        "variants": [
          {
            "build": "string",
            "platform": "string"
          }
        ]
      }
    }
  ]
}

response = falcon.command("updateSensorUpdatePoliciesV2", body=BODY)
print(response)

querySensorUpdateKernelsDistinct

Retrieve kernel compatibility info for Sensor Update Builds

PEP8 method name

query_kernels

Endpoint

Method Route
GET /policy/queries/sensor-update-kernels/{}/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
distinct_field
Service Class Support

Uber Class Support
path string The field name to get distinct values for.

Default: id.
filter
Service Class Support

Uber Class Support
query string The filter expression that should be used to limit the results using FQL syntax.
limit
Service Class Support

Uber Class Support
query integer The maximum number of records to return. [1-500]
offset
Service Class Support

Uber Class Support
query integer The offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_kernels(distinct_field="string",
                                filter="string",
                                offset=integer,
                                limit=integer,
                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.querySensorUpdateKernelsDistinct(distinct_field="string",
                                                   filter="string",
                                                   offset=integer,
                                                   limit=integer,
                                                   )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("querySensorUpdateKernelsDistinct",
                          distinct_field="string",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          )
print(response)

querySensorUpdatePolicyMembers

Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria

PEP8 method name

query_policy_members

Endpoint

Method Route
GET /policy/queries/sensor-update-members/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
id
Service Class Support

No Uber Class Support
query string The ID of the Sensor Update Policy to search for members of.
filter
Service Class Support

No Uber Class Support
query string The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail.
limit
Service Class Support

No Uber Class Support
query integer The maximum number of records to return. [1-5000]
offset
Service Class Support

No Uber Class Support
query integer The offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
sort
Service Class Support

No Uber Class Support
query string The property to sort by in FQL syntax. Supports asc or desc.

Available sort options:
  • created_by
  • created_timestamp
  • enabled
  • modified_by
  • modified_timestamp
  • name
  • platform_name
  • precedence
Available filters

The following fields can be used to filter results retrieved from the API.

Name Description
created_by The username, email, or API client ID of the person who created the policy, as identified in the policy object.

When specifying an email address, use a letter p as an operator so that the @ sign is accepted.

You can also search by using the email username or the domain as the value.

For example, to filter on policies created by the email address [email protected]:
filter=created_by:p'[email protected]' (correct)
filter=created_by:'diana.hudson' (correct)
filter=created_by:'email.com' (correct)

filter=created_by:'diana' (incorrect)

Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b:
filter=created_by:'7a12....721b' (correct)

filter=created_by:'api-client-id:7a12....721b' (incorrect)
filter=created_by:'api-client-id' (incorrect)
created_timestamp The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ)

The timezone is always UTC as denoted by the suffix "Z".

filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
description Search for a term found in the policy description. The value must be entered in lowercase.

filter=description:'policy'
enabled Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.

filter=enabled:'true'
groups Enter a host group ID to find the policy it's been assigned to.

filter=groups:'1ef3....b0fe'
modified_by The username, email, or API client ID of the person who modified the policy, as identified in the policy object.

Values for this field follow the same rules as the created_by filter.
modified_timestamp The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ)

The timezone is always UTC as denoted by the suffix "Z".

Values for this field follow the same rules as the created_timestamp filter.
name Performs a free text search on single words found in a policy name.

Values must be entered as lowercase and enclosed in single quotes.

You can provide multiple name values separated by an &.

filter=name:'test'
name.raw Filters on exact matches to the full policy name.

Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters.

filter=name.raw:'Test sensor update Policy'
platform_name The name of the operating system listed in the policy.

One of:
  • Windows
  • Mac
  • Linux
filter=platform_name:'Windows'

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_policy_members(id="string",
                                       filter="string",
                                       offset=integer,
                                       limit=integer,
                                       sort="string"
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.querySensorUpdatePolicyMembers(id="string",
                                                 filter="string",
                                                 offset=integer,
                                                 limit=integer,
                                                 sort="string"
                                                 )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("querySensorUpdatePolicyMembers",
                          id="string",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

querySensorUpdatePolicies

Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria

PEP8 method name

query_policies

Endpoint

Method Route
GET /policy/queries/sensor-update/v1

Required Scope

sensor-update-policies:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

No Uber Class Support
query string The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail.
limit
Service Class Support

No Uber Class Support
query integer The maximum number of records to return. [1-5000]
offset
Service Class Support

No Uber Class Support
query integer The offset to start retrieving records from.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
sort
Service Class Support

No Uber Class Support
query string The property to sort by in FQL syntax. Supports asc or desc.

Available sort options:
  • created_by
  • created_timestamp
  • enabled
  • modified_by
  • modified_timestamp
  • name
  • platform_name
  • precedence
Available filters

The following fields can be used to filter results retrieved from the API.

Name Description
created_by The username, email, or API client ID of the person who created the policy, as identified in the policy object.

When specifying an email address, use a letter p as an operator so that the @ sign is accepted.

You can also search by using the email username or the domain as the value.

For example, to filter on policies created by the email address [email protected]:
filter=created_by:p'[email protected]' (correct)
filter=created_by:'diana.hudson' (correct)
filter=created_by:'email.com' (correct)

filter=created_by:'diana' (incorrect)

Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b:
filter=created_by:'7a12....721b' (correct)

filter=created_by:'api-client-id:7a12....721b' (incorrect)
filter=created_by:'api-client-id' (incorrect)
created_timestamp The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ)

The timezone is always UTC as denoted by the suffix "Z".

filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
description Search for a term found in the policy description. The value must be entered in lowercase.

filter=description:'policy'
enabled Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.

filter=enabled:'true'
groups Enter a host group ID to find the policy it's been assigned to.

filter=groups:'1ef3....b0fe'
modified_by The username, email, or API client ID of the person who modified the policy, as identified in the policy object.

Values for this field follow the same rules as the created_by filter.
modified_timestamp The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ)

The timezone is always UTC as denoted by the suffix "Z".

Values for this field follow the same rules as the created_timestamp filter.
name Performs a free text search on single words found in a policy name.

Values must be entered as lowercase and enclosed in single quotes.

You can provide multiple name values separated by an &.

filter=name:'test'
name.raw Filters on exact matches to the full policy name.

Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters.

filter=name.raw:'Test sensor update Policy'
platform_name The name of the operating system listed in the policy.

One of:
  • Windows
  • Mac
  • Linux
filter=platform_name:'Windows'

Usage

Service class example (PEP8 syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.query_policies(filter="string",
                                 offset=integer,
                                 limit=integer,
                                 sort="string"
                                 )
print(response)
Service class example (Operation ID syntax)
from falconpy import SensorUpdatePolicy

# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
                            client_secret=CLIENT_SECRET
                            )

response = falcon.querySensorUpdatePolicies(filter="string",
                                            offset=integer,
                                            limit=integer,
                                            sort="string"
                                            )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("querySensorUpdatePolicies",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string"
                          )
print(response)

CrowdStrike Falcon

Clone this wiki locally