Skip to content
CrowdStrike Developer Center

Cloud Policies

The Cloud Policies service collection provides operations for managing cloud security policies, compliance frameworks and controls, rules, rule overrides, enriched assets, evaluation results, and suppression rules across cloud environments.

LanguageLast Update
Pythonv1.5.5
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
GetRuleInputSchema
get_rule_input_schema		Get rule input schema for given resource type.
ReplaceControlRules
replace_control_rules		Assign rules to a compliance control (full replace).
GetComplianceControls
get_compliance_controls		Get compliance controls by ID.
CreateComplianceControl
create_compliance_control		Create a new custom compliance control.
UpdateComplianceControl
update_compliance_control		Update a custom compliance control.
DeleteComplianceControl
delete_compliance_control		Delete custom compliance controls.
QueryComplianceControls
query_compliance_controls		Query for compliance controls by various parameters.
GetRule
get_rule		Get a rule by id.
RenameSectionComplianceFramework
rename_section_compliance_framework		Rename a section in a custom compliance framework.
GetComplianceFrameworks
get_compliance_frameworks		Get compliance frameworks by ID.
CreateComplianceFramework
create_compliance_framework		Create a new custom compliance framework.
UpdateComplianceFramework
update_compliance_framework		Update a custom compliance framework.
DeleteComplianceFramework
delete_compliance_framework		Delete a custom compliance framework and all associated controls and rule assignments.
GetEnrichedAsset
get_enriched_asset		Get enriched assets that combine a primary resource with all its related resources.
GetEvaluationResult
get_evaluation_result		Get evaluation results based on the provided rule.
GetRuleOverride
get_rule_override		Get a rule override by ID.
CreateRuleOverride
create_rule_override		Create a new rule override.
UpdateRuleOverride
update_rule_override		Update a rule override.
DeleteRuleOverride
delete_rule_override		Delete a rule override.
CreateRuleMixin0
create_rule		Create a new rule.
UpdateRule
update_rule		Update a rule.
DeleteRuleMixin0
delete_rule		Delete a rule.
QueryComplianceFrameworks
query_compliance_frameworks		Query for compliance frameworks by various parameters.
QueryRule
query_rule		Query for rules by various parameters.
GetSuppressionRules
get_suppression_rules		Get Suppression Rules by ID.
CreateSuppressionRule
create_suppression_rule		Create a new suppression rule.
UpdateSuppressionRule
update_suppression_rule		Update a suppression rule.
DeleteSuppressionRules
delete_suppression_rules		Delete Suppression Rules by ID.
QuerySuppressionRules
query_suppression_rules		Query suppression rules with filtering, sorting and pagination.

GetRuleInputSchema

Section titled “GetRuleInputSchema”

Get rule input schema for given resource type.

GET /cloud-policies/combined/rules/input-schema/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 get_rule_input_schema

Parameters

Section titled “Parameters”
NameTypeData typeDescription
domainquerystringDomain.
subdomainquerystringSubdomain.
cloud_providerquerystringCloud service provider for the resource type. Allowed values: aws, azure, gcp, oci.
resource_typequerystringSelects the resource type for which to retrieve the rule input schema.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.get_rule_input_schema(domain="string",
                                        subdomain="string",
                                        cloud_provider="string",
                                        resource_type="string")
print(response)

ReplaceControlRules

Section titled “ReplaceControlRules”

Assign rules to a compliance control (full replace).

PUT /cloud-policies/entities/compliance/control-rule-assignments/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 replace_control_rules

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystringThe UUID of the compliance control to assign rules to.
rule_idsbodylist of stringsThe Rule ID.
bodybodydictionaryFull body payload in JSON format.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.replace_control_rules(ids=id_list, rule_ids=id_list)
print(response)

GetComplianceControls

Section titled “GetComplianceControls”

Get compliance controls by ID.

GET /cloud-policies/entities/compliance/controls/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 get_compliance_controls

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuids of compliance controls to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_compliance_controls(ids=id_list)
print(response)

CreateComplianceControl

Section titled “CreateComplianceControl”

Create a new custom compliance control.

POST /cloud-policies/entities/compliance/controls/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 create_compliance_control

Parameters

Section titled “Parameters”
NameTypeData typeDescription
descriptionbodystringThe description of hte custom compliance control.
namebodystringThe name of the custom compliance control.
framework_idbodystringThe framework ID of the custom compliance control.
section_namebodystringThe section name of the custom compliance control.
bodybodydictionaryFull body payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.create_compliance_control(description="string",
                                            framework_id="string",
                                            name="string",
                                            section_name="string")
print(response)

UpdateComplianceControl

Section titled “UpdateComplianceControl”

Update a custom compliance control.

PATCH /cloud-policies/entities/compliance/controls/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 update_compliance_control

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystringThe uuid of compliance control to update.
descriptionbodystringThe description of hte custom compliance control.
namebodystringThe name of the custom compliance control.
bodybodydictionaryFull body payload in JSON format.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.update_compliance_control(ids=id_list,
                                            description="string",
                                            name="string")
print(response)

DeleteComplianceControl

Section titled “DeleteComplianceControl”

Delete custom compliance controls.

DELETE /cloud-policies/entities/compliance/controls/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 delete_compliance_control

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuids of compliance control to delete.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_compliance_control(ids=id_list)
print(response)

QueryComplianceControls

Section titled “QueryComplianceControls”

Query for compliance controls by various parameters.

GET /cloud-policies/queries/compliance/controls/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 query_compliance_controls

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL filter, allowed props: compliance_control_name, compliance_control_authority, compliance_control_type, compliance_control_section, compliance_control_requirement, compliance_control_benchmark_name, compliance_control_benchmark_version.
limitqueryintegerThe maximum number of resources to return. The maximum allowed is 500. Default: 100.
offsetqueryintegerThe number of results to skip before starting to return results. Default: 0.
sortquerystringField to sort on. Sortable fields: compliance_control_name, compliance_control_authority, compliance_control_type, compliance_control_section, compliance_control_requirement, compliance_control_benchmark_name, compliance_control_benchmark_version. Use the |asc or |desc suffix to specify sort direction.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.query_compliance_controls(filter="string",
                                            limit=integer,
                                            offset=integer,
                                            sort="string")
print(response)

GetRule

Section titled “GetRule”

Get a rule by id.

GET /cloud-policies/entities/rules/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 get_rule

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuids of rules to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_rule(ids=id_list)
print(response)

RenameSectionComplianceFramework

Section titled “RenameSectionComplianceFramework”

Rename a section in a custom compliance framework.

PATCH /cloud-policies/entities/compliance/frameworks/section/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 rename_section_compliance_framework

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuid of compliance framework containing the section to rename.
sectionNamequerystringThe current name of the section to rename.
section_namebodystringThe new section name of the custom compliance control.
bodybodydictionaryFull body payload in JSON format.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.rename_section_compliance_framework(ids=id_list,
                                                      sectionName="string",
                                                      section_name="string")
print(response)

GetComplianceFrameworks

Section titled “GetComplianceFrameworks”

Get compliance frameworks by ID.

GET /cloud-policies/entities/compliance/frameworks/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 get_compliance_frameworks

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuids of compliance frameworks to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_compliance_frameworks(ids=id_list)
print(response)

CreateComplianceFramework

Section titled “CreateComplianceFramework”

Create a new custom compliance framework.

POST /cloud-policies/entities/compliance/frameworks/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 create_compliance_framework

Parameters

Section titled “Parameters”
NameTypeData typeDescription
activebodybooleanValue to determine if the compliance framework will be active.
descriptionbodystringThe description of the new compliance framework.
namebodystringThe name of the new compliance framework.
bodybodydictionaryFull body payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.create_compliance_framework(active=boolean,
                                              description="string",
                                              name="string")
print(response)

UpdateComplianceFramework

Section titled “UpdateComplianceFramework”

Update a custom compliance framework.

PATCH /cloud-policies/entities/compliance/frameworks/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 update_compliance_framework

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuids of compliance framework to update.
activebodybooleanValue to determine if the compliance framework will be active.
descriptionbodystringThe description of the new compliance framework.
namebodystringThe name of the new compliance framework.
bodybodydictionaryFull body payload in JSON format.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.update_compliance_framework(ids=id_list,
                                              active=boolean,
                                              description="string",
                                              name="string")
print(response)

DeleteComplianceFramework

Section titled “DeleteComplianceFramework”

Delete a custom compliance framework and all associated controls and rule assignments.

DELETE /cloud-policies/entities/compliance/frameworks/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 delete_compliance_framework

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuids of compliance framework to delete.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_compliance_framework(ids=id_list)
print(response)

GetEnrichedAsset

Section titled “GetEnrichedAsset”

Get enriched assets that combine a primary resource with all its related resources.

GET /cloud-policies/entities/enriched-resources/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 get_enriched_asset

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsList of asset IDs (maximum 100 IDs allowed).
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_enriched_asset(ids=id_list)
print(response)

GetEvaluationResult

Section titled “GetEvaluationResult”

Get evaluation results based on the provided rule.

POST /cloud-policies/entities/evaluation/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 get_evaluation_result

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cloud_providerquerystringCloud Service Provider of the provided IDs.
resource_typequerystringResource Type of the provided IDs.
idsquerystring or list of stringsList of assets to evaluate (maximum 100 IDs allowed).
inputbodydictionaryThe input for the provided rule.
logicbodystringThe logic of the provided rule.
bodybodydictionaryFull body payload in JSON format.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


input = {}


response = falcon.get_evaluation_result(cloud_provider=id_list,
                                        resource_type="string",
                                        ids=id_list,
                                        input=input)
print(response)

GetRuleOverride

Section titled “GetRuleOverride”

Get a rule override by ID.

GET /cloud-policies/entities/rule-overrides/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 get_rule_override

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuids of rule overrides to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_rule_override(ids=id_list)
print(response)

CreateRuleOverride

Section titled “CreateRuleOverride”

Create a new rule override.

POST /cloud-policies/entities/rule-overrides/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 create_rule_override

Parameters

Section titled “Parameters”
NameTypeData typeDescription
overridesbodylist of dictionariesThe new rule override.
bodybodydictionaryFull body payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.create_rule_override(overrides=id_list)
print(response)

UpdateRuleOverride

Section titled “UpdateRuleOverride”

Update a rule override.

PATCH /cloud-policies/entities/rule-overrides/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 update_rule_override

Parameters

Section titled “Parameters”
NameTypeData typeDescription
overridesbodylist of dictionariesThe updated rule override.
bodybodydictionaryFull body payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.update_rule_override(overrides=id_list)
print(response)

DeleteRuleOverride

Section titled “DeleteRuleOverride”

Delete a rule override.

DELETE /cloud-policies/entities/rule-overrides/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 delete_rule_override

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuids of rule overrides to delete.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_rule_override(ids=id_list)
print(response)

CreateRuleMixin0

Section titled “CreateRuleMixin0”

Create a new rule.

POST /cloud-policies/entities/rules/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 create_rule

Parameters

Section titled “Parameters”
NameTypeData typeDescription
alert_infobodystringThe info of the alert.
attack_typesbodystringThe type of attacks.
controlsbodylist of dictionariesThe authority and code of the rule.
descriptionbodystringThe description of the rule.
domainbodystringThe domain of the rule.
logicbodystringThe logic for the rule.
namebodystringThe name of the rule.
parent_rule_idbodystringThe id of the parent.
platformbodystringThe platform covered by the rule.
providerbodystringThe provider for the rule.
remediation_infobodystringThe remediation info provided by the rule.
remediation_urlbodystringThe URL providing the remediation.
resource_typebodystringThe type of the resource.
severitybodyintegerThe severity level.
subdomainbodystringThe subdomain for the rule.
bodybodydictionaryFull body payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


controls = [
    {
        "Authority": "string",
        "Code": "string"
    }
]


response = falcon.create_rule(alert_info="string",
                              attack_types="string",
                              controls=controls,
                              description="string",
                              domain="string",
                              logic="string",
                              name="string",
                              parent_rule_id="string",
                              platform="string",
                              provider="string",
                              remediation_info="string",
                              remediation_url="string",
                              resource_type="string",
                              severity=integer,
                              subdomain="string")
print(response)

UpdateRule

Section titled “UpdateRule”

Update a rule.

PATCH /cloud-policies/entities/rules/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 update_rule

Parameters

Section titled “Parameters”
NameTypeData typeDescription
alert_infobodystringThe info of the alert.
attack_typesbodylist of stringsThe type of attacks.
categorybodystringRule category.
controlsbodylist of dictionariesThe authority and code of the rule.
descriptionbodystringThe description of the rule.
namebodystringThe name of the rule.
rule_logic_listbodylist of dictionariesThe logic list data.
severitybodyintegerThe severity level.
uuidbodystringThe uuid of the rule to update.
bodybodydictionaryFull body payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


controls = [
    {
        "authority": "string",
        "code": "string"
    }
]


rule_logic_list = [
    {
        "logic": "string",
        "platform": "string",
        "remediation_info": "string",
        "remediation_url": "string"
    }
]


response = falcon.update_rule(alert_info="string",
                              attack_types=["string"],
                              controls=controls,
                              description="string",
                              name="string",
                              rule_logic_list=rule_logic_list,
                              severity=integer,
                              uuid="string")
print(response)

DeleteRuleMixin0

Section titled “DeleteRuleMixin0”

Delete a rule.

DELETE /cloud-policies/entities/rules/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 delete_rule

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuids of rules to delete.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_rule(ids=id_list)
print(response)

QueryComplianceFrameworks

Section titled “QueryComplianceFrameworks”

Query for compliance frameworks by various parameters.

GET /cloud-policies/queries/compliance/frameworks/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 query_compliance_frameworks

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL filter, allowed props: compliance_framework_name, compliance_framework_version, compliance_framework_authority.
limitqueryintegerThe maximum number of resources to return. The maximum allowed is 500. Default: 100.
offsetqueryintegerThe number of results to skip before starting to return results. Default: 0.
sortquerystringField to sort on. Sortable fields: compliance_framework_name, compliance_framework_version, compliance_framework_authority. Use the |asc or |desc suffix to specify sort direction.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.query_compliance_frameworks(filter="string",
                                              limit="string",
                                              offset="string",
                                              sort="string")
print(response)

QueryRule

Section titled “QueryRule”

Query for rules by various parameters.

GET /cloud-policies/queries/rules/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 query_rule

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL filter, allowed props: rule_auto_remediable, rule_category, rule_cloneable, rule_compliance_benchmark, rule_compliance_benchmark_uuid, rule_compliance_framework, rule_control_requirement, rule_control_section, rule_created_at, rule_description, rule_domain, rule_mitre_tactic, rule_mitre_technique, rule_name, rule_origin, rule_parent_uuid, rule_provider, rule_resource_type, rule_resource_type_name, rule_risk_factor, rule_service, rule_severity, rule_short_code, rule_status, rule_subdomain, rule_updated_at, rule_updated_by.
limitqueryintegerThe maximum number of resources to return. The maximum allowed is 500. Default: 100.
offsetqueryintegerThe number of results to skip before starting to return results. Default: 0.
sortquerystringField to sort on. Sortable fields: rule_auto_remediable, rule_category, rule_cloneable, rule_compliance_benchmark, rule_compliance_benchmark_uuid, rule_compliance_framework, rule_control_requirement, rule_control_section, rule_created_at, rule_description, rule_domain, rule_mitre_tactic, rule_mitre_technique, rule_name, rule_origin, rule_parent_uuid, rule_provider, rule_resource_type, rule_resource_type_name, rule_risk_factor, rule_service, rule_severity, rule_short_code, rule_status, rule_subdomain, rule_updated_at, rule_updated_by. Use the |asc or |desc suffix to specify sort direction.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.query_rule(filter="string",
                             limit="string",
                             offset="string",
                             sort="string")
print(response)

GetSuppressionRules

Section titled “GetSuppressionRules”

Get Suppression Rules by ID.

GET /cloud-policies/entities/suppression-rules/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 get_suppression_rules

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuids of the suppression rules to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_suppression_rules(ids=id_list)
print(response)

CreateSuppressionRule

Section titled “CreateSuppressionRule”

Create a new suppression rule.

POST /cloud-policies/entities/suppression-rules/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 create_suppression_rule

Parameters

Section titled “Parameters”
NameTypeData typeDescription
descriptionbodystringDescription of the suppression rule.
idbodystringThe ID of the suppression rule.
namebodystringName of the suppression rule.
rule_selection_filterbodydictionaryDictionary of lists defining rule selection criteria.
rule_selection_typebodystringType of rule selection.
scope_asset_filterbodydictionaryDictionary of lists defining scope asset filter criteria.
scope_typebodystringType of scope.
suppression_commentbodystringComment for the suppression.
suppression_expiration_datebodystringExpiration date for the suppression.
suppression_reasonbodystringReason for the suppression.
domainbodystringDomain.
subdomainbodystringSubdomain.
bodybodydictionaryFull body payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


rule_selection_filter = {
    "rule_ids": [
        "string"
    ],
    "rule_names": [
        "string"
    ],
    "rule_origins": [
        "string"
    ],
    "rule_providers": [
        "string"
    ],
    "rule_services": [
        "string"
    ],
    "rule_severities": [
        "string"
    ]
}


scope_asset_filter = {
    "account_ids": [
        "string"
    ],
    "cloud_group_ids": [
        "string"
    ],
    "cloud_providers": [
        "string"
    ],
    "regions": [
        "string"
    ],
    "resource_ids": [
        "string"
    ],
    "resource_names": [
        "string"
    ],
    "resource_types": [
        "string"
    ],
    "service_categories": [
        "string"
    ],
    "tags": [
        "string"
    ]
}


response = falcon.create_suppression_rule(description="string",
                                          domain="string",
                                          name="string",
                                          rule_selection_filter=rule_selection_filter,
                                          rule_selection_type="string",
                                          scope_asset_filter=scope_asset_filter,
                                          scope_type="string",
                                          subdomain="string",
                                          suppression_comment="string",
                                          suppression_expiration_date="string",
                                          suppression_reason="string")
print(response)

UpdateSuppressionRule

Section titled “UpdateSuppressionRule”

Update a suppression rule.

PATCH /cloud-policies/entities/suppression-rules/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 update_suppression_rule

Parameters

Section titled “Parameters”
NameTypeData typeDescription
descriptionbodystringDescription of the suppression rule.
idbodystringThe ID of the suppression rule.
namebodystringName of the suppression rule.
rule_selection_filterbodydictionaryDictionary of lists defining rule selection criteria.
rule_selection_typebodystringType of rule selection.
scope_asset_filterbodydictionaryDictionary of lists defining scope asset filter criteria.
scope_typebodystringType of scope.
suppression_commentbodystringComment for the suppression.
suppression_expiration_datebodystringExpiration date for the suppression.
suppression_reasonbodystringReason for the suppression.
domainbodystringDomain.
subdomainbodystringSubdomain.
bodybodydictionaryFull body payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


rule_selection_filter = {
    "rule_ids": [
        "string"
    ],
    "rule_names": [
        "string"
    ],
    "rule_origins": [
        "string"
    ],
    "rule_providers": [
        "string"
    ],
    "rule_services": [
        "string"
    ],
    "rule_severities": [
        "string"
    ]
}


scope_asset_filter = {
    "account_ids": [
        "string"
    ],
    "cloud_group_ids": [
        "string"
    ],
    "cloud_providers": [
        "string"
    ],
    "regions": [
        "string"
    ],
    "resource_ids": [
        "string"
    ],
    "resource_names": [
        "string"
    ],
    "resource_types": [
        "string"
    ],
    "service_categories": [
        "string"
    ],
    "tags": [
        "string"
    ]
}


response = falcon.update_suppression_rule(description="string",
                                          id="string",
                                          name="string",
                                          rule_selection_filter=rule_selection_filter,
                                          rule_selection_type="string",
                                          scope_asset_filter=scope_asset_filter,
                                          scope_type="string",
                                          suppression_comment="string",
                                          suppression_expiration_date="string",
                                          suppression_reason="string")
print(response)

DeleteSuppressionRules

Section titled “DeleteSuppressionRules”

Delete Suppression Rules by ID.

DELETE /cloud-policies/entities/suppression-rules/v1
Scope Cloud Security Policies: WRITE Consumes · Produces application/json
PEP 8 delete_suppression_rules

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe uuids of the suppression rules to delete. A maximum of 10 IDs can be provided.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_suppression_rules(ids=id_list)
print(response)

QuerySuppressionRules

Section titled “QuerySuppressionRules”

Query suppression rules with filtering, sorting and pagination.

GET /cloud-policies/queries/suppression-rules/v1
Scope Cloud Security Policies: READ Consumes · Produces application/json
PEP 8 query_suppression_rules

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL expression to filter suppression rules. Allowed properties: name, description, domain, subdomain, suppression_reason, suppression_expiration_date, created_by, created_at, last_modified_at, disabled, groups.
limitqueryintegerThe maximum number of resources to return. The maximum allowed is 50. Default: 20.
offsetqueryintegerThe number of results to skip before starting to return results. Default: 0.
sortquerystringField to sort on. Sortable fields: name, description, domain, subdomain, suppression_reason, suppression_expiration_date, created_by, created_at, last_modified_at, disabled, groups. Use the .asc or .desc suffix to specify sort direction.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudPolicies


falcon = CloudPolicies(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.query_suppression_rules(filter="string",
                                          limit=integer,
                                          offset=integer,
                                          sort="string")
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use