API Reference

The CrowdStrike Falcon API puts the full power of the Falcon platform in your hands. Automate threat response across thousands of endpoints. Build custom detection pipelines. Integrate real-time security telemetry into your SIEM, SOAR, or data lake. Hunt adversaries programmatically with the same intelligence CrowdStrike analysts use every day.

---

Explore by Domain

Endpoint Security

Manage hosts, investigate detections, respond to incidents, and track sensors across your fleet.

• Alerts · Hosts · Detects · Sensor Download · Host Group · Host Migration · Discover · Device Content · Mobile Enrollment · Quarantine · Sensor Usage

Real-Time Response

Execute commands on live endpoints, run scripts, contain compromised hosts, and manage RTR sessions at scale.

• Real Time Response · Real Time Response Admin · Real Time Response Audit

Threat Intelligence

Research adversaries, track indicators of compromise, query intelligence reports, and analyze malware.

• Intel · Intelligence Feeds · Intelligence Indicator Graph · IOC · IOCs · Recon · MalQuery · Tailored Intelligence · Falcon Intelligence Sandbox · ThreatGraph · CAO Hunting

Cloud & Container Security

Register cloud accounts, monitor containers and Kubernetes workloads, assess cloud posture, and track image vulnerabilities.

• Cloud Security · CSPM Registration · Cloud Security Assets · Cloud Security Compliance · Cloud Security Detections · Cloud Security Risks · Cloud Policies · Cloud AWS Registration · Cloud Azure Registration · Cloud GCP Registration · Cloud Google Cloud Registration · Cloud OCI Registration · Cloud Connect AWS · D4C Registration · Cloud Snapshots · Container Images · Container Vulnerabilities · Container Alerts · Container Detections · Container Image Compliance · Container Packages · Drift Indicators · Unidentified Containers · Kubernetes Protection · Kubernetes Container Compliance · Falcon Container · Image Assessment Policies

Vulnerability Management

Pull CVE data, prioritize remediation with ExPRT ratings, and track exposure risk across your environment.

• Spotlight Vulnerabilities · Spotlight Evaluation Logic · Spotlight Vulnerability Metadata · Exposure Management · Serverless Vulnerabilities

Identity & Access

Investigate entities, assess identity risk, manage users, and operate across multi-tenant MSSP environments.

• Identity Protection · User Management · MSSP (Flight Control) · OAuth2 · Installation Tokens · Certificate Based Exclusions · Zero Trust Assessment · Federated Connections

Data Pipelines & SIEM

Stream events in real time, execute CQL queries against Next-Gen SIEM, and build data ingestion pipelines.

• NGSIEM · Event Streams · FDR · Foundry LogScale · Correlation Rules · Correlation Rules Admin · Custom Storage

Policy & Configuration

Manage firewall rules, configure IOA exclusions, control sensor visibility, and customize detection behavior.

• Prevention Policy · Device Control Policies · Response Policies · Sensor Update Policy · Firewall Management · Firewall Policies · Custom IOA · IOA Exclusions · ML Exclusions · Sensor Visibility Exclusions · Content Update Policies · Admission Control Policies · Configuration Assessment · Configuration Assessment Evaluation Logic · Delivery Settings

Workflows & Automation

Orchestrate security operations with scheduled reports, on-demand scans, and automated workflows.

• Scheduled Reports · Report Executions · Workflows · On Demand Scan (ODS) · Quick Scan · Quick Scan Pro · IT Automation · FaaS Execution

Application Security

Manage application security posture, monitor SaaS integrations, and assess API risks.

• ASPM · SaaS Security · API Integrations

Data Protection

Configure data loss prevention policies and scan data at rest.

• Data Protection Configuration

File Integrity & Change Monitoring

Monitor file changes, manage policies, and track deviations across your environment.

• FileVantage · Sample Uploads · Downloads

Network Security

Scan networks, manage zones, discover assets, and report on scan results.

• Network Scan Scans · Network Scan Networks · Network Scan Templates · Network Scan Zones · Network Scan Scanners · Network Scan Scan Runs · Network Scan Scan Run Reports · Network Scan Global Configs

Case & Incident Management

Manage cases, track escalations, and coordinate response across your SOC.

• Case Management · Message Center · Falcon Complete Dashboard · Overwatch Dashboard

Knowledge & AI

Manage knowledge bases, files, and audit events for AI-powered workflows.

• Knowledge Bases · Knowledge Base Files · Knowledge Base Audit Events

Deployment & Updates

Manage deployments, releases, and serverless export jobs.

• Deployments · Serverless Exports

---

Integrate with Artificial Intelligence

The Falcon MCP Server gives AI assistants direct access to the CrowdStrike Falcon platform through the Model Context Protocol. Investigate threats, triage detections, query hosts, research adversaries, and automate security operations - all through natural language conversations with your AI tools.

Learn more about Falcon MCP →

---

Integrate with Code

Python

FalconPy

Scripting, automation, data pipelines, serverless functions, and SOC tooling.

PowerShell

PSFalcon

Windows administration, Active Directory, and endpoint management.

Go

goFalcon

Microservices, CLI tools, and high-throughput cloud-native systems.

TypeScript

FalconJS

Web dashboards, Node.js services, and serverless functions.

Rust

Rusty Falcon

Performance-critical agents, secure systems, and low-latency processing.

Ruby

Crimson Falcon

Rails applications, web services, and compliance workflows.