Skip to content
CrowdStrike Developer Center

Certificate Based Exclusions

The Certificate Based Exclusions service collection provides operations for managing certificate-based exclusions. Create, read, update, and delete exclusions based on certificate signing information, retrieve certificate details, and search for exclusions using FQL filters.

LanguageLast Update
Pythonv1.4.5
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
cb_exclusions_get_v1
get_exclusions		Find all exclusion IDs matching the query with filter.
cb_exclusions_create_v1
create_exclusions		Create new Certificate Based Exclusions.
cb_exclusions_delete_v1
delete_exclusions		Delete the exclusions by id.
cb_exclusions_update_v1
update_exclusions		Updates existing Certificate Based Exclusions.
certificates_get_v1
get_certificates		Retrieves certificate signing information for a file.
cb_exclusions_query_v1
query_certificates		Search for cert-based exclusions.

cb_exclusions_get_v1

Section titled “cb_exclusions_get_v1”

Find all exclusion IDs matching the query with filter.

GET /exclusions/entities/cert-based-exclusions/v1
Scope Machine Learning Exclusions: READ Consumes · Produces application/json
PEP 8 get_exclusions

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe ids of the exclusions to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import CertificateBasedExclusions


falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_exclusions(ids=id_list)
print(response)

cb_exclusions_create_v1

Section titled “cb_exclusions_create_v1”

Create new Certificate Based Exclusions.

POST /exclusions/entities/cert-based-exclusions/v1
Scope Machine Learning Exclusions: WRITE Consumes · Produces application/json
PEP 8 create_exclusions

Parameters

Section titled “Parameters”
NameTypeData typeDescription
applied_globallybodybooleanBoolean flag indicating if this exclusion is applied globally.
bodybodydictionaryFull body payload in JSON format.
certificatebodydictionaryDictionary describing the certificate.
children_cidsbodystring or list of stringsList of child CIDs to apply this exclusion to.
commentbodystringExclusion comment.
created_bybodystringExclusion created by.
created_onbodystringExclusion creation date. UTC date formatted string.
descriptionbodystringExclusion description.
host_groupsbodystring or list of stringsList of host groups to apply this exclusion to.
issuerbodystringCertificate issuer. Overwritten if certificate keyword is provided.
modified_bybodystringExclusion modified by.
modified_onbodystringExclusion last modification date. UTC date formatted string.
namebodystringExclusion name.
serialbodystringCertificate serial. Overwritten if certificate keyword is provided.
statusbodystringExclusion status.
subjectbodystringCertificate subject. Overwritten if certificate keyword is provided.
thumbprintbodystringCertificate thumbprint. Overwritten if certificate keyword is provided.
valid_frombodystringCertificate valid from date. UTC date formatted string. Overwritten if certificate keyword is provided.
valid_tobodystringCertificate valid to date. UTC date formatted string. Overwritten if certificate keyword is provided.

Code Examples

Section titled “Code Examples”
from falconpy import CertificateBasedExclusions


falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )


exclusions = [
    {
        "applied_globally": boolean,
        "certificate": {
            "issuer": "string",
            "serial": "string",
            "subject": "string",
            "thumbprint": "string",
            "valid_from": "string",
            "valid_to": "string"
        },
        "children_cids": ["string"],
        "comment": "string",
        "created_by": "string",
        "created_on": "string",
        "description": "string",
        "host_groups": ["string"],
        "modified_by": "string",
        "modified_on": "string",
        "name": "string",
        "status": "string"
    }
]


response = falcon.create_exclusions(exclusions=exclusions)
print(response)

cb_exclusions_delete_v1

Section titled “cb_exclusions_delete_v1”

Delete the exclusions by ID.

DELETE /exclusions/entities/cert-based-exclusions/v1
Scope Machine Learning Exclusions: WRITE Consumes · Produces application/json
PEP 8 delete_exclusions

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe IDs of the exclusions to delete.
commentquerystringThe comment why these exclusions were deleted.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import CertificateBasedExclusions


falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_exclusions(ids=id_list)
print(response)

cb_exclusions_update_v1

Section titled “cb_exclusions_update_v1”

Updates existing Certificate Based Exclusions.

PATCH /exclusions/entities/cert-based-exclusions/v1
Scope Machine Learning Exclusions: WRITE Consumes · Produces application/json
PEP 8 update_exclusions

Parameters

Section titled “Parameters”
NameTypeData typeDescription
applied_globallybodybooleanBoolean flag indicating if this exclusion is applied globally.
bodybodydictionaryFull body payload in JSON format.
certificatebodydictionaryDictionary describing the certificate.
children_cidsbodystring or list of stringsList of child CIDs to apply this exclusion to.
commentbodystringExclusion comment.
created_bybodystringExclusion created by.
created_onbodystringExclusion creation date. UTC date formatted string.
descriptionbodystringExclusion description.
host_groupsbodystring or list of stringsList of host groups to apply this exclusion to.
issuerbodystringCertificate issuer. Overwritten if certificate keyword is provided.
modified_bybodystringExclusion modified by.
modified_onbodystringExclusion last modification date. UTC date formatted string.
namebodystringExclusion name.
serialbodystringCertificate serial. Overwritten if certificate keyword is provided.
statusbodystringExclusion status.
subjectbodystringCertificate subject. Overwritten if certificate keyword is provided.
thumbprintbodystringCertificate thumbprint. Overwritten if certificate keyword is provided.
valid_frombodystringCertificate valid from date. UTC date formatted string. Overwritten if certificate keyword is provided.
valid_tobodystringCertificate valid to date. UTC date formatted string. Overwritten if certificate keyword is provided.

Code Examples

Section titled “Code Examples”
from falconpy import CertificateBasedExclusions


falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )


exclusions = [
    {
        "applied_globally": boolean,
        "certificate": {
            "issuer": "string",
            "serial": "string",
            "subject": "string",
            "thumbprint": "string",
            "valid_from": "string",
            "valid_to": "string"
        },
        "children_cids": ["string"],
        "comment": "string",
        "created_by": "string",
        "created_on": "string",
        "description": "string",
        "host_groups": ["string"],
        "id": "string",
        "modified_by": "string",
        "modified_on": "string",
        "name": "string",
        "status": "string"
    }
]


response = falcon.update_exclusions(exclusions=exclusions)
print(response)

certificates_get_v1

Section titled “certificates_get_v1”

Retrieves certificate signing information for a file.

GET /exclusions/entities/certificates/v1
Scope Machine Learning Exclusions: READ Consumes · Produces application/json
PEP 8 get_certificates

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystringThe SHA256 hash of the file to retrieve certificate signing info for.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import CertificateBasedExclusions


falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )


response = falcon.get_certificates(ids="string")
print(response)

cb_exclusions_query_v1

Section titled “cb_exclusions_query_v1”

Search for cert-based exclusions.

GET /exclusions/queries/cert-based-exclusions/v1
Scope Machine Learning Exclusions: READ Consumes · Produces application/json
PEP 8 query_certificates

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringThe filter expression that should be used to limit the results.
limitqueryintegerThe maximum records to return. [1-100]
offsetqueryintegerThe offset to start retrieving records from.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
sortquerystringThe sort expression that should be used to sort the results.

Code Examples

Section titled “Code Examples”
from falconpy import CertificateBasedExclusions


falcon = CertificateBasedExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )


response = falcon.query_certificates(filter="string",
                                     limit="string",
                                     offset=integer,
                                     sort="string")
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use