API Integrations
The API Integrations service collection provides operations for querying plugin configurations and executing commands through the CrowdStrike Falcon plugin framework. Query combined plugin configs, execute commands with proxied responses, or execute commands directly.
| Language | Last Update |
|---|---|
| Python | v1.4.6 |
| PowerShell | v2.2.9 |
| Go | v0.20.0 |
| TypeScript | v0.6.0 |
| Rust | v0.7.0 |
| Ruby | v1.2.0 |
Table of Contents
Section titled “Table of Contents”| Operation | Description |
|---|---|
GetCombinedPluginConfigsget_plugin_configs | Queries for config resources and returns details |
ExecuteCommandProxyexecute_command_proxy | Execute a command and proxy the response directly. |
ExecuteCommandexecute_command | Execute a command. |
GetCombinedPluginConfigs
Section titled “GetCombinedPluginConfigs”Queries for config resources and returns details
GET /plugins/combined/configs/v1
PEP 8
get_plugin_configsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | Filter items using a query in Falcon Query Language (FQL). |
| limit | query | integer | The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. |
| offset | query | integer | The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results. |
| parameters | query | dictionary | Full query string parameters payload as a dictionary. Not required when using other keywords. |
| sort | query | string | Sort items using their properties. |
Code Examples
Section titled “Code Examples”from falconpy import APIIntegrations
falcon = APIIntegrations(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_plugin_configs(filter="string", limit="string", offset="string", sort="string")print(response)from falconpy import APIIntegrations
falcon = APIIntegrations(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.GetCombinedPluginConfigs(filter="string", limit="string", offset="string", sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("GetCombinedPluginConfigs", filter="string", limit=integer, offset=integer, sort="string")print(response)Get-FalconWorkflowIntegration -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/api_integrations")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" limit := int64(0) offset := int64(0) sort := "string"
response, err := client.ApiIntegrations.GetCombinedPluginConfigs( &api_integrations.GetCombinedPluginConfigsParams{ Filter: &filter, Limit: &limit, Offset: &offset, Sort: &sort, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.apiIntegrations.getCombinedPluginConfigs( "string", // filter integer, // limit integer, // offset "string" // sort);
console.log(response);use rusty_falcon::apis::api_integrations_api::get_combined_plugin_configs;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_combined_plugin_configs( &falcon.cfg, // configuration Some("string"), // filter Some(integer), // limit Some(integer), // offset Some("string"), // sort ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ApiIntegrations.new
response = api.get_combined_plugin_configs(filter: 'string', limit: integer, offset: integer, sort: 'string')
puts responseExecuteCommandProxy
Section titled “ExecuteCommandProxy”Execute a command and proxy the response directly.
POST /plugins/entities/execute-proxy/v1
PEP 8
execute_command_proxyParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| config_auth_type | body | string | Configuration authorization type for plugin to execute. Only application for security scheme plugins. If not provided, execution will use the default authorization type. |
| config_id | body | string | Configuration ID. If omitted, the oldest configuration ID will be used. |
| definition_id | body | string | ID of the definition containing the operation to execute. |
| id | body | string | ID of the specific plugin to execute provided in “definition_name.operation_name” format. |
| operation_id | body | string | The specific operation to execute. |
| data | body | string | Command data. |
| description | body | string | Command description. |
| params | body | dictionary | Command parameters. Overwritten if keywords are used to provide command parameters. |
| cookie | body | dictionary | Command parameter - cookie. |
| header | body | dictionary | Command parameter - header. |
| path | body | dictionary | Command parameter - path. |
| query | body | dictionary | Command parameter - query. |
| version | body | integer | The version of the definition to execute. |
Code Examples
Section titled “Code Examples”from falconpy import APIIntegrations
falcon = APIIntegrations(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.execute_command_proxy(config_auth_type="string", config_id="string", cookie={}, data="string", definition_id="string", header={}, id="string", operation_id="string", path={}, params="string", query={}, version=integer)print(response)from falconpy import APIIntegrations
falcon = APIIntegrations(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ExecuteCommandProxy(config_auth_type="string", config_id="string", cookie={}, data="string", definition_id="string", header={}, id="string", operation_id="string", path={}, params="string", query={}, version=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "config": { "auth": "string", "data": "string", "definition_id": "string", "enable_system_workflow": boolean, "graphical_password_algorithm": {}, "id": "string", "immutable_params": {}, "json": {}, "name": "string", "on_prem": {}, "params": {}, "permissions": ["string"], "resource_id": "string", "resource_response": "string", "tags": ["string"], "tags_map": {}, "token_parameters": {}, "x-www-form-urlencoded": {} }, "config_auth_type": "string", "config_id": "string", "definition_id": "string", "id": "string", "operation_id": "string", "request": { "data": "string", "json": {}, "params": {}, "x-www-form-urlencoded": {} }, "version": integer } ]}
response = falcon.command("ExecuteCommandProxy", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/api_integrations" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
config_auth_type := "string" config_id := "string" definition_id := "string" id := "string" operation_id := "string" version := integer
response, err := client.ApiIntegrations.ExecuteCommandProxy( &api_integrations.ExecuteCommandProxyParams{ Body: &models.DomainExecuteCommandRequestV1{ Resources: []interface{}{ { Config: &struct{}{}, ConfigAuthType: &config_auth_type, ConfigID: &config_id, DefinitionID: &definition_id, ID: &id, OperationID: &operation_id, Request: &struct{}{}, Version: &version, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.apiIntegrations.executeCommandProxy( { resources: [{ config: { auth: "string", data: "string", definitionId: "string", enableSystemWorkflow: boolean, graphicalPasswordAlgorithm: {}, id: "string", immutableParams: {}, json: {}, name: "string", onPrem: {}, params: {}, permissions: [], resourceId: "string", resourceResponse: "string", tags: [], tagsMap: {}, tokenParameters: {}, x-www-form-urlencoded: {} }, configAuthType: "string", configId: "string", definitionId: "string", id: "string", operationId: "string", request: { data: "string", json: {}, params: {}, x-www-form-urlencoded: {} }, version: integer }]} // body);
console.log(response);use rusty_falcon::apis::api_integrations_api::execute_command_proxy;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::DomainExecuteCommandRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = DomainExecuteCommandRequestV1 { resources: vec![ExecuteCommandV1 { config_auth_type: Some("string".to_string()), config_id: Some("string".to_string()), definition_id: Some("string".to_string()), id: Some("string".to_string()), operation_id: Some("string".to_string()), request: Default::default(), version: Some(integer), ..Default::default() }], ..Default::default() };
let response = execute_command_proxy( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ApiIntegrations.new
body = Falcon::DomainExecuteCommandRequestV1.new( resources: [{ config: { auth: 'string', data: 'string', definition_id: 'string', enable_system_workflow: boolean, graphical_password_algorithm: {}, id: 'string', immutable_params: {}, json: {}, name: 'string', on_prem: {}, params: {}, permissions: [], resource_id: 'string', resource_response: 'string', tags: [], tags_map: {}, token_parameters: {}, x-www-form-urlencoded: {} }, config_auth_type: 'string', config_id: 'string', definition_id: 'string', id: 'string', operation_id: 'string', request: { data: 'string', json: {}, params: {}, x-www-form-urlencoded: {} }, version: integer }])
response = api.execute_command_proxy(body)
puts responseExecuteCommand
Section titled “ExecuteCommand”Execute a command.
POST /plugins/entities/execute/v1
PEP 8
execute_commandParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| config_auth_type | body | string | Configuration authorization type for plugin to execute. Only application for security scheme plugins. If not provided, execution will use the default authorization type. |
| config_id | body | string | Configuration ID. If omitted, the oldest configuration ID will be used. |
| definition_id | body | string | ID of the definition containing the operation to execute. |
| id | body | string | ID of the specific plugin to execute provided in “definition_name.operation_name” format. |
| operation_id | body | string | The specific operation to execute. |
| data | body | string | Command data. |
| description | body | string | Command description. |
| params | body | dictionary | Command parameters. Overwritten if keywords are used to provide command parameters. |
| cookie | body | dictionary | Command parameter - cookie. |
| header | body | dictionary | Command parameter - header. |
| path | body | dictionary | Command parameter - path. |
| query | body | dictionary | Command parameter - query. |
| version | body | integer | The version of the definition to execute. |
Code Examples
Section titled “Code Examples”from falconpy import APIIntegrations
falcon = APIIntegrations(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.execute_command(config_auth_type="string", config_id="string", definition_id="string", id="string", operation_id="string", description="string", version=integer)print(response)from falconpy import APIIntegrations
falcon = APIIntegrations(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ExecuteCommand(config_auth_type="string", config_id="string", definition_id="string", id="string", operation_id="string", description="string", version=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "config": { "auth": "string", "data": "string", "definition_id": "string", "enable_system_workflow": boolean, "graphical_password_algorithm": {}, "id": "string", "immutable_params": {}, "json": {}, "name": "string", "on_prem": {}, "params": {}, "permissions": ["string"], "resource_id": "string", "resource_response": "string", "tags": ["string"], "tags_map": {}, "token_parameters": {}, "x-www-form-urlencoded": {} }, "config_auth_type": "string", "config_id": "string", "definition_id": "string", "id": "string", "operation_id": "string", "request": { "data": "string", "json": {}, "params": {}, "x-www-form-urlencoded": {} }, "version": integer } ]}
response = falcon.command("ExecuteCommand", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/api_integrations" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
config_auth_type := "string" config_id := "string" definition_id := "string" id := "string" operation_id := "string" version := integer
response, err := client.ApiIntegrations.ExecuteCommand( &api_integrations.ExecuteCommandParams{ Body: &models.DomainExecuteCommandRequestV1{ Resources: []interface{}{ { Config: &struct{}{}, ConfigAuthType: &config_auth_type, ConfigID: &config_id, DefinitionID: &definition_id, ID: &id, OperationID: &operation_id, Request: &struct{}{}, Version: &version, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.apiIntegrations.executeCommand(["ID1", "ID2", "ID3"]); // resources
console.log(response);use rusty_falcon::apis::api_integrations_api::execute_command;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = execute_command( &falcon.cfg, // configuration vec![models::DomainExecuteCommandV1::default()], // resources ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ApiIntegrations.new
response = api.execute_command('string')
puts response