Skip to content

Spotlight Evaluation Logic

Jump to bottom
Joshua Hiller edited this page Apr 5, 2022 · 8 revisions

CrowdStrike Falcon Twitter URL

Using the Spotlight Evaluation Logic service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
combinedQueryEvaluationLogic
PEP8 query_evaluation_logic_combined
Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.
getEvaluationLogic
PEP8 get_evaluation_logic
Get details on evaluation logic items by providing one or more IDs.
queryEvaluationLogic
PEP8 query_evaluation_logic
Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.

combinedQueryEvaluationLogic

Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.

PEP8 method name

query_evaluation_logic_combined

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
after
Service Class Support
Uber Class Support
 query string A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
limit
Service Class Support
Uber Class Support
 query integer Maximum number of entities to return.
filter
Service Class Support
Uber Class Support
 query string FQL query specifying the filter parameters.
sort
Service Class Support
Uber Class Support
 query string Sort evaluation logic by their properties.

Usage

Service class example (PEP8 syntax)
from falconpy.spotlight_evaluation_logic import SpotlightEvaluationLogic

falcon = SpotlightEvaluationLogic(client_id="API_CLIENT_ID_HERE",
                                  client_secret="API_CLIENT_SECRET_HERE"
                                  )

response = falcon.query_evaluation_logic_combined(after="string",
                                                  limit=integer,
                                                  filter="string",
                                                  sort="string"
                                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import SpotlightEvaluationLogic

falcon = SpotlightEvaluationLogic(client_id="API_CLIENT_ID_HERE",
                                  client_secret="API_CLIENT_SECRET_HERE"
                                  )

response = falcon.combinedQueryEvaluationLogic(after="string",
                                               limit=integer,
                                               filter="string",
                                               sort="string"
                                               )
print(response)
Uber class example
from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

response = falcon.command("combinedQueryEvaluationLogic",
                          after="string",
                          limit=integer,
                          filter="string",
                          sort="string"
                          )
print(response)

getEvaluationLogic

Get details on evaluation logic items by providing one or more IDs.

PEP8 method name

get_evaluation_logic

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support
Uber Class Support
 query array (string) One or more evaluation logic IDs.

Usage

Service class example (PEP8 syntax)
from falconpy.spotlight_evaluation_logic import SpotlightEvaluationLogic

falcon = SpotlightEvaluationLogic(client_id="API_CLIENT_ID_HERE",
                                  client_secret="API_CLIENT_SECRET_HERE"
                                  )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_evaluation_logic(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import SpotlightEvaluationLogic

falcon = SpotlightEvaluationLogic(client_id="API_CLIENT_ID_HERE",
                                  client_secret="API_CLIENT_SECRET_HERE"
                                  )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getEvaluationLogic(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getEvaluationLogic", ids=id_list)
print(response)

queryEvaluationLogic

Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.

PEP8 method name

query_evaluation_logic

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
after
Service Class Support
Uber Class Support
 query string A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
limit
Service Class Support
Uber Class Support
 query integer Maximum number of entities to return.
filter
Service Class Support
Uber Class Support
 query string FQL query specifying the filter parameters.
sort
Service Class Support
Uber Class Support
 query string Sort evaluation logic by their properties.

Usage

Service class example (PEP8 syntax)
from falconpy.spotlight_evaluation_logic import SpotlightEvaluationLogic

falcon = SpotlightEvaluationLogic(client_id="API_CLIENT_ID_HERE",
                                  client_secret="API_CLIENT_SECRET_HERE"
                                  )

response = falcon.query_evaluation_logic(after="string",
                                         limit=integer,
                                         filter="string",
                                         sort="string"
                                         )
print(response)
Service class example (Operation ID syntax)
from falconpy import SpotlightEvaluationLogic

falcon = SpotlightEvaluationLogic(client_id="API_CLIENT_ID_HERE",
                                  client_secret="API_CLIENT_SECRET_HERE"
                                  )

response = falcon.queryEvaluationLogic(after="string",
                                       limit=integer,
                                       filter="string",
                                       sort="string"
                                       )
print(response)
Uber class example
from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

response = falcon.command("queryEvaluationLogic",
                          after="string",
                          limit=integer,
                          filter="string",
                          sort="string"
                          )
print(response)

CrowdStrike Falcon

Clone this wiki locally