Skip to content
CrowdStrike Developer Center

Admission Control Policies

The Admission Control Policies service collection provides operations for managing Kubernetes admission control policies. Create, update, delete, and query policies, manage host groups and rule groups, set policy and rule group precedence, and manage custom Rego rules within rule groups.

LanguageLast Update
Pythonv1.5.5
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
admission_control_get_policies
get_policies		Get admission control policies.
admission_control_create_policy
create_policy		Create an admission control policy.
admission_control_update_policy
update_policy		Update an admission control policy.
admission_control_delete_policies
delete_policies		Delete an admission control policy.
admission_control_add_host_groups
add_host_groups		Add one or more host groups to an admission control policy.
admission_control_remove_host_groups
remove_host_groups		Remove one or more host groups from an admission control policy.
admission_control_update_policy_precedence
update_policy_precedence		Update admission control policy precedence.
admission_control_add_rule_group_custom_rule
add_custom_rules		Add one or more custom Rego rules to a rule group in an admission control policy.
admission_control_remove_rule_group_custom_rule
delete_custom_rules		Delete one or more custom Rego rules from all rule groups in an admission control policy.
admission_control_set_rule_group_precedence
set_rule_group_precedence		Change precedence of rule groups within an admission control policy.
admission_control_replace_rule_group_selectors
replace_rule_group_selectors		Replace labels and/or namespaces of a rule group within an admission control policy.
admission_control_create_rule_groups
create_rule_groups		Create one or more rule groups and add them to an existing admission control policy.
admission_control_update_rule_groups
update_rule_groups		Update a rule group.
admission_control_delete_rule_groups
delete_rule_groups		Delete rule groups.
admission_control_query_policies
query_policies		Search admission control policies.

admission_control_get_policies

Section titled “admission_control_get_policies”

Get admission control policies.

GET /admission-control-policies/entities/policies/v1
Scope Falcon Container Policies: READ Consumes · Produces application/json
PEP 8 get_policies

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe list of policies to return (maximum 100 IDs allowed).
parametersquerydictionaryFull set of query string parameters in a JSON formatted dictionary.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_policies(ids=id_list)
print(response)

admission_control_create_policy

Section titled “admission_control_create_policy”

Create an admission control policy.

POST /admission-control-policies/entities/policies/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 create_policy

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload as JSON formatted dictionary.
descriptionbodystringPolicy description.
namebodystringPolicy name.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.create_policy(description="string", name="string")
print(response)

admission_control_update_policy

Section titled “admission_control_update_policy”

Update an admission control policy.

PATCH /admission-control-policies/entities/policies/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 update_policy

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystringThe id of the admission control policy to update.
bodybodydictionaryFull body payload as JSON formatted dictionary.
descriptionbodystringPolicy description.
is_enabledbodybooleanFlag indicating if the policy is enabled.
namebodystringPolicy name.
parametersquerydictionaryFull set of query string parameters in a JSON formatted dictionary.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.update_policy(ids=id_list,
                                description="string",
                                is_enabled=boolean,
                                name="string")
print(response)

admission_control_delete_policies

Section titled “admission_control_delete_policies”

Delete an admission control policy.

DELETE /admission-control-policies/entities/policies/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 delete_policies

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe ids of the policies to delete (maximum 100 IDs allowed).
parametersquerydictionaryFull set of query string parameters in a JSON formatted dictionary.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_policies(ids=id_list)
print(response)

admission_control_add_host_groups

Section titled “admission_control_add_host_groups”

Add one or more host groups to an admission control policy.

POST /admission-control-policies/entities/policy-host-groups/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 add_host_groups

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload as JSON formatted dictionary.
host_groupsbodystring or list of stringsHost group IDs to add.
idbodystringThe policy ID to modify.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.add_host_groups(host_groups=id_list, id="string")
print(response)

admission_control_remove_host_groups

Section titled “admission_control_remove_host_groups”

Remove one or more host groups from an admission control policy.

DELETE /admission-control-policies/entities/policy-host-groups/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 remove_host_groups

Parameters

Section titled “Parameters”
NameTypeData typeDescription
policy_idquerystringThe id of the policy to modify.
host_group_idsquerystring or list of stringsThe ids of the host groups to remove (maximum 100 IDs allowed).
parametersquerydictionaryFull set of query string parameters in a JSON formatted dictionary.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.remove_host_groups(policy_id="string", host_group_ids=id_list)
print(response)

admission_control_update_policy_precedence

Section titled “admission_control_update_policy_precedence”

Update admission control policy precedence.

PATCH /admission-control-policies/entities/policy-precedence/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 update_policy_precedence

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload as JSON formatted dictionary.
idbodystringPolicy ID.
precedencebodyintegerPolicy precedence.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.update_policy_precedence(id="string", precedence=integer)
print(response)

admission_control_add_rule_group_custom_rule

Section titled “admission_control_add_rule_group_custom_rule”

Add one or more custom Rego rules to a rule group in an admission control policy. The requested custom rules are also added to all other unspecified rule groups in the policy with action ‘Disabled’.

POST /admission-control-policies/entities/policy-rule-group-custom-rules/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 add_custom_rules

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload as JSON formatted dictionary.
idbodystringPolicy ID.
rule_groupsbodylist of dictionariesRule groups containing custom rules to add.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


rule_groups = [
    {
        "custom_rules": [
            {
                "action": "string",
                "id": "string"
            }
        ],
        "id": "string"
    }
]


response = falcon.add_custom_rules(id="string", rule_groups=rule_groups)
print(response)

admission_control_remove_rule_group_custom_rule

Section titled “admission_control_remove_rule_group_custom_rule”

Delete one or more custom Rego rules from all rule groups in an admission control policy.

DELETE /admission-control-policies/entities/policy-rule-group-custom-rules/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 delete_custom_rules

Parameters

Section titled “Parameters”
NameTypeData typeDescription
policy_idquerystringThe id of the policy to modify.
custom_rule_idsquerystring or list of stringsThe ids of the custom Rego rules to delete (maximum 100 IDs allowed).
parametersquerydictionaryFull set of query string parameters in a JSON formatted dictionary.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_custom_rules(policy_id="string",
                                      custom_rule_ids=id_list)
print(response)

admission_control_set_rule_group_precedence

Section titled “admission_control_set_rule_group_precedence”

Change precedence of rule groups within an admission control policy.

PUT /admission-control-policies/entities/policy-rule-group-precedence/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 set_rule_group_precedence

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload as JSON formatted dictionary.
idbodystringPolicy ID.
rule_groupsbodylist of dictionariesList of rule groups in precedence order.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


rule_groups = [
    {
        "id": "string"
    }
]


response = falcon.set_rule_group_precedence(id="string",
                                            rule_groups=rule_groups)
print(response)

admission_control_replace_rule_group_selectors

Section titled “admission_control_replace_rule_group_selectors”

Replace labels and/or namespaces of a rule group within an admission control policy.

PUT /admission-control-policies/entities/policy-rule-group-selectors/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 replace_rule_group_selectors

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload as JSON formatted dictionary.
idbodystringPolicy ID.
rule_groupsbodylist of dictionariesRule groups with labels and/or namespaces to replace.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


rule_groups = [
    {
        "id": "string",
        "labels": [
            {
                "key": "string",
                "operator": "string",
                "value": "string"
            }
        ],
        "namespaces": [
            {
                "value": "string"
            }
        ]
    }
]


response = falcon.replace_rule_group_selectors(id="string",
                                               rule_groups=rule_groups)
print(response)

admission_control_create_rule_groups

Section titled “admission_control_create_rule_groups”

Create one or more rule groups and add them to an existing admission control policy.

POST /admission-control-policies/entities/policy-rule-groups/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 create_rule_groups

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload as JSON formatted dictionary.
idbodystringPolicy ID.
rule_groupsbodylist of dictionariesRule groups to create.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


rule_groups = [
    {
        "description": "string",
        "name": "string"
    }
]


response = falcon.create_rule_groups(id="string", rule_groups=rule_groups)
print(response)

admission_control_update_rule_groups

Section titled “admission_control_update_rule_groups”

Update a rule group. Change rule group name, description, deny on error, Image Assessment settings, default rule actions, and custom rule actions.

PATCH /admission-control-policies/entities/policy-rule-groups/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 update_rule_groups

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload as JSON formatted dictionary. Valid rule action values: Disabled, Prevent, Alert. Valid image assessment unassessed handling values: Prevent, Alert, Allow Without Alert.
idbodystringPolicy ID.
rule_groupsbodylist of dictionariesRule groups to update.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


rule_groups = [
    {
        "custom_rules": [
            {
                "action": "string",
                "id": "string"
            }
        ],
        "default_rules": [
            {
                "action": "string",
                "code": "string"
            }
        ],
        "deny_on_error": {
            "deny": true
        },
        "description": "string",
        "id": "string",
        "image_assessment": {
            "enabled": true,
            "unassessed_handling": "string"
        },
        "name": "string"
    }
]


response = falcon.update_rule_groups(id="string", rule_groups=rule_groups)
print(response)

admission_control_delete_rule_groups

Section titled “admission_control_delete_rule_groups”

Delete rule groups.

DELETE /admission-control-policies/entities/policy-rule-groups/v1
Scope Falcon Container Policies: WRITE Consumes · Produces application/json
PEP 8 delete_rule_groups

Parameters

Section titled “Parameters”
NameTypeData typeDescription
policy_idquerystringThe id of the policy to modify.
rule_group_idsquerystring or list of stringsThe ids of the rule groups to delete (maximum 100 IDs allowed).
parametersquerydictionaryFull set of query string parameters in a JSON formatted dictionary.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_rule_groups(policy_id="string", rule_group_ids=id_list)
print(response)

admission_control_query_policies

Section titled “admission_control_query_policies”

Search admission control policies.

GET /admission-control-policies/queries/policies/v1
Scope Falcon Container Policies: READ Consumes · Produces application/json
PEP 8 query_policies

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL filter. Allowed properties: precedence, created_timestamp, modified_timestamp, name, description.
limitqueryintegerThe maximum number of resources to return. The maximum allowed is 500. [Default: 100]
offsetqueryintegerThe number of results to skip before starting to return results. [Default: 0]
sortquerystringField to sort on. Sortable fields: precedence, created_timestamp, modified_timestamp. Use the |asc or |desc suffix to specify sort direction.
parametersquerydictionaryFull set of query string parameters in a JSON formatted dictionary.

Code Examples

Section titled “Code Examples”
from falconpy import AdmissionControlPolicies


falcon = AdmissionControlPolicies(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.query_policies(filter="string",
                                 limit=integer,
                                 offset=integer,
                                 sort="string")
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use