Skip to content
CrowdStrike Developer Center

Cloud Security

The Cloud Security service collection provides operations for managing cloud risk visibility and Cloud Group organization in your CrowdStrike Falcon environment. Retrieve combined cloud risk details, query and manage Cloud Groups with full CRUD support, and organize cloud assets by selectors.

LanguageLast Update
Pythonv1.5.5
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
combined_cloud_risks
combined_cloud_risks		Get cloud risks with full details based on filters and sort criteria.
ListCloudGroupsExternal
list_cloud_groups		Query Cloud Groups and return entities with full details.
ListCloudGroupsByIDExternal
list_cloud_groups_by_id		Retrieve Cloud Groups by their UUIDs.
CreateCloudGroupExternal
create_cloud_group		Create a new Cloud Group with specified properties and selectors.
UpdateCloudGroupExternal
update_cloud_group		Update an existing Cloud Group’s properties.
DeleteCloudGroupsExternal
delete_cloud_groups		Delete Cloud Groups in batch by their UUIDs.
ListCloudGroupIDsExternal
list_group_ids		Query Cloud Groups and return only their IDs.

combined_cloud_risks

Section titled “combined_cloud_risks”

Get cloud risks with full details based on filters and sort criteria.

GET /cloud-security-risks/combined/cloud-risks/v1
Scope Cloud Security Risks: READ Consumes · Produces application/json
PEP 8 combined_cloud_risks

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL string to filter results in Falcon Query Language (FQL). Supported fields: account_id, account_name, asset_gcrn, asset_id, asset_name, asset_region, asset_type, cloud_group, cloud_provider, first_seen, last_seen, resolved_at, risk_factor, rule_id, rule_name, service_category, severity, status, suppressed_by, suppressed_reason, tags
sortquerystringThe field to sort on. Use |asc or |desc suffix to specify sort direction. Supported fields: account_id, account_name, asset_id, asset_name, asset_region, asset_type, cloud_provider, first_seen, last_seen, resolved_at, rule_name, service_category, severity, status
limitqueryintegerThe maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used.
offsetqueryintegerOffset returned risks
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSecurity


falcon = CloudSecurity(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.combined_cloud_risks(filter="string",
                                       sort="string",
                                       limit="string",
                                       offset=integer)
print(response)

ListCloudGroupsExternal

Section titled “ListCloudGroupsExternal”

Query Cloud Groups and return entities with full details.

GET /cloud-security/combined/cloud-groups/v1
Scope Asset Groups: READ Consumes · Produces application/json
PEP 8 list_cloud_groups

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringA valid FQL filter. Supports filtering groups by: Group properties: name, description, created_at, updated_at. Selector properties: cloud_provider, account_id, region, cloud_provider_tag, image_registry, image_repository, image_tag. Group tags: business_unit, business_impact, environment
sortquerystringA valid sort string.
offsetquerystringThe starting position of the list operation.
limitquerystringThe maximum number of cloud groups to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSecurity


falcon = CloudSecurity(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.list_cloud_groups(filter="string",
                                    sort="string",
                                    offset=integer,
                                    limit=integer)
print(response)

ListCloudGroupsByIDExternal

Section titled “ListCloudGroupsByIDExternal”

Retrieve Cloud Groups by their UUIDs.

GET /cloud-security/entities/cloud-groups/v1
Scope Asset Groups: READ Consumes · Produces application/json
PEP 8 list_cloud_groups_by_id

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsCloud Groups UUIDs to retrieve
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSecurity


falcon = CloudSecurity(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.list_cloud_groups_by_id(ids=id_list)
print(response)

CreateCloudGroupExternal

Section titled “CreateCloudGroupExternal”

Create a new Cloud Group with specified properties and selectors.

POST /cloud-security/entities/cloud-groups/v1
Scope Asset Groups: WRITE Consumes · Produces application/json
PEP 8 create_cloud_group

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format. Not required if using other keywords.
business_impactbodystringBusiness impact.
business_unitbodystringBusiness unit.
descriptionbodystringDescription.
environmentbodystringEnvironment.
namebodystringName.
ownersbodylist of stringsOwners.
selectorsbodydictionarySelectors.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSecurity


falcon = CloudSecurity(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


selectors = {
    "cloud_resources": [
        {
            "account_ids": [
                "string"
            ],
            "cloud_provider": "aws",
            "filters": {
                "region": [
                    "string"
                ],
                "tags": [
                    "string"
                ]
            }
        }
    ],
    "images": [
        {
            "filters": {
                "repository": [
                    "string"
                ],
                "tag": [
                    "string"
                ]
            },
            "registry": "string"
        }
    ]
}


response = falcon.create_cloud_group(business_impact="string",
                                     business_unit="string",
                                     description="string",
                                     environment="string",
                                     name="string",
                                     owners=["string"],
                                     selectors=selectors)
print(response)

UpdateCloudGroupExternal

Section titled “UpdateCloudGroupExternal”

Update an existing Cloud Group’s properties.

PATCH /cloud-security/entities/cloud-groups/v1
Scope Asset Groups: WRITE Consumes · Produces application/json
PEP 8 update_cloud_group

Parameters

Section titled “Parameters”
NameTypeData typeDescription
groupbodydictionaryComplete group payload to update.
business_impactbodystringBusiness impact.
business_unitbodystringBusiness unit.
descriptionbodystringDescription.
environmentbodystringEnvironment.
namebodystringName.
ownersbodylist of stringsOwners.
selectorsbodydictionarySelectors.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSecurity


falcon = CloudSecurity(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


selectors = {
    "cloud_resources": [
        {
            "account_ids": [
                "string"
            ],
            "cloud_provider": "aws",
            "filters": {
                "region": [
                    "string"
                ],
                "tags": [
                    "string"
                ]
            }
        }
    ],
    "images": [
        {
            "filters": {
                "repository": [
                    "string"
                ],
                "tag": [
                    "string"
                ]
            },
            "registry": "string"
        }
    ]
}


response = falcon.update_cloud_group(business_impact="string",
                                     business_unit="string",
                                     description="string",
                                     environment="string",
                                     name="string",
                                     owners=["string"],
                                     selectors=selectors)
print(response)

DeleteCloudGroupsExternal

Section titled “DeleteCloudGroupsExternal”

Delete Cloud Groups in batch by their UUIDs.

DELETE /cloud-security/entities/cloud-groups/v1
Scope Asset Groups: WRITE Consumes · Produces application/json
PEP 8 delete_cloud_groups

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsCloud Groups UUIDs to delete
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSecurity


falcon = CloudSecurity(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_cloud_groups(ids=id_list)
print(response)

ListCloudGroupIDsExternal

Section titled “ListCloudGroupIDsExternal”

Query Cloud Groups and return only their IDs.

GET /cloud-security/queries/cloud-groups/v1
Scope Asset Groups: READ Consumes · Produces application/json
PEP 8 list_group_ids

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringA valid FQL filter. Supports filtering groups by: Group properties: name, description, created_at, updated_at. Selector properties: cloud_provider, account_id, region, cloud_provider_tag, image_registry, image_repository, image_tag. Group tags: business_unit, business_impact, environment
sortquerystringA valid sort string.
offsetquerystringThe starting position of the list operation.
limitquerystringThe maximum number of cloud groups to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSecurity


falcon = CloudSecurity(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.list_group_ids(filter="string",
                                 sort="string",
                                 offset=integer,
                                 limit=integer)
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use