Content Update Policies
The Content Update Policies service collection provides operations for managing content update policies in your CrowdStrike Falcon environment. Search for policy members and policies, perform actions on policies, set precedence, create, delete, and update policies, and query pinnable content versions.
| Language | Last Update |
|---|---|
| Python | v1.5.1 |
| PowerShell | v2.2.9 |
| Go | v0.20.0 |
| TypeScript | v0.6.0 |
| Rust | v0.7.0 |
| Ruby | v1.2.0 |
Table of Contents
Section titled “Table of Contents”| Operation | Description |
|---|---|
queryCombinedContentUpdatePolicyMembersquery_policy_members_combined | Search for members of a Content Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria. |
queryCombinedContentUpdatePoliciesquery_policies_combined | Search for Content Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Content Update Policies which match the filter criteria. |
performContentUpdatePoliciesActionperform_action | Perform the specified action on the Content Update Policies specified in the request. |
setContentUpdatePoliciesPrecedenceset_precedence | Sets the precedence of Content Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies when updating precedence. |
getContentUpdatePoliciesget_policies | Retrieve a set of Content Update Policies by specifying their IDs. |
createContentUpdatePoliciescreate_policies | Create Content Update Policies by specifying details about the policy to create. |
deleteContentUpdatePoliciesdelete_policies | Delete a set of Content Update Policies by specifying their IDs. |
updateContentUpdatePoliciesupdate_policies | Update Content Update Policies by specifying the ID of the policy and details to update. |
queryContentUpdatePolicyMembersquery_policy_members | Search for members of a Content Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria. |
queryPinnableContentVersionsquery_pinnable_content_versions | Search for content versions available for pinning given the category. |
queryContentUpdatePoliciesquery_policies | Search for Content Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Content Update Policy IDs which match the filter criteria. |
queryCombinedContentUpdatePolicyMembers
Section titled “queryCombinedContentUpdatePolicyMembers”Search for members of a Content Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria.
GET /policy/combined/content-update-members/v1
PEP 8
query_policy_members_combinedParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| id | query | string | The ID of the Content Update Policy to search for members of. |
| filter | query | string | The filter expression that should be used to limit the results. |
| offset | query | integer | The offset to start retrieving records from. |
| limit | query | integer | The maximum records to return. [1-5000] |
| sort | query | string | The property to sort by. |
| parameters | query | dictionary | Full set of query string parameters in a JSON formatted dictionary. |
Code Examples
Section titled “Code Examples”from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_policy_members_combined(id="string", filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queryCombinedContentUpdatePolicyMembers(id="string", filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queryCombinedContentUpdatePolicyMembers", id="string", filter="string", offset=integer, limit=integer, sort="string")print(response)Get-FalconContentPolicyMember -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/content_update_policies")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
iD := "string" filter := "string" offset := int64(0) limit := int64(0) sort := "string"
response, err := client.ContentUpdatePolicies.QueryCombinedContentUpdatePolicyMembers( &content_update_policies.QueryCombinedContentUpdatePolicyMembersParams{ ID: &iD, Filter: &filter, Offset: &offset, Limit: &limit, Sort: &sort, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.contentUpdatePolicies.queryCombinedContentUpdatePolicyMembers( "string", // id "string", // filter integer, // offset integer, // limit "string" // sort);
console.log(response);use rusty_falcon::apis::content_update_policies_api::query_combined_content_update_policy_members;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = query_combined_content_update_policy_members( &falcon.cfg, // configuration Some("string"), // id Some("string"), // filter Some(integer), // offset Some(integer), // limit Some("string"), // sort ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ContentUpdatePolicies.new
response = api.query_combined_content_update_policy_members(id: 'string', filter: 'string', offset: integer, limit: integer, sort: 'string')
puts responsequeryCombinedContentUpdatePolicies
Section titled “queryCombinedContentUpdatePolicies”Search for Content Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Content Update Policies which match the filter criteria.
GET /policy/combined/content-update/v1
PEP 8
query_policies_combinedParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The filter expression that should be used to limit the results. |
| offset | query | integer | The offset to start retrieving records from. |
| limit | query | integer | The maximum records to return. [1-5000] |
| sort | query | string | The property to sort by. |
| parameters | query | dictionary | Full set of query string parameters in a JSON formatted dictionary. |
Code Examples
Section titled “Code Examples”from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_policies_combined(filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queryCombinedContentUpdatePolicies(filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queryCombinedContentUpdatePolicies", filter="string", offset=integer, limit=integer, sort="string")print(response)Get-FalconContentPolicy -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/content_update_policies")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" offset := int64(0) limit := int64(0) sort := "string"
response, err := client.ContentUpdatePolicies.QueryCombinedContentUpdatePolicies( &content_update_policies.QueryCombinedContentUpdatePoliciesParams{ Filter: &filter, Offset: &offset, Limit: &limit, Sort: &sort, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.contentUpdatePolicies.queryCombinedContentUpdatePolicies( "string", // filter integer, // offset integer, // limit "string" // sort);
console.log(response);use rusty_falcon::apis::content_update_policies_api::query_combined_content_update_policies;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = query_combined_content_update_policies( &falcon.cfg, // configuration Some("string"), // filter Some(integer), // offset Some(integer), // limit Some("string"), // sort ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ContentUpdatePolicies.new
response = api.query_combined_content_update_policies(filter: 'string', offset: integer, limit: integer, sort: 'string')
puts responseperformContentUpdatePoliciesAction
Section titled “performContentUpdatePoliciesAction”Perform the specified action on the Content Update Policies specified in the request.
POST /policy/entities/content-update-actions/v1
PEP 8
perform_actionParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| action_name | query | string | The action to perform. Allowed values: add-host-group, disable, enable, override-allow, override-pause, override-revert, remove-host-group, remove-pinned-content-version, set-pinned-content-version |
| action_parameters | query | dictionary or list of dictionaries | Action specific parameter options. |
| body | body | dictionary | Full body payload as JSON formatted dictionary. |
| ids | body | string or list of strings | Content update policy IDs to perform action against. |
| parameters | query | dictionary | Full set of query string parameters in a JSON formatted dictionary. |
Code Examples
Section titled “Code Examples”from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.perform_action(action_name="string", action_parameters=[{"key": "value"}], ids=id_list)print(response)from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.performContentUpdatePoliciesAction(action_name="string", action_parameters=[{"key": "value"}], ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "action_parameters": [ { "name": "string", "value": "string" } ], "ids": ["string"]}
response = falcon.command("performContentUpdatePoliciesAction", action_name="string", body=body_payload)print(response)Invoke-FalconContentPolicyAction -Name "string" -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/content_update_policies" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
name := "string" value := "string"
response, err := client.ContentUpdatePolicies.PerformContentUpdatePoliciesAction( &content_update_policies.PerformContentUpdatePoliciesActionParams{ Body: &models.MsaEntityActionRequestV2{ ActionParameters: []interface{}{ { Name: &name, Value: &value, }, }, Ids: []string{"string"}, }, ActionName: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.contentUpdatePolicies.performContentUpdatePoliciesAction( "string", // actionName { // body actionParameters: [{ name: "string", value: "string" }], ids: [] });
console.log(response);use rusty_falcon::apis::content_update_policies_api::perform_content_update_policies_action;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::MsaEntityActionRequestV2;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = MsaEntityActionRequestV2 { ids: vec!["string".to_string()], ..Default::default() };
let response = perform_content_update_policies_action( &falcon.cfg, // configuration "string", // action_name body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ContentUpdatePolicies.new
body = Falcon::MsaEntityActionRequestV2.new( action_parameters: [{ name: 'string', value: 'string' }], ids: [])
response = api.perform_content_update_policies_action(body, 'string')
puts responsesetContentUpdatePoliciesPrecedence
Section titled “setContentUpdatePoliciesPrecedence”Sets the precedence of Content Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies when updating precedence.
POST /policy/entities/content-update-precedence/v1
PEP 8
set_precedenceParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload as JSON formatted dictionary. |
| ids | body | string or list of strings | ID list in precedence order. |
Code Examples
Section titled “Code Examples”from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.set_precedence(ids=id_list)print(response)from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.setContentUpdatePoliciesPrecedence(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "ids": ["string"]}
response = falcon.command("setContentUpdatePoliciesPrecedence", body=body_payload)print(response)Set-FalconContentPrecedence -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/content_update_policies" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ContentUpdatePolicies.SetContentUpdatePoliciesPrecedence( &content_update_policies.SetContentUpdatePoliciesPrecedenceParams{ Body: &models.BaseSetContentUpdatePolicyPrecedenceReqV1{ Ids: []string{"string"}, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.contentUpdatePolicies.setContentUpdatePoliciesPrecedence( { ids: []} // body);
console.log(response);use rusty_falcon::apis::content_update_policies_api::set_content_update_policies_precedence;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::BaseSetContentUpdatePolicyPrecedenceReqV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = BaseSetContentUpdatePolicyPrecedenceReqV1 { ids: vec!["string".to_string()], ..Default::default() };
let response = set_content_update_policies_precedence( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ContentUpdatePolicies.new
body = Falcon::BaseSetContentUpdatePolicyPrecedenceReqV1.new( ids: [])
response = api.set_content_update_policies_precedence(body)
puts responsegetContentUpdatePolicies
Section titled “getContentUpdatePolicies”Retrieve a set of Content Update Policies by specifying their IDs.
GET /policy/entities/content-update/v1
PEP 8
get_policiesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Content update policy IDs to return. |
| parameters | query | dictionary | Full set of query string parameters in a JSON formatted dictionary. |
Code Examples
Section titled “Code Examples”from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policies(ids=id_list)print(response)from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getContentUpdatePolicies(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getContentUpdatePolicies", ids=id_list)print(response)Get-FalconContentPolicy -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/content_update_policies")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ContentUpdatePolicies.GetContentUpdatePolicies( &content_update_policies.GetContentUpdatePoliciesParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.contentUpdatePolicies.getContentUpdatePolicies(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::content_update_policies_api::get_content_update_policies;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_content_update_policies( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ContentUpdatePolicies.new
response = api.get_content_update_policies(['ID1', 'ID2', 'ID3'])
puts responsecreateContentUpdatePolicies
Section titled “createContentUpdatePolicies”Create Content Update Policies by specifying details about the policy to create.
POST /policy/entities/content-update/v1
PEP 8
create_policiesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload as JSON formatted dictionary. |
| description | body | string | Content Update policy description. |
| name | body | string | Content Update policy name. |
| settings | body | dictionary | Content Update policy settings. |
Code Examples
Section titled “Code Examples”from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_policies(description="string", name="string", settings={})print(response)from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.createContentUpdatePolicies(description="string", name="string", settings={})print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "description": "string", "name": "string", "settings": { "ring_assignment_settings": ["string"] } } ]}
response = falcon.command("createContentUpdatePolicies", body=body_payload)print(response)New-FalconContentPolicy -Name "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/content_update_policies" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string" name := "string"
response, err := client.ContentUpdatePolicies.CreateContentUpdatePolicies( &content_update_policies.CreateContentUpdatePoliciesParams{ Body: &models.ContentUpdateCreatePoliciesReqV1{ Resources: []interface{}{ { Description: &description, Name: &name, Settings: &struct{}{}, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.contentUpdatePolicies.createContentUpdatePolicies( { resources: [{ description: "string", name: "string", settings: { ringAssignmentSettings: [] } }]} // body);
console.log(response);use rusty_falcon::apis::content_update_policies_api::create_content_update_policies;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ContentUpdateCreatePoliciesReqV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ContentUpdateCreatePoliciesReqV1 { resources: vec![CreatePolicyReqV1 { name: Some("string".to_string()), ..Default::default() }], ..Default::default() };
let response = create_content_update_policies( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ContentUpdatePolicies.new
body = Falcon::ContentUpdateCreatePoliciesReqV1.new( resources: [{ description: 'string', name: 'string', settings: { ring_assignment_settings: [] } }])
response = api.create_content_update_policies(body)
puts responsedeleteContentUpdatePolicies
Section titled “deleteContentUpdatePolicies”Delete a set of Content Update Policies by specifying their IDs.
DELETE /policy/entities/content-update/v1
PEP 8
delete_policiesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Content update policy IDs to remove. |
| parameters | query | dictionary | Full set of query string parameters in a JSON formatted dictionary. |
Code Examples
Section titled “Code Examples”from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_policies(ids=id_list)print(response)from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteContentUpdatePolicies(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteContentUpdatePolicies", ids=id_list)print(response)Remove-FalconContentPolicy -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/content_update_policies")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ContentUpdatePolicies.DeleteContentUpdatePolicies( &content_update_policies.DeleteContentUpdatePoliciesParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.contentUpdatePolicies.deleteContentUpdatePolicies(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::content_update_policies_api::delete_content_update_policies;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = delete_content_update_policies( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ContentUpdatePolicies.new
response = api.delete_content_update_policies(['ID1', 'ID2', 'ID3'])
puts responseupdateContentUpdatePolicies
Section titled “updateContentUpdatePolicies”Update Content Update Policies by specifying the ID of the policy and details to update.
PATCH /policy/entities/content-update/v1
PEP 8
update_policiesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload as JSON formatted dictionary. |
| description | body | string | Content Update policy description. |
| id | body | string | Content Update policy ID to update. |
| name | body | string | Content Update policy name. |
| settings | body | dictionary | Content Update policy settings. |
Code Examples
Section titled “Code Examples”from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
resources = [ { "description": "string", "id": "string", "name": "string", "settings": { "ring_assignment_settings": ["string"] } }]
response = falcon.update_policies(resources=resources)print(response)from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
resources = [ { "description": "string", "id": "string", "name": "string", "settings": { "ring_assignment_settings": ["string"] } }]
response = falcon.updateContentUpdatePolicies(resources=resources)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "description": "string", "id": "string", "name": "string", "settings": { "ring_assignment_settings": ["string"] } } ]}
response = falcon.command("updateContentUpdatePolicies", body=body_payload)print(response)Edit-FalconContentPolicy -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/content_update_policies" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string" id := "string" name := "string"
response, err := client.ContentUpdatePolicies.UpdateContentUpdatePolicies( &content_update_policies.UpdateContentUpdatePoliciesParams{ Body: &models.ContentUpdateUpdatePoliciesReqV1{ Resources: []interface{}{ { Description: &description, ID: &id, Name: &name, Settings: &struct{}{}, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.contentUpdatePolicies.updateContentUpdatePolicies( { resources: [{ description: "string", id: "string", name: "string", settings: { ringAssignmentSettings: [] } }]} // body);
console.log(response);use rusty_falcon::apis::content_update_policies_api::update_content_update_policies;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ContentUpdateUpdatePoliciesReqV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ContentUpdateUpdatePoliciesReqV1 { resources: vec![UpdatePolicyReqV1 { id: Some("string".to_string()), ..Default::default() }], ..Default::default() };
let response = update_content_update_policies( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ContentUpdatePolicies.new
body = Falcon::ContentUpdateUpdatePoliciesReqV1.new( resources: [{ description: 'string', id: 'string', name: 'string', settings: { ring_assignment_settings: [] } }])
response = api.update_content_update_policies(body)
puts responsequeryContentUpdatePolicyMembers
Section titled “queryContentUpdatePolicyMembers”Search for members of a Content Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.
GET /policy/queries/content-update-members/v1
PEP 8
query_policy_membersParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| id | query | string | The ID of the Content Update Policy to search for members of. |
| filter | query | string | The filter expression that should be used to limit the results. |
| offset | query | integer | The offset to start retrieving records from. |
| limit | query | integer | The maximum records to return. [1-5000] |
| sort | query | string | The property to sort by. |
| parameters | query | dictionary | Full set of query string parameters in a JSON formatted dictionary. |
Code Examples
Section titled “Code Examples”from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_policy_members(id="string", filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queryContentUpdatePolicyMembers(id="string", filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queryContentUpdatePolicyMembers", id="string", filter="string", offset=integer, limit=integer, sort="string")print(response)Get-FalconContentPolicyMember -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/content_update_policies")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
iD := "string" filter := "string" offset := int64(0) limit := int64(0) sort := "string"
response, err := client.ContentUpdatePolicies.QueryContentUpdatePolicyMembers( &content_update_policies.QueryContentUpdatePolicyMembersParams{ ID: &iD, Filter: &filter, Offset: &offset, Limit: &limit, Sort: &sort, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.contentUpdatePolicies.queryContentUpdatePolicyMembers( "string", // id "string", // filter integer, // offset integer, // limit "string" // sort);
console.log(response);use rusty_falcon::apis::content_update_policies_api::query_content_update_policy_members;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = query_content_update_policy_members( &falcon.cfg, // configuration Some("string"), // id Some("string"), // filter Some(integer), // offset Some(integer), // limit Some("string"), // sort ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ContentUpdatePolicies.new
response = api.query_content_update_policy_members(id: 'string', filter: 'string', offset: integer, limit: integer, sort: 'string')
puts responsequeryPinnableContentVersions
Section titled “queryPinnableContentVersions”Search for content versions available for pinning given the category.
GET /policy/queries/content-update-pin-versions/v1
PEP 8
query_pinnable_content_versionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| category | query | string | Content category. Valid values: rapid_response_al_bl_listing, sensor_operations, system_critical, vulnerability_management |
| sort | query | string | The value to sort returned content versions by. Defaults to deployed_timestamp.desc. Available values: deployed_timestamp.asc, deployed_timestamp.desc |
| parameters | query | dictionary | Full set of query string parameters in a JSON formatted dictionary. |
Code Examples
Section titled “Code Examples”from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_pinnable_content_versions(category="string", sort="string")print(response)from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queryPinnableContentVersions(category="string", sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queryPinnableContentVersions", category="string", sort="string")print(response)Get-FalconContentVersion -Category "string" -Sort "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/content_update_policies")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
sort := "string"
response, err := client.ContentUpdatePolicies.QueryPinnableContentVersions( &content_update_policies.QueryPinnableContentVersionsParams{ Category: "string", Sort: &sort, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.contentUpdatePolicies.queryPinnableContentVersions( "string", // category "string" // sort);
console.log(response);use rusty_falcon::apis::content_update_policies_api::query_pinnable_content_versions;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = query_pinnable_content_versions( &falcon.cfg, // configuration "string", // category Some("string"), // sort ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ContentUpdatePolicies.new
response = api.query_pinnable_content_versions('string')
puts responsequeryContentUpdatePolicies
Section titled “queryContentUpdatePolicies”Search for Content Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Content Update Policy IDs which match the filter criteria.
GET /policy/queries/content-update/v1
PEP 8
query_policiesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The filter expression that should be used to limit the results. |
| offset | query | integer | The offset to start retrieving records from. |
| limit | query | integer | The maximum records to return. [1-5000] |
| sort | query | string | The property to sort by. |
| parameters | query | dictionary | Full set of query string parameters in a JSON formatted dictionary. |
Code Examples
Section titled “Code Examples”from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_policies(filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import ContentUpdatePolicies
falcon = ContentUpdatePolicies(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queryContentUpdatePolicies(filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queryContentUpdatePolicies", filter="string", offset=integer, limit=integer, sort="string")print(response)Get-FalconContentPolicy -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/content_update_policies")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" offset := int64(0) limit := int64(0) sort := "string"
response, err := client.ContentUpdatePolicies.QueryContentUpdatePolicies( &content_update_policies.QueryContentUpdatePoliciesParams{ Filter: &filter, Offset: &offset, Limit: &limit, Sort: &sort, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.contentUpdatePolicies.queryContentUpdatePolicies( "string", // filter integer, // offset integer, // limit "string" // sort);
console.log(response);use rusty_falcon::apis::content_update_policies_api::query_content_update_policies;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = query_content_update_policies( &falcon.cfg, // configuration Some("string"), // filter Some(integer), // offset Some(integer), // limit Some("string"), // sort ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ContentUpdatePolicies.new
response = api.query_content_update_policies(filter: 'string', offset: integer, limit: integer, sort: 'string')
puts response