Skip to content

Correlation Rules Admin

The Correlation Rules Admin service collection provides administrative operations for managing correlation rules. Change ownership of existing correlation rules to assign them to different API clients or users.

Language	Last Update
Python	v1.6.1
PowerShell	v2.2.9
Go	v0.20.0
TypeScript	v0.6.0
Rust	v0.7.0
Ruby	v1.2.0

Table of Contents

Operation	Description
entities_rules_ownership_put_v1 `change_correlation_rule_owner`	Change the owner of an existing Correlation Rule

entities_rules_ownership_put_v1

Change the owner of an existing Correlation Rule

PUT /correlation-rules/entities/rules/ownership/v1

Scope Correlation Rules Admin: WRITE Consumes · Produces application/json

PEP 8 change_correlation_rule_owner

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format. Not required if using other keywords.
api_client_id	body	string	The API client ID.
id	body	string	The rule ID.
user_id	body	string	The user ID.
user_uuid	body	string	The user UUID.

Code Examples

from falconpy import CorrelationRulesAdmin

falcon = CorrelationRulesAdmin(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.change_correlation_rule_owner(api_client_id="string",
                                                id="string",
                                                user_id="string",
                                                user_uuid="string")
print(response)

from falconpy import CorrelationRulesAdmin

falcon = CorrelationRulesAdmin(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.entities_rules_ownership_put_v1(api_client_id="string",
                                                  id="string",
                                                  user_id="string",
                                                  user_uuid="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "api_client_id": "string",
    "id": "string",
    "user_id": "string",
    "user_uuid": "string"
}

response = falcon.command("entities_rules_ownership_put_v1", body=body_payload)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/correlation_rules_admin"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  api_client_id := "string"
  id := "string"
  user_id := "string"
  user_uuid := "string"

  response, err := client.CorrelationRulesAdmin.EntitiesRulesOwnershipPutV1(
    &correlation_rules_admin.EntitiesRulesOwnershipPutV1Params{
      Body: &models.CorrelationrulesapiRuleOwnerPutRequestV1{
        ApiClientID: &api_client_id,
        ID: &id,
        UserID: &user_id,
        UserUuid: &user_uuid,
      },
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.correlationRulesAdmin.entitiesRulesOwnershipPutV1(
  {
    apiClientId: "string",
    id: "string",
    userId: "string",
    userUuid: "string"
}  // body
);

console.log(response);