Case Management
The Case Management service collection provides operations for managing security cases and workflows. Create, update, assign, and query cases, as well as manage case activities, attachments, and status transitions.
| Language | Last Update |
|---|---|
| Python | v1.5.5 |
| PowerShell | v2.2.9 |
| Go | v0.20.0 |
| TypeScript | v0.6.0 |
| Rust | v0.7.0 |
| Ruby | v1.2.0 |
Table of Contents
Section titled “Table of Contents”| Operation | Description |
|---|---|
aggregates_file_details_post_v1aggregates_file_details_post_v1 | Get file details aggregates as specified via json in the request body. |
combined_file_details_get_v1query_file_details | Query file details |
entities_files_upload_post_v1upload_file | Upload file for case |
entities_file_details_patch_v1update_file_details | Update file details |
entities_file_details_get_v1get_file_details | Get file details by id |
entities_files_bulk_download_post_v1bulk_download_files | Download multiple existing file from case as a ZIP |
entities_files_download_get_v1download_existing_files | Download existing file from case |
entities_files_delete_v1delete_file_details | Delete file details by id |
queries_file_details_get_v1query_file_detail_ids | Query for ids of file details |
entities_get_rtr_file_metadata_post_v1get_rtr_file_metadata | Get metadata for a file via RTR without retrieving it. |
entities_retrieve_rtr_file_post_v1retrieve_rtr_file | Retrieve a file from host using RTR and add it to a case. |
entities_retrieve_rtr_recent_file_post_v1retrieve_rtr_recent_file | Retrieve a recently fetched RTR file and add it to a case. |
aggregates_notification_groups_post_v1get_notification_groups_aggregation | Get notification groups aggregations |
aggregates_notification_groups_post_v2get_notification_groups_aggregation_v2 | Get notification groups aggregations |
aggregates_slas_post_v1get_sla_aggregations | Get SLA aggregations |
aggregates_templates_post_v1get_template_aggregations | Get templates aggregations |
aggregates_access_tags_post_v1get_access_tag_aggregations | Get access tag aggregates. |
entities_access_tags_get_v1get_access_tags | Get access tags. |
entities_notification_groups_get_v1get_notification_groups | Get notification groups by ID |
entities_notification_groups_post_v1create_notification_group | Create notification group |
entities_notification_groups_patch_v1update_notification_group | Update notification group |
entities_notification_groups_delete_v1delete_notification_group | Delete notification groups by ID |
entities_notification_groups_get_v2get_notification_groups_v2 | Get notification groups by ID |
entities_notification_groups_post_v2create_notification_group_v2 | Create notification group |
entities_notification_groups_patch_v2update_notification_group_v2 | Update notification group |
entities_notification_groups_delete_v2delete_notification_group_v2 | Delete notification groups by ID |
entities_fields_get_v1get_fields | Get fields by ID |
entities_slas_get_v1get_slas | Get SLAs by ID |
entities_slas_post_v1create_sla | Create SLA |
entities_slas_patch_v1update_sla | Update SLA |
entities_slas_delete_v1delete_sla | Delete SLAs |
entities_template_snapshots_get_v1get_template_snapshots | Get template snapshots |
entities_templates_export_get_v1export_templates | Export templates to files in a zip archive |
entities_templates_import_post_v1import_template | Import a template from a file |
entities_templates_get_v1get_templates | Get templates by ID |
entities_templates_post_v1create_template | Create template |
entities_templates_patch_v1update_template | Update template |
entities_templates_delete_v1delete_templates | Delete templates |
queries_access_tags_get_v1query_access_tags | Query access tags. |
queries_fields_get_v1query_fields | Query fields |
queries_notification_groups_get_v1query_notification_groups | Query notification groups |
queries_notification_groups_get_v2query_notification_groups_v2 | Query notification groups |
queries_slas_get_v1query_slas | Query SLAs |
queries_template_snapshots_get_v1query_template_snapshots | Query template snapshots |
queries_templates_get_v1query_templates | Query templates |
entities_alert_evidence_post_v1add_case_alert_evidence | Adds the given list of alert evidence to the specified case. |
entities_case_tags_post_v1add_case_tags | Adds the given list of tags to the specified case. |
entities_case_tags_delete_v1delete_case_tags | Removes the specified tags from the specified case. |
entities_cases_put_v2create_case | Creates the given Case |
entities_cases_post_v2get_cases | Retrieves all Cases given their IDs. |
entities_cases_patch_v2update_case_fields | Updates given fields on the specified case. |
entities_event_evidence_post_v1add_case_event_evidence | Adds the given list of event evidence to the specified case. |
queries_cases_get_v1query_case_ids | Retrieves all Cases IDs that match a given query. |
aggregates_file_details_post_v1
Section titled “aggregates_file_details_post_v1”Get file details aggregates as specified via json in the request body.
POST /case-files/aggregates/file-details/v1
PEP 8
aggregates_file_details_post_v1Parameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| filter | query | string | FQL filter expression. |
| ids | query | string or list of strings | Resource IDs. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.aggregates_file_details_post_v1(ids=id_list, filter="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.aggregates_file_details_post_v1(ids=id_list, filter="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("aggregates_file_details_post_v1", ids=id_list, filter="string", body={})print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string"
response, err := client.CaseFiles.AggregatesFileDetailsPostV1( &case_files.AggregatesFileDetailsPostV1Params{ Body: []models.MsaAggregateQueryRequest{}, Ids: []string{"ID1", "ID2", "ID3"}, Filter: &filter, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.aggregatesFileDetailsPostV1( ["ID1", "ID2", "ID3"], // ids [{}], // body "string" // filter);
console.log(response);use rusty_falcon::apis::case_files_api::aggregates_file_details_post_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = aggregates_file_details_post_v1( &falcon.cfg, // configuration vec!["string".to_string()], // ids vec![serde_json::json!({})], // body Some("string"), // filter ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseFiles.new
body = [{}]
response = api.aggregates_file_details_post_v1(body, ['ID1', 'ID2', 'ID3'])
puts responsecombined_file_details_get_v1
Section titled “combined_file_details_get_v1”Query file details
GET /case-files/combined/file-details/v1
PEP 8
query_file_detailsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | FQL filter expression. |
| limit | query | integer | Page size. Maximum value is 10. |
| offset | query | integer | Page offset. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_file_details(filter="string", limit=integer, offset=integer)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.combined_file_details_get_v1(filter="string", limit=integer, offset=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("combined_file_details_get_v1", filter="string", limit=integer, offset=integer)print(response)Get-FalconNgsCaseFile -Filter "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" limit := int64(0) offset := int64(0)
response, err := client.CaseFiles.CombinedFileDetailsGetV1( &case_files.CombinedFileDetailsGetV1Params{ Filter: &filter, Limit: &limit, Offset: &offset, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.combinedFileDetailsGetV1( "string", // filter integer, // limit integer // offset);
console.log(response);use rusty_falcon::apis::case_files_api::combined_file_details_get_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = combined_file_details_get_v1( &falcon.cfg, // configuration Some("string"), // filter Some(integer), // limit Some(integer), // offset ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseFiles.new
response = api.combined_file_details_get_v1(filter: 'string', limit: integer, offset: integer)
puts responseentities_files_upload_post_v1
Section titled “entities_files_upload_post_v1”Upload file for case
POST /case-files/entities/files/upload/v1
PEP 8
upload_fileParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| case_id | formData | string | Case ID for the file. |
| description | formData | string | Description of the file. |
| file | formData | file | Local file to Upload. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.upload_file(file="string", description="string", case_id="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.entities_files_upload_post_v1(file="string", description="string", case_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("entities_files_upload_post_v1", file_data=open("filename", "rb").read(), description="string", case_id="string")print(response)Send-FalconNgsCaseFilepackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string"
response, err := client.CaseFiles.EntitiesFilesUploadPostV1( &case_files.EntitiesFilesUploadPostV1Params{ Description: &description, CaseID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.entitiesFilesUploadPostV1( "string", // file "string", // caseId "string" // description);
console.log(response);Examples coming soon.
Examples coming soon.
entities_file_details_patch_v1
Section titled “entities_file_details_patch_v1”Update file details
PATCH /case-files/entities/file-details/v1
PEP 8
update_file_detailsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| description | body | string | File details description. |
| id | body | string | File details ID. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_file_details(description="string", id="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.entities_file_details_patch_v1(description="string", id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "description": "string", "id": "string"}
response = falcon.command("entities_file_details_patch_v1", body=body_payload)print(response)Edit-FalconNgsCaseFile -Description "string" -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string" id := "string"
response, err := client.CaseFiles.EntitiesFileDetailsPatchV1( &case_files.EntitiesFileDetailsPatchV1Params{ Body: &models.CasefilesapiUpdateRequestV1{ Description: &description, ID: &id, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.entitiesFileDetailsPatchV1( { description: "string", id: "string"} // body);
console.log(response);use rusty_falcon::apis::case_files_api::entities_file_details_patch_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApiUpdateRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApiUpdateRequestV1 { description: Some("string".to_string()), id: Some("string".to_string()), ..Default::default() };
let response = entities_file_details_patch_v1( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseFiles.new
body = Falcon::CasefilesapiUpdateRequestV1.new( description: 'string', id: 'string')
response = api.entities_file_details_patch_v1(body)
puts responseentities_file_details_get_v1
Section titled “entities_file_details_get_v1”Get file details by id
GET /case-files/entities/file-details/v1
PEP 8
get_file_detailsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_file_details(ids=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_file_details_get_v1(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_file_details_get_v1", ids=id_list)print(response)Get-FalconNgsCaseFile -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseFiles.EntitiesFileDetailsGetV1( &case_files.EntitiesFileDetailsGetV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.entitiesFileDetailsGetV1(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::case_files_api::entities_file_details_get_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = entities_file_details_get_v1( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseFiles.new
response = api.entities_file_details_get_v1(['ID1', 'ID2', 'ID3'])
puts responseentities_files_bulk_download_post_v1
Section titled “entities_files_bulk_download_post_v1”Download multiple existing file from case as a ZIP
POST /case-files/entities/files/bulk-download/v1
PEP 8
bulk_download_filesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| ids | body | string or list of strings | List of files to download. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.bulk_download_files(ids=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_files_bulk_download_post_v1(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "ids": ["string"]}
response = falcon.command("entities_files_bulk_download_post_v1", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseFiles.EntitiesFilesBulkDownloadPostV1( &case_files.EntitiesFilesBulkDownloadPostV1Params{ Body: &models.CasefilesapiBulkDownloadRequestV1{ Ids: []string{"string"}, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.entitiesFilesBulkDownloadPostV1( { ids: []} // body);
console.log(response);use rusty_falcon::apis::case_files_api::entities_files_bulk_download_post_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApiBulkDownloadRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApiBulkDownloadRequestV1 { ids: vec!["string".to_string()], ..Default::default() };
let response = entities_files_bulk_download_post_v1( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseFiles.new
body = Falcon::CasefilesapiBulkDownloadRequestV1.new( ids: [])
response = api.entities_files_bulk_download_post_v1(body)
puts responseentities_files_download_get_v1
Section titled “entities_files_download_get_v1”Download existing file from case
GET /case-files/entities/files/download/v1
PEP 8
download_existing_filesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| id | query | string | Resource ID. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.download_existing_files(id="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.entities_files_download_get_v1(id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("entities_files_download_get_v1", id="string")print(response)Receive-FalconNgsCaseFile -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseFiles.EntitiesFilesDownloadGetV1( &case_files.EntitiesFilesDownloadGetV1Params{ ID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.entitiesFilesDownloadGetV1("string"); // id
console.log(response);Examples coming soon.
Examples coming soon.
entities_files_delete_v1
Section titled “entities_files_delete_v1”Delete file details by id
DELETE /case-files/entities/files/v1
PEP 8
delete_file_detailsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_file_details(ids=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_files_delete_v1(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_files_delete_v1", ids=id_list)print(response)Remove-FalconNgsCaseFile -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseFiles.EntitiesFilesDeleteV1( &case_files.EntitiesFilesDeleteV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.entitiesFilesDeleteV1(["ID1", "ID2", "ID3"]); // ids
console.log(response);Examples coming soon.
Examples coming soon.
queries_file_details_get_v1
Section titled “queries_file_details_get_v1”Query for ids of file details
GET /case-files/queries/file-details/v1
PEP 8
query_file_detail_idsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | FQL filter expression. |
| limit | query | integer | Page size. Maximum value is 10. |
| offset | query | integer | Page offset. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_file_detail_ids(filter="string", limit=integer, offset=integer)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queries_file_details_get_v1(filter="string", limit=integer, offset=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queries_file_details_get_v1", filter="string", limit=integer, offset=integer)print(response)Get-FalconNgsCaseFile -Filter "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" limit := int64(0) offset := int64(0)
response, err := client.CaseFiles.QueriesFileDetailsGetV1( &case_files.QueriesFileDetailsGetV1Params{ Filter: &filter, Limit: &limit, Offset: &offset, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.queriesFileDetailsGetV1( "string", // filter integer, // limit integer // offset);
console.log(response);use rusty_falcon::apis::case_files_api::queries_file_details_get_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = queries_file_details_get_v1( &falcon.cfg, // configuration Some("string"), // filter Some(integer), // limit Some(integer), // offset ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseFiles.new
response = api.queries_file_details_get_v1(filter: 'string', limit: integer, offset: integer)
puts responseentities_get_rtr_file_metadata_post_v1
Section titled “entities_get_rtr_file_metadata_post_v1”Get metadata for a file via RTR without retrieving it.
POST /case-files/entities/get-rtr-file-metadata/v1
PEP 8
get_rtr_file_metadataParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| aid | body | string | The agent ID of the host to retrieve file metadata from. |
| file_path | body | string | The path to the file on the host. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_rtr_file_metadata(aid="string", file_path="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.entities_get_rtr_file_metadata_post_v1(aid="string", file_path="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "aid": "string", "file_path": "string"}
response = falcon.command("entities_get_rtr_file_metadata_post_v1", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
aid := "string" file_path := "string"
response, err := client.CaseFiles.EntitiesGetRtrFileMetadataPostV1( &case_files.EntitiesGetRtrFileMetadataPostV1Params{ Body: &models.CasefilesapiGetRTRFileMetaDataRequestV1{ Aid: &aid, FilePath: &file_path, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.entitiesGetRtrFileMetadataPostV1( { aid: "string", filePath: "string"} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseFiles.new
body = Falcon::CasefilesapiGetRTRFileMetaDataRequestV1.new( aid: 'string', file_path: 'string')
response = api.entities_get_rtr_file_metadata_post_v1(body)
puts responseentities_retrieve_rtr_file_post_v1
Section titled “entities_retrieve_rtr_file_post_v1”Retrieve a file from host using RTR and add it to a case.
POST /case-files/entities/retrieve-rtr-file/v1
PEP 8
retrieve_rtr_fileParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| aid | body | string | The agent ID of the host to retrieve the file from. |
| case_id | body | string | The ID of the case to add the file to. |
| description | body | string | A description of the file being retrieved. |
| file_path | body | string | The path to the file on the host. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.retrieve_rtr_file(aid="string", case_id="string", description="string", file_path="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.entities_retrieve_rtr_file_post_v1(aid="string", case_id="string", description="string", file_path="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "aid": "string", "case_id": "string", "description": "string", "file_path": "string"}
response = falcon.command("entities_retrieve_rtr_file_post_v1", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
aid := "string" case_id := "string" description := "string" file_path := "string"
response, err := client.CaseFiles.EntitiesRetrieveRtrFilePostV1( &case_files.EntitiesRetrieveRtrFilePostV1Params{ Body: &models.CasefilesapiRetrieveRTRFileRequestV1{ Aid: &aid, CaseID: &case_id, Description: &description, FilePath: &file_path, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.entitiesRetrieveRtrFilePostV1( { aid: "string", caseId: "string", description: "string", filePath: "string"} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseFiles.new
body = Falcon::CasefilesapiRetrieveRTRFileRequestV1.new( aid: 'string', case_id: 'string', description: 'string', file_path: 'string')
response = api.entities_retrieve_rtr_file_post_v1(body)
puts responseentities_retrieve_rtr_recent_file_post_v1
Section titled “entities_retrieve_rtr_recent_file_post_v1”Retrieve a recently fetched RTR file and add it to a case.
POST /case-files/entities/retrieve-rtr-recent-file/v1
PEP 8
retrieve_rtr_recent_fileParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| aid | body | string | The agent ID of the host. |
| case_id | body | string | The ID of the case to add the file to. |
| description | body | string | A description of the file being retrieved. |
| session_id | body | string | The RTR session ID for the file retrieval. |
| sha256 | body | string | The SHA256 hash of the file to retrieve. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.retrieve_rtr_recent_file(aid="string", case_id="string", description="string", session_id="string", sha256="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.entities_retrieve_rtr_recent_file_post_v1(aid="string", case_id="string", description="string", session_id="string", sha256="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "aid": "string", "case_id": "string", "description": "string", "session_id": "string", "sha256": "string"}
response = falcon.command("entities_retrieve_rtr_recent_file_post_v1", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_files" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
aid := "string" case_id := "string" description := "string" session_id := "string" sha256 := "string"
response, err := client.CaseFiles.EntitiesRetrieveRtrRecentFilePostV1( &case_files.EntitiesRetrieveRtrRecentFilePostV1Params{ Body: &models.CasefilesapiRetrieveRTRRecentFileRequestV1{ Aid: &aid, CaseID: &case_id, Description: &description, SessionID: &session_id, Sha256: &sha256, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseFiles.entitiesRetrieveRtrRecentFilePostV1( { aid: "string", caseId: "string", description: "string", sessionId: "string", sha256: "string"} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseFiles.new
body = Falcon::CasefilesapiRetrieveRTRRecentFileRequestV1.new( aid: 'string', case_id: 'string', description: 'string', session_id: 'string', sha256: 'string')
response = api.entities_retrieve_rtr_recent_file_post_v1(body)
puts responseaggregates_notification_groups_post_v1
Section titled “aggregates_notification_groups_post_v1”Get notification groups aggregations
POST /casemgmt/aggregates/notification-groups/v1
PEP 8
get_notification_groups_aggregationParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| date_ranges | body | dictionary or list | Date range timeframe. |
| field | body | string | Field to retrieve. |
| filter | body | string | FQL syntax. |
| from | body | integer | |
| name | body | string | |
| size | body | integer | |
| sort | body | string | Field to sort on. |
| type | body | string |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
response = falcon.get_notification_groups_aggregation(date_ranges=date_ranges, field="string", filter="string", from=integer, name="string", size=integer, sort="string", type="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
response = falcon.aggregates_notification_groups_post_v1(date_ranges=date_ranges, field="string", filter="string", from=integer, name="string", size=integer, sort="string", type="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = [ { "date_ranges": [ { "from": "string", "to": "string" } ], "field": "string", "filter": "string", "from": integer, "name": "string", "size": integer, "sort": "string", "type": "string" }]
response = falcon.command("aggregates_notification_groups_post_v1", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
from := "string" to := "string" field := "string" filter := "string" from := integer name := "string" size := integer sort := "string" type := "string"
response, err := client.CaseManagement.AggregatesNotificationGroupsPostV1( &case_management.AggregatesNotificationGroupsPostV1Params{ Body: []*models.APIMSAAggregateQueryRequest{ { DateRanges: []interface{}{ { From: &from, To: &to, }, }, Field: &field, Filter: &filter, From: &from, Name: &name, Size: &size, Sort: &sort, Type: &type, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.aggregatesNotificationGroupsPostV1( [{ dateRanges: [{ from: "string", to: "string" }], field: "string", filter: "string", from: integer, name: "string", size: integer, sort: "string", type: "string"}] // body);
console.log(response);use rusty_falcon::apis::case_management_api::aggregates_notification_groups_post_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApiMsaAggregateQueryRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = vec![ApiMsaAggregateQueryRequest { date_ranges: vec![DateRangeSpec { from: Some("string".to_string()), to: Some("string".to_string()), ..Default::default() }], field: Some("string".to_string()), filter: Some("string".to_string()), from: Some(integer), name: Some("string".to_string()), size: Some(integer), sort: Some("string".to_string()), type: Some("string".to_string()), ..Default::default() }];
let response = aggregates_notification_groups_post_v1( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
body = [Falcon::ApiMSAAggregateQueryRequest.new( date_ranges: [{ from: 'string', to: 'string' }], field: 'string', filter: 'string', from: integer, name: 'string', size: integer, sort: 'string', type: 'string')]
response = api.aggregates_notification_groups_post_v1(body)
puts responseaggregates_notification_groups_post_v2
Section titled “aggregates_notification_groups_post_v2”Get notification groups aggregations
POST /casemgmt/aggregates/notification-groups/v2
PEP 8
get_notification_groups_aggregation_v2Parameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| date_ranges | body | dictionary or list | Date range timeframe. |
| field | body | string | Field to retrieve. |
| filter | body | string | FQL syntax. |
| from | body | integer | |
| name | body | string | |
| size | body | integer | |
| sort | body | string | Field to sort on. |
| type | body | string |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
response = falcon.get_notification_groups_aggregation_v2(date_ranges=date_ranges, field="string", filter="string", from=integer, name="string", size=integer, sort="string", type="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
response = falcon.aggregates_notification_groups_post_v2(date_ranges=date_ranges, field="string", filter="string", from=integer, name="string", size=integer, sort="string", type="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = [ { "date_ranges": [ { "from": "string", "to": "string" } ], "field": "string", "filter": "string", "from": integer, "name": "string", "size": integer, "sort": "string", "type": "string" }]
response = falcon.command("aggregates_notification_groups_post_v2", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
from := "string" to := "string" field := "string" filter := "string" from := integer name := "string" size := integer sort := "string" type := "string"
response, err := client.CaseManagement.AggregatesNotificationGroupsPostV2( &case_management.AggregatesNotificationGroupsPostV2Params{ Body: []*models.APIMSAAggregateQueryRequest{ { DateRanges: []interface{}{ { From: &from, To: &to, }, }, Field: &field, Filter: &filter, From: &from, Name: &name, Size: &size, Sort: &sort, Type: &type, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.aggregatesNotificationGroupsPostV2( [{ dateRanges: [{ from: "string", to: "string" }], field: "string", filter: "string", from: integer, name: "string", size: integer, sort: "string", type: "string"}] // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
body = [Falcon::ApiMSAAggregateQueryRequest.new( date_ranges: [{ from: 'string', to: 'string' }], field: 'string', filter: 'string', from: integer, name: 'string', size: integer, sort: 'string', type: 'string')]
response = api.aggregates_notification_groups_post_v2(body)
puts responseaggregates_slas_post_v1
Section titled “aggregates_slas_post_v1”Get SLA aggregations
POST /casemgmt/aggregates/slas/v1
PEP 8
get_sla_aggregationsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| date_ranges | body | dictionary or list | Date range timeframe. |
| field | body | string | Field to retrieve. |
| filter | body | string | FQL syntax. |
| from | body | integer | |
| name | body | string | |
| size | body | integer | |
| sort | body | string | Field to sort on. |
| type | body | string |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
response = falcon.get_sla_aggregations(date_ranges=date_ranges, field="string", filter="string", from=integer, name="string", size=integer, sort="string", type="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
response = falcon.aggregates_slas_post_v1(date_ranges=date_ranges, field="string", filter="string", from=integer, name="string", size=integer, sort="string", type="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = [ { "date_ranges": [ { "from": "string", "to": "string" } ], "field": "string", "filter": "string", "from": integer, "name": "string", "size": integer, "sort": "string", "type": "string" }]
response = falcon.command("aggregates_slas_post_v1", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
from := "string" to := "string" field := "string" filter := "string" from := integer name := "string" size := integer sort := "string" type := "string"
response, err := client.CaseManagement.AggregatesSlasPostV1( &case_management.AggregatesSlasPostV1Params{ Body: []*models.APIMSAAggregateQueryRequest{ { DateRanges: []interface{}{ { From: &from, To: &to, }, }, Field: &field, Filter: &filter, From: &from, Name: &name, Size: &size, Sort: &sort, Type: &type, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.aggregatesSlasPostV1( [{ dateRanges: [{ from: "string", to: "string" }], field: "string", filter: "string", from: integer, name: "string", size: integer, sort: "string", type: "string"}] // body);
console.log(response);Examples coming soon.
Examples coming soon.
aggregates_templates_post_v1
Section titled “aggregates_templates_post_v1”Get templates aggregations
POST /casemgmt/aggregates/templates/v1
PEP 8
get_template_aggregationsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| date_ranges | body | dictionary or list | Date range timeframe. |
| field | body | string | Field to retrieve. |
| filter | body | string | FQL syntax. |
| from | body | integer | |
| name | body | string | |
| size | body | integer | |
| sort | body | string | Field to sort on. |
| type | body | string |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
response = falcon.get_template_aggregations(date_ranges=date_ranges, field="string", filter="string", from=integer, name="string", size=integer, sort="string", type="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
response = falcon.aggregates_templates_post_v1(date_ranges=date_ranges, field="string", filter="string", from=integer, name="string", size=integer, sort="string", type="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = [ { "date_ranges": [ { "from": "string", "to": "string" } ], "field": "string", "filter": "string", "from": integer, "name": "string", "size": integer, "sort": "string", "type": "string" }]
response = falcon.command("aggregates_templates_post_v1", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
from := "string" to := "string" field := "string" filter := "string" from := integer name := "string" size := integer sort := "string" type := "string"
response, err := client.CaseManagement.AggregatesTemplatesPostV1( &case_management.AggregatesTemplatesPostV1Params{ Body: []*models.APIMSAAggregateQueryRequest{ { DateRanges: []interface{}{ { From: &from, To: &to, }, }, Field: &field, Filter: &filter, From: &from, Name: &name, Size: &size, Sort: &sort, Type: &type, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.aggregatesTemplatesPostV1( [{ dateRanges: [{ from: "string", to: "string" }], field: "string", filter: "string", from: integer, name: "string", size: integer, sort: "string", type: "string"}] // body);
console.log(response);Examples coming soon.
Examples coming soon.
aggregates_access_tags_post_v1
Section titled “aggregates_access_tags_post_v1”Get access tag aggregates.
POST /casemgmt/aggregates/access-tags/v1
PEP 8
get_access_tag_aggregationsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| date_ranges | body | dictionary or list | Date range timeframe. |
| field | body | string | Field to retrieve. |
| filter | body | string | FQL syntax. |
| from | body | integer | |
| name | body | string | |
| size | body | integer | |
| sort | body | string | Field to sort on. |
| type | body | string |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
response = falcon.get_access_tag_aggregations(date_ranges=date_ranges, field="string", filter="string", from=integer, name="string", size=integer, sort="string", type="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
response = falcon.aggregates_access_tags_post_v1(date_ranges=date_ranges, field="string", filter="string", from=integer, name="string", size=integer, sort="string", type="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = [ { "date_ranges": [ { "from": "string", "to": "string" } ], "field": "string", "filter": "string", "from": integer, "name": "string", "size": integer, "sort": "string", "type": "string" }]
response = falcon.command("aggregates_access_tags_post_v1", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
from := "string" to := "string" field := "string" filter := "string" from := integer name := "string" size := integer sort := "string" type := "string"
response, err := client.CaseManagement.AggregatesAccessTagsPostV1( &case_management.AggregatesAccessTagsPostV1Params{ Body: []*models.APIMSAAggregateQueryRequest{ { DateRanges: []interface{}{ { From: &from, To: &to, }, }, Field: &field, Filter: &filter, From: &from, Name: &name, Size: &size, Sort: &sort, Type: &type, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.aggregatesAccessTagsPostV1( [{ dateRanges: [{ from: "string", to: "string" }], field: "string", filter: "string", from: integer, name: "string", size: integer, sort: "string", type: "string"}] // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
body = [Falcon::ApiMSAAggregateQueryRequest.new( date_ranges: [{ from: 'string', to: 'string' }], field: 'string', filter: 'string', from: integer, name: 'string', size: integer, sort: 'string', type: 'string')]
response = api.aggregates_access_tags_post_v1(body)
puts responseentities_access_tags_get_v1
Section titled “entities_access_tags_get_v1”Get access tags.
GET /casemgmt/entities/access-tags/v1
PEP 8
get_access_tagsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_access_tags(ids=id_list, with_has_access=boolean)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_access_tags_get_v1(ids=id_list, with_has_access=boolean)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_access_tags_get_v1", ids=id_list, with_has_access=boolean)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
withHasAccess := boolean
response, err := client.CaseManagement.EntitiesAccessTagsGetV1( &case_management.EntitiesAccessTagsGetV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, WithHasAccess: &withHasAccess, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesAccessTagsGetV1( "string", // ids boolean // withHasAccess);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
response = api.entities_access_tags_get_v1(['ID1', 'ID2', 'ID3'])
puts responseentities_notification_groups_get_v1
Section titled “entities_notification_groups_get_v1”Get notification groups by ID
GET /casemgmt/entities/notification-groups/v1
PEP 8
get_notification_groupsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_notification_groups(ids=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_get_v1(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_notification_groups_get_v1", ids=id_list)print(response)Get-FalconNgsCaseNotificationGroup -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseManagement.EntitiesNotificationGroupsGetV1( &case_management.EntitiesNotificationGroupsGetV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesNotificationGroupsGetV1("string"); // ids
console.log(response);use rusty_falcon::apis::case_management_api::entities_notification_groups_get_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = entities_notification_groups_get_v1( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
response = api.entities_notification_groups_get_v1(['ID1', 'ID2', 'ID3'])
puts responseentities_notification_groups_post_v1
Section titled “entities_notification_groups_post_v1”Create notification group
POST /casemgmt/entities/notification-groups/v1
PEP 8
create_notification_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| channels | body | list of dictionaries | The notification group channel configuration parameters. |
| description | body | string | Notification group description. |
| name | body | string | Notification group name. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
channels = [ { "config_id": "string", "config_name": "string", "recipients": [ "string" ], "severity": "string", "type": "email" }]
response = falcon.create_notification_group(channels=channels, description="string", name="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
channels = [ { "config_id": "string", "config_name": "string", "recipients": [ "string" ], "severity": "string", "type": "email" }]
response = falcon.entities_notification_groups_post_v1(channels=channels, description="string", name="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "channels": [ { "config_id": "string", "config_name": "string", "recipients": ["string"], "severity": "string", "type": "string" } ], "description": "string", "name": "string"}
response = falcon.command("entities_notification_groups_post_v1", body=body_payload)print(response)New-FalconNgsCaseNotificationGroup -Name "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
config_id := "string" config_name := "string" severity := "string" type := "string" description := "string" name := "string"
response, err := client.CaseManagement.EntitiesNotificationGroupsPostV1( &case_management.EntitiesNotificationGroupsPostV1Params{ Body: &models.APINotificationGroupV1CreateRequest{ Channels: []interface{}{ { ConfigID: &config_id, ConfigName: &config_name, Recipients: []string{"string"}, Severity: &severity, Type: &type, }, }, Description: &description, Name: &name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesNotificationGroupsPostV1( { channels: [{ configId: "string", configName: "string", recipients: [], severity: "string", type: "string" }], description: "string", name: "string"} // body);
console.log(response);use rusty_falcon::apis::case_management_api::entities_notification_groups_post_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApiNotificationGroupV1CreateRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApiNotificationGroupV1CreateRequest { channels: vec![NotificationChannelV1 { config_name: Some("string".to_string()), type: Some("string".to_string()), ..Default::default() }], description: Some("string".to_string()), name: Some("string".to_string()), ..Default::default() };
let response = entities_notification_groups_post_v1( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
body = Falcon::ApiNotificationGroupV1CreateRequest.new( channels: [{ config_id: 'string', config_name: 'string', recipients: [], severity: 'string', type: 'string' }], description: 'string', name: 'string')
response = api.entities_notification_groups_post_v1(body)
puts responseentities_notification_groups_patch_v1
Section titled “entities_notification_groups_patch_v1”Update notification group
PATCH /casemgmt/entities/notification-groups/v1
PEP 8
update_notification_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| channels | body | list of dictionaries | The notification group channel configuration parameters. |
| description | body | string | Notification group description. |
| id | body | string | The ID of the notification group. |
| name | body | string | Notification group name. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
channels = [ { "config_id": "string", "config_name": "string", "recipients": [ "string" ], "severity": "string", "type": "email" }]
response = falcon.update_notification_group(channels=channels, description="string", id="string", name="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
channels = [ { "config_id": "string", "config_name": "string", "recipients": [ "string" ], "severity": "string", "type": "email" }]
response = falcon.entities_notification_groups_patch_v1(channels=channels, description="string", id="string", name="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "channels": [ { "config_id": "string", "config_name": "string", "recipients": ["string"], "severity": "string", "type": "string" } ], "description": "string", "id": "string", "name": "string"}
response = falcon.command("entities_notification_groups_patch_v1", body=body_payload)print(response)Edit-FalconNgsCaseNotificationGroup -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
config_id := "string" config_name := "string" severity := "string" type := "string" description := "string" id := "string" name := "string"
response, err := client.CaseManagement.EntitiesNotificationGroupsPatchV1( &case_management.EntitiesNotificationGroupsPatchV1Params{ Body: &models.APINotificationGroupV1UpdateRequest{ Channels: []interface{}{ { ConfigID: &config_id, ConfigName: &config_name, Recipients: []string{"string"}, Severity: &severity, Type: &type, }, }, Description: &description, ID: &id, Name: &name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesNotificationGroupsPatchV1( { channels: [{ configId: "string", configName: "string", recipients: [], severity: "string", type: "string" }], description: "string", id: "string", name: "string"} // body);
console.log(response);use rusty_falcon::apis::case_management_api::entities_notification_groups_patch_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApiNotificationGroupV1UpdateRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApiNotificationGroupV1UpdateRequest { channels: vec![NotificationChannelV1 { config_name: Some("string".to_string()), type: Some("string".to_string()), ..Default::default() }], description: Some("string".to_string()), id: Some("string".to_string()), name: Some("string".to_string()), ..Default::default() };
let response = entities_notification_groups_patch_v1( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
body = Falcon::ApiNotificationGroupV1UpdateRequest.new( channels: [{ config_id: 'string', config_name: 'string', recipients: [], severity: 'string', type: 'string' }], description: 'string', id: 'string', name: 'string')
response = api.entities_notification_groups_patch_v1(body)
puts responseentities_notification_groups_delete_v1
Section titled “entities_notification_groups_delete_v1”Delete notification groups by ID
DELETE /casemgmt/entities/notification-groups/v1
PEP 8
delete_notification_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_notification_group(ids=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_delete_v1(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_notification_groups_delete_v1", ids=id_list)print(response)Remove-FalconNgsCaseNotificationGroup -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseManagement.EntitiesNotificationGroupsDeleteV1( &case_management.EntitiesNotificationGroupsDeleteV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesNotificationGroupsDeleteV1("string"); // ids
console.log(response);use rusty_falcon::apis::case_management_api::entities_notification_groups_delete_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = entities_notification_groups_delete_v1( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
response = api.entities_notification_groups_delete_v1(['ID1', 'ID2', 'ID3'])
puts responseentities_notification_groups_get_v2
Section titled “entities_notification_groups_get_v2”Get notification groups by ID
GET /casemgmt/entities/notification-groups/v2
PEP 8
get_notification_groups_v2Parameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_notification_groups_v2(ids=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_get_v2(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_notification_groups_get_v2", ids=id_list)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseManagement.EntitiesNotificationGroupsGetV2( &case_management.EntitiesNotificationGroupsGetV2Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesNotificationGroupsGetV2("string"); // ids
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
response = api.entities_notification_groups_get_v2(['ID1', 'ID2', 'ID3'])
puts responseentities_notification_groups_post_v2
Section titled “entities_notification_groups_post_v2”Create notification group
POST /casemgmt/entities/notification-groups/v2
PEP 8
create_notification_group_v2Parameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| channels | body | list of dictionaries | The notification group channel configuration parameters. |
| description | body | string | Notification group description. |
| name | body | string | Notification group name. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
channels = [ { "config_id": "string", "config_name": "string", "params": {}, "type": "email" }]
response = falcon.create_notification_group_v2(channels=channels, description="string", name="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
channels = [ { "config_id": "string", "config_name": "string", "params": {}, "type": "email" }]
response = falcon.entities_notification_groups_post_v2(channels=channels, description="string", name="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "channels": [ { "config_id": "string", "config_name": "string", "params": {}, "type": "string" } ], "description": "string", "name": "string"}
response = falcon.command("entities_notification_groups_post_v2", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
config_id := "string" config_name := "string" type := "string" description := "string" name := "string"
response, err := client.CaseManagement.EntitiesNotificationGroupsPostV2( &case_management.EntitiesNotificationGroupsPostV2Params{ Body: &models.APINotificationGroupV2CreateRequest{ Channels: []interface{}{ { ConfigID: &config_id, ConfigName: &config_name, Params: &struct{}{}, Type: &type, }, }, Description: &description, Name: &name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesNotificationGroupsPostV2( { channels: [{ configId: "string", configName: "string", params: {}, type: "string" }], description: "string", name: "string"} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
body = Falcon::ApiNotificationGroupV2CreateRequest.new( channels: [{ config_id: 'string', config_name: 'string', params: {}, type: 'string' }], description: 'string', name: 'string')
response = api.entities_notification_groups_post_v2(body)
puts responseentities_notification_groups_patch_v2
Section titled “entities_notification_groups_patch_v2”Update notification group
PATCH /casemgmt/entities/notification-groups/v2
PEP 8
update_notification_group_v2Parameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| channels | body | list of dictionaries | The notification group channel configuration parameters. |
| description | body | string | Notification group description. |
| name | body | string | Notification group name. |
| id | body | string | The ID of the notification group. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
channels = [ { "config_id": "string", "config_name": "string", "params": {}, "type": "email" }]
response = falcon.update_notification_group_v2(channels=channels, description="string", id="string", name="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
channels = [ { "config_id": "string", "config_name": "string", "params": {}, "type": "email" }]
response = falcon.entities_notification_groups_patch_v2(channels=channels, description="string", id="string", name="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "channels": [ { "config_id": "string", "config_name": "string", "params": {}, "type": "string" } ], "description": "string", "id": "string", "name": "string"}
response = falcon.command("entities_notification_groups_patch_v2", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
config_id := "string" config_name := "string" type := "string" description := "string" id := "string" name := "string"
response, err := client.CaseManagement.EntitiesNotificationGroupsPatchV2( &case_management.EntitiesNotificationGroupsPatchV2Params{ Body: &models.APINotificationGroupV2UpdateRequest{ Channels: []interface{}{ { ConfigID: &config_id, ConfigName: &config_name, Params: &struct{}{}, Type: &type, }, }, Description: &description, ID: &id, Name: &name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesNotificationGroupsPatchV2( { channels: [{ configId: "string", configName: "string", params: {}, type: "string" }], description: "string", id: "string", name: "string"} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
body = Falcon::ApiNotificationGroupV2UpdateRequest.new( channels: [{ config_id: 'string', config_name: 'string', params: {}, type: 'string' }], description: 'string', id: 'string', name: 'string')
response = api.entities_notification_groups_patch_v2(body)
puts responseentities_notification_groups_delete_v2
Section titled “entities_notification_groups_delete_v2”Delete notification groups by ID
DELETE /casemgmt/entities/notification-groups/v2
PEP 8
delete_notification_group_v2Parameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_notification_group_v2(ids=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_delete_v2(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_notification_groups_delete_v2", ids=id_list)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseManagement.EntitiesNotificationGroupsDeleteV2( &case_management.EntitiesNotificationGroupsDeleteV2Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesNotificationGroupsDeleteV2("string"); // ids
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
response = api.entities_notification_groups_delete_v2(['ID1', 'ID2', 'ID3'])
puts responseentities_fields_get_v1
Section titled “entities_fields_get_v1”Get fields by ID
GET /casemgmt/entities/fields/v1
PEP 8
get_fieldsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_fields(ids=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_fields_get_v1(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_fields_get_v1", ids=id_list)print(response)Get-FalconNgsCaseField -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseManagement.EntitiesFieldsGetV1( &case_management.EntitiesFieldsGetV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesFieldsGetV1("string"); // ids
console.log(response);Examples coming soon.
Examples coming soon.
entities_slas_get_v1
Section titled “entities_slas_get_v1”Get SLAs by ID
GET /casemgmt/entities/slas/v1
PEP 8
get_slasParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_slas(ids=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_slas_get_v1(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_slas_get_v1", ids=id_list)print(response)Get-FalconNgsCaseSla -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseManagement.EntitiesSlasGetV1( &case_management.EntitiesSlasGetV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesSlasGetV1("string"); // ids
console.log(response);Examples coming soon.
Examples coming soon.
entities_slas_post_v1
Section titled “entities_slas_post_v1”Create SLA
POST /casemgmt/entities/slas/v1
PEP 8
create_slaParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| description | body | string | The description of the SLA. |
| goals | body | list of dictionaries | The SLA goals. |
| name | body | string | The name of the SLA. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
goals = [ { "duration_seconds": 0, "escalation_policy": { "steps": [ { "escalate_after_seconds": 0, "notification_group_id": "string" } ] }, "type": "string" }]
response = falcon.create_sla(description="string", goals=goals, name="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
goals = [ { "duration_seconds": 0, "escalation_policy": { "steps": [ { "escalate_after_seconds": 0, "notification_group_id": "string" } ] }, "type": "string" }]
response = falcon.entities_slas_post_v1(description="string", goals=goals, name="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "description": "string", "goals": [ { "duration_seconds": integer, "escalation_policy": { "steps": ["string"] }, "type": "string" } ], "name": "string"}
response = falcon.command("entities_slas_post_v1", body=body_payload)print(response)New-FalconNgsCaseSla -Name "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string" duration_seconds := integer type := "string" name := "string"
response, err := client.CaseManagement.EntitiesSlasPostV1( &case_management.EntitiesSlasPostV1Params{ Body: &models.APISLAV1CreateRequest{ Description: &description, Goals: []interface{}{ { DurationSeconds: &duration_seconds, EscalationPolicy: &struct{}{}, Type: &type, }, }, Name: &name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesSlasPostV1( { description: "string", goals: [{ durationSeconds: integer, escalationPolicy: { steps: [] }, type: "string" }], name: "string"} // body);
console.log(response);Examples coming soon.
Examples coming soon.
entities_slas_patch_v1
Section titled “entities_slas_patch_v1”Update SLA
PATCH /casemgmt/entities/slas/v1
PEP 8
update_slaParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| description | body | string | The description of the SLA. |
| goals | body | list of dictionaries | The SLA goals. |
| id | body | string | The ID of the SLA to update. |
| name | body | string | The name of the SLA. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
goals = [ { "duration_seconds": 0, "escalation_policy": { "steps": [ { "escalate_after_seconds": 0, "notification_group_id": "string" } ] }, "type": "string" }]
response = falcon.update_sla(description="string", goals=goals, name="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
goals = [ { "duration_seconds": 0, "escalation_policy": { "steps": [ { "escalate_after_seconds": 0, "notification_group_id": "string" } ] }, "type": "string" }]
response = falcon.entities_slas_patch_v1(description="string", goals=goals, name="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "description": "string", "goals": [ { "duration_seconds": integer, "escalation_policy": { "steps": ["string"] }, "type": "string" } ], "id": "string", "name": "string"}
response = falcon.command("entities_slas_patch_v1", body=body_payload)print(response)Edit-FalconNgsCaseSla -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string" duration_seconds := integer type := "string" id := "string" name := "string"
response, err := client.CaseManagement.EntitiesSlasPatchV1( &case_management.EntitiesSlasPatchV1Params{ Body: &models.APISLAV1UpdateRequest{ Description: &description, Goals: []interface{}{ { DurationSeconds: &duration_seconds, EscalationPolicy: &struct{}{}, Type: &type, }, }, ID: &id, Name: &name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesSlasPatchV1( { description: "string", goals: [{ durationSeconds: integer, escalationPolicy: { steps: [] }, type: "string" }], id: "string", name: "string"} // body);
console.log(response);Examples coming soon.
Examples coming soon.
entities_slas_delete_v1
Section titled “entities_slas_delete_v1”Delete SLAs
DELETE /casemgmt/entities/slas/v1
PEP 8
delete_slaParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_sla(ids=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_slas_delete_v1(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_slas_delete_v1", ids=id_list)print(response)Remove-FalconNgsCaseSla -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseManagement.EntitiesSlasDeleteV1( &case_management.EntitiesSlasDeleteV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesSlasDeleteV1("string"); // ids
console.log(response);Examples coming soon.
Examples coming soon.
entities_template_snapshots_get_v1
Section titled “entities_template_snapshots_get_v1”Get template snapshots
GET /casemgmt/entities/template-snapshots/v1
PEP 8
get_template_snapshotsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Snapshot IDs. |
| template_ids | query | string or list of strings | Retrieves the latest snapshot for all Template IDs. |
| versions | query | integer or list of integers | Retrieve a specific version of the template from the parallel array template_ids. A value of zero will return the latest snapshot. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_template_snapshots(ids=id_list, template_ids=id_list, versions="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_template_snapshots_get_v1(ids=id_list, template_ids=id_list, versions="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_template_snapshots_get_v1", ids=id_list, template_ids=id_list, versions=id_list)print(response)Get-FalconNgsCaseTemplateSnapshot -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseManagement.EntitiesTemplateSnapshotsGetV1( &case_management.EntitiesTemplateSnapshotsGetV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, TemplateIds: []string{"ID1", "ID2", "ID3"}, Versions: []integer{0}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesTemplateSnapshotsGetV1( "string", // ids "string", // templateIds integer // versions);
console.log(response);use rusty_falcon::apis::case_management_api::entities_template_snapshots_get_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = entities_template_snapshots_get_v1( &falcon.cfg, // configuration Some(vec!["string".to_string()]), // ids Some(vec!["string".to_string()]), // template_ids Some(vec![]), // versions ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
response = api.entities_template_snapshots_get_v1(ids: ['ID1', 'ID2', 'ID3'], template_ids: ['ID1', 'ID2', 'ID3'], versions: ['ID1', 'ID2', 'ID3'])
puts responseentities_templates_export_get_v1
Section titled “entities_templates_export_get_v1”Export templates to files in a zip archive
GET /casemgmt/entities/templates/export/v1
PEP 8
export_templatesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Template IDs. |
| filter | query | string | FQL filter expression. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.export_templates(ids=id_list, filter="string", format="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_templates_export_get_v1(ids=id_list, filter="string", format="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_templates_export_get_v1", ids=id_list, filter="string", format="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" format := "string"
response, err := client.CaseManagement.EntitiesTemplatesExportGetV1( &case_management.EntitiesTemplatesExportGetV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, Filter: &filter, Format: &format, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesTemplatesExportGetV1( "string", // ids "string", // filter "string" // format);
console.log(response);Examples coming soon.
Examples coming soon.
entities_templates_import_post_v1
Section titled “entities_templates_import_post_v1”Import a template from a file
POST /casemgmt/entities/templates/import/v1
PEP 8
import_templateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| file | formData | file | Local file to import. |
| dry_run | formData | boolean | Run validation only. |
| data | formData | dictionary | Full formData payload as a dictionary. Not required when using other keywords. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.import_template(file="string", dry_run=boolean)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.entities_templates_import_post_v1(file="string", dry_run=boolean)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("entities_templates_import_post_v1", file_data=open("filename", "rb").read(), dry_run=boolean)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
dryRun := boolean
response, err := client.CaseManagement.EntitiesTemplatesImportPostV1( &case_management.EntitiesTemplatesImportPostV1Params{ DryRun: &dryRun, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesTemplatesImportPostV1( "string", // file boolean // dryRun);
console.log(response);Examples coming soon.
Examples coming soon.
entities_templates_get_v1
Section titled “entities_templates_get_v1”Get templates by ID
GET /casemgmt/entities/templates/v1
PEP 8
get_templatesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_templates(ids=id_list, with_has_access=boolean)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_templates_get_v1(ids=id_list, with_has_access=boolean)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_templates_get_v1", ids=id_list, with_has_access=boolean)print(response)Get-FalconNgsCaseTemplate -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
withHasAccess := boolean
response, err := client.CaseManagement.EntitiesTemplatesGetV1( &case_management.EntitiesTemplatesGetV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, WithHasAccess: &withHasAccess, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesTemplatesGetV1( "string", // ids boolean // withHasAccess);
console.log(response);Examples coming soon.
Examples coming soon.
entities_templates_post_v1
Section titled “entities_templates_post_v1”Create template
POST /casemgmt/entities/templates/v1
PEP 8
create_templateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| description | body | string | Template description. |
| fields | body | list of dictionaries | Template fields configuration. |
| name | body | string | Template name. |
| sla_id | body | string | SLA ID for the template. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
fields = [ { "data_type": "string", "default_value": "string", "input_type": "string", "multivalued": true, "name": "string", "options": [ { "value": "string" } ], "required": true }]
response = falcon.create_template(description="string", fields=fields, name="string", sla_id="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
fields = [ { "data_type": "string", "default_value": "string", "input_type": "string", "multivalued": true, "name": "string", "options": [ { "value": "string" } ], "required": true }]
response = falcon.entities_templates_post_v1(description="string", fields=fields, name="string", sla_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "access_tags": [ { "cid": "string", "has_access": boolean, "id": "string", "key": "string", "templates": [ { "id": "string", "name": "string" } ] } ], "description": "string", "fields": [ { "data_type": "string", "default_value": "string", "display_order": integer, "input_type": "string", "multivalued": boolean, "name": "string", "options": [ { "value": "string" } ], "required": boolean } ], "name": "string", "sla_id": "string", "sla_rules": [ { "condition": "string", "sla_id": "string", "type": "string" } ], "workflows": [ { "display_order": integer, "id": "string" } ]}
response = falcon.command("entities_templates_post_v1", body=body_payload)print(response)New-FalconNgsCaseTemplate -Name "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
cid := "string" has_access := boolean id := "string" key := "string" name := "string" description := "string" data_type := "string" default_value := "string" display_order := integer input_type := "string" multivalued := boolean value := "string" required := boolean sla_id := "string" condition := "string" type := "string"
response, err := client.CaseManagement.EntitiesTemplatesPostV1( &case_management.EntitiesTemplatesPostV1Params{ Body: &models.APITemplateV1CreateRequest{ AccessTags: []interface{}{ { CID: &cid, HasAccess: &has_access, ID: &id, Key: &key, Templates: []interface{}{ { ID: &id, Name: &name, }, }, }, }, Description: &description, Fields: []interface{}{ { DataType: &data_type, DefaultValue: &default_value, DisplayOrder: &display_order, InputType: &input_type, Multivalued: &multivalued, Name: &name, Options: []interface{}{ { Value: &value, }, }, Required: &required, }, }, Name: &name, SlaID: &sla_id, SlaRules: []interface{}{ { Condition: &condition, SlaID: &sla_id, Type: &type, }, }, Workflows: []interface{}{ { DisplayOrder: &display_order, ID: &id, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesTemplatesPostV1( { accessTags: [{ cid: "string", hasAccess: boolean, id: "string", key: "string", templates: [{ id: "string", name: "string" }] }], description: "string", fields: [{ dataType: "string", defaultValue: "string", displayOrder: integer, inputType: "string", multivalued: boolean, name: "string", options: [{ value: "string" }], required: boolean }], name: "string", slaId: "string", slaRules: [{ condition: "string", slaId: "string", type: "string" }], workflows: [{ displayOrder: integer, id: "string" }]} // body);
console.log(response);Examples coming soon.
Examples coming soon.
entities_templates_patch_v1
Section titled “entities_templates_patch_v1”Update template
PATCH /casemgmt/entities/templates/v1
PEP 8
update_templateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| fields | body | list of dictionaries | The template fields configuration. |
| description | body | string | Template description. |
| id | body | string | The ID of the template to update. |
| sla_id | body | string | The ID of the SLA. |
| name | body | string | Template name. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
fields = [ { "data_type": "string", "default_value": "string", "id": "string", "input_type": "string", "multivalued": true, "name": "string", "options": [ { "id": "string", "value": "string" } ], "required": true }]
response = falcon.update_template(description="string", fields=fields, id="string", name="string", sla_id="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
fields = [ { "data_type": "string", "default_value": "string", "id": "string", "input_type": "string", "multivalued": true, "name": "string", "options": [ { "id": "string", "value": "string" } ], "required": true }]
response = falcon.entities_templates_patch_v1(description="string", fields=fields, id="string", name="string", sla_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "access_tags": [ { "cid": "string", "has_access": boolean, "id": "string", "key": "string", "templates": [ { "id": "string", "name": "string" } ] } ], "description": "string", "fields": [ { "data_type": "string", "default_value": "string", "display_order": integer, "id": "string", "input_type": "string", "multivalued": boolean, "name": "string", "options": [ { "id": "string", "value": "string" } ], "required": boolean } ], "id": "string", "name": "string", "sla_id": "string", "sla_rules": [ { "condition": "string", "id": "string", "sla_id": "string", "type": "string" } ], "workflows": [ { "display_order": integer, "id": "string" } ]}
response = falcon.command("entities_templates_patch_v1", body=body_payload)print(response)Edit-FalconNgsCaseTemplate -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
cid := "string" has_access := boolean id := "string" key := "string" name := "string" description := "string" data_type := "string" default_value := "string" display_order := integer input_type := "string" multivalued := boolean value := "string" required := boolean sla_id := "string" condition := "string" type := "string"
response, err := client.CaseManagement.EntitiesTemplatesPatchV1( &case_management.EntitiesTemplatesPatchV1Params{ Body: &models.APITemplateV1UpdateRequest{ AccessTags: []interface{}{ { CID: &cid, HasAccess: &has_access, ID: &id, Key: &key, Templates: []interface{}{ { ID: &id, Name: &name, }, }, }, }, Description: &description, Fields: []interface{}{ { DataType: &data_type, DefaultValue: &default_value, DisplayOrder: &display_order, ID: &id, InputType: &input_type, Multivalued: &multivalued, Name: &name, Options: []interface{}{ { ID: &id, Value: &value, }, }, Required: &required, }, }, ID: &id, Name: &name, SlaID: &sla_id, SlaRules: []interface{}{ { Condition: &condition, ID: &id, SlaID: &sla_id, Type: &type, }, }, Workflows: []interface{}{ { DisplayOrder: &display_order, ID: &id, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesTemplatesPatchV1( { accessTags: [{ cid: "string", hasAccess: boolean, id: "string", key: "string", templates: [{ id: "string", name: "string" }] }], description: "string", fields: [{ dataType: "string", defaultValue: "string", displayOrder: integer, id: "string", inputType: "string", multivalued: boolean, name: "string", options: [{ id: "string", value: "string" }], required: boolean }], id: "string", name: "string", slaId: "string", slaRules: [{ condition: "string", id: "string", slaId: "string", type: "string" }], workflows: [{ displayOrder: integer, id: "string" }]} // body);
console.log(response);Examples coming soon.
Examples coming soon.
entities_templates_delete_v1
Section titled “entities_templates_delete_v1”Delete templates
DELETE /casemgmt/entities/templates/v1
PEP 8
delete_templatesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Resource IDs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_templates(ids=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_templates_delete_v1(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_templates_delete_v1", ids=id_list)print(response)Remove-FalconNgsCaseTemplate -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CaseManagement.EntitiesTemplatesDeleteV1( &case_management.EntitiesTemplatesDeleteV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.entitiesTemplatesDeleteV1("string"); // ids
console.log(response);Examples coming soon.
Examples coming soon.
queries_access_tags_get_v1
Section titled “queries_access_tags_get_v1”Query access tags.
GET /casemgmt/queries/access-tags/v1
PEP 8
query_access_tagsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| after | query | string | Pagination token. |
| filter | query | string | FQL filter expression. |
| limit | query | integer | Page size. Maximum value is 200. |
| sort | query | string | Sort expression. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_access_tags(filter="string", sort="string", limit=integer, after="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queries_access_tags_get_v1(filter="string", sort="string", limit=integer, after="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queries_access_tags_get_v1", filter="string", sort="string", limit=integer, after="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" limit := int64(0) after := "string"
response, err := client.CaseManagement.QueriesAccessTagsGetV1( &case_management.QueriesAccessTagsGetV1Params{ Filter: &filter, Sort: &sort, Limit: &limit, After: &after, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.queriesAccessTagsGetV1( "string", // filter "string", // sort integer, // limit "string" // after);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
response = api.queries_access_tags_get_v1(filter: 'string', sort: 'string', limit: integer, after: 'string')
puts responsequeries_fields_get_v1
Section titled “queries_fields_get_v1”Query fields
GET /casemgmt/queries/fields/v1
PEP 8
query_fieldsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | FQL filter expression. |
| limit | query | integer | Page size. Maximum value is 200. |
| offset | query | integer | Page offset. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_fields(filter="string", limit=integer, offset=integer)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queries_fields_get_v1(filter="string", limit=integer, offset=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queries_fields_get_v1", filter="string", limit=integer, offset=integer)print(response)Get-FalconNgsCaseField -Filter "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" limit := int64(0) offset := int64(0)
response, err := client.CaseManagement.QueriesFieldsGetV1( &case_management.QueriesFieldsGetV1Params{ Filter: &filter, Limit: &limit, Offset: &offset, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.queriesFieldsGetV1( "string", // filter integer, // limit integer // offset);
console.log(response);Examples coming soon.
Examples coming soon.
queries_notification_groups_get_v1
Section titled “queries_notification_groups_get_v1”Query notification groups
GET /casemgmt/queries/notification-groups/v1
PEP 8
query_notification_groupsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | FQL filter expression. |
| limit | query | integer | Page size. Maximum value is 200. |
| offset | query | integer | Page offset. |
| sort | query | string | Sort expression. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_notification_groups(filter="string", sort="string", limit=integer, offset=integer)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queries_notification_groups_get_v1(filter="string", sort="string", limit=integer, offset=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queries_notification_groups_get_v1", filter="string", sort="string", limit=integer, offset=integer)print(response)Get-FalconNgsCaseNotificationGroup -Filter "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" limit := int64(0) offset := int64(0)
response, err := client.CaseManagement.QueriesNotificationGroupsGetV1( &case_management.QueriesNotificationGroupsGetV1Params{ Filter: &filter, Sort: &sort, Limit: &limit, Offset: &offset, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.queriesNotificationGroupsGetV1( "string", // filter "string", // sort integer, // limit integer // offset);
console.log(response);use rusty_falcon::apis::case_management_api::queries_notification_groups_get_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = queries_notification_groups_get_v1( &falcon.cfg, // configuration Some("string"), // filter Some(integer), // limit Some(integer), // offset ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
response = api.queries_notification_groups_get_v1(filter: 'string', sort: 'string', limit: integer, offset: integer)
puts responsequeries_notification_groups_get_v2
Section titled “queries_notification_groups_get_v2”Query notification groups
GET /casemgmt/queries/notification-groups/v2
PEP 8
query_notification_groups_v2Parameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | FQL filter expression. |
| limit | query | integer | Page size. Maximum value is 200. |
| offset | query | integer | Page offset. |
| sort | query | string | Sort expression. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_notification_groups_v2(filter="string", sort="string", limit=integer, offset=integer)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queries_notification_groups_get_v2(filter="string", sort="string", limit=integer, offset=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queries_notification_groups_get_v2", filter="string", sort="string", limit=integer, offset=integer)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" limit := int64(0) offset := int64(0)
response, err := client.CaseManagement.QueriesNotificationGroupsGetV2( &case_management.QueriesNotificationGroupsGetV2Params{ Filter: &filter, Sort: &sort, Limit: &limit, Offset: &offset, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.queriesNotificationGroupsGetV2( "string", // filter "string", // sort integer, // limit integer // offset);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
response = api.queries_notification_groups_get_v2(filter: 'string', sort: 'string', limit: integer, offset: integer)
puts responsequeries_slas_get_v1
Section titled “queries_slas_get_v1”Query SLAs
GET /casemgmt/queries/slas/v1
PEP 8
query_slasParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | FQL filter expression. |
| limit | query | integer | Page size. Maximum value is 200. |
| offset | query | integer | Page offset. |
| sort | query | string | Sort expression. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_slas(filter="string", sort="string", limit=integer, offset=integer)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queries_slas_get_v1(filter="string", sort="string", limit=integer, offset=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queries_slas_get_v1", filter="string", sort="string", limit=integer, offset=integer)print(response)Get-FalconNgsCaseSla -Filter "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" limit := int64(0) offset := int64(0)
response, err := client.CaseManagement.QueriesSlasGetV1( &case_management.QueriesSlasGetV1Params{ Filter: &filter, Sort: &sort, Limit: &limit, Offset: &offset, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.queriesSlasGetV1( "string", // filter "string", // sort integer, // limit integer // offset);
console.log(response);Examples coming soon.
Examples coming soon.
queries_template_snapshots_get_v1
Section titled “queries_template_snapshots_get_v1”Query template snapshots
GET /casemgmt/queries/template-snapshots/v1
PEP 8
query_template_snapshotsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | FQL filter expression. |
| limit | query | integer | Page size. Maximum value is 200. |
| offset | query | integer | Page offset. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_template_snapshots(filter="string", limit=integer, offset=integer)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queries_template_snapshots_get_v1(filter="string", limit=integer, offset=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queries_template_snapshots_get_v1", filter="string", limit=integer, offset=integer)print(response)Get-FalconNgsCaseTemplateSnapshot -Filter "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" limit := int64(0) offset := int64(0)
response, err := client.CaseManagement.QueriesTemplateSnapshotsGetV1( &case_management.QueriesTemplateSnapshotsGetV1Params{ Filter: &filter, Limit: &limit, Offset: &offset, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.queriesTemplateSnapshotsGetV1( "string", // filter integer, // limit integer // offset);
console.log(response);use rusty_falcon::apis::case_management_api::queries_template_snapshots_get_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = queries_template_snapshots_get_v1( &falcon.cfg, // configuration Some("string"), // filter Some(integer), // limit Some(integer), // offset ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CaseManagement.new
response = api.queries_template_snapshots_get_v1(filter: 'string', limit: integer, offset: integer)
puts responsequeries_templates_get_v1
Section titled “queries_templates_get_v1”Query templates
GET /casemgmt/queries/templates/v1
PEP 8
query_templatesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | FQL filter expression. |
| limit | query | integer | Page size. Maximum value is 200. |
| offset | query | integer | Page offset. |
| sort | query | string | Sort expression. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_templates(filter="string", sort="string", limit=integer, offset=integer)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queries_templates_get_v1(filter="string", sort="string", limit=integer, offset=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queries_templates_get_v1", filter="string", sort="string", limit=integer, offset=integer)print(response)Get-FalconNgsCaseTemplate -Filter "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/case_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" limit := int64(0) offset := int64(0)
response, err := client.CaseManagement.QueriesTemplatesGetV1( &case_management.QueriesTemplatesGetV1Params{ Filter: &filter, Sort: &sort, Limit: &limit, Offset: &offset, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.caseManagement.queriesTemplatesGetV1( "string", // filter "string", // sort integer, // limit integer // offset);
console.log(response);Examples coming soon.
Examples coming soon.
entities_alert_evidence_post_v1
Section titled “entities_alert_evidence_post_v1”Adds the given list of alert evidence to the specified case.
POST /cases/entities/alert-evidence/v1
PEP 8
add_case_alert_evidenceParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| alerts | body | list of dictionaries | The alert IDs. |
| id | body | string | The specified case ID. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.add_case_alert_evidence(alerts="string", id="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.entities_alert_evidence_post_v1(alerts="string", id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "alerts": [ { "id": "string" } ], "id": "string"}
response = falcon.command("entities_alert_evidence_post_v1", body=body_payload)print(response)Add-FalconNgsCaseEvidence -AlertId @("ID1", "ID2") -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cases" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
id := "string"
response, err := client.Cases.EntitiesAlertEvidencePostV1( &cases.EntitiesAlertEvidencePostV1Params{ Body: &models.OperationsAddAlertsToCaseRequest{ Alerts: []interface{}{ { ID: &id, }, }, ID: &id, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cases.entitiesAlertEvidencePostV1( { alerts: [{ id: "string" }], id: "string"} // body);
console.log(response);use rusty_falcon::apis::cases_api::entities_alert_evidence_post_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::OperationsAddAlertsToCaseRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = OperationsAddAlertsToCaseRequest { alerts: vec![AlertEvidenceSelector { id: Some("string".to_string()), ..Default::default() }], id: Some("string".to_string()), ..Default::default() };
let response = entities_alert_evidence_post_v1( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Cases.new
body = Falcon::OperationsAddAlertsToCaseRequest.new( alerts: [{ id: 'string' }], id: 'string')
response = api.entities_alert_evidence_post_v1(body)
puts responseentities_case_tags_post_v1
Section titled “entities_case_tags_post_v1”Adds the given list of tags to the specified case.
POST /cases/entities/case-tags/v1
PEP 8
add_case_tagsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| tags | body | array of strings | The given list of tags. |
| id | body | string | The specified case ID. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.add_case_tags(id="string", tags=["string"])print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.entities_case_tags_post_v1(id="string", tags=["string"])print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "id": "string", "tags": ["string"]}
response = falcon.command("entities_case_tags_post_v1", body=body_payload)print(response)Add-FalconNgsCaseTag -Tag @("ID1", "ID2") -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cases" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
id := "string"
response, err := client.Cases.EntitiesCaseTagsPostV1( &cases.EntitiesCaseTagsPostV1Params{ Body: &models.OperationsAddTagsToCaseRequest{ ID: &id, Tags: []string{"string"}, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cases.entitiesCaseTagsPostV1( { id: "string", tags: []} // body);
console.log(response);use rusty_falcon::apis::cases_api::entities_case_tags_post_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::OperationsAddTagsToCaseRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = OperationsAddTagsToCaseRequest { id: Some("string".to_string()), tags: vec!["string".to_string()], ..Default::default() };
let response = entities_case_tags_post_v1( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Cases.new
body = Falcon::OperationsAddTagsToCaseRequest.new( id: 'string', tags: [])
response = api.entities_case_tags_post_v1(body)
puts responseentities_case_tags_delete_v1
Section titled “entities_case_tags_delete_v1”Removes the specified tags from the specified case.
DELETE /cases/entities/case-tags/v1
PEP 8
delete_case_tagsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| id | query | string | The ID of the case to remove tags from. |
| tag | query | string or list of strings | The tag to remove from the case. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_case_tags(id="string", tag=id_list)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_case_tags_delete_v1(id="string", tag=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_case_tags_delete_v1", id="string", tag=id_list)print(response)Remove-FalconNgsCaseTag -Tag @("ID1", "ID2") -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cases")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Cases.EntitiesCaseTagsDeleteV1( &cases.EntitiesCaseTagsDeleteV1Params{ ID: "string", Tag: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cases.entitiesCaseTagsDeleteV1( "string", // id ["ID1", "ID2", "ID3"] // tag);
console.log(response);use rusty_falcon::apis::cases_api::entities_case_tags_delete_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = entities_case_tags_delete_v1( &falcon.cfg, // configuration "string", // id vec!["string".to_string()], // tag ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Cases.new
response = api.entities_case_tags_delete_v1('string', ['ID1', 'ID2', 'ID3'])
puts responseentities_cases_put_v2
Section titled “entities_cases_put_v2”Creates the given Case
PUT /cases/entities/cases/v2
PEP 8
create_caseParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload as a dictionary. Not required if using other keywords. |
| assigned_to_user_uuid | body | string | UUID of the user to assign the case to. |
| description | body | string | The description of the case. |
| evidence | body | dictionary | The case evidence info. |
| name | body | string | The name of the case. |
| severity | body | integer | The severity level of the case. |
| status | body | string | The current status of the case. |
| tags | body | list of strings | The tags to be attached to the case. |
| template | body | dictionary | The template case to utilize. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
evidence = { "alerts": [ { "id": "string" } ], "events": [ { "id": "string" } ], "leads": [ { "id": "string" } ]}
template = { "id": "string"}
response = falcon.create_case(assigned_to_user_uuid="string", description="string", evidence=evidence, name="string", severity=integer, status="string", tags=["string"], template=template)print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
evidence = { "alerts": [ { "id": "string" } ], "events": [ { "id": "string" } ], "leads": [ { "id": "string" } ]}
template = { "id": "string"}
response = falcon.entities_cases_put_v2(assigned_to_user_uuid="string", description="string", evidence=evidence, name="string", severity=integer, status="string", tags=["string"], template=template)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "access_tags": [ { "cid": "string", "id": "string", "key": "string" } ], "assigned_to_user_uuid": "string", "description": "string", "evidence": { "alerts": [ { "id": "string" } ], "events": [ { "id": "string" } ], "leads": [ { "id": "string" } ] }, "name": "string", "severity": integer, "severity_info": { "level": "string" }, "status": "string", "tags": ["string"], "template": { "id": "string" }}
response = falcon.command("entities_cases_put_v2", body=body_payload)print(response)New-FalconNgsCase -Name "string" -Severity "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cases" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
cid := "string" id := "string" key := "string" assigned_to_user_uuid := "string" description := "string" name := "string" severity := integer status := "string"
response, err := client.Cases.EntitiesCasesPutV2( &cases.EntitiesCasesPutV2Params{ Body: &models.OperationsCreateCaseRequest{ AccessTags: []interface{}{ { CID: &cid, ID: &id, Key: &key, }, }, AssignedToUserUuid: &assigned_to_user_uuid, Description: &description, Evidence: &struct{}{}, Name: &name, Severity: &severity, SeverityInfo: &struct{}{}, Status: &status, Tags: []string{"string"}, Template: &struct{}{}, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cases.entitiesCasesPutV2( { accessTags: [{ cid: "string", id: "string", key: "string" }], assignedToUserUuid: "string", description: "string", evidence: { alerts: [{ id: "string" }], events: [{ id: "string" }], leads: [{ id: "string" }] }, name: "string", severity: integer, severityInfo: { level: "string" }, status: "string", tags: [], template: { id: "string" }} // body);
console.log(response);Examples coming soon.
Examples coming soon.
entities_cases_post_v2
Section titled “entities_cases_post_v2”Retrieves all Cases given their IDs.
POST /cases/entities/cases/v2
PEP 8
get_casesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| ids | body | string or list of strings | The case IDs. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_cases(ids=["string"])print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.entities_cases_post_v2(ids=["string"])print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "ids": ["string"]}
response = falcon.command("entities_cases_post_v2", body=body_payload)print(response)Get-FalconNgsCase -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cases" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Cases.EntitiesCasesPostV2( &cases.EntitiesCasesPostV2Params{ Body: &models.OperationsGetCasesByIDsRequest{ Ids: []string{"string"}, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cases.entitiesCasesPostV2( { ids: []} // body);
console.log(response);Examples coming soon.
Examples coming soon.
entities_cases_patch_v2
Section titled “entities_cases_patch_v2”Updates given fields on the specified case.
PATCH /cases/entities/cases/v2
PEP 8
update_case_fieldsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload as a dictionary. Not required if using other keywords. |
| expected_consistency_version | body | integer | The consistency version. |
| expected_version | body | integer | The version. |
| fields | body | dictionary | The updated given fields for the specified case. |
| id | body | string | The specified case ID. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
fields = { "assigned_to_user_uuid": "string", "custom_fields": [ { "id": "string", "values": [ "string" ] } ], "description": "string", "name": "string", "remove_user_assignment": true, "severity": 0, "slas_active": true, "status": "string", "template": { "id": "string" }}
response = falcon.update_case_fields(expected_consistency_version=integer, expected_version=integer, fields=fields, id="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
fields = { "assigned_to_user_uuid": "string", "custom_fields": [ { "id": "string", "values": [ "string" ] } ], "description": "string", "name": "string", "remove_user_assignment": true, "severity": 0, "slas_active": true, "status": "string", "template": { "id": "string" }}
response = falcon.entities_cases_patch_v2(expected_consistency_version=integer, expected_version=integer, fields=fields, id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "expected_consistency_version": integer, "expected_version": integer, "fields": { "access_tags": [ { "cid": "string", "id": "string", "key": "string" } ], "assigned_to_user_uuid": "string", "custom_fields": [ { "id": "string", "values": ["string"] } ], "description": "string", "name": "string", "remove_user_assignment": boolean, "severity": integer, "severity_info": { "level": "string" }, "slas_active": boolean, "status": "string", "template": { "id": "string" }, "workflows": [ { "execution_id": "string", "id": "string", "name": "string", "status": "string" } ] }, "id": "string"}
response = falcon.command("entities_cases_patch_v2", body=body_payload)print(response)Edit-FalconNgsCase -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cases" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
expected_consistency_version := integer expected_version := integer id := "string"
response, err := client.Cases.EntitiesCasesPatchV2( &cases.EntitiesCasesPatchV2Params{ Body: &models.OperationsUpdateCaseRequest{ ExpectedConsistencyVersion: &expected_consistency_version, ExpectedVersion: &expected_version, Fields: &struct{}{}, ID: &id, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cases.entitiesCasesPatchV2( { expectedConsistencyVersion: integer, expectedVersion: integer, fields: { accessTags: [{ cid: "string", id: "string", key: "string" }], assignedToUserUuid: "string", customFields: [{ id: "string", values: [] }], description: "string", name: "string", removeUserAssignment: boolean, severity: integer, severityInfo: { level: "string" }, slasActive: boolean, status: "string", template: { id: "string" }, workflows: [{ executionId: "string", id: "string", name: "string", status: "string" }] }, id: "string"} // body);
console.log(response);Examples coming soon.
Examples coming soon.
entities_event_evidence_post_v1
Section titled “entities_event_evidence_post_v1”Adds the given list of event evidence to the specified case.
POST /cases/entities/event-evidence/v1
PEP 8
add_case_event_evidenceParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| events | body | list of dictionaries | The event evidence field. |
| id | body | string | The specified case id. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
events = [ { "id": "string" }]
response = falcon.add_case_event_evidence(events=events, id="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
events = [ { "id": "string" }]
response = falcon.entities_event_evidence_post_v1(events=events, id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "events": [ { "id": "string" } ], "id": "string"}
response = falcon.command("entities_event_evidence_post_v1", body=body_payload)print(response)Add-FalconNgsCaseEvidence -EventId @("ID1", "ID2") -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cases" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
id := "string"
response, err := client.Cases.EntitiesEventEvidencePostV1( &cases.EntitiesEventEvidencePostV1Params{ Body: &models.OperationsAddEventsToCaseRequest{ Events: []interface{}{ { ID: &id, }, }, ID: &id, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cases.entitiesEventEvidencePostV1( { events: [{ id: "string" }], id: "string"} // body);
console.log(response);use rusty_falcon::apis::cases_api::entities_event_evidence_post_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::OperationsAddEventsToCaseRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = OperationsAddEventsToCaseRequest { events: vec![EventEvidenceSelector { id: Some("string".to_string()), ..Default::default() }], id: Some("string".to_string()), ..Default::default() };
let response = entities_event_evidence_post_v1( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Cases.new
body = Falcon::OperationsAddEventsToCaseRequest.new( events: [{ id: 'string' }], id: 'string')
response = api.entities_event_evidence_post_v1(body)
puts responsequeries_cases_get_v1
Section titled “queries_cases_get_v1”Retrieves all Cases IDs that match a given query.
GET /cases/queries/cases/v1
PEP 8
query_case_idsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | Filter Cases using a query in Falcon Query Language (FQL). Filter fields can be any keyword field that is part of #domain.Case. An asterisk wildcard * includes all results. Empty value means to not filter on anything. Most commonly used filter fields that supports exact match: cid, id. Most commonly used filter fields that supports wildcard (*): assigned_to_name, assigned_to_uuid. Most commonly filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, updated_timestamp. All filter fields and operations support negation (!). The full list of valid filter options is extensive. Review it in our documentation inside the Falcon console. |
| limit | query | integer | The maximum number of Cases to return in this response (default: 100; max: 10000). Use this parameter together with the offset parameter to manage pagination of the results. |
| offset | query | integer | The first case to return, where 0 is the latest case. Use with the offset parameter to manage pagination of results. |
| q | query | string | Search all Case metadata for the provided string. |
| sort | query | string | Sort parameter takes the form <field|direction>. Direction can be either asc (ascending) or desc (descending) order. For example: status|asc or status|desc. The sorting fields can be any keyword field that is part of #domain.Case except for the text based fields. Most commonly used fields are status, cid, created_timestamp, updated_timestamp, assigned_to_name, assigned_to_userid, assigned_to_uuid, tags. If the fields are missing from the Cases, the service will fallback to its default ordering. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_case_ids(limit=integer, offset=integer, sort="string", filter="string", q="string")print(response)from falconpy import CaseManagement
falcon = CaseManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queries_cases_get_v1(limit=integer, offset=integer, sort="string", filter="string", q="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queries_cases_get_v1", limit=integer, offset=integer, sort="string", filter="string", q="string")print(response)Get-FalconNgsCase -Filter "string" ` -Query "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cases")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
limit := int64(0) offset := int64(0) sort := "string" filter := "string" q := "string"
response, err := client.Cases.QueriesCasesGetV1( &cases.QueriesCasesGetV1Params{ Limit: &limit, Offset: &offset, Sort: &sort, Filter: &filter, Q: &q, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cases.queriesCasesGetV1( integer, // limit integer, // offset "string", // sort "string", // filter "string" // q);
console.log(response);Examples coming soon.
Examples coming soon.