All Operations

A complete alphabetical index of all CrowdStrike API operations across every service collection. Each Operation ID is a unique, case-sensitive identifier used by the Falcon SDKs to reference a specific API call. Use this page as a quick-lookup reference when you know the operation name but not which collection it belongs to.

A

action_get_v1	IOC
Get Actions by ids.
action_query_v1	IOC
Query Actions.
ActionUpdateCount	Quarantine
Returns count of potentially affected quarantined files for each action.
addCIDGroupMembers	MSSP (Flight Control)
Add new CID Group member.
addRole	MSSP (Flight Control)
Assign new MSSP Role(s) between User Group and CID Group. It does not revoke existing role(s) between User Group and CID Group. User Group ID and CID Group ID have to be specified in request.
addUserGroupMembers	MSSP (Flight Control)
Add new User Group member. Maximum 500 members allowed per User Group.
admission_control_add_host_groups	Admission Control Policies
Add one or more host groups to an admission control policy.
admission_control_add_rule_group_custom_rule	Admission Control Policies
Add one or more custom Rego rules to a rule group in an admission control policy.
admission_control_create_policy	Admission Control Policies
Create an admission control policy.
admission_control_create_rule_groups	Admission Control Policies
Create one or more rule groups and add them to an existing admission control policy.
admission_control_delete_policies	Admission Control Policies
Delete an admission control policy.
admission_control_delete_rule_groups	Admission Control Policies
Delete rule groups.
admission_control_get_policies	Admission Control Policies
Get admission control policies.
admission_control_query_policies	Admission Control Policies
Search admission control policies.
admission_control_remove_host_groups	Admission Control Policies
Remove one or more host groups from an admission control policy.
admission_control_remove_rule_group_custom_rule	Admission Control Policies
Delete one or more custom Rego rules from all rule groups in an admission control policy.
admission_control_replace_rule_group_selectors	Admission Control Policies
Replace labels and/or namespaces of a rule group within an admission control policy.
admission_control_set_rule_group_precedence	Admission Control Policies
Change precedence of rule groups within an admission control policy.
admission_control_update_policy	Admission Control Policies
Update an admission control policy.
admission_control_update_policy_precedence	Admission Control Policies
Update admission control policy precedence.
admission_control_update_rule_groups	Admission Control Policies
Update a rule group.
aggregate_events	Firewall Management
Aggregate events for customer
aggregate_external_assets	Exposure Management
Returns external assets aggregates.
aggregate_networks	Network Scan Networks
Returns “networks” aggregations
aggregate_policy_rules	Firewall Management
Aggregate rules within a policy for customer
aggregate_query_scan_host_metadata	ODS (On Demand Scan)
Get aggregates on ODS scan-hosts data.
aggregate_rule_groups	Firewall Management
Aggregate rule groups for customer
aggregate_rules	Firewall Management
Aggregate rules for customer
aggregate_scan_runs	Network Scan Scan Runs
Returns “scan-runs” aggregations
aggregate_scanners	Network Scan Scanners
Returns “scanners” aggregations
aggregate_scans	ODS (On Demand Scan)
Get aggregates on ODS scan data.
aggregate_scansMixin0	Network Scan Scans
Returns “scans” aggregations
aggregate_scheduled_scans	ODS (On Demand Scan)
Get aggregates on ODS scheduled-scan data.
aggregate_zones	Network Scan Zones
Returns “zones” aggregations
AggregateAlerts	Falcon Complete Dashboard
Retrieve aggregate alerts values based on the matched filter
AggregateAllowList	Falcon Complete Dashboard
Retrieve aggregate allowlist ticket values based on the matched filter
AggregateAssessmentsGroupedByClustersV2	Kubernetes Container Compliance
Returns cluster details along with aggregated assessment results organized by cluster, including pass/fail assessment counts for various asset types.
AggregateAssessmentsGroupedByRulesV2	Kubernetes Container Compliance
Returns rule details along with aggregated assessment results organized by compliance rule, including pass/fail assessment counts.
AggregateBlockList	Falcon Complete Dashboard
Retrieve aggregate blocklist ticket values based on the matched filter
AggregateCases	Message Center
Retrieve aggregate case values based on the matched filter
AggregateComplianceByAssetType	Kubernetes Container Compliance
Provides aggregated compliance assessment metrics and rule status information, organized by asset type.
AggregateComplianceByClusterType	Kubernetes Container Compliance
Provides aggregated compliance assessment metrics and rule status information, organized by Kubernetes cluster type.
AggregateComplianceByFramework	Kubernetes Container Compliance
Provides aggregated compliance assessment metrics and rule status information, organized by compliance framework.
AggregateDeviceCountCollection	Falcon Complete Dashboard
Retrieve aggregate host/devices count based on the matched filter
AggregateEscalations	Falcon Complete Dashboard
Retrieve aggregate escalation ticket values based on the matched filter
AggregateFailedRulesByClustersV3	Kubernetes Container Compliance
Retrieves the most non-compliant clusters, ranked in descending order based on the number of failed compliance rules across severity levels (critical, high, medium, and low).
AggregateFCIncidents	Falcon Complete Dashboard
Retrieve aggregate incident values based on the matched filter
AggregateHuntingGuides	CAO Hunting
Aggregate Hunting Guides
AggregateImageAssessmentHistory	Container Images
Image assessment history
AggregateImageCount	Container Images
Aggregate count of images
AggregateImageCountByBaseOS	Container Images
Aggregate count of images grouped by Base OS distribution
AggregateImageCountByState	Container Images
Aggregate count of images grouped by state
AggregateIntelligenceQueries	CAO Hunting
Aggregate intelligence queries.
AggregateNotificationsExposedDataRecordsV1	Recon
Get notification exposed data record aggregates as specified via JSON in request body.
AggregateNotificationsV1	Recon
Get notification aggregates as specified via JSON in request body.
AggregatePreventionPolicy	Falcon Complete Dashboard
Retrieve aggregate prevention policy values based on the matched filter
AggregateRemediations	Falcon Complete Dashboard
Retrieve aggregate remediation ticket values based on the matched filter
aggregates_access_tags_post_v1	Case Management
Get access tag aggregates.
aggregates_file_details_post_v1	Case Management
Get file details aggregates as specified via json in the request body.
aggregates_knowledge_base_audit_events_v1	Knowledge Base Audit Events
Aggregate knowledge base audit events based on the provided msa criteria.
aggregates_knowledge_bases_v1	Knowledge Bases
Aggregate knowledge bases based on the provided msa criteria.
aggregates_notification_groups_post_v1	Case Management
Get notification groups aggregations
aggregates_notification_groups_post_v2	Case Management
Get notification groups aggregations
aggregates_rule_versions_post_v1	Correlation Rules
Get rules aggregates as specified via json in the request body.
aggregates_slas_post_v1	Case Management
Get SLA aggregations
aggregates_templates_post_v1	Case Management
Get templates aggregations
AggregatesDetectionsGlobalCounts	Overwatch Dashboard
Get the total number of detections pushed across all customers.
AggregateSensorUpdatePolicy	Falcon Complete Dashboard
Retrieve aggregate sensor update policy values based on the matched filter
AggregatesEvents	Overwatch Dashboard
Get aggregate OverWatch detection event info by providing an aggregate query.
AggregatesEventsCollections	Overwatch Dashboard
Get OverWatch detection event collection info by providing an aggregate query.
AggregatesIncidentsGlobalCounts	Overwatch Dashboard
Get the total number of incidents pushed across all customers.
AggregatesOWEventsGlobalCounts	Overwatch Dashboard
Get the total number of OverWatch events across all customers.
AggregateSupportIssues	Falcon Complete Dashboard
Retrieve aggregate support issue values based on the matched filter
AggregateTopFailedImages	Kubernetes Container Compliance
Retrieves the most non-compliant container images, ranked in descending order based on the number of failed assessments across severity levels (critical, high, medium, and low).
AggregateTotalDeviceCounts	Falcon Complete Dashboard
Retrieve aggregate total host/devices based on the matched filter
aggregateUsersV1	User Management
Get user aggregates as specified via json in request body.
api_preempt_proxy_post_graphql	Identity Protection
Identity Protection GraphQL API. Allows to retrieve entities, timeline activities, identity-based incidents and security assessment. Allows to perform actions on entities and identity-based incidents.
ArchiveDeleteV1	Sample Uploads
Delete an archive that was uploaded previously.
ArchiveGetV1	Sample Uploads
Retrieves the archives upload operation statuses. Status done means that archive was processed successfully. Status error means that archive was not processed successfully.
ArchiveListV1	Sample Uploads
Retrieves the archives files in chunks.
ArchiveUploadV1	Sample Uploads
Uploads an archive and extracts files list from it. Operation is asynchronous.
ArchiveUploadV2	Sample Uploads
Uploads an archive and extracts files list from it. Operation is asynchronous.
audit_events_query	Installation Tokens
Search for audit events by providing a FQL filter and paging details.
audit_events_read	Installation Tokens
Gets the details of one or more audit events by id.
AzureDownloadCertificate	CSPM Registration
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
AzureRefreshCertificate	CSPM Registration
Refresh certificate and returns JSON object(s) that contain the base64 encoded certificate for a service principal.

B

BatchActiveResponderCmd	Real Time Response
Batch executes a RTR active-responder command across the hosts mapped to the given batch ID.
BatchAdminCmd	Real Time Response Admin
Batch executes a RTR administrator command across the hosts mapped to the given batch ID.
BatchCmd	Real Time Response
Batch executes a RTR read-only command across the hosts mapped to the given batch ID.
BatchGetCmd	Real Time Response
Batch executes get command across hosts to retrieve files. After this call is made BatchGetCmdStatus is used to query for the results.
BatchGetCmdStatus	Real Time Response
Retrieves the status of the specified batch get command. Will return successful files when they are finished processing.
BatchInitSessions	Real Time Response
Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host.
BatchRefreshSessions	Real Time Response
Batch refresh a RTR session on multiple hosts. RTR sessions will expire after 5 minutes unless refreshed.
blob_download_external_assets	Exposure Management
Download the entire contents of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.
blob_preview_external_assets	Exposure Management
Download a preview of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.
BulkInstallParsers	NGSIEM
Install multiple CrowdStrike-managed out-of-the-box (OOTB) parsers.

C

cancel_scans	ODS (On Demand Scan)
Cancel ODS scans for the given scan ids.
CaseAddActivity	Message Center
Add an activity to case. Only activities of type comment are allowed via API
CaseAddAttachment	Message Center
Upload an attachment for the case.
CaseDownloadAttachment	Message Center
retrieves an attachment for the case, given the attachment id
cb_exclusions_create_v1	Certificate Based Exclusions
Create new Certificate Based Exclusions.
cb_exclusions_delete_v1	Certificate Based Exclusions
Delete the exclusions by id.
cb_exclusions_get_v1	Certificate Based Exclusions
Find all exclusion IDs matching the query with filter.
cb_exclusions_query_v1	Certificate Based Exclusions
Search for cert-based exclusions.
cb_exclusions_update_v1	Certificate Based Exclusions
Updates existing Certificate Based Exclusions.
certificates_get_v1	Certificate Based Exclusions
Retrieves certificate signing information for a file.
cloud_compliance_framework_posture_summaries	Cloud Security Compliance
Get sections and requirements with scores for benchmarks.
cloud_compliance_rule_posture_summaries	Cloud Security Compliance
Get compliance score and counts for rules.
cloud_registration_aws_create_account	Cloud AWS Registration
Creates a new account in our system for a customer.
cloud_registration_aws_delete_account	Cloud AWS Registration
Deletes an existing AWS account or organization in our system.
cloud_registration_aws_get_accounts	Cloud AWS Registration
Retrieve existing AWS accounts by account IDs.
cloud_registration_aws_query_accounts	Cloud AWS Registration
Retrieve existing AWS accounts by account IDs.
cloud_registration_aws_trigger_health_check	Cloud AWS Registration
Trigger health check scan for AWS accounts.
cloud_registration_aws_update_account	Cloud AWS Registration
Patches a existing account in our system for a customer.
cloud_registration_aws_validate_accounts	Cloud AWS Registration
Validates the AWS account registration status, and discover organization child accounts if organization is specified.
cloud_registration_azure_create_registration	Cloud Azure Registration
Create an Azure registration for a tenant.
cloud_registration_azure_delete_legacy_subscription	Cloud Azure Registration
Delete existing legacy Azure subscriptions.
cloud_registration_azure_delete_registration	Cloud Azure Registration
Deletes existing Azure registrations.
cloud_registration_azure_download_script	Cloud Azure Registration
Retrieve script to create resources.
cloud_registration_azure_get_registration	Cloud Azure Registration
Retrieve existing Azure registration for a tenant.
cloud_registration_azure_trigger_health_check	Cloud Azure Registration
Trigger health check scan for Azure registrations.
cloud_registration_azure_update_registration	Cloud Azure Registration
Update an existing Azure registration for a tenant.
cloud_registration_azure_validate_registration	Cloud Azure Registration
Validate an Azure registration by checking service principal, role assignments and deployment stack (if the deployment method is Bicep)
cloud_registration_gcp_create_registration	Cloud GCP Registration
Create a Google Cloud Registration.
cloud_registration_gcp_create_registration	Cloud Google Cloud Registration
Create a Google Cloud Registration.
cloud_registration_gcp_delete_registration	Cloud GCP Registration
Deletes a Google Cloud Registration and returns the deleted registration in the response body.
cloud_registration_gcp_delete_registration	Cloud Google Cloud Registration
Deletes a Google Cloud Registration and returns the deleted registration in the response body.
cloud_registration_gcp_get_entities	Cloud GCP Registration
Retrieve all GCP entities (organizations, folders, projects) grouped by type with support for FQL filtering, sorting, and pagination.
cloud_registration_gcp_get_entities	Cloud Google Cloud Registration
Retrieve all GCP entities (organizations, folders, projects) grouped by type with support for FQL filtering, sorting, and pagination.
cloud_registration_gcp_get_registration	Cloud GCP Registration
Retrieve a Google Cloud Registration.
cloud_registration_gcp_get_registration	Cloud Google Cloud Registration
Retrieve a Google Cloud Registration.
cloud_registration_gcp_put_registration	Cloud GCP Registration
Creates/Updates a Google Cloud Registration.
cloud_registration_gcp_put_registration	Cloud Google Cloud Registration
Creates/Updates a Google Cloud Registration.
cloud_registration_gcp_trigger_health_check	Cloud GCP Registration
Trigger health check scan for GCP registrations
cloud_registration_gcp_trigger_health_check	Cloud Google Cloud Registration
Trigger health check scan for GCP registrations
cloud_registration_gcp_update_registration	Cloud GCP Registration
Update a Google Cloud Registration.
cloud_registration_gcp_update_registration	Cloud Google Cloud Registration
Update a Google Cloud Registration.
cloud_security_assets_combined_application_findings	Cloud Security Assets
Get findings for an application resource with pagination.
cloud_security_assets_combined_compliance_by_account	Cloud Security Assets
Get combined compliance by account.
cloud_security_assets_entities_get	Cloud Security Assets
Gets raw resources based on the provided IDs param. Maximum of 100 resources can be requested with this method. Use POST method with same path if more are required.
cloud_security_assets_queries	Cloud Security Assets
Query cloud security assets.
cloud_security_registration_oci_create_account	Cloud OCI Registration
Create OCI tenancy account in CSPM
cloud_security_registration_oci_delete_account	Cloud OCI Registration
Delete an existing OCI tenancy in CSPM.
cloud_security_registration_oci_download_script	Cloud OCI Registration
Retrieve script to create resources in tenancy OCID
cloud_security_registration_oci_get_account	Cloud OCI Registration
Retrieve a list of OCI tenancies with support for FQL filtering, sorting, and pagination
cloud_security_registration_oci_rotate_key	Cloud OCI Registration
Refresh key for the OCI Tenancy
cloud_security_registration_oci_update_account	Cloud OCI Registration
Update an existing OCI account.
cloud_security_registration_oci_validate_tenancy	Cloud OCI Registration
Validate the OCI account in CSPM for a provided CID. For internal clients only.
cloud_security_timeline_risks_enriched	Cloud Security Risks
Returns the enriched asset timeline. Rate limited to 500 requests per minute per CID. Exceeding this limit returns HTTP 429 (Too Many Requests).
combined_applications	Discover
Search for applications in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns details on applications which match the filter criteria.
combined_cloud_risks	Cloud Security
Get cloud risks with full details based on filters and sort criteria.
combined_ecosystem_subsidiaries	Exposure Management
Retrieves a list of ecosystem subsidiaries with their detailed information.
combined_edges_get	ThreatGraph
Retrieve edges for a given vertex id. One edge type must be specified.
combined_file_details_get_v1	Case Management
Query file details
combined_hosts	Discover
Search for assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns details on assets which match the filter criteria.
combined_knowledge_base_audit_events_v1	Knowledge Base Audit Events
Get knowledge base audit events with full event details and pagination.
combined_ran_on_get	ThreatGraph
Look up instances of indicators such as hashes, domain names, and ip addresses that have been seen on devices in your environment.
combined_rules_get_v1	Correlation Rules
Find all rules matching the query and filter.
combined_rules_get_v2	Correlation Rules
Find all rules matching the query and filter.
combined_summary_get	ThreatGraph
Retrieve summary for a given vertex ID.
combined_zones	Network Scan Zones
Get “zones” by filter
CombinedBaseImages	Container Images
Retrieve base images identified by the provided filter criteria
CombinedDetections	Cloud Snapshots
Search IaC Detections using a query in Falcon Query Language.
CombinedDevicesByFilter	Hosts
Search for hosts. Returns full device records.
CombinedHiddenDevicesByFilter	Hosts
Search for hidden hosts. Returns full device records.
CombinedImageByVulnerabilityCount	Container Images
Retrieve top x images with the most vulnerabilities
CombinedImageDetail	Container Images
Retrieve image entities identified by the provided filter criteria
CombinedImageIssuesSummary	Container Images
Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities
CombinedImagesFindings	Kubernetes Container Compliance
Returns detailed compliance assessment results for container images, providing the information needed to identify compliance violations.
CombinedImageVulnerabilitySummary	Container Images
aggregates information about vulnerabilities for an image
CombinedNodesFindings	Kubernetes Container Compliance
Returns detailed compliance assessment results for kubernetes nodes, providing the information needed to identify compliance violations.
combinedQueryEvaluationLogic	Spotlight Evaluation Logic
Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.
combinedQueryVulnerabilities	Spotlight Vulnerabilities
Search for Vulnerabilities in your environment by providing a FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria.
CombinedReleaseNotesV1	Deployments
Queries for releases resources and returns details.
CombinedReleasesV1Mixin0	Deployments
Queries for releases resources and returns details.
combinedSupportedEvaluationExt	Spotlight Evaluation Logic
Perform a combined query and get for RiskSupportedEvaluation entities.
combinedUserRolesV1	User Management
Get user grant(s). This operation lists both direct as well as flight control grants between a User and a Customer.
CombinedUserRolesV2	User Management
Get user grant(s). This operation lists both direct as well as flight control grants between a User and a Customer.
combineVulnMetadataExt	Spotlight Vulnerability Metadata
Perform a combined query and get operation for retrieving Risk (vulnerability metadata) entities.
ConnectCSPMGCPAccount	CSPM Registration
Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id
ConnectD4CGCPAccount	D4C Registration
Creates a new GCP account with newly-uploaded service account or connects with existing service account.
create_network_locations	Firewall Management
Create new network locations provided, and return the ID.
create_networks	Network Scan Networks
Create “networks” using provided specifications
create_rule	Custom IOA
Create a rule within a rule group. Returns the rule.
create_rule_group	Firewall Management
Create new rule group on a platform for a customer with a name and description, and return the ID
create_rule_group_validation	Firewall Management
Validates the request of creating a new rule group on a platform for a customer with a name and description
create_rule_groupMixin0	Custom IOA
Create a rule group for a platform with a name and an optional description. Returns the rule group.
create_scan	ODS (On Demand Scan)
Create ODS scan and start or schedule scan for the given scan request.
create_scan_runs	Network Scan Scan Runs
Create “scan-runs” using provided specifications
create_scans	Network Scan Scans
Create “scans” using provided specifications
create_templates	Network Scan Templates
Create “templates” using provided specifications
create_zones	Network Scan Zones
Create “zones” using provided specifications
CreateActionsV1	Recon
Create actions for a monitoring rule. Accepts a list of actions that will be attached to the monitoring rule.
CreateAWSAccount	Kubernetes Protection
Creates a new AWS account in our system for a customer and generates the installation script
CreateAzureSubscription	Kubernetes Protection
Creates a new Azure Subscription in our system
CreateBaseImagesEntities	Container Images
Creates base images using the provided details
CreateCaseV2	Message Center
create a new case
createCIDGroups	MSSP (Flight Control)
Create new CID Group(s). Maximum 500 CID Group(s) allowed.
CreateCloudGroupExternal	Cloud Security
Create a new Cloud Group with specified properties and selectors.
CreateComplianceControl	Cloud Policies
Create a new custom compliance control.
CreateComplianceFramework	Cloud Policies
Create a new custom compliance framework.
createContentUpdatePolicies	Content Update Policies
Create Content Update Policies by specifying details about the policy to create.
CreateCSPMAwsAccount	CSPM Registration
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
CreateCSPMAzureAccount	CSPM Registration
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
CreateCSPMAzureManagementGroup	CSPM Registration
Creates a new management group in our system for a customer.
CreateCSPMGCPAccount	CSPM Registration
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
CreateD4CAwsAccount	D4C Registration
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
CreateD4CGCPAccount	D4C Registration
Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
CreateDashboardFromTemplate	NGSIEM
Create dashboard from template.
CreateDeploymentEntity	Cloud Snapshots
Launch a snapshot scan for a given cloud asset.
createDeviceControlPolicies	Device Control Policies
Create Device Control Policies by specifying details about the policy to create.
CreateDiscoverCloudAzureAccount	D4C Registration
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
CreateExecutorNode	ASPM
Create a new relay node
CreateExportJobsV1	Recon
Launch asynchronous export job. Use the job ID to poll the status of the job using GetExportJobsV1.
CreateFileV1	Foundry LogScale
Creates a lookup file.
createFirewallPolicies	Firewall Policies
Create Firewall Policies by specifying details about the policy to create
createHostGroups	Host Group
Create Host Groups by specifying details about the group to create
CreateIntegration	ASPM
Create a new integration
CreateIntegrationTask	ASPM
Create new integration task.
createIOAExclusionsV1	IOA Exclusions
Create the IOA exclusions.
CreateIOC	IOCs
This operation has been superseded by the IOC.indicator_create_v1 operation and is no longer used.
CreateLookupFile	NGSIEM
Create lookup file.
CreateMigrationV1	Host Migration
Create a device migration job.
createMLExclusionsV1	ML Exclusions
Create the ML exclusions.
CreateOrUpdateAWSSettings	Cloud Connect AWS
Create or update Global Settings which are applicable to all provisioned AWS accounts
CreateParser	NGSIEM
Create Parser in NGSIEM.
CreateParserFromTemplate	NGSIEM
Create Parser in NGSIEM from template.
createPolicies	FileVantage
Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.
CreatePolicies	Image Assessment Policies
Create Image Assessment policies
CreatePolicyGroups	Image Assessment Policies
Create Image Assessment Policy Group entities
createPreventionPolicies	Prevention Policy
Create Prevention Policies by specifying details about the policy to create
CreateRegistryEntities	Falcon Container
Create registry entities using the provided detail.
createRTResponsePolicies	Response Policies
Create Response Policies by specifying details about the policy to create
createRuleGroups	FileVantage
Creates a new rule group of the specified type.
CreateRuleMixin0	Cloud Policies
Create a new rule.
CreateRuleOverride	Cloud Policies
Create a new rule override.
createRules	FileVantage
Creates a new rule configuration within the specified rule group.
CreateRulesV1	Recon
Create monitoring rules.
CreateSavedQuery	NGSIEM
Create Saved Query from LogScale YAML Template in NGSIEM.
CreateSavedSearchesDynamicExecuteV1	Foundry LogScale
Execute a dynamic saved search
CreateSavedSearchesExecuteV1	Foundry LogScale
Execute a saved search
CreateSavedSearchesIngestV1	Foundry LogScale
Populate a saved search
createScheduledExclusions	FileVantage
Creates a new scheduled exclusion configuration for the provided policy id.
createSensorUpdatePolicies	Sensor Update Policy
Create Sensor Update Policies by specifying details about the policy to create.
createSensorUpdatePoliciesV2	Sensor Update Policy
Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection.
CreateSuppressionRule	Cloud Policies
Create a new suppression rule.
createSVExclusionsV1	Sensor Visibility Exclusions
Create a sensor visibility exclusion.
CreateUser	User Management
Create a new user. After creating a user, assign one or more roles with GrantUserRoleIds.
createUserGroups	MSSP (Flight Control)
Create new User Group(s). Maximum 500 User Group(s) allowed per customer.
createUserV1	User Management
Create a new user. After creating a user, assign one or more roles with userRolesActionV1. Supports Flight Control.
cspm_evaluations_combined_iom_by_rule	Cloud Security Detections
Return IOMs grouped by rule.
cspm_evaluations_iom_entities	Cloud Security Detections
Gets IOMs based on the provided IDs
cspm_evaluations_iom_queries	Cloud Security Detections
Gets a list of IOM IDs for the given parameters, filters and sort criteria.
customer_settings_read	Installation Tokens
Check current installation token settings.
customer_settings_update	Installation Tokens
Update installation token settings.

D

delete_external_assets	Exposure Management
Delete multiple external assets.
delete_federated_connections_config	Federated Connections
Delete configuration for a federated connection
delete_network_locations	Firewall Management
Delete network location entities by ID.
delete_networks	Network Scan Networks
Delete “networks” by their IDs
delete_policy_rules	Identity Protection
Delete policy rules.
delete_rule_groups	Firewall Management
Delete rule group entities by ID
delete_rule_groupsMixin0	Custom IOA
Delete rule groups by ID.
delete_rules	Custom IOA
Delete rules from a rule group by ID.
delete_scans	Network Scan Scans
Delete “scans” by their IDs
delete_scheduled_scans	ODS (On Demand Scan)
Delete ODS scheduled-scans for the given scheduled-scan ids.
delete_templates	Network Scan Templates
Delete “templates” by their IDs
delete_zones	Network Scan Zones
Delete “zones” by their IDs
DeleteActionV1	Recon
Delete an action from a monitoring rule based on the action ID.
DeleteAWSAccounts	Cloud Connect AWS
Delete a set of AWS Accounts by specifying their IDs
DeleteAWSAccountsMixin0	Kubernetes Protection
Delete AWS accounts.
DeleteAzureSubscription	Kubernetes Protection
Delete an Azure Subscription from the system.
DeleteBaseImages	Container Images
Delete base images by base image UUID
deleteCIDGroupMembers	MSSP (Flight Control)
Delete CID Group members entry.
deleteCIDGroupMembersV1	MSSP (Flight Control)
Deprecated: Please use deleteCIDGroupMembersV2.
deleteCIDGroups	MSSP (Flight Control)
Delete CID Group(s) by ID(s).
DeleteCloudGroupsExternal	Cloud Security
Delete Cloud Groups in batch by their UUIDs.
DeleteComplianceControl	Cloud Policies
Delete custom compliance controls.
DeleteComplianceFramework	Cloud Policies
Delete a custom compliance framework and all associated controls and rule assignments.
deleteContentUpdatePolicies	Content Update Policies
Delete a set of Content Update Policies by specifying their IDs.
DeleteCSPMAwsAccount	CSPM Registration
Deletes an existing AWS account or organization in our system.
DeleteCSPMAzureAccount	CSPM Registration
Deletes an Azure subscription from the system.
DeleteCSPMAzureManagementGroup	CSPM Registration
Deletes Azure management groups from the system.
DeleteCSPMGCPAccount	CSPM Registration
Deletes a GCP account from the system.
DeleteD4CAwsAccount	D4C Registration
Deletes an existing AWS account or organization in our system.
DeleteD4CGCPAccount	D4C Registration
Deletes a GCP account from the system.
DeleteDashboard	NGSIEM
Delete dashboard.
deleteDeviceControlPolicies	Device Control Policies
Delete a set of Device Control Policies by specifying their IDs.
deletedRoles	MSSP (Flight Control)
Delete MSSP Role assignment(s) between User Group and CID Group. User Group ID and CID Group ID have to be specified in request. Only specified roles are removed if specified in request payload, else association between User Group and CID Group is dissolved completely (if no roles specified).
DeleteExecutorNode	ASPM
Delete a relay node
DeleteExportJobsV1	Recon
Delete export jobs (and their associated file(s)) based on their IDs.
DeleteFile	Quick Scan Pro
Deletes file by its sha256 identifier.
deleteFirewallPolicies	Firewall Policies
Delete a set of Firewall Policies by specifying their IDs
DeleteGroup	ASPM

deleteHostGroups	Host Group
Delete a set of Host Groups by specifying their IDs
DeleteImageDetails	Falcon Container
Delete image details from the CrowdStrike registry.
DeleteIntegration	ASPM
Delete an existing integration by its ID
DeleteIntegrationTask	ASPM
Delete an existing integration task by its ID
deleteIOAExclusionsV1	IOA Exclusions
Delete the IOA exclusions by ID.
DeleteIOC	IOCs
This operation has been superseded by the IOC.indicator_delete_v1 operation and is no longer used.
DeleteLookupFile	NGSIEM
Delete lookup file.
deleteMLExclusionsV1	ML Exclusions
Delete the ML exclusions by ID.
DeleteNotificationsV1	Recon
Delete notifications based on IDs. Notifications cannot be recovered after they are deleted.
DeleteObject	Custom Storage
Delete the specified object.
DeleteParser	NGSIEM
Delete Parser in NGSIEM.
deletePolicies	FileVantage
Deletes 1 or more policies.
DeletePolicy	Image Assessment Policies
Delete Image Assessment Policy by policy UUID
DeletePolicyGroup	Image Assessment Policies
Delete Image Assessment Policy Group entities
deletePreventionPolicies	Prevention Policy
Delete a set of Prevention Policies by specifying their IDs
DeleteRegistryEntities	Falcon Container
Delete registry entities by UUID.
DeleteReport	Falconx Sandbox
Delete report based on the report ID. Operation can be checked for success by polling for the report ID on the report-summaries endpoint.
deleteRTResponsePolicies	Response Policies
Delete a set of Response Policies by specifying their IDs
deleteRuleGroups	FileVantage
Deletes 1 or more rule groups.
DeleteRuleMixin0	Cloud Policies
Delete a rule.
DeleteRuleOverride	Cloud Policies
Delete a rule override.
deleteRules	FileVantage
Deletes 1 or more rules from the specified rule group.
DeleteRulesV1	Recon
Delete monitoring rules.
DeleteSampleV2	Falconx Sandbox
Removes a sample, including file, meta and submissions from the collection
DeleteSampleV3	Sample Uploads
Removes a sample, including file, meta and submissions from the collection.
DeleteSavedQuery	NGSIEM
Delete Saved Query in NGSIEM.
DeleteScanResult	Quick Scan Pro
Deletes the result of an QuickScan Pro scan.
deleteScheduledExclusions	FileVantage
Deletes 1 or more scheduled exclusions from the provided policy id.
deleteSensorUpdatePolicies	Sensor Update Policy
Delete a set of Sensor Update Policies by specifying their IDs.
deleteSensorVisibilityExclusionsV1	Sensor Visibility Exclusions
Delete the sensor visibility exclusions by ID.
DeleteSuppressionRules	Cloud Policies
Delete Suppression Rules by ID.
DeleteTags	ASPM
Remove existing tags
DeleteUser	User Management
Delete a user permanently.
deleteUserGroupMembers	MSSP (Flight Control)
Delete User Group members entry.
deleteUserGroups	MSSP (Flight Control)
Delete User Group(s) by ID(s).
deleteUserV1	User Management
Delete a user permanently. Supports Flight Control.
DeleteVersionedObject	Custom Storage
Delete the specified versioned object.
DescribeCollection	Custom Storage
Fetch metadata about an existing collection.
DescribeCollections	Custom Storage
Fetch metadata about one or more existing collections.
DevicesCount	IOC
Number of hosts in your customer account that have observed a given custom IOC
DevicesCount	IOCs
Number of hosts in your customer account that have observed a given custom IOC.
DevicesRanOn	IOC
Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1
DevicesRanOn	IOCs
Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1.
DiscoverCloudAzureDownloadCertificate	D4C Registration
Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
DismissAffectedEntityV3	SaaS Security
Dismiss affected entity.
DismissSecurityCheckV3	SaaS Security
Dismiss security check.
download_azure_script	Cloud Azure Registration
Download Azure deployment script (Terraform or Bicep).
DownloadExportFile	Falcon Container
Download an export file.
DownloadExportFileMixin0	Serverless Exports
Download an export file.
DownloadFeedArchive	Intelligence Feeds
Download feed file contents as a zip archive.
DownloadFile	Downloads
Gets pre-signed URL for the file.
DownloadSensorInstallerById	Sensor Download
Download sensor installer by SHA256 ID
DownloadSensorInstallerByIdV2	Sensor Download
Download sensor installer by SHA256 ID
DownloadSensorInstallerByIdV3	Sensor Download
Download sensor installer by SHA256 ID

E

entities_access_tags_get_v1	Case Management
Get access tags.
entities_alert_evidence_post_v1	Case Management
Adds the given list of alert evidence to the specified case.
entities_case_tags_delete_v1	Case Management
Removes the specified tags from the specified case.
entities_case_tags_post_v1	Case Management
Adds the given list of tags to the specified case.
entities_cases_patch_v2	Case Management
Updates given fields on the specified case.
entities_cases_post_v2	Case Management
Retrieves all Cases given their IDs.
entities_cases_put_v2	Case Management
Creates the given Case
entities_classification_delete_v2	Data Protection Configuration
Deletes classifications that match the provided ids
entities_classification_get_v2	Data Protection Configuration
Gets the classifications that match the provided ids
entities_classification_patch_v2	Data Protection Configuration
Update classifications
entities_classification_post_v2	Data Protection Configuration
Create classifications
entities_cloud_application_create	Data Protection Configuration
Persist the given cloud application for the provided entity instance
entities_cloud_application_delete	Data Protection Configuration
Delete cloud application.
entities_cloud_application_get	Data Protection Configuration
Get a particular cloud-application
entities_cloud_application_patch	Data Protection Configuration
Update a cloud application.
entities_content_pattern_create	Data Protection Configuration
Persist the given content pattern for the provided entity instance.
entities_content_pattern_delete	Data Protection Configuration
Delete content pattern.
entities_content_pattern_get	Data Protection Configuration
Get a particular content-pattern(s).
entities_content_pattern_patch	Data Protection Configuration
Update a content pattern.
entities_enterprise_account_create	Data Protection Configuration
Persist the given enterprise account for the provided entity instance.
entities_enterprise_account_delete	Data Protection Configuration
Delete enterprise account.
entities_enterprise_account_get	Data Protection Configuration
Get a particular enterprise-account(s).
entities_enterprise_account_patch	Data Protection Configuration
Update a enterprise account.
entities_event_evidence_post_v1	Case Management
Adds the given list of event evidence to the specified case.
entities_fields_get_v1	Case Management
Get fields by ID
entities_file_details_get_v1	Case Management
Get file details by id
entities_file_details_patch_v1	Case Management
Update file details
entities_file_type_get	Data Protection Configuration
Get a particular file-type.
entities_files_bulk_download_post_v1	Case Management
Download multiple existing file from case as a ZIP
entities_files_delete_v1	Case Management
Delete file details by id
entities_files_download_get_v1	Case Management
Download existing file from case
entities_files_upload_post_v1	Case Management
Upload file for case
entities_get_rtr_file_metadata_post_v1	Case Management
Get metadata for a file via RTR without retrieving it.
entities_knowledge_base_audit_events_v1	Knowledge Base Audit Events
Retrieve knowledge base audit event entities by their IDs.
entities_knowledge_base_files_create_v1	Knowledge Base Files
Upload a file to a knowledge base.
entities_knowledge_base_files_delete_v1	Knowledge Base Files
Delete document from knowledge base.
entities_knowledge_base_files_download_v1	Knowledge Base Files
Download knowledge base file entities for the provided id.
entities_knowledge_base_files_update_v1	Knowledge Base Files
Update an existing file in a knowledge base. Supports updating file content and optionally its description.
entities_knowledge_base_files_v1	Knowledge Base Files
Retrieve knowledge base file entities for the provided id.
entities_knowledge_bases_create_v1	Knowledge Bases
Create or update a knowledge base. For deletion, provide knowledge base with IsDeleted=true.
entities_knowledge_bases_update_v1	Knowledge Bases
Update an existing knowledge base.
entities_knowledge_bases_v1	Knowledge Bases
Retrieve knowledge base entities for the provided id.
entities_latest_rules_get_v1	Correlation Rules
Retrieve latest rule versions by rule IDs.
entities_local_application_create	Data Protection Configuration
Persist the given local application for the provided entity instance.
entities_local_application_delete	Data Protection Configuration
Soft Delete local application. The application wont be visible anymore, but will still be in the database.
entities_local_application_get	Data Protection Configuration
Get a particular local application.
entities_local_application_group_create	Data Protection Configuration
Persist the given local application group for the provided entity instance.
entities_local_application_group_delete	Data Protection Configuration
Soft Delete local application. The application won’t be visible anymore, but will still be in the database.
entities_local_application_group_get	Data Protection Configuration
Get particular local application groups.
entities_local_application_group_patch	Data Protection Configuration
Update a local application group.
entities_local_application_patch	Data Protection Configuration
Update a local application.
entities_notification_groups_delete_v1	Case Management
Delete notification groups by ID
entities_notification_groups_delete_v2	Case Management
Delete notification groups by ID
entities_notification_groups_get_v1	Case Management
Get notification groups by ID
entities_notification_groups_get_v2	Case Management
Get notification groups by ID
entities_notification_groups_patch_v1	Case Management
Update notification group
entities_notification_groups_patch_v2	Case Management
Update notification group
entities_notification_groups_post_v1	Case Management
Create notification group
entities_notification_groups_post_v2	Case Management
Create notification group
entities_policy_delete_v2	Data Protection Configuration
Delete policies that match the provided ids.
entities_policy_get_v2	Data Protection Configuration
Get policies that match the provided ids.
entities_policy_patch_v2	Data Protection Configuration
Update policies.
entities_policy_post_v2	Data Protection Configuration
Create policies.
entities_policy_precedence_post_v1	Data Protection Configuration
Update Policy Precedence.
entities_processes	IOC
For the provided ProcessID retrieve the process details
entities_processes	IOCs
For the provided ProcessID retrieve the process details.
entities_retrieve_rtr_file_post_v1	Case Management
Retrieve a file from host using RTR and add it to a case.
entities_retrieve_rtr_recent_file_post_v1	Case Management
Retrieve a recently fetched RTR file and add it to a case.
entities_rule_versions_delete_v1	Correlation Rules
Delete versions by IDs.
entities_rule_versions_export_post_v1	Correlation Rules
Export rule versions.
entities_rule_versions_import_post_v1	Correlation Rules
Import rule versions.
entities_rule_versions_publish_patch_v1	Correlation Rules
Publish existing rule version.
entities_rules_delete_v1	Correlation Rules
Delete rules by IDs.
entities_rules_get_v1	Correlation Rules
Retrieve rules by IDs.
entities_rules_get_v2	Correlation Rules
Retrieve rule versions by IDs.
entities_rules_ownership_put_v1	Correlation Rules Admin
Change the owner of an existing Correlation Rule
entities_rules_patch_v1	Correlation Rules
Update a correlation rule.
entities_rules_post_v1	Correlation Rules
Create a correlation rule.
entities_sensitivity_label_create_v2	Data Protection Configuration
Create new sensitivity label (V2).
entities_sensitivity_label_delete_v2	Data Protection Configuration
Delete sensitivity labels matching the IDs (V2).
entities_sensitivity_label_get_v2	Data Protection Configuration
Get sensitivity label matching the IDs (V2).
entities_slas_delete_v1	Case Management
Delete SLAs
entities_slas_get_v1	Case Management
Get SLAs by ID
entities_slas_patch_v1	Case Management
Update SLA
entities_slas_post_v1	Case Management
Create SLA
entities_states_v1	Device Content
Retrieve the host content state for a number of ids between 1 and 100.
entities_template_snapshots_get_v1	Case Management
Get template snapshots
entities_templates_delete_v1	Case Management
Delete templates
entities_templates_export_get_v1	Case Management
Export templates to files in a zip archive
entities_templates_get_v1	Case Management
Get templates by ID
entities_templates_get_v1Mixin0	Correlation Rules
Retrieve rule templates by IDs.
entities_templates_import_post_v1	Case Management
Import a template from a file
entities_templates_patch_v1	Case Management
Update template
entities_templates_post_v1	Case Management
Create template
entities_templates_rules_post_v1	Correlation Rules
Create rule from template.
entities_vertices_get	ThreatGraph
Retrieve metadata for a given vertex ID.
entities_vertices_getv2	ThreatGraph
Retrieve metadata for a given vertex ID.
entities_web_location_create_v2	Data Protection Configuration
Persist the given web-locations.
entities_web_location_delete_v2	Data Protection Configuration
Delete web-location.
entities_web_location_get_v2	Data Protection Configuration
Get web-location entities matching the provided ID(s).
entities_web_location_patch_v2	Data Protection Configuration
Update a web-location.
entitiesRolesGETV2	User Management
Get info about a role.
entitiesRolesV1	User Management
Get info about a role, supports Flight Control.
EnumerateFile	Downloads
Enumerates a list of files available for CID.
exclusions_aggregates_v2	ML Exclusions
Get exclusion aggregates as specified via json in request body.
exclusions_create_v2	ML Exclusions
Create the exclusions, with ancestor fields.
exclusions_delete_v2	ML Exclusions
Delete the exclusions by id, with ancestor fields.
exclusions_get_all_v2	ML Exclusions
Get all exclusions.
exclusions_get_reports_v2	ML Exclusions
Create a report of ML exclusions scoped by the given filters.
exclusions_get_v2	ML Exclusions
Get the exclusions by id, with ancestor fields.
exclusions_perform_action_v2	ML Exclusions
Actions used to manipulate the content of exclusions, with ancestor fields.
exclusions_search_v2	ML Exclusions
Search for exclusions, with ancestor fields.
exclusions_update_v2	ML Exclusions
Update the exclusions by id, with ancestor fields.
ExecuteCommand	API Integrations
Execute a command.
ExecuteCommandProxy	API Integrations
Execute a command and proxy the response directly.
ExecuteFunctionData	ASPM
A selected list of queryLanguage queries.
ExecuteFunctionDataCount	ASPM
A selected list of queryLanguage count queries.
ExecuteFunctionDataQuery	ASPM
A selected list of queryLanguage queries.
ExecuteFunctionDataQueryCount	ASPM
A selected list of queryLanguage count queries.
ExecuteFunctions	ASPM
A selected list of queryLanguage services queries.
ExecuteFunctionsCount	ASPM
A selected list of queryLanguage count queries.
ExecuteFunctionsOvertime	ASPM
A selected list of queryLanguage overtime queries.
ExecuteFunctionsQuery	ASPM
A selected list of queryLanguage services queries.
ExecuteFunctionsQueryCount	ASPM
A selected list of queryLanguage count queries.
ExecuteFunctionsQueryOvertime	ASPM
A selected list of queryLanguage overtime queries.
ExecuteQuery	ASPM
Execute a query. The syntax used is identical to that of the query page.
extAggregateClusterAssessments	Container Image Compliance
Get the assessments for each cluster.
extAggregateFailedContainersByRulesPath	Container Image Compliance
Get the containers grouped into rules on which they failed.
extAggregateFailedContainersCountBySeverity	Container Image Compliance
Get the failed containers count grouped into severity levels.
extAggregateFailedImagesByRulesPath	Container Image Compliance
Get the images grouped into rules on which they failed.
extAggregateFailedImagesCountBySeverity	Container Image Compliance
Get the failed images count grouped into severity levels.
extAggregateFailedRulesByClusters	Container Image Compliance
Get the failed rules for each cluster grouped into severity levels.
extAggregateFailedRulesByImages	Container Image Compliance
Get images with failed rules, rule count grouped by severity for each image.
extAggregateFailedRulesCountBySeverity	Container Image Compliance
Get the failed rules count grouped into severity levels.
extAggregateImageAssessments	Container Image Compliance
Get the assessments for each image.
extAggregateRulesAssessments	Container Image Compliance
Get the assessments for each rule.
extAggregateRulesByStatus	Container Image Compliance
Get the rules grouped by their statuses.
ExternalCreateConnectorConfig	NGSIEM
Create a new configuration for a data connector.
ExternalCreateDataConnection	NGSIEM
Create a new data connection.
ExternalDeleteConnectorConfigs	NGSIEM
Delete data connection config.
ExternalDeleteDataConnection	NGSIEM
Delete a data connection.
ExternalGetDataConnectionByID	NGSIEM
Get data connection by ID.
ExternalGetDataConnectionStatus	NGSIEM
Get data connection provisioning status.
ExternalGetDataConnectionToken	NGSIEM
Get Ingest token for data connection.
ExternalListConnectorConfigs	NGSIEM
List configurations for a data connector.
ExternalListDataConnections	NGSIEM
List and search data connections.
ExternalListDataConnectors	NGSIEM
List available data connectors.
ExternalPatchConnectorConfig	NGSIEM
Patch configurations for a data connector.
ExternalRegenerateDataConnectionToken	NGSIEM
Regenerate Ingest token for data connection.
ExternalUpdateDataConnection	NGSIEM
Update a data connection.
ExternalUpdateDataConnectionStatus	NGSIEM
Update data connection status.
ExtractionCreateV1	Sample Uploads
Extracts files from an uploaded archive and copies them to internal storage making it available for content analysis.
ExtractionGetV1	Sample Uploads
Retrieves the files extraction operation statuses.
ExtractionListV1	Sample Uploads
Retrieves the files extractions in chunks.

F

fdrschema_combined_event_get	FDR
Fetches the combined schema.
fdrschema_entities_event_get	FDR
Fetch event schema by ID.
fdrschema_entities_field_get	FDR
Fetch field schema by ID.
fdrschema_queries_event_get	FDR
Get list of event IDs given a particular query.
fdrschema_queries_field_get	FDR
Get list of field IDs given a particular query.
FetchFilesDownloadInfo	Downloads
Get files info and pre-signed download URLs
FetchFilesDownloadInfoV2	Downloads
Get cloud security tools info and pre-signed download URLs
FindContainersByContainerRunTimeVersion	Kubernetes Protection
Retrieve containers by container_runtime_version
FindContainersCountAffectedByZeroDayVulnerabilities	Kubernetes Protection
Retrieve containers count affected by zero day vulnerabilities

G

get_accounts	Discover
Get details on accounts by providing one or more IDs.
get_applications	Discover
Get details on applications by providing one or more IDs.
get_ecosystem_subsidiaries	Exposure Management
Retrieves detailed information about ecosystem subsidiaries by ID.
get_events	Firewall Management
Get events entities by ID and optionally version
get_external_assets	Exposure Management
Get details on external assets by providing one or more IDs.
get_firewall_fields	Firewall Management
Get the firewall field specifications by ID
get_global_configs	Network Scan Global Configs
Get “global-configs” for the CID
get_hosts	Discover
Get details on assets by providing one or more IDs.
get_iot_hosts	Discover
Get details on IoT assets by providing one or more IDs.
get_logins	Discover
Get details on logins by providing one or more IDs.
get_malicious_files_by_ids	ODS (On Demand Scan)
Get malicious files by ids.
get_network_locations	Firewall Management
Get a summary of network locations entities by ID
get_network_locations_details	Firewall Management
Get network locations entities by ID
get_networks	Network Scan Networks
Get “networks” by their IDs
get_patterns	Custom IOA
Get pattern severities by ID.
get_platforms	Firewall Management
Get platforms by ID, e.g., windows or mac or droid
get_platformsMixin0	Custom IOA
Get platforms by ID.
get_policy_containers	Firewall Management
Get policy container entities by policy ID
get_policy_rules	Identity Protection
Get policy rules.
get_policy_rules_query	Identity Protection
Query policy rule IDs.
get_rule_groups	Firewall Management
Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order.
get_rule_groupsMixin0	Custom IOA
Get rule groups by ID.
get_rule_types	Custom IOA
Get rule types by ID.
get_rules	Firewall Management
Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string)
get_rules_get	Custom IOA
Get rules by ID and optionally version in the following format: ID[:version].
get_rulesMixin0	Custom IOA
Get rules by ID and optionally version in the following format: ID[:version]. The max number of IDs is constrained by URL size.
get_scan_host_metadata_by_ids	ODS (On Demand Scan)
Get scan hosts by ids.
get_scan_run_reports	Network Scan Scan Run Reports
Downloads scan run report in CSV format
get_scan_runs	Network Scan Scan Runs
Get “scan-runs” by their IDs
get_scanners	Network Scan Scanners
Get “scanners” by their IDs
get_scans	Network Scan Scans
Get “scans” by their IDs
get_scans_by_scan_ids_v1	ODS (On Demand Scan)
Get Scans by IDs.
get_scans_by_scan_ids_v2	ODS (On Demand Scan)
Get Scans by IDs.
get_scheduled_scans_by_scan_ids	ODS (On Demand Scan)
Get ScheduledScans by IDs.
get_template_configs	Network Scan Templates
Get details on the network scan template configurations
get_templates	Network Scan Templates
Get “templates” by their IDs
get_zones	Network Scan Zones
Get “zones” by their IDs
getActionsMixin0	FileVantage
Retrieves the processing results for one or more actions.
GetActionsV1	Recon
Get actions based on their IDs. IDs can be retrieved using the QueryActionsV1 operation.
GetActivityMonitorV3	SaaS Security
Get activity monitor.
GetAggregateDetects	Detects
Get detect aggregates as specified via json in request body.
GetAggregateFiles	Quarantine
Get quarantine file aggregates as specified via json in request body.
GetAlertsV3	SaaS Security
Get alerts.
GetAppInventory	SaaS Security
Get application inventory.
GetAppInventoryUsers	SaaS Security
Get application inventory users.
GetArchiveExport	CAO Hunting
Creates an Archive Export.
GetArtifacts	Falconx Sandbox
Download IOC packs, PCAP files, and other analysis artifacts.
getAssessmentsByScoreV1	Zero Trust Assessment
Get Zero Trust Assessment data for one or more hosts by providing a customer ID (CID) and a range of scores.
getAssessmentV1	Zero Trust Assessment
Get Zero Trust Assessment data for one or more hosts by providing agent IDs (AID) and a customer ID (CID).
GetAssetInventoryV3	SaaS Security
Get asset inventory.
getAuditV1	Zero Trust Assessment
Get the Zero Trust Assessment audit report for one customer ID (CID).
GetAvailableRoleIds	User Management
Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to GetRoles.
GetAWSAccounts	Cloud Connect AWS
Retrieve a set of AWS Accounts by specifying their IDs
GetAWSAccounts	Kubernetes Protection
Provides a list of AWS accounts.
GetAWSSettings	Cloud Connect AWS
Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts
GetAzureInstallScript	Kubernetes Protection
Provide the script to run for a given tenant id and subscription IDs.
GetAzureTenantConfig	Kubernetes Protection
Returns the Azure tenant config.
GetAzureTenantIDs	Kubernetes Protection
Provides all the azure subscriptions and tenants IDs.
GetBehaviorDetections	CSPM Registration
Retrieve a list of detected behaviors.
GetCaseActivityByIds	Message Center
Retrieve activities for given id’s
GetCaseEntitiesByIDs	Message Center
Retrieve message center cases
getChanges	FileVantage
Retrieve information on changes.
getChildren	MSSP (Flight Control)
Get link to child customer by child CID(s)
getChildrenV2	MSSP (Flight Control)
Get link to child customer by child CID(s)
getCIDGroupById	MSSP (Flight Control)
Get CID Groups by ID.
getCIDGroupByIdV1	MSSP (Flight Control)
Get CID Group(s) by ID(s).
getCIDGroupMembersBy	MSSP (Flight Control)
Get CID group members by CID Group ID.
getCIDGroupMembersByV1	MSSP (Flight Control)
Get CID Group members by CID Group IDs.
getCloudEventIDs	CSPM Registration
Get list of related cloud event LogScale IDs for a given IOA
GetCloudSecurityIntegrationState	ASPM
Get Cloud Security integration state.
GetClusters	Kubernetes Protection
Provides the clusters acknowledged by the Kubernetes Protection service
getCombinedAssessmentsQuery	Configuration Assessment
Search for assessments in your environment by providing an FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria
getCombinedAssessmentsQuery	Zero Trust Assessment
Search for assessments in your environment by providing an FQL filter and paging details. Returns a set of HostFinding entities which match the filter criteria
GetCombinedCloudClusters	Kubernetes Protection
Returns a combined list of provisioned cloud accounts and known kubernetes clusters.
GetCombinedImages	Container Images
Get image assessment results by providing an FQL filter and paging details
GetCombinedImages	Falcon Container
Retrieve registry entities identified by the customer ID.
GetCombinedPluginConfigs	API Integrations
Queries for config resources and returns details
GetCombinedSensorInstallersByQuery	Sensor Download
Get sensor installer details by provided query
GetCombinedSensorInstallersByQueryV2	Sensor Download
Get sensor installer details by provided query
GetCombinedSensorInstallersByQueryV3	Sensor Download
Get sensor installer details by provided query
GetCombinedVulnerabilitiesSARIF	Serverless Vulnerabilities
Retrieve all lambda vulnerabilities that match the given query and return in the SARIF format.
GetComplianceControls	Cloud Policies
Get compliance controls by ID.
GetComplianceFrameworks	Cloud Policies
Get compliance frameworks by ID.
GetConfigurationDetectionEntities	CSPM Registration
Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.
GetConfigurationDetectionIDsV2	CSPM Registration
Get a list of active misconfiguration ids - including custom policy detections in addition to default policy detections.
GetConfigurationDetections	CSPM Registration
Retrieve a list of active misconfigurations.
getContents	FileVantage
Retrieves the content captured for the provided change ID.
getContentUpdatePolicies	Content Update Policies
Retrieve a set of Content Update Policies by specifying their IDs.
GetCredentials	Falcon Container
Gets the registry credentials.
GetCredentialsIAC	Cloud Snapshots
Gets the registry credentials (external endpoint).
GetCredentialsMixin0	Cloud Snapshots
Gets the registry credentials.
GetCSPMAwsAccount	CSPM Registration
Returns information about the current status of an AWS account.
GetCSPMAwsAccountScriptsAttachment	CSPM Registration
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
GetCSPMAwsConsoleSetupURLs	CSPM Registration
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
GetCSPMAzureAccount	CSPM Registration
Return information about Azure account registration
GetCSPMAzureManagementGroup	CSPM Registration
Return information about Azure management group registration
GetCSPMAzureUserScriptsAttachment	CSPM Registration
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
GetCSPMCGPAccount	CSPM Registration
Returns information about the current status of an GCP account.
GetCSPMGCPServiceAccountsExt	CSPM Registration
Returns the service account id and client email for external clients.
GetCSPMGCPUserScriptsAttachment	CSPM Registration
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
GetCSPMGCPUserScriptsAttachment	D4C Registration
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment.
GetCSPMGCPValidateAccountsExt	CSPM Registration
Run a synchronous health check.
GetCSPMPoliciesDetails	CSPM Registration
Given an array of policy IDs, returns detailed policies information.
GetCSPMPolicy	CSPM Registration
Given a policy ID, returns detailed policy information.
GetCSPMPolicySettings	CSPM Registration
Returns information about current policy settings.
GetCSPMScanSchedule	CSPM Registration
Returns scan schedule configuration for one or more cloud platforms.
GetD4CAwsAccount	D4C Registration
Returns information about the current status of an AWS account.
GetD4CAWSAccountScriptsAttachment	D4C Registration
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
GetD4CAwsConsoleSetupURLs	D4C Registration
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
GetD4CCGPAccount	D4C Registration
Returns information about the current status of an GCP account.
GetD4CGCPServiceAccountsExt	D4C Registration
Returns the service account id and client email for external clients.
GetD4CGCPUserScripts	D4C Registration
Return a script for customer to run in their cloud environment to grant us access to their GCP environment.
GetD4CGCPUserScriptsAttachment	D4C Registration
Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment.
GetDashboardTemplate	NGSIEM
Get dashboard template by ID.
getDefaultDeviceControlPolicies	Device Control Policies
Retrieve the configuration for the Default Device Control Policy.
getDefaultDeviceControlSettings	Device Control Policies
Get default device control settings (USB and Bluetooth).
GetDeliverySettings	Delivery Settings
Get Delivery Settings.
GetDeploymentsExternalV1	Deployments
Get deployment resources by IDs.
GetDetectSummaries	Detects
View information about detections.
getDeviceControlPolicies	Device Control Policies
Retrieve a set of Device Control Policies by specifying their IDs.
getDeviceControlPoliciesV2	Device Control Policies
Get device control policies for the given filter criteria. Supports USB and Bluetooth.
GetDeviceCountCollectionQueriesByFilter	Falcon Complete Dashboard
Retrieve device count collection Ids that match the provided FQL filter, criteria with scrolling enabled
GetDeviceInventoryV3	SaaS Security
Get device inventory.
GetDiscoverCloudAzureAccount	D4C Registration
Return information about Azure account registration.
GetDiscoverCloudAzureTenantIDs	D4C Registration
Return all available Azure tenant IDs.
GetDiscoverCloudAzureUserScripts	D4C Registration
Return a script for customer to run in their cloud environment to grant us access to their Azure environment.
GetDiscoverCloudAzureUserScriptsAttachment	D4C Registration
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment.
GetDriftIndicatorsValuesByDate	Drift Indicators
Returns the count of Drift Indicators by the date. by default it’s for 7 days.
GetEnrichedAsset	Cloud Policies
Get enriched assets that combine a primary resource with all its related resources.
GetEntityIDsByQueryPOST	Deployments
Returns the release notes for the IDs in the request.
GetEntityIDsByQueryPOSTV2	Deployments
Get entity IDs by query (v2).
getEvaluationLogic	Spotlight Evaluation Logic
Get details on evaluation logic items by providing one or more IDs.
getEvaluationLogicMixin0	Configuration Assessment Evaluation Logic
Get details on evaluation logic items by providing one or more finding IDs.
GetEvaluationResult	Cloud Policies
Get evaluation results based on the provided rule.
GetEventsBody	Tailored Intelligence
Get event body for the provided event ID
GetEventsEntities	Tailored Intelligence
Get events entities for specified ids.
GetExecutorNodes	ASPM
Get all the relay nodes
GetExecutorNodesMetadata	ASPM
Get metadata about all executor nodes.
GetExportJobsV1	Recon
Get the status of export jobs based on their IDs. Export jobs can be launched by calling CreateExportJobsV1. When a job is complete, use the job ID to download the file(s) associated with it using GetFileContentForExportJobsV1.
GetFileContentForExportJobsV1	Recon
Download the file associated with a job ID.
getFirewallPolicies	Firewall Policies
Retrieve a set of Firewall Policies by specifying their IDs
GetGroupHierarchy	ASPM
Get group hierarchy
GetGroupsV2	ASPM

GetGroupV2	ASPM
Get group details
GetHelmValuesYaml	Kubernetes Protection
Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart
GetHorizonD4CScripts	D4C Registration
Returns static install scripts for Horizon.
getHostGroups	Host Group
Retrieve a set of Host Groups by specifying their IDs
GetHostMigrationIDsV1	Host Migration
Query host migration IDs.
GetHostMigrationsV1	Host Migration
Get host migration details.
GetHuntingGuides	CAO Hunting
Retrieves a list of Hunting Guides
GetImageAssessmentReport	Falcon Container
Retrieve an assessment report for an image by specifying repository and tag.
GetIndicatorsReport	IOC
Launch an indicators report creation job
GetIntegrations	ASPM
Get a list of all the integrations
GetIntegrationsV2	ASPM
Get a list of all the integrations.
GetIntegrationsV3	SaaS Security
Get integrations.
GetIntegrationTasks	ASPM
Get all the integration tasks
GetIntegrationTasksAdmin	ASPM
Get all the integration tasks, requires admin scope
GetIntegrationTasksMetadata	ASPM
Get metadata about all integration tasks.
GetIntegrationTasksV2	ASPM
Get all the integration tasks.
GetIntegrationTypes	ASPM
Get all the integration types
GetIntelActorEntities	Intel
Retrieve specific actors using their actor IDs.
GetIntelIndicatorEntities	Intel
Retrieve specific indicators using their indicator IDs.
GetIntelligenceQueries	CAO Hunting
Retrieves a list of Intelligence queries.
GetIntelReportEntities	Intel
Retrieve specific reports using their report IDs.
GetIntelReportPDF	Intel
Return a Report PDF attachment
GetIntelRuleEntities	Intel
Retrieve details for rule sets for the specified ids.
GetIntelRuleFile	Intel
Download earlier rule sets.
getIOAExclusionsV1	IOA Exclusions
Get a set of IOA Exclusions by specifying their IDs.
GetIOC	IOCs
This operation has been superseded by the IOC.indicator_get_v1 operation and is no longer used.
GetLatestIntelRuleFile	Intel
Download the latest rule set.
GetLocations	Kubernetes Protection
Provides the cloud locations acknowledged by the Kubernetes Protection service
GetLookupFile	NGSIEM
Get lookup file by ID.
GetLookupFromPackageV1	NGSIEM
Download lookup file in package from NGSIEM.
GetLookupFromPackageWithNamespaceV1	NGSIEM
Download lookup file in namespaced package from NGSIEM.
GetLookupV1	NGSIEM
Download lookup file from NGSIEM.
GetMalQueryDownloadV1	MalQuery
Download a file indexed by MalQuery. Specify the file using its SHA256. Only one file is supported at this time
GetMalQueryEntitiesSamplesFetchV1	MalQuery
Fetch a zip archive with password ‘infected’ containing the samples. Call this once the /entities/samples-multidownload request has finished processing
GetMalQueryMetadataV1	MalQuery
Retrieve indexed files metadata by their hash
GetMalQueryQuotasV1	MalQuery
Get information about search and download quotas in your environment
GetMalQueryRequestV1	MalQuery
Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time.
GetMalwareEntities	Intel
Get malware entities for specified IDs.
GetMalwareMitreReport	Intel
Export Mitre ATT&CK information for a given malware family.
GetMemoryDump	Falconx Sandbox
Get memory dump content, as a binary.
GetMemoryDumpExtractedStrings	Falconx Sandbox
Get extracted strings from a memory dump.
GetMemoryDumpHexDump	Falconx Sandbox
Get the hex view of a memory dump.
GetMetricsV3	SaaS Security
Get metrics.
GetMigrationDestinationsV1	Host Migration
Get destinations for a migration.
GetMigrationIDsV1	Host Migration
Query migration jobs.
GetMigrationsV1	Host Migration
Get migration job details.
GetMitreReport	Intel
Export Mitre ATT&CK information for a given actor.
getMLExclusionsV1	ML Exclusions
Get a set of ML Exclusions by specifying their IDs.
GetNotificationsDetailedTranslatedV1	Recon
Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match. This endpoint will return translated notification content. The only target language available is English. A single notification can be translated per request.
GetNotificationsDetailedV1	Recon
Get detailed notifications based on their IDs. These include the raw intelligence content that generated the match.
GetNotificationsExposedDataRecordsV1	Recon
Get notifications exposed data records based on their IDs. IDs can be retrieved using the QueryNotificationsExposedDataRecordsV1 operation. The associated notification can be fetched using the notifications operations.
GetNotificationsTranslatedV1	Recon
Get notifications based on their IDs. IDs can be retrieved using the QueryNotificationsV1 operation. This endpoint will return translated notification content. The only target language available is English.
GetNotificationsV1	Recon
Get notifications based on their IDs. IDs can be retrieved using the QueryNotificationsV1 operation.
GetObject	Custom Storage
Get the bytes for the specified object.
GetObjectMetadata	Custom Storage
Get the metadata for the specified object.
GetOnlineState_V1	Hosts
Get online status for one or more hosts.
GetParser	NGSIEM
Get parser by ID.
GetParserTemplate	NGSIEM
Get parser template by ID.
getPolicies	FileVantage
Retrieves the configuration for 1 or more policies.
getPreventionPolicies	Prevention Policy
Retrieve a set of Prevention Policies by specifying their IDs
GetQuarantineFiles	Quarantine
Get quarantine file metadata for specified ids.
GetQueriesAlertsV1	Alerts
Search for alert IDs that match a given query.
GetQueriesAlertsV2	Alerts
Search for alert IDs that match a given query.
getRemediations	Spotlight Vulnerabilities
Get details on remediations by providing one or more IDs.
getRemediationsV2	Spotlight Vulnerabilities
Get details on remediation by providing one or more IDs.
GetReportByReference	Falcon Container
Retrieve a report by its reference.
GetReportByScanID	Falcon Container
Retrieve a report by scan ID.
GetReports	Falconx Sandbox
Get a full sandbox report.
GetRoles	User Management
Get info about a role.
getRolesByID	MSSP (Flight Control)
Get MSSP Role assignment(s). MSSP Role assignment is of the format: <user_group_id>.<cid_group_id>.
getRTResponsePolicies	Response Policies
Retrieve a set of Response Policies by specifying their IDs
GetRule	Cloud Policies
Get a rule by id.
getRuleDetails	Configuration Assessment
Get rules details for provided one or more rule IDs
getRuleGroups	FileVantage
Retrieves the rule group details for 1 or more rule groups.
GetRuleInputSchema	Cloud Policies
Get rule input schema for given resource type.
GetRuleOverride	Cloud Policies
Get a rule override by ID.
getRules	FileVantage
Retrieves the configuration for 1 or more rules.
GetRulesEntities	Tailored Intelligence
Get rules entities for specified ids.
getRulesMetadataByID	Kubernetes Container Compliance
Retrieve detailed compliance rule information by ID. Includes descriptions, remediation steps, and audit procedures by specifying rule identifiers.
GetRulesV1	Recon
Get monitoring rules rules by provided IDs.
GetRuntimeDetectionsCombinedV2	Container Detections
Retrieve image assessment detections identified by the provided filter criteria.
GetSampleV2	Falconx Sandbox
Retrieves the file associated with the given ID (SHA256)
GetSampleV3	Sample Uploads
Retrieves the file associated with the given ID (SHA256).
GetSavedQueryTemplate	NGSIEM
Retrieve Saved Query in NGSIEM as LogScale YAML Template by ID.
GetSavedSearchesExecuteV1	Foundry LogScale
Get the results of a saved search
GetSavedSearchesJobResultsDownloadV1	Foundry LogScale
Get the results of a saved search as a file
GetScanReport	Cloud Snapshots
Retrieve the scan report for an instance.
GetScanResult	Quick Scan Pro
Gets the result of an QuickScan Pro scan.
GetScans	Quick Scan
Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute
GetScansAggregates	Quick Scan
Get scans aggregations as specified via json in request body.
getScheduledExclusions	FileVantage
Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.
GetSchema	Custom Storage
Get the bytes of the specified schema of the requested collection.
GetSchemaMetadata	Custom Storage
Get the metadata for the specified schema of the requested collection.
GetSearchStatusV1	NGSIEM
Get status of a NGSIEM search.
GetSecurityCheckAffectedV3	SaaS Security
Get affected resources for security checks.
GetSecurityCheckComplianceV3	SaaS Security
Get security check compliance.
GetSecurityChecksV3	SaaS Security
Get security checks.
GetSensorAggregates	Identity Protection
Get sensor aggregates as specified via json in request body.
GetSensorDetails	Identity Protection
Get details on one or more sensors by providing device IDs in a POST body. Supports up to a maximum of 5000 IDs.
GetSensorInstallersByQuery	Sensor Download
Get sensor installer IDs by provided query
GetSensorInstallersByQueryV2	Sensor Download
Get sensor installer IDs by provided query
GetSensorInstallersByQueryV3	Sensor Download
Get sensor installer IDs by provided query
GetSensorInstallersCCIDByQuery	Sensor Download
Get CCID to use with sensor installers
GetSensorInstallersEntities	Sensor Download
Get sensor installer details by provided SHA256 IDs
GetSensorInstallersEntitiesV2	Sensor Download
Get sensor installer details by provided SHA256 IDs
GetSensorInstallersEntitiesV3	Sensor Download
Get sensor installer details by provided SHA256 IDs
getSensorUpdatePolicies	Sensor Update Policy
Retrieve a set of Sensor Update Policies by specifying their IDs.
getSensorUpdatePoliciesV2	Sensor Update Policy
Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs.
GetSensorUsageHourly	Sensor Usage
Fetches hourly average. Each data point represents the average of how many unique AIDs were seen per hour for the previous 28 days.
GetSensorUsageWeekly	Sensor Usage
Fetches weekly average. Each data point represents the average of how many unique AIDs were seen per week for the previous 28 days.
getSensorVisibilityExclusionsV1	Sensor Visibility Exclusions
Get a set of Sensor Visibility Exclusions by specifying their IDs.
getServiceArtifacts	ASPM
Retrieve service artifacts.
GetServicesCount	ASPM
Get the total amount of existing services
GetServiceViolationTypes	ASPM
Get the different types of violation
GetStaticScripts	Kubernetes Protection
Get static bash scripts that are used during registration.
GetSubmissions	Falconx Sandbox
Check the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.
GetSummaryReports	Falconx Sandbox
Get a short summary version of a sandbox report.
GetSupportedSaasV3	SaaS Security
Get supported SaaS applications.
GetSuppressionRules	Cloud Policies
Get Suppression Rules by ID.
GetSystemLogsV3	SaaS Security
Get system logs.
GetSystemUsersV3	SaaS Security
Get system users.
GetTags	ASPM
Get all the tags
getUserGroupMembersByID	MSSP (Flight Control)
Get User Group members by User Group ID(s).
getUserGroupMembersByIDV1	MSSP (Flight Control)
Get User Group members by User Group ID(s).
getUserGroupsByID	MSSP (Flight Control)
Get User Group by ID(s).
getUserGroupsByIDV1	MSSP (Flight Control)
Get user groups by ID.
getUserGroupsByIDV2	MSSP (Flight Control)
Get user groups by ID.
GetUserInventoryV3	SaaS Security
Get user inventory.
GetUserRoleIds	User Management
Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to GetRoles.
GetUsersV2	ASPM
List users
GetVersionedObject	Custom Storage
Get the bytes for the specified object.
GetVersionedObjectMetadata	Custom Storage
Get the metadata for the specified object.
GetVulnerabilities	Intel
Get vulnerabilities
getVulnerabilities	Spotlight Vulnerabilities
Get details on vulnerabilities by providing one or more IDs.
GrantUserRoleIds	User Management
Assign one or more roles to a user.
GroupContainersByManaged	Kubernetes Protection
Group the containers by Managed

H

HeadImageScanInventory	Falcon Container
Get headers for POST request for image scan inventory.
highVolumeQueryChanges	FileVantage
Returns 1 or more change ids.
HostMigrationAggregatesV1	Host Migration
Get host migration aggregates as specified via json in request body.
HostMigrationsActionsV1	Host Migration
Perform an action on host migrations.

I

ImageMatchesPolicy	Falcon Container
Check if an image matches a policy by specifying repository and tag.
incrementUninstallToken	Sensor Update Policy
Increment a bulk maintenance token.
indicator_aggregate_v1	IOC
Get Indicators aggregates as specified via json in the request body.
indicator_combined_v1	IOC
Get Combined for Indicators.
indicator_create_v1	IOC
Create Indicators.
indicator_delete_v1	IOC
Delete Indicators by ids.
indicator_get_device_count_v1	IOC
Number of hosts in your customer account that have observed a given custom IOC
indicator_get_devices_ran_on_v1	IOC
Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1
indicator_get_processes_ran_on_v1	IOC
Search for processes associated with a custom IOC
indicator_get_v1	IOC
Get Indicators by ids.
indicator_search_v1	IOC
Search for Indicators.
indicator_update_v1	IOC
Update Indicators.
IngestDataAsyncV1	Foundry LogScale
Ingest data into the application repository asynchronously
IngestDataV1	Foundry LogScale
Ingest data into the application repository
InstallParser	NGSIEM
Install a CrowdStrike-managed out-of-the-box (OOTB) parser.
IntegrationBuilderEndTransactionV3	SaaS Security
End integration builder transaction.
IntegrationBuilderGetStatusV3	SaaS Security
Get integration builder status.
IntegrationBuilderResetV3	SaaS Security
Reset integration builder.
IntegrationBuilderUploadV3	SaaS Security
Upload integration builder.
ioc_type_query_v1	IOC
Query IOC Types.
ITAutomationCancelTaskExecution	IT Automation
Cancel a task execution
ITAutomationCombinedScheduledTasks	IT Automation
Returns full details of scheduled tasks matching the filter query parameter
ITAutomationCreatePolicy	IT Automation
Create a new policy of the specified type
ITAutomationCreateScheduledTask	IT Automation
Create a scheduled task from the given request
ITAutomationCreateTask	IT Automation
Create a task with details from the given request
ITAutomationCreateTaskGroup	IT Automation
Create a task group
ITAutomationCreateUserGroup	IT Automation
Creates a user group from the given request
ITAutomationDeletePolicy	IT Automation
Delete a policy
ITAutomationDeleteScheduledTasks	IT Automation
Delete scheduled tasks
ITAutomationDeleteTask	IT Automation
Delete a task
ITAutomationDeleteTaskGroups	IT Automation
Delete task groups
ITAutomationDeleteUserGroup	IT Automation
Deletes user groups for each provided ids
ITAutomationGetAssociatedTasks	IT Automation
Retrieve tasks associated with the provided file ID
ITAutomationGetExecutionResults	IT Automation
Retrieve execution results
ITAutomationGetExecutionResultsSearchStatus	IT Automation
Retrieve execution results search status
ITAutomationGetPolicies	IT Automation
Retrieve policies
ITAutomationGetScheduledTasks	IT Automation
Retrieve scheduled tasks
ITAutomationGetTaskExecution	IT Automation
Retrieve a task execution
ITAutomationGetTaskExecutionHostStatus	IT Automation
Retrieve task execution host status
ITAutomationGetTaskExecutionsByQuery	IT Automation
Retrieve task executions by query
ITAutomationGetTaskGroups	IT Automation
Retrieve task groups
ITAutomationGetTaskGroupsByQuery	IT Automation
Retrieve task groups by query
ITAutomationGetTasks	IT Automation
Retrieve tasks
ITAutomationGetTasksByQuery	IT Automation
Retrieve tasks by query
ITAutomationGetUserGroup	IT Automation
Returns user groups for each provided id
ITAutomationQueryPolicies	IT Automation
Query policies
ITAutomationRerunTaskExecution	IT Automation
Rerun the task execution specified in the request
ITAutomationRunLiveQuery	IT Automation
Start a new task execution from the provided query data in the request and return the initiated task executions
ITAutomationSearchScheduledTasks	IT Automation
Search scheduled tasks
ITAutomationSearchTaskExecutions	IT Automation
Search task executions
ITAutomationSearchTaskGroups	IT Automation
Search task groups
ITAutomationSearchTasks	IT Automation
Search tasks
ITAutomationSearchUserGroup	IT Automation
Returns the list of user group ids matching the filter query parameter. It can be used together with the entities endpoint to retrieve full information on user groups
ITAutomationStartExecutionResultsSearch	IT Automation
Start an asynchronous task execution results search
ITAutomationStartTaskExecution	IT Automation
Start a new task execution from an existing task provided in the request and returns the initiated task executions
ITAutomationUpdatePolicies	IT Automation
Update a new policy of the specified type
ITAutomationUpdatePoliciesPrecedence	IT Automation
Update policies precedence
ITAutomationUpdatePolicyHostGroups	IT Automation
Update policy host groups
ITAutomationUpdateScheduledTask	IT Automation
Update an existing scheduled task with the supplied info
ITAutomationUpdateTask	IT Automation
Update a task with details from the given request
ITAutomationUpdateTaskGroup	IT Automation
Update a task group for a given ID
ITAutomationUpdateUserGroup	IT Automation
Update a user group for a given id

L

LaunchExportJob	Falcon Container
Launch an export job of a Container Security resource. Maximum of 1 job in progress per resource.
LaunchExportJobMixin0	Serverless Exports
Launch an export job of a Lambda Security resource.
LaunchScan	Quick Scan Pro
Starts scanning a file uploaded through UploadFileQuickScanPro.
listAvailableStreamsOAuth2	Event Streams
Discover all event streams in your environment
ListAzureAccounts	Kubernetes Protection
Provides the azure subscriptions registered to Kubernetes Protection.
ListCloudGroupIDsExternal	Cloud Security
Query Cloud Groups and return only their IDs.
ListCloudGroupsByIDExternal	Cloud Security
Retrieve Cloud Groups by their UUIDs.
ListCloudGroupsExternal	Cloud Security
Query Cloud Groups and return entities with full details.
ListCollections	Custom Storage
List available collection names in alphabetical order.
ListDashboards	NGSIEM
List dashboards.
ListFeedTypes	Intelligence Feeds
List the accessible feeds for a given customer.
ListLookupFiles	NGSIEM
List lookup files.
ListObjects	Custom Storage
List the object keys in the specified collection in alphabetical order.
ListObjectsByVersion	Custom Storage
List the object keys in the specified collection in alphabetical order.
ListParsers	NGSIEM
List parsers.
ListReposV1	Foundry LogScale
Lists available repositories and views
ListSavedQueries	NGSIEM
List saved queries.
ListSchemas	Custom Storage
Get the list of schemas for the requested collection in reverse version order (latest first).
ListViewV1	Foundry LogScale
List views
LookupIndicators	Intelligence Indicator Graph
Get indicators based on their value.

M

MigrationAggregatesV1	Host Migration
Get migration aggregates as specified via json in request body.
MigrationsActionsV1	Host Migration
Perform an action on a migration job.

O

oauth2AccessToken	OAuth2
Generate an OAuth2 access token
oauth2RevokeToken	OAuth2
Revoke a previously issued OAuth2 access token before the end of its standard 30-minute lifespan.

P

patch_external_assets	Exposure Management
Update the details of external assets.
patch_federated_connections_config	Federated Connections
Update configuration for a federated connection
PatchAzureServicePrincipal	Kubernetes Protection
Adds the client ID for the given tenant ID to our system.
PatchCSPMAwsAccount	CSPM Registration
Patches a existing account in our system for a customer.
patchDeviceControlPoliciesClassesV1	Device Control Policies
Update device control policy’s classes (USB and Bluetooth).
patchDeviceControlPoliciesV2	Device Control Policies
Update Device Control Policies by specifying the ID of the policy and details to update.
PatchEntitiesAlertsV2	Alerts
Perform actions on alerts identified by alert ID(s) in request.
PatchEntitiesAlertsV3	Alerts
Perform actions on alerts identified by alert ID(s) in request.
PerformActionV2	Hosts
Contain, lift containment, delete, or restore a host.
performContentUpdatePoliciesAction	Content Update Policies
Perform the specified action on the Content Update Policies specified in the request.
performDeviceControlPoliciesAction	Device Control Policies
Perform the specified action on the Device Control Policies specified in the request.
performFirewallPoliciesAction	Firewall Policies
Perform the specified action on the Firewall Policies specified in the request
performGroupAction	Host Group
Perform the specified action on the Host Groups specified in the request
performPreventionPoliciesAction	Prevention Policy
Perform the specified action on the Prevention Policies specified in the request
performRTResponsePoliciesAction	Response Policies
Perform the specified action on the Response Policies specified in the request
performSensorUpdatePoliciesAction	Sensor Update Policy
Perform the specified action on the Sensor Update Policies specified in the request.
platform_query_v1	IOC
Query Platforms.
PolicyChecks	Falcon Container
Perform policy checks against container configurations.
post_external_assets_inventory_v1	Exposure Management
Add external assets for external asset scanning.
post_federated_connections_config	Federated Connections
Create configuration for a federated connection
post_policy_rules	Identity Protection
Create policy rules.
PostAggregatesAlertsV1	Alerts
Retrieve aggregates for alerts across all CIDs.
PostAggregatesAlertsV2	Alerts
Retrieve aggregates for alerts across all CIDs.
PostCombinedAlertsV1	Alerts
Retrieves all Alerts that match a particular FQL filter. This API is intended for retrieval of large amounts of Alerts(>10k) using a pagination based on a after token.
PostDeliverySettings	Delivery Settings
Create Delivery Settings.
postDeviceControlPoliciesV2	Device Control Policies
Create Device Control Policies by specifying details about the policy to create.
PostDeviceDetailsV2	Hosts
Get details on one or more hosts by AID.
PostEntitiesAlertsV1	Alerts
Retrieve all alerts given their IDs.
PostEntitiesAlertsV2	Alerts
Retrieve all alerts given their IDs.
PostGroupV2	ASPM
Create group
PostImageScanInventory	Falcon Container
Post image scan inventory.
PostMalQueryEntitiesSamplesMultidownloadV1	MalQuery
Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip
PostMalQueryExactSearchV1	MalQuery
Search Falcon MalQuery for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. You can filter results on criteria such as file type, file size and first seen date. Returns a request id which can be used with the /request endpoint
PostMalQueryFuzzySearchV1	MalQuery
Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity.
PostMalQueryHuntV1	MalQuery
Schedule a YARA-based search for execution. Returns a request id which can be used with the /request endpoint
PostMitreAttacks	Intel
Retrieves report and observable IDs associated with the given actor and attacks.
PostSearchKubernetesIOMEntities	Kubernetes Protection
Search Kubernetes IOM entities by filter criteria
PreviewRuleV1	Recon
Preview rules notification count and distribution. This will return aggregations on: channel, count, site.
ProcessesRanOn	IOC
Search for processes associated with a custom IOC (Deprecated)
ProcessesRanOn	IOCs
Search for processes associated with a custom IOC.
ProvisionAWSAccounts	Cloud Connect AWS
Provision AWS Accounts by specifying details about the accounts to provision
PutObject	Custom Storage
Put the specified new object at the given key or overwrite an existing object at the given key.
PutObjectByVersion	Custom Storage
Put the specified new object at the given key or overwrite an existing object at the given key.

Q

queries_access_tags_get_v1	Case Management
Query access tags.
queries_cases_get_v1	Case Management
Retrieves all Cases IDs that match a given query.
queries_classification_get_v2	Data Protection Configuration
Search for classifications that match the provided criteria.
queries_cloud_application_get_v2	Data Protection Configuration
Get all cloud-application IDs matching the query with filter.
queries_content_pattern_get_v2	Data Protection Configuration
Get all content-pattern IDs matching the query with filter.
queries_edgetypes_get	ThreatGraph
Show all available edge types.
queries_enterprise_account_get_v2	Data Protection Configuration
Get all enterprise-account IDs matching the query with filter.
queries_fields_get_v1	Case Management
Query fields
queries_file_details_get_v1	Case Management
Query for ids of file details
queries_file_type_get_v2	Data Protection Configuration
Get all file-type IDs matching the query with filter.
queries_knowledge_base_audit_events_v1	Knowledge Base Audit Events
Query knowledge base audit event IDs with pagination and filtering.
queries_knowledge_base_files_v1	Knowledge Base Files
Query knowledge base files based on the provided filters.
queries_knowledge_bases_v1	Knowledge Bases
Query knowledge bases based on the provided filters.
queries_local_application_get	Data Protection Configuration
Get all local-application IDs matching the query with filter.
queries_local_application_group_get	Data Protection Configuration
Get all local application group IDs matching the query with filter.
queries_notification_groups_get_v1	Case Management
Query notification groups
queries_notification_groups_get_v2	Case Management
Query notification groups
queries_policy_get_v2	Data Protection Configuration
Search for policies that match the provided criteria.
queries_rules_get_v1	Correlation Rules
Find all rule IDs matching the query and filter.
queries_rules_get_v2	Correlation Rules
Find all rule version IDs matching the query and filter.
queries_sensitivity_label_get_v2	Data Protection Configuration
Get all sensitivity label IDs matching the query with filter.
queries_slas_get_v1	Case Management
Query SLAs
queries_states_v1	Device Content
Query for the content state of the host.
queries_template_snapshots_get_v1	Case Management
Query template snapshots
queries_templates_get_v1	Case Management
Query templates
queries_templates_get_v1Mixin0	Correlation Rules
Search rule template IDs matching the filter.
queries_web_location_get_v2	Data Protection Configuration
Get web-location IDs matching the query with filter.
queriesRolesV1	User Management
Show role IDs for all roles available in your customer account. Supports Flight Control.
query_accounts	Discover
Search for accounts in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.
query_applications	Discover
Search for applications in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of application IDs which match the filter criteria.
query_ecosystem_subsidiaries	Exposure Management
Retrieves a list of IDs for ecosystem subsidiaries.
query_events	Firewall Management
Find all event IDs matching the query with filter
query_external_assets	Exposure Management
Get a list of external asset IDs that match the provided filter conditions. Use these IDs with the /entities/external-assets/v1 endpoints
query_external_assets_v2	Exposure Management
Query external assets (v2).
query_firewall_fields	Firewall Management
Get the firewall field specification IDs for the provided platform
query_hosts	Discover
Search for assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.
query_iot_hosts	Discover
Search for IoT assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.
query_iot_hostsV2	Discover
Search for IoT assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.
query_logins	Discover
Search for logins in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.
query_malicious_files	ODS (On Demand Scan)
Query malicious files.
query_network_locations	Firewall Management
Get a list of network location IDs
query_networks	Network Scan Networks
Get “networks IDs” by filter
query_patterns	Custom IOA
Get all pattern severity IDs.
query_platforms	Firewall Management
Get the list of platform names
query_platformsMixin0	Custom IOA
Get all platform IDs.
query_policy_rules	Firewall Management
Find all firewall rule IDs matching the query with filter, and return them in precedence order
query_rule_groups	Firewall Management
Find all rule group IDs matching the query with filter
query_rule_groups_full	Custom IOA
Find all rule groups matching the query with optional filter.
query_rule_groupsMixin0	Custom IOA
Finds all rule group IDs matching the query with optional filter.
query_rule_types	Custom IOA
Get all rule type IDs.
query_rules	Firewall Management
Find all rule IDs matching the query with filter
query_rulesMixin0	Custom IOA
Finds all rule IDs matching the query with optional filter.
query_scan_host_metadata	ODS (On Demand Scan)
Query scan hosts.
query_scan_runs	Network Scan Scan Runs
Get “scan-runs IDs” by filter
query_scanners	Network Scan Scanners
Get “scanners IDs” by filter
query_scans	ODS (On Demand Scan)
Query Scans.
query_scansMixin0	Network Scan Scans
Get “scans IDs” by filter
query_scheduled_scans	ODS (On Demand Scan)
Query ScheduledScans.
query_templates	Network Scan Templates
Get “templates IDs” by filter
query_zones	Network Scan Zones
Get “zones IDs” by filter
queryActionsMixin0	FileVantage
Returns one or more action IDs.
QueryActionsV1	Recon
Query actions based on provided criteria. Use the IDs from this response to get the action entities on GetActionsV1.
QueryActivityByCaseID	Message Center
Retrieve activities id’s for a case
QueryAlertIdsByFilter	Falcon Complete Dashboard
Retrieve Alert IDs that match the provided FQL filter criteria with scrolling enabled
QueryAlertIdsByFilterV2	Falcon Complete Dashboard
Retrieve Alert IDs that match the provided FQL filter criteria with scrolling enabled
QueryAllowListFilter	Falcon Complete Dashboard
Retrieve allowlist tickets that match the provided filter criteria with scrolling enabled
QueryAWSAccounts	Cloud Connect AWS
Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria
QueryAWSAccountsForIDs	Cloud Connect AWS
Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria
QueryBlockListFilter	Falcon Complete Dashboard
Retrieve block listtickets that match the provided filter criteria with scrolling enabled
QueryCasesIdsByFilter	Message Center
Retrieve case id’s that match the provided filter criteria
queryChanges	FileVantage
Returns 1 or more change ids.
queryChildren	MSSP (Flight Control)
Query for customers linked as children
queryCIDGroupMembers	MSSP (Flight Control)
Query a CID Groups members by associated CID.
queryCIDGroups	MSSP (Flight Control)
Query CID Groups.
queryCombinedContentUpdatePolicies	Content Update Policies
Search for Content Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Content Update Policies which match the filter criteria.
queryCombinedContentUpdatePolicyMembers	Content Update Policies
Search for members of a Content Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria.
queryCombinedDeviceControlPolicies	Device Control Policies
Search for Device Control Policies in your environment by providing a FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria.
queryCombinedDeviceControlPolicyMembers	Device Control Policies
Search for members of a Device Control Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria.
queryCombinedFirewallPolicies	Firewall Policies
Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policies which match the filter criteria
queryCombinedFirewallPolicyMembers	Firewall Policies
Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
queryCombinedGroupMembers	Host Group
Search for members of a Host Group in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
queryCombinedHostGroups	Host Group
Search for Host Groups in your environment by providing a FQL filter and paging details. Returns a set of Host Groups which match the filter criteria
queryCombinedPreventionPolicies	Prevention Policy
Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria
queryCombinedPreventionPolicyMembers	Prevention Policy
Search for members of a Prevention Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
queryCombinedRTResponsePolicies	Response Policies
Search for Response Policies in your environment by providing a FQL filter and paging details. Returns a set of Response Policies which match the filter criteria
queryCombinedRTResponsePolicyMembers	Response Policies
Search for members of a Response policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
queryCombinedSensorUpdateBuilds	Sensor Update Policy
Retrieve available builds for use with Sensor Update Policies.
queryCombinedSensorUpdateKernels	Sensor Update Policy
Retrieve kernel compatibility info for Sensor Update Builds.
queryCombinedSensorUpdatePolicies	Sensor Update Policy
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria.
queryCombinedSensorUpdatePoliciesV2	Sensor Update Policy
Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria.
queryCombinedSensorUpdatePolicyMembers	Sensor Update Policy
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria.
QueryComplianceControls	Cloud Policies
Query for compliance controls by various parameters.
QueryComplianceFrameworks	Cloud Policies
Query for compliance frameworks by various parameters.
queryContentUpdatePolicies	Content Update Policies
Search for Content Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Content Update Policy IDs which match the filter criteria.
queryContentUpdatePolicyMembers	Content Update Policies
Search for members of a Content Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.
QueryDetects	Detects
Search for detection IDs that match a given query.
queryDeviceControlPolicies	Device Control Policies
Search for Device Control Policies in your environment by providing a FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria.
queryDeviceControlPolicyMembers	Device Control Policies
Search for members of a Device Control Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.
QueryDeviceLoginHistoryV2	Hosts
Retrieve recent login sessions for devices.
QueryDevicesByFilterScroll	Hosts
Search for hosts with continuous pagination.
QueryEscalationsFilter	Falcon Complete Dashboard
Retrieve escalation tickets that match the provided filter criteria with scrolling enabled
queryEvaluationLogic	Spotlight Evaluation Logic
Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.
QueryEvents	Tailored Intelligence
Get events ids that match the provided filter criteria.
QueryExportJobs	Falcon Container
Query export jobs entities.
QueryExportJobsMixin0	Serverless Exports
Query export jobs entities.
QueryFeedArchives	Intelligence Feeds
Query the accessible feeds for a customer.
queryFirewallPolicies	Firewall Policies
Search for Firewall Policies in your environment by providing a FQL filter and paging details. Returns a set of Firewall Policy IDs which match the filter criteria
queryFirewallPolicyMembers	Firewall Policies
Search for members of a Firewall Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
QueryGetNetworkAddressHistoryV1	Hosts
Retrieve IP and MAC address history.
queryGroupMembers	Host Group
Search for members of a Host Group in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
QueryHiddenDevices	Hosts
Retrieve hidden hosts matching filter criteria.
queryHostGroups	Host Group
Search for Host Groups in your environment by providing a FQL filter and paging details. Returns a set of Host Group IDs which match the filter criteria
QueryIncidentIdsByFilter	Falcon Complete Dashboard
Retrieve incidents that match the provided filter criteria with scrolling enabled
QueryIntelActorEntities	Intel
Get info about actors that match provided FQL filters.
QueryIntelActorIds	Intel
Get actor IDs that match provided FQL filters.
QueryIntelIndicatorEntities	Intel
Get info about indicators that match provided FQL filters.
QueryIntelIndicatorIds	Intel
Get indicators IDs that match provided FQL filters.
QueryIntelReportEntities	Intel
Get info about reports that match provided FQL filters.
QueryIntelReportIds	Intel
Get report IDs that match provided FQL filters.
QueryIntelRuleIds	Intel
Search for rule IDs that match provided filter criteria.
queryIOAExclusionsV1	IOA Exclusions
Search for IOA exclusions.
QueryIOCs	IOCs
This operation has been superseded by the IOC.indicator_search_v1 operation and is no longer used.
QueryMalware	Intel
Get malware family names that match provided FQL filters.
QueryMalwareEntities	Intel
Get malware entities that match provided FQL filters.
QueryMitreAttacks	Intel
Gets MITRE tactics and techniques for the given actor.
QueryMitreAttacksForMalware	Intel
Gets MITRE tactics and techniques for the given malware.
queryMLExclusionsV1	ML Exclusions
Search for ML exclusions.
QueryNotificationsExposedDataRecordsV1	Recon
Query notifications exposed data records based on provided criteria. Use the IDs from this response to get the notification entities on GetNotificationsExposedDataRecordsV1.
QueryNotificationsV1	Recon
Query notifications based on provided criteria. Use the IDs from this response to get the notification entities on GetNotificationsV1 or GetNotificationsDetailedV1.
queryPinnableContentVersions	Content Update Policies
Search for content versions available for pinning given the category.
queryPolicies	FileVantage
Retrieve the ids of all policies that are assigned the provided policy type.
queryPreventionPolicies	Prevention Policy
Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria
queryPreventionPolicyMembers	Prevention Policy
Search for members of a Prevention Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
QueryQuarantineFiles	Quarantine
Get quarantine file ids that match the provided filter criteria.
QueryReleaseNotesV1	Deployments
Queries for release-notes resources and returns IDs.
QueryRemediationsFilter	Falcon Complete Dashboard
Retrieve remediation tickets that match the provided filter criteria with scrolling enabled
QueryReports	Falconx Sandbox
Find sandbox reports by providing a FQL filter and paging details. Returns a set of report IDs that match your criteria.
queryRoles	MSSP (Flight Control)
Query links between user groups and CID groups. At least one of CID Group ID or User Group ID should also be provided. Role ID is optional.
queryRTResponsePolicies	Response Policies
Search for Response Policies in your environment by providing a FQL filter with sort and/or paging details. This returns a set of Response Policy IDs that match the given criteria.
queryRTResponsePolicyMembers	Response Policies
Search for members of a Response policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
QueryRule	Cloud Policies
Query for rules by various parameters.
queryRuleGroups	FileVantage
Retrieve the ids of all rule groups that are of the provided rule group type.
QueryRules	Tailored Intelligence
Get rules ids that match the provided filter criteria.
QueryRulesV1	Recon
Query monitoring rules based on provided criteria. Use the IDs from this response to fetch the rules on GetRulesV1.
QuerySampleV1	Falconx Sandbox
Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200
QueryScanResults	Quick Scan Pro
Gets QuickScan Pro scan jobs for a given FQL filter.
queryScheduledExclusions	FileVantage
Retrieve the ids of all scheduled exclusions contained within the provided policy id.
QuerySensorsByFilter	Identity Protection
Search for sensors in your environment by hostname, IP, and other criteria.
querySensorUpdateKernelsDistinct	Sensor Update Policy
Retrieve kernel compatibility info for Sensor Update Builds.
querySensorUpdatePolicies	Sensor Update Policy
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria.
querySensorUpdatePolicyMembers	Sensor Update Policy
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.
querySensorVisibilityExclusionsV1	Sensor Visibility Exclusions
Search for sensor visibility exclusions.
QuerySubmissions	Falconx Sandbox
Find submission IDs for uploaded files by providing a FQL filter and paging details. Returns a set of submission IDs that match your criteria.
QuerySubmissionsMixin0	Quick Scan
Find IDs for submitted scans by providing a FQL filter and paging details. Returns a set of volume IDs that match your criteria.
QuerySuppressionRules	Cloud Policies
Query suppression rules with filtering, sorting and pagination.
queryUserGroupMembers	MSSP (Flight Control)
Query User Group member by User UUID.
queryUserGroups	MSSP (Flight Control)
Query User Groups.
queryUserV1	User Management
List user IDs for all users in your customer account.
QueryVulnerabilities	Intel
Get vulnerabilities IDs
queryVulnerabilities	Spotlight Vulnerabilities
Search for Vulnerabilities in your environment by providing a FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria.

R

ReadClusterCombined	Kubernetes Protection
Retrieve kubernetes clusters identified by the provided filter criteria
ReadClusterCombinedV2	Kubernetes Protection
Retrieve kubernetes clusters identified by the provided filter criteria
ReadClusterCount	Kubernetes Protection
Retrieve cluster counts
ReadClusterEnrichment	Kubernetes Protection
Retrieve cluster enrichment data
ReadClustersByDateRangeCount	Kubernetes Protection
Retrieve clusters by date range counts
ReadClustersByKubernetesVersionCount	Kubernetes Protection
Bucket clusters by kubernetes version
ReadClustersByStatusCount	Kubernetes Protection
Bucket clusters by status
ReadCombinedDetections	Container Detections
Retrieve image assessment detections identified by the provided filter criteria.
ReadCombinedImagesExport	Container Images
Retrieve images with an option to expand aggregated vulnerabilities/detections
ReadCombinedVulnerabilities	Container Vulnerabilities
Retrieve vulnerability and aggregate data filtered by the provided FQL
ReadCombinedVulnerabilitiesDetails	Container Vulnerabilities
Retrieve vulnerability details related to an image
ReadCombinedVulnerabilitiesInfo	Container Vulnerabilities
Retrieve vulnerability and package related info for this customer
ReadContainerAlertsCount	Container Alerts
Search Container Alerts by the provided search criteria.
ReadContainerAlertsCountBySeverity	Container Alerts
Get Container Alert counts by severity.
ReadContainerCombined	Kubernetes Protection
Retrieve containers identified by the provided filter criteria
ReadContainerCount	Kubernetes Protection
Retrieve container counts
ReadContainerCountByRegistry	Kubernetes Protection
Retrieve top container image registries
ReadContainerEnrichment	Kubernetes Protection
Retrieve container enrichment data
ReadContainerImageDetectionsCountByDate	Kubernetes Protection
Retrieve count of image assessment detections on running containers over a period of time
ReadContainerImagesByMostUsed	Kubernetes Protection
Bucket container by image-digest
ReadContainerImagesByState	Kubernetes Protection
Retrieve count of image states running on containers
ReadContainersByDateRangeCount	Kubernetes Protection
Retrieve containers by date range counts
ReadContainersSensorCoverage	Kubernetes Protection
Bucket containers by agent type and calculate sensor coverage
ReadContainerVulnerabilitiesBySeverityCount	Kubernetes Protection
Retrieve container vulnerabilities by severity counts
ReadDeploymentCombined	Kubernetes Protection
Retrieve kubernetes deployments identified by the provided filter criteria
ReadDeploymentCount	Kubernetes Protection
Retrieve deployment counts
ReadDeploymentEnrichment	Kubernetes Protection
Retrieve deployment enrichment data
ReadDeploymentsByDateRangeCount	Kubernetes Protection
Retrieve deployments by date range counts
ReadDeploymentsCombined	Cloud Snapshots
Search for snapshot jobs identified by the provided filter.
ReadDeploymentsEntities	Cloud Snapshots
Retrieve snapshot jobs identified by the provided IDs.
ReadDetections	Container Detections
Retrieve image assessment detection entities identified by the provided filter criteria.
ReadDetectionsCount	Container Detections
Aggregate count of detections.
ReadDetectionsCountBySeverity	Container Detections
Aggregate counts of detections by severity.
ReadDetectionsCountByType	Container Detections
Aggregate counts of detections by detection type.
ReadDistinctContainerImageCount	Kubernetes Protection
Retrieve count of distinct images running on containers
ReadDriftIndicatorEntities	Drift Indicators
Retrieve Drift Indicator entities identified by the provided IDs
ReadDriftIndicatorsCount	Drift Indicators
Returns the total count of Drift indicators over a time period
ReadExportJobs	Falcon Container
Read export jobs entities.
ReadExportJobsMixin0	Serverless Exports
Read export jobs entities.
ReadImageVulnerabilities	Falcon Container
Retrieve an assessment report for an image by specifying repository and tag.
ReadKubernetesIomByDateRange	Kubernetes Protection
Returns the count of Kubernetes IOMs by the date. by default it’s for 7 days.
ReadKubernetesIomCount	Kubernetes Protection
Returns the total count of Kubernetes IOMs over the past seven days
ReadKubernetesIomEntities	Kubernetes Protection
Retrieve Kubernetes IOM entities identified by the provided IDs
ReadNamespaceCount	Kubernetes Protection
Retrieve namespace counts
ReadNamespacesByDateRangeCount	Kubernetes Protection
Retrieve namespaces by date range counts
ReadNodeCombined	Kubernetes Protection
Retrieve kubernetes nodes identified by the provided filter criteria
ReadNodeCount	Kubernetes Protection
Retrieve node counts
ReadNodeEnrichment	Kubernetes Protection
Retrieve node enrichment data
ReadNodesByCloudCount	Kubernetes Protection
Bucket nodes by cloud providers
ReadNodesByContainerEngineVersionCount	Kubernetes Protection
Bucket nodes by their container engine version
ReadNodesByDateRangeCount	Kubernetes Protection
Retrieve nodes by date range counts
ReadPackagesByFixableVulnCount	Container Packages
Retrieve top x app packages with the most fixable vulnerabilities.
ReadPackagesByImageCount	Container Packages
Retrieves the N most frequently used packages across images.
ReadPackagesByVulnCount	Container Packages
Retrieve top x packages with the most vulnerabilities.
ReadPackagesCombined	Container Packages
Retrieve packages identified by the provided filter criteria.
ReadPackagesCombinedExport	Container Packages
Retrieve packages identified by the provided filter criteria for the purpose of export.
ReadPackagesCombinedV2	Container Packages
Retrieve packages identified by the provided filter criteria.
ReadPackagesCountByZeroDay	Container Packages
Retrieve packages count affected by zero day vulnerabilities.
ReadPodCombined	Kubernetes Protection
Retrieve kubernetes pods identified by the provided filter criteria
ReadPodCount	Kubernetes Protection
Retrieve pod counts
ReadPodEnrichment	Kubernetes Protection
Retrieve pod enrichment data
ReadPodsByDateRangeCount	Kubernetes Protection
Retrieve pods by date range counts
ReadPolicies	Image Assessment Policies
Get all Image Assessment policies
ReadPolicyExclusions	Image Assessment Policies
Retrieve Image Assessment Policy Exclusion entities
ReadPolicyGroups	Image Assessment Policies
Retrieve Image Assessment Policy Group entities
ReadRegistryEntities	Falcon Container
Retrieve registry entities associated with the client ID.
ReadRegistryEntitiesByUUID	Falcon Container
Retrieve registry entities associated with a specific UUID.
ReadRequestBody	FaaS Execution
Retrieve a large request body, such as a file, that has spilled into object storage.
ReadRunningContainerImages	Kubernetes Protection
Retrieve images on running containers
ReadUnidentifiedContainersByDateRangeCount	Unidentified Containers
Returns the count of Unidentified Containers over the last 7 days
ReadUnidentifiedContainersCount	Unidentified Containers
Returns the total count of Unidentified Containers over a time period
ReadVulnerabilitiesByImageCount	Container Vulnerabilities
Retrieve top x vulnerabilities with the most impacted images
ReadVulnerabilitiesPublicationDate	Container Vulnerabilities
Retrieve top x vulnerabilities with the most recent publication date
ReadVulnerabilityCount	Container Vulnerabilities
Aggregate count of vulnerabilities
ReadVulnerabilityCountByActivelyExploited	Container Vulnerabilities
Aggregate count of vulnerabilities grouped by actively exploited
ReadVulnerabilityCountByCPSRating	Container Vulnerabilities
Aggregate count of vulnerabilities grouped by csp_rating
ReadVulnerabilityCountByCVSSScore	Container Vulnerabilities
Aggregate count of vulnerabilities grouped by cvss score
ReadVulnerabilityCountBySeverity	Container Vulnerabilities
Aggregate count of vulnerabilities grouped by severity
ReadVulnerableContainerImageCount	Kubernetes Protection
Retrieve count of vulnerable images running on containers
refreshActiveStreamSession	Event Streams
Refresh an active event stream. Use the URL shown in a listAvailableStreamsOAuth2 response.
RegenerateAPIKey	Kubernetes Protection
Regenerate API key for docker registry integrations.
RegisterCspmSnapshotAccount	Cloud Snapshots
Register customer cloud account for snapshot scanning.
RenameSectionComplianceFramework	Cloud Policies
Rename a section in a custom compliance framework.
ReplaceControlRules	Cloud Policies
Assign rules to a compliance control (full replace).
report_executions_download_get	Report Executions
Get report entity download
report_executions_get	Report Executions
Retrieve report details for the provided report IDs.
report_executions_query	Report Executions
Find all report execution IDs matching the query with filter
report_executions_retry	Report Executions
Retry the execution of a report by ID.
RequestDeviceEnrollmentV3	Mobile Enrollment
Trigger on-boarding process for a mobile device
RequestDeviceEnrollmentV4	Mobile Enrollment
Trigger on-boarding process for a mobile device
RetrieveEmailsByCID	User Management
List the usernames (usually an email address) for all users in your customer account
RetrieveRelayInstances	ASPM
Retrieve the relay instances in CSV format.
RetrieveUser	User Management
Get info about a user.
retrieveUsersGETV1	User Management
Get info about users including their name, UID and CID by providing user UUIDs.
RetrieveUserUUID	User Management
Get a user’s ID by providing a username (usually an email address)
RetrieveUserUUIDsByCID	User Management
List user IDs for all users in your customer account. For more information on each user, provide the user ID to RetrieveUser.
revealUninstallToken	Sensor Update Policy
Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value ‘MAINTENANCE’ as the value for ‘device_id’.
RevokeUserRoleIds	User Management
Revoke one or more roles from a user
RTR_AggregateSessions	Real Time Response
Get aggregates on session data.
RTR_CheckActiveResponderCommandStatus	Real Time Response
Get status of an executed active-responder command on a single host.
RTR_CheckAdminCommandStatus	Real Time Response Admin
Get status of an executed RTR administrator command on a single host.
RTR_CheckCommandStatus	Real Time Response
Get status of an executed command on a single host.
RTR_CreatePut_Files	Real Time Response Admin
Upload a new put-file to use for the RTR put command.
RTR_CreatePut_FilesV2	Real Time Response Admin
Upload a new put-file to use for the RTR put command.
RTR_CreateScripts	Real Time Response Admin
Upload a new custom-script to use for the RTR runscript command.
RTR_CreateScriptsV2	Real Time Response Admin
Upload a new custom-script to use for the RTR runscript command.
RTR_DeleteFile	Real Time Response
Delete a RTR session file.
RTR_DeleteFileV2	Real Time Response
Delete a RTR session file. (Expanded output detail, use with RTR_ListFilesV2.)
RTR_DeletePut_Files	Real Time Response Admin
Delete a put-file based on the ID given. Can only delete one file at a time.
RTR_DeleteQueuedSession	Real Time Response
Delete a queued session command.
RTR_DeleteScripts	Real Time Response Admin
Delete a custom-script based on the ID given. Can only delete one script at a time.
RTR_DeleteSession	Real Time Response
Delete a session.
RTR_ExecuteActiveResponderCommand	Real Time Response
Execute an active responder command on a single host.
RTR_ExecuteAdminCommand	Real Time Response Admin
Execute a RTR administrator command on a single host.
RTR_ExecuteCommand	Real Time Response
Execute a command on a single host.
RTR_GetExtractedFileContents	Real Time Response
Get RTR extracted file contents for specified session and sha256.
RTR_GetFalconScripts	Real Time Response Admin
Get Falcon scripts with metadata and content of script
RTR_GetPut_Files	Real Time Response Admin
Get put-files based on the ID’s given. These are used for the RTR put command.
RTR_GetPut_FilesV2	Real Time Response Admin
Get put-files based on the ID’s given. These are used for the RTR put command.
RTR_GetPutFileContents	Real Time Response Admin
Get the contents of a put-file based on the ID given.
RTR_GetScripts	Real Time Response Admin
Get custom-scripts based on the ID’s given. These are used for the RTR runscript command.
RTR_GetScriptsV2	Real Time Response Admin
Get custom-scripts based on the ID’s given. These are used for the RTR runscript command.
RTR_InitSession	Real Time Response
Initialize a new session with the RTR cloud.
RTR_ListAllSessions	Real Time Response
Get a list of session_ids.
RTR_ListFalconScripts	Real Time Response Admin
Get a list of Falcon script IDs available to the user to run
RTR_ListFiles	Real Time Response
Get a list of files for the specified RTR session.
RTR_ListFilesV2	Real Time Response
Get a list of files for the specified RTR session. (Expanded output detail.)
RTR_ListPut_Files	Real Time Response Admin
Get a list of put-file ID’s that are available to the user for the put command.
RTR_ListQueuedSessions	Real Time Response
Get queued session metadata by session ID.
RTR_ListScripts	Real Time Response Admin
Get a list of custom-script ID’s that are available to the user for the runscript command.
RTR_ListSessions	Real Time Response
Get session metadata by session id.
RTR_PulseSession	Real Time Response
Refresh a session timeout on a single host.
RTR_UpdateScripts	Real Time Response Admin
Upload a new scripts to replace an existing one.
RTR_UpdateScriptsV2	Real Time Response Admin
Upload a new scripts to replace an existing one.
RTRAuditSessions	Real Time Response Audit
Get all the RTR sessions created for a customer in a specified duration
RunIntegrationTask	ASPM
Run an integration task by its ID
RunIntegrationTaskAdmin	ASPM
Run an integration task by its ID with admin scope.
RunIntegrationTaskV2	ASPM
Run an integration task by its ID

S

ScanSamples	Quick Scan
Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute
schedule_scan	ODS (On Demand Scan)
Create ODS scan and start or schedule scan for the given scan request.
scheduled_reports_get	Scheduled Reports
Retrieve scheduled reports for the provided report IDs.
scheduled_reports_launch	Scheduled Reports
Launch scheduled report executions for the provided ID(s).
scheduled_reports_query	Scheduled Reports
Find all report IDs matching the query with filter
SearchAndReadContainerAlerts	Container Alerts
Search Container Alerts by the provided search criteria.
SearchAndReadDriftIndicatorEntities	Drift Indicators
Retrieve Drift Indicators by the provided search criteria
SearchAndReadKubernetesIomEntities	Kubernetes Protection
Search Kubernetes IOM by the provided search criteria
SearchAndReadUnidentifiedContainers	Unidentified Containers
Search Unidentified Containers by the provided search criteria
SearchDetections	Container Detections
Retrieve image assessment detection entities identified by the provided filter criteria.
SearchDriftIndicators	Drift Indicators
Retrieve all drift indicators that match the given query
SearchHuntingGuides	CAO Hunting
Search for Hunting Guides that match the provided conditions
SearchIndicators	Intelligence Indicator Graph
Search indicators based on FQL filter.
SearchIntelligenceQueries	CAO Hunting
Search intelligence queries that match the provided conditions.
SearchKubernetesIoms	Kubernetes Protection
Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query
SearchObjects	Custom Storage
Search for objects that match the specified filter criteria (returns metadata, not actual objects).
SearchObjectsByVersion	Custom Storage
Search for objects that match the specified filter criteria (returns metadata, not actual objects).
ServiceNowGetDeployments	ASPM
Retrieve ServiceNow deployments
ServiceNowGetServices	ASPM
Retrieve ServiceNow services.
SetCloudSecurityIntegrationState	ASPM
Set Cloud Security integration state.
setContentUpdatePoliciesPrecedence	Content Update Policies
Sets the precedence of Content Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies when updating precedence.
setDeviceControlPoliciesPrecedence	Device Control Policies
Sets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence.
setFirewallPoliciesPrecedence	Firewall Policies
Sets the precedence of Firewall Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
setPreventionPoliciesPrecedence	Prevention Policy
Sets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
setRTResponsePoliciesPrecedence	Response Policies
Sets the precedence of Response Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
setSensorUpdatePoliciesPrecedence	Sensor Update Policy
Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence.
severity_query_v1	IOC
Query Severities.
signalChangesExternal	FileVantage
Initiates workflows for the provided change IDs.
ss_ioa_exclusions_aggregates_v2	IOA Exclusions
Get Self Service IOA Exclusion aggregates as specified via json in the request body.
ss_ioa_exclusions_create_v2	IOA Exclusions
Create new Self Service IOA Exclusions.
ss_ioa_exclusions_delete_v2	IOA Exclusions
Delete the Self Service IOA Exclusions rule by id.
ss_ioa_exclusions_get_reports_v2	IOA Exclusions
Create a report of Self Service IOA Exclusions scoped by the given filters.
ss_ioa_exclusions_get_v2	IOA Exclusions
Get the Self Service IOA Exclusions rules by id.
ss_ioa_exclusions_matched_rule_v2	IOA Exclusions
Get Self Service IOA Exclusions rules for matched IFN/CLI for child, parent and grandparent.
ss_ioa_exclusions_new_rules_v2	IOA Exclusions
Get defaults for Self Service IOA Exclusions based on provided IFN/CLI for child, parent and grandparent.
ss_ioa_exclusions_search_v2	IOA Exclusions
Search for Self Service IOA Exclusions.
ss_ioa_exclusions_update_v2	IOA Exclusions
Update the Self Service IOA Exclusions rule by id.
startActions	FileVantage
Initiates the specified action on the provided change IDs.
StartSearchV1	NGSIEM
Initiate a NGSIEM search.
StopSearchV1	NGSIEM
Stop a NGSIEM search.
Submit	Falconx Sandbox
Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.

T

tokens_create	Installation Tokens
Creates a token.
tokens_delete	Installation Tokens
Deletes a token immediately. To revoke a token, use tokens_update instead.
tokens_query	Installation Tokens
Search for tokens by providing a FQL filter and paging details.
tokens_read	Installation Tokens
Gets the details of one or more tokens by id.
tokens_update	Installation Tokens
Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.
TriggerScan	Kubernetes Protection
Triggers a dry run or a full scan of a customer’s kubernetes footprint.

U

update_global_configs	Network Scan Global Configs
Update “global-configs” using provided specifications
update_network_locations	Firewall Management
Updates the network locations provided, and return the ID.
update_network_locations_metadata	Firewall Management
Updates the network locations metadata such as polling_intervals for the cid
update_network_locations_precedence	Firewall Management
Updates the network locations precedence according to the list of ids provided.
update_networks	Network Scan Networks
Update “networks” using provided specifications
update_policy_container	Firewall Management
Update an identified policy container
update_policy_container_v1	Firewall Management
Update an identified policy container
update_rule_group	Firewall Management
Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules
update_rule_group_validation	Firewall Management
Validates the request of updating name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules
update_rule_groupMixin0	Custom IOA
Update a rule group. The following properties can be modified: name, description, enabled.
update_rules	Custom IOA
Update rules within a rule group. Return the updated rules.
update_rules_v2	Custom IOA
Update name, description, enabled or field_values for individual rules within a rule group.
update_scan_runs	Network Scan Scan Runs
Update “scan-runs” using provided specifications
update_scanners	Network Scan Scanners
Update “scanners” using provided specifications
update_scans	Network Scan Scans
Update “scans” using provided specifications
update_templates	Network Scan Templates
Update “templates” using provided specifications
update_zones	Network Scan Zones
Update “zones” using provided specifications
UpdateActionV1	Recon
Update an action for a monitoring rule.
UpdateAWSAccount	Kubernetes Protection
Updates the AWS account per the query parameters provided
UpdateAWSAccounts	Cloud Connect AWS
Update AWS Accounts by specifying the ID of the account and details to update
updateCIDGroups	MSSP (Flight Control)
Update existing CID Group(s). CID Group ID is expected for each CID Group definition provided in request body. CID Group member(s) remain unaffected.
UpdateCloudGroupExternal	Cloud Security
Update an existing Cloud Group’s properties.
UpdateComplianceControl	Cloud Policies
Update a custom compliance control.
UpdateComplianceFramework	Cloud Policies
Update a custom compliance framework.
updateContentUpdatePolicies	Content Update Policies
Update Content Update Policies by specifying the ID of the policy and details to update.
UpdateCSPMAzureAccount	CSPM Registration
Patches a existing account in our system for a customer.
UpdateCSPMAzureAccountClientID	CSPM Registration
Update an Azure service account in our system by with the user-created client_id created with the public key we’ve provided
UpdateCSPMAzureTenantDefaultSubscriptionID	CSPM Registration
Update an Azure default subscription_id in our system for given tenant_id
UpdateCSPMGCPAccount	CSPM Registration
Patches a existing account in our system for a customer.
UpdateCSPMGCPServiceAccountsExt	CSPM Registration
Updates an existing GCP service account.
UpdateCSPMPolicySettings	CSPM Registration
Updates a policy setting - can be used to override policy severity or to disable a policy entirely.
UpdateCSPMScanSchedule	CSPM Registration
Updates scan schedule configuration for one or more cloud platforms.
UpdateD4CGCPServiceAccountsExt	D4C Registration
Updates an existing GCP service account.
UpdateDashboardFromTemplate	NGSIEM
Update dashboard from template.
updateDefaultDeviceControlPolicies	Device Control Policies
Update the configuration for the Default Device Control Policy.
updateDefaultDeviceControlSettings	Device Control Policies
Update the configuration for Default Device Control Settings.
UpdateDefaultGroup	ASPM
Update default group
UpdateDetectsByIdsV2	Detects
Modify the state, assignee, and visibility of detections.
updateDeviceControlPolicies	Device Control Policies
Update Device Control Policies by specifying the ID of the policy and details to update.
UpdateDeviceTags	Hosts
Append or remove Falcon Grouping Tags.
UpdateDiscoverCloudAzureAccountClientID	D4C Registration
Update an Azure service account in our system by with the user-created client_id created with the public key we’ve provided.
UpdateExecutorNode	ASPM
Update an existing relay node
UpdateFileV1	Foundry LogScale
Updates a lookup file.
updateFirewallPolicies	Firewall Policies
Update Firewall Policies by specifying the ID of the policy and details to update
UpdateGroup	ASPM
Update group
updateHostGroups	Host Group
Update Host Groups by specifying the ID of the group and details to update
UpdateIntegration	ASPM
Update an existing integration by its ID
UpdateIntegrationTask	ASPM
Update an existing integration task by its ID
updateIOAExclusionsV1	IOA Exclusions
Update the IOA exclusions.
UpdateIOC	IOCs
This operation has been superseded by the IOC.indicator_update_v1 operation and is no longer used.
UpdateLookupFile	NGSIEM
Update lookup file.
UpdateLookupFileEntries	NGSIEM
Update entries in an existing Lookup File in NGSIEM.
updateMLExclusionsV1	ML Exclusions
Update the ML exclusions.
UpdateNotificationsV1	Recon
Update notification status or assignee. Accepts bulk requests.
UpdateParser	NGSIEM
Update parser.
UpdateParserAutoUpdatePolicy	NGSIEM
Update a parser auto update policy.
UpdateParserFromTemplate	NGSIEM
Update Parser in NGSIEM from YAML Template. Please note that name changes are not supported, but rather should be created as a new parser.
updatePolicies	FileVantage
Updates the general information of the provided policy.
UpdatePolicies	Image Assessment Policies
Update Image Assessment Policy entities
UpdatePolicyExclusions	Image Assessment Policies
Update Image Assessment Policy Exclusion entities
UpdatePolicyGroups	Image Assessment Policies
Update Image Assessment Policy Group entities
updatePolicyHostGroups	FileVantage
Manage host groups assigned to a policy.
updatePolicyPrecedence	FileVantage
Updates the policy precedence for all policies of a specific type.
UpdatePolicyPrecedence	Image Assessment Policies
Update Image Assessment Policy precedence
updatePolicyRuleGroups	FileVantage
Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.
updatePreventionPolicies	Prevention Policy
Update Prevention Policies by specifying the ID of the policy and details to update
UpdateQfByQuery	Quarantine
Apply quarantine file actions by query.
UpdateQuarantinedDetectsByIds	Quarantine
Apply action by quarantine file ids.
UpdateRegistryEntities	Falcon Container
Update the registry entity, as identified by the entity UUID, using the provided details.
updateRTResponsePolicies	Response Policies
Update Response Policies by specifying the ID of the policy and details to update
UpdateRule	Cloud Policies
Update a rule.
updateRuleGroupPrecedence	FileVantage
Updates the rule precedence for all rules in the identified rule group.
updateRuleGroups	FileVantage
Updates the provided rule group.
UpdateRuleOverride	Cloud Policies
Update a rule override.
updateRules	FileVantage
Updates the provided rule configuration within the specified rule group.
UpdateRulesV1	Recon
Update monitoring rules.
UpdateSavedQueryFromTemplate	NGSIEM
Update Saved Query from LogScale YAML Template in NGSIEM.
updateScheduledExclusions	FileVantage
Updates the provided scheduled exclusion configuration within the provided policy.
updateSensorUpdatePolicies	Sensor Update Policy
Update Sensor Update Policies by specifying the ID of the policy and details to update.
updateSensorUpdatePoliciesV2	Sensor Update Policy
Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection.
updateSensorVisibilityExclusionsV1	Sensor Visibility Exclusions
Update a sensor visibility exclusion.
UpdateSuppressionRule	Cloud Policies
Update a suppression rule.
UpdateUser	User Management
Modify an existing user’s first or last name
updateUserGroups	MSSP (Flight Control)
Update existing User Group(s). User Group ID is expected for each User Group definition provided in request body. User Group member(s) remain unaffected.
updateUserV1	User Management
Modify an existing user’s first or last name. Supports Flight Control.
UploadFileQuickScanPro	Quick Scan Pro
Uploads a file to be further analyzed with QuickScan Pro. The samples expire after 90 days.
UploadLookupV1	NGSIEM
Upload a lookup file to NGSIEM.
UploadSampleV2	Falconx Sandbox
Upload a file for sandbox analysis. After uploading, use /falconx/entities/submissions/v1 to start analyzing the file.
UploadSampleV3	Sample Uploads
Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint.
upsert_network_locations	Firewall Management
Updates the network locations provided, and return the ID.
UpsertBusinessApplications	ASPM
Create or Update Business Applications
UpsertTags	ASPM
Create new or update existing tag. You can update unique tags table or regular tags table
userActionV1	User Management
Apply actions to one or more users.
userRolesActionV1	User Management
Grant or Revoke one or more role(s) to a user against a CID.

V

v1_child_executions_query	Workflows
Search for child executions by providing a FQL filter and paging details.
validate	Custom IOA
Validates field values and checks for matches if a test string is provided.
validate_filepath_pattern	Firewall Management
Validates that the test pattern matches the executable filepath glob pattern.
ValidateCSPMGCPServiceAccountExt	CSPM Registration
Validates credentials for a service account
VerifyAWSAccountAccess	Cloud Connect AWS
Performs an Access Verification check on the specified AWS Account IDs

W

WorkflowActivitiesCombined	Workflows
Search for activities by name. Returns all supported activities if no filter is specified.
WorkflowActivitiesContentCombined	Workflows
Search for activities by name. Returns all supported activities if no filter specified.
WorkflowDefinitionsAction	Workflows
Enable or disable a workflow definition, or stop all executions for a definition.
WorkflowDefinitionsCombined	Workflows
Search workflow definitions based on the provided filter
WorkflowDefinitionsExport	Workflows
Exports a workflow definition for the given definition ID
WorkflowDefinitionsImport	Workflows
Imports a workflow definition based on the provided model
WorkflowDefinitionsUpdate	Workflows
Updates a workflow definition based on the provided model.
WorkflowExecute	Workflows
Executes an on-demand Workflow, the body is JSON used to trigger the execution, the response the execution ID(s)
WorkflowExecuteInternal	Workflows
Executes an on-demand Workflow, the body is JSON used to trigger the execution, the response the execution ID(s)
WorkflowExecutionResults	Workflows
Get execution result of a given execution
WorkflowExecutionsAction	Workflows
Allows a user to resume/retry a failed workflow execution.
WorkflowExecutionsCombined	Workflows
Search workflow executions based on the provided filter
WorkflowGetHumanInputV1	Workflows
Gets one or more specific human inputs by their IDs.
WorkflowMockExecute	Workflows
Executes an on-demand Workflow with mocks
WorkflowSystemDefinitionsDeProvision	Workflows
Deprovisions a system definition that was previously provisioned on the target CID
WorkflowSystemDefinitionsPromote	Workflows
Promote a version of a system definition
WorkflowSystemDefinitionsProvision	Workflows
Provisions a system definition onto the target CID by using the template and provided parameters
WorkflowTriggersCombined	Workflows
Search for triggers by namespaced identifier, i.e. `FalconAudit`, `Detection`, or `FalconAudit/Detection/Status`. Returns all triggers if no filter is specified.
WorkflowUpdateHumanInputV1	Workflows
Provides an input in response to a human input action. Depending on action configuration, one or more of Approve, Decline, and/or Escalate are permitted.