CSPM Registration
The CSPM Registration service collection provides operations for registering and managing cloud accounts across AWS, Azure, and GCP environments. Configure cloud security posture monitoring, manage policy settings, and schedule compliance scans across your multi-cloud infrastructure.
| Language | Last Update |
|---|---|
| Python | v1.5.4 |
| PowerShell | v2.2.9 |
| Go | v0.20.0 |
| TypeScript | v0.6.0 |
| Rust | v0.7.0 |
| Ruby | v1.2.0 |
Table of Contents
Section titled “Table of Contents”| Operation | Description |
|---|---|
GetCSPMAwsAccountget_aws_account | Returns information about the current status of an AWS account. |
CreateCSPMAwsAccountcreate_aws_account | Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. |
DeleteCSPMAwsAccountdelete_aws_account | Deletes an existing AWS account or organization in our system. |
PatchCSPMAwsAccountupdate_aws_account | Patches a existing account in our system for a customer. |
GetCSPMAwsConsoleSetupURLsget_aws_console_setup_urls | Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. |
GetCSPMAwsAccountScriptsAttachmentget_aws_account_scripts_attachment | Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. |
GetCSPMAzureAccountget_azure_account | Return information about Azure account registration |
CreateCSPMAzureAccountcreate_azure_account | Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. |
DeleteCSPMAzureAccountdelete_azure_account | Deletes an Azure subscription from the system. |
UpdateCSPMAzureAccountClientIDupdate_azure_account_client_id | Update an Azure service account in our system by with the user-created client_id created with the public key we’ve provided |
UpdateCSPMAzureTenantDefaultSubscriptionIDupdate_azure_tenant_default_subscription_id | Update an Azure default subscription_id in our system for given tenant_id |
AzureDownloadCertificateazure_download_certificate | Returns JSON object(s) that contain the base64 encoded certificate for a service principal. |
AzureRefreshCertificateazure_refresh_certificate | Refresh certificate and returns JSON object(s) that contain the base64 encoded certificate for a service principal. |
GetCSPMAzureUserScriptsAttachmentget_azure_user_scripts_attachment | Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment |
GetBehaviorDetectionsget_behavior_detections | Retrieve a list of detected behaviors. |
GetConfigurationDetectionsget_configuration_detections | Retrieve a list of active misconfigurations. |
GetConfigurationDetectionEntitiesget_configuration_detection_entities | Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections. |
GetConfigurationDetectionIDsV2get_configuration_detection_ids_v2 | Get a list of active misconfiguration ids - including custom policy detections in addition to default policy detections. |
GetCSPMPolicyget_policy | Given a policy ID, returns detailed policy information. |
GetCSPMPoliciesDetailsget_policy_details | Given an array of policy IDs, returns detailed policies information. |
GetCSPMPolicySettingsget_policy_settings | Returns information about current policy settings. |
UpdateCSPMPolicySettingsupdate_policy_settings | Updates a policy setting - can be used to override policy severity or to disable a policy entirely. |
GetCSPMScanScheduleget_scan_schedule | Returns scan schedule configuration for one or more cloud platforms. |
UpdateCSPMScanScheduleupdate_scan_schedule | Updates scan schedule configuration for one or more cloud platforms. |
GetCSPMAzureManagementGroupget_azure_management_group | Return information about Azure management group registration |
DeleteCSPMAzureManagementGroupdelete_azure_management_group | Deletes Azure management groups from the system. |
CreateCSPMAzureManagementGroupcreate_azure_management_group | Creates a new management group in our system for a customer. |
CreateCSPMGCPAccountcreate_gcp_account | Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access. deprecated |
DeleteCSPMGCPAccountdelete_gcp_account | Deletes a GCP account from the system. deprecated |
UpdateCSPMGCPAccountupdate_gcp_account | Patches a existing account in our system for a customer. deprecated |
ConnectCSPMGCPAccountconnect_gcp_account | Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_iddeprecated |
GetCSPMGCPServiceAccountsExtget_gcp_service_account | Returns the service account id and client email for external clients. deprecated |
UpdateCSPMGCPServiceAccountsExtupdate_gcp_service_account | Updates an existing GCP service account. deprecated |
GetCSPMGCPUserScriptsAttachmentget_gcp_user_scripts_attachment | Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment deprecated |
GetCSPMGCPValidateAccountsExtvalidate_gcp_account | Run a synchronous health check. deprecated |
ValidateCSPMGCPServiceAccountExtvalidate_gcp_service_account | Validates credentials for a service account deprecated |
GetCSPMCGPAccountget_gcp_account | Returns information about the current status of an GCP account. |
UpdateCSPMAzureAccountupdate_azure_account | Patches a existing account in our system for a customer. |
getCloudEventIDsget_cloud_event_ids | Get list of related cloud event LogScale IDs for a given IOA |
GetCSPMAwsAccount
Section titled “GetCSPMAwsAccount”Returns information about the current status of an AWS account.
GET /cloud-connect-cspm-aws/entities/account/v1
PEP 8
get_aws_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| cspm_lite | query | boolean | Only return CSPM lite accounts. |
| group_by | query | string | The field to group by. |
| ids | query | string or list of strings | AWS Account ID(s). |
| iam_role_arns | query | string or list of strings | AWS IAM role ARN(s). |
| limit | query | integer | Maximum number of results to return. (Default: 100) |
| migrated | query | string | Only return migrated D4C accounts (true or false). |
| offset | query | integer | Starting record position. |
| organization_ids | query | string or list of strings | AWS Organization ID(s). |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| scan_type | query | string | Type of scan to perform, dry or full. |
| status | query | string | Account status to filter results by. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_account(scan_type="string", cspm_lite=boolean, ids=id_list, iam_role_arns=id_list, organization_ids=id_list, limit=integer, migrated="string", offset=integer, status="string", group_by="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAwsAccount(scan_type="string", cspm_lite=boolean, ids=id_list, iam_role_arns=id_list, organization_ids=id_list, limit=integer, migrated="string", offset=integer, status="string", group_by="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAwsAccount", scan_type="string", ids=id_list, iam_role_arns=id_list, organization_ids=id_list, status="string", limit=integer, cspm_lite="string", migrated="string", offset=integer, group_by="string")print(response)Get-FalconCloudAwsAccountpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
status := "string" limit := int64(0) cspmLite := "string" migrated := "string" offset := int64(0) groupBy := "string"
response, err := client.CspmRegistration.GetCSPMAwsAccount( &cspm_registration.GetCSPMAwsAccountParams{ ScanType: "string", Ids: []string{"ID1", "ID2", "ID3"}, IamRoleArns: []string{"ID1", "ID2", "ID3"}, OrganizationIds: []string{"ID1", "ID2", "ID3"}, Status: &status, Limit: &limit, CspmLite: &cspmLite, Migrated: &migrated, Offset: &offset, GroupBy: &groupBy, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMAwsAccount( "string", // scanType ["ID1", "ID2", "ID3"], // ids ["ID1", "ID2", "ID3"], // iamRoleArns ["ID1", "ID2", "ID3"], // organizationIds "string", // status integer, // limit "string", // cspmLite "string", // migrated integer, // offset "string" // groupBy);
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspm_aws_account;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cspm_aws_account( &falcon.cfg, // configuration Some("string"), // scan_type Some(vec!["string".to_string()]), // ids Some(vec!["string".to_string()]), // iam_role_arns Some(vec!["string".to_string()]), // organization_ids Some("string"), // status Some(integer), // limit Some("string"), // cspm_lite Some("string"), // migrated Some(integer), // offset Some("string"), // group_by ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cspm_aws_account(scan_type: 'string', ids: ['ID1', 'ID2', 'ID3'], iam_role_arns: ['ID1', 'ID2', 'ID3'], organization_ids: ['ID1', 'ID2', 'ID3'], status: 'string', limit: integer, cspm_lite: 'string', migrated: 'string', offset: integer, group_by: 'string')
puts responseCreateCSPMAwsAccount
Section titled “CreateCSPMAwsAccount”Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
POST /cloud-connect-cspm-aws/entities/account/v1
PEP 8
create_aws_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| account_id | body | string | AWS Account ID. |
| account_type | body | string | AWS Account Type. |
| behavior_assessment_enabled | body | boolean | Flag indicating if behavior assessment should be enabled. |
| body | body | dictionary | Full body payload in JSON format. |
| cloudtrail_region | body | string | AWS Cloudtrail Region. |
| iam_role_arn | body | string | AWS IAM Role ARN. |
| is_master | body | boolean | Flag indicating this is the master account. |
| organization_id | body | string | AWS Organization ID. |
| sensor_management_enabled | body | boolean | Flag indicating if sensor management should be enabled. |
| use_existing_cloudtrail | body | boolean | Flag indicating if the existing CloudTrail log should be used. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.create_aws_account(account_id="string", account_type="string", behavior_assessment_enabled=boolean, cloudtrail_region="string", deployment_method="string", dspm_enabled=boolean, dspm_role="string", falcon_client_id="string", iam_role_arn="string", is_master=boolean, organization_id="string", root_stack_id="string", sensor_management_enabled=boolean, target_ous=id_list, use_existing_cloudtrail=boolean)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.CreateCSPMAwsAccount(account_id="string", account_type="string", behavior_assessment_enabled=boolean, cloudtrail_region="string", deployment_method="string", dspm_enabled=boolean, dspm_role="string", falcon_client_id="string", iam_role_arn="string", is_master=boolean, organization_id="string", root_stack_id="string", sensor_management_enabled=boolean, target_ous=id_list, use_existing_cloudtrail=boolean)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "resources": [ { "account_id": "string", "account_type": "string", "behavior_assessment_enabled": boolean, "cloudtrail_region": "string", "deployment_method": "string", "dspm_enabled": boolean, "dspm_host_account_id": "string", "dspm_role": "string", "falcon_client_id": "string", "iam_role_arn": "string", "is_master": boolean, "organization_id": "string", "root_stack_id": "string", "sensor_management_enabled": boolean, "target_ous": ["string"], "use_existing_cloudtrail": boolean, "vulnerability_scanning_enabled": boolean, "vulnerability_scanning_host_account_id": "string", "vulnerability_scanning_role": "string" } ]}
response = falcon.command("CreateCSPMAwsAccount", body=body_payload)print(response)New-FalconCloudAwsAccount -AccountId "string" -CloudtrailRegion "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
account_id := "string" account_type := "string" behavior_assessment_enabled := boolean cloudtrail_region := "string" deployment_method := "string" dspm_enabled := boolean dspm_host_account_id := "string" dspm_role := "string" falcon_client_id := "string" iam_role_arn := "string" is_master := boolean organization_id := "string" root_stack_id := "string" sensor_management_enabled := boolean use_existing_cloudtrail := boolean vulnerability_scanning_enabled := boolean vulnerability_scanning_host_account_id := "string" vulnerability_scanning_role := "string"
response, err := client.CspmRegistration.CreateCSPMAwsAccount( &cspm_registration.CreateCSPMAwsAccountParams{ Body: &models.RegistrationAWSAccountCreateRequestExtV2{ Resources: []interface{}{ { AccountID: &account_id, AccountType: &account_type, BehaviorAssessmentEnabled: &behavior_assessment_enabled, CloudtrailRegion: &cloudtrail_region, DeploymentMethod: &deployment_method, DspmEnabled: &dspm_enabled, DspmHostAccountID: &dspm_host_account_id, DspmRole: &dspm_role, FalconClientID: &falcon_client_id, IamRoleArn: &iam_role_arn, IsMaster: &is_master, OrganizationID: &organization_id, RootStackID: &root_stack_id, SensorManagementEnabled: &sensor_management_enabled, TargetOus: []string{"string"}, UseExistingCloudtrail: &use_existing_cloudtrail, VulnerabilityScanningEnabled: &vulnerability_scanning_enabled, VulnerabilityScanningHostAccountID: &vulnerability_scanning_host_account_id, VulnerabilityScanningRole: &vulnerability_scanning_role, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.createCSPMAwsAccount( { resources: [{ accountId: "string", accountType: "string", behaviorAssessmentEnabled: boolean, cloudtrailRegion: "string", deploymentMethod: "string", dspmEnabled: boolean, dspmHostAccountId: "string", dspmRole: "string", falconClientId: "string", iamRoleArn: "string", isMaster: boolean, organizationId: "string", rootStackId: "string", sensorManagementEnabled: boolean, targetOus: [], useExistingCloudtrail: boolean, vulnerabilityScanningEnabled: boolean, vulnerabilityScanningHostAccountId: "string", vulnerabilityScanningRole: "string" }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::create_cspm_aws_account;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationAwsAccountCreateRequestExtV2;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationAwsAccountCreateRequestExtV2 { resources: vec![AWSAccountExtV2 { account_id: Some("string".to_string()), cloudtrail_region: Some("string".to_string()), iam_role_arn: Some("string".to_string()), organization_id: Some("string".to_string()), ..Default::default() }], ..Default::default() };
let response = create_cspm_aws_account( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationAWSAccountCreateRequestExtV2.new( resources: [{ account_id: 'string', account_type: 'string', behavior_assessment_enabled: boolean, cloudtrail_region: 'string', deployment_method: 'string', dspm_enabled: boolean, dspm_host_account_id: 'string', dspm_role: 'string', falcon_client_id: 'string', iam_role_arn: 'string', is_master: boolean, organization_id: 'string', root_stack_id: 'string', sensor_management_enabled: boolean, target_ous: [], use_existing_cloudtrail: boolean, vulnerability_scanning_enabled: boolean, vulnerability_scanning_host_account_id: 'string', vulnerability_scanning_role: 'string' }])
response = api.create_cspm_aws_account(body)
puts responseDeleteCSPMAwsAccount
Section titled “DeleteCSPMAwsAccount”Deletes an existing AWS account or organization in our system.
DELETE /cloud-connect-cspm-aws/entities/account/v1
PEP 8
delete_aws_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | The AWS account IDs to remove. |
| organization_ids | query | string or list of strings | The AWS organization ID(s) to delete. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_account(ids=id_list, organization_ids=id_list)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteCSPMAwsAccount(ids=id_list, organization_ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteCSPMAwsAccount", ids=id_list, organization_ids=id_list)print(response)Remove-FalconCloudAwsAccount -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CspmRegistration.DeleteCSPMAwsAccount( &cspm_registration.DeleteCSPMAwsAccountParams{ Ids: []string{"ID1", "ID2", "ID3"}, OrganizationIds: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.deleteCSPMAwsAccount( ["ID1", "ID2", "ID3"], // ids ["ID1", "ID2", "ID3"] // organizationIds);
console.log(response);use rusty_falcon::apis::cspm_registration_api::delete_cspm_aws_account;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = delete_cspm_aws_account( &falcon.cfg, // configuration Some(vec!["string".to_string()]), // ids Some(vec!["string".to_string()]), // organization_ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.delete_cspm_aws_account(ids: ['ID1', 'ID2', 'ID3'], organization_ids: ['ID1', 'ID2', 'ID3'])
puts responsePatchCSPMAwsAccount
Section titled “PatchCSPMAwsAccount”Patches a existing account in our system for a customer.
PATCH /cloud-connect-cspm-aws/entities/account/v1
PEP 8
update_aws_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| account_id | body | string | AWS Account ID. |
| behavior_assessment_enabled | body | boolean | Flag indicating if behavior assessment should be enabled. |
| body | body | dictionary | Full body payload in JSON format. |
| cloudtrail_region | body | string | AWS Cloudtrail Region. |
| iam_role_arn | body | string | AWS IAM Role ARN. |
| remediation_region | body | string | Region where remediation occurs. |
| remediation_tou_accepted | body | string | The accepted TOU for this account. |
| sensor_management_enabled | body | boolean | Flag indicating if sensor management should be enabled. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_aws_account(account_id="string", behavior_assessment_enabled=boolean, cloudtrail_region="string", iam_role_arn="string", remediation_region="string", remediation_tou_accepted="string", cloudtrail_region="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.PatchCSPMAwsAccount(account_id="string", behavior_assessment_enabled=boolean, cloudtrail_region="string", iam_role_arn="string", remediation_region="string", remediation_tou_accepted="string", cloudtrail_region="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "account_id": "string", "behavior_assessment_enabled": boolean, "cloudtrail_region": "string", "deployment_method": "string", "dspm_enabled": boolean, "dspm_role": "string", "environment": "string", "falcon_client_id": "string", "iam_role_arn": "string", "remediation_region": "string", "remediation_tou_accepted": "string", "root_stack_id": "string", "sensor_management_enabled": boolean, "target_ous": ["string"], "vulnerability_scanning_enabled": boolean, "vulnerability_scanning_role": "string" } ]}
response = falcon.command("PatchCSPMAwsAccount", body=body_payload)print(response)Edit-FalconCloudAwsAccount -AccountId "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
account_id := "string" behavior_assessment_enabled := boolean cloudtrail_region := "string" deployment_method := "string" dspm_enabled := boolean dspm_role := "string" environment := "string" falcon_client_id := "string" iam_role_arn := "string" remediation_region := "string" remediation_tou_accepted := "string" root_stack_id := "string" sensor_management_enabled := boolean vulnerability_scanning_enabled := boolean vulnerability_scanning_role := "string"
response, err := client.CspmRegistration.PatchCSPMAwsAccount( &cspm_registration.PatchCSPMAwsAccountParams{ Body: &models.RegistrationAWSAccountPatchRequest{ Resources: []interface{}{ { AccountID: &account_id, BehaviorAssessmentEnabled: &behavior_assessment_enabled, CloudtrailRegion: &cloudtrail_region, DeploymentMethod: &deployment_method, DspmEnabled: &dspm_enabled, DspmRole: &dspm_role, Environment: &environment, FalconClientID: &falcon_client_id, IamRoleArn: &iam_role_arn, RemediationRegion: &remediation_region, RemediationTouAccepted: &remediation_tou_accepted, RootStackID: &root_stack_id, SensorManagementEnabled: &sensor_management_enabled, TargetOus: []string{"string"}, VulnerabilityScanningEnabled: &vulnerability_scanning_enabled, VulnerabilityScanningRole: &vulnerability_scanning_role, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.patchCSPMAwsAccount( { resources: [{ accountId: "string", behaviorAssessmentEnabled: boolean, cloudtrailRegion: "string", deploymentMethod: "string", dspmEnabled: boolean, dspmRole: "string", environment: "string", falconClientId: "string", iamRoleArn: "string", remediationRegion: "string", remediationTouAccepted: "string", rootStackId: "string", sensorManagementEnabled: boolean, targetOus: [], vulnerabilityScanningEnabled: boolean, vulnerabilityScanningRole: "string" }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::patch_cspm_aws_account;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationAwsAccountPatchRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationAwsAccountPatchRequest { resources: vec![AWSAccountPatch { account_id: Some("string".to_string()), behavior_assessment_enabled: Some(boolean), dspm_enabled: Some(boolean), iam_role_arn: Some("string".to_string()), sensor_management_enabled: Some(boolean), vulnerability_scanning_enabled: Some(boolean), ..Default::default() }], ..Default::default() };
let response = patch_cspm_aws_account( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationAWSAccountPatchRequest.new( resources: [{ account_id: 'string', behavior_assessment_enabled: boolean, cloudtrail_region: 'string', deployment_method: 'string', dspm_enabled: boolean, dspm_role: 'string', environment: 'string', falcon_client_id: 'string', iam_role_arn: 'string', remediation_region: 'string', remediation_tou_accepted: 'string', root_stack_id: 'string', sensor_management_enabled: boolean, target_ous: [], vulnerability_scanning_enabled: boolean, vulnerability_scanning_role: 'string' }])
response = api.patch_cspm_aws_account(body)
puts responseGetCSPMAwsConsoleSetupURLs
Section titled “GetCSPMAwsConsoleSetupURLs”Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
GET /cloud-connect-cspm-aws/entities/console-setup-urls/v1
PEP 8
get_aws_console_setup_urlsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | The AWS account ID(s) to retrieve setup URLs. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| region | query | string | Region |
| tags | query | string | Base64 encoded JSON string to be used as AWS tags. |
| template | query | string | Template to be rendered. Available values: aws-url, aws-iom-url, aws-ioa-url, aws-sensor-management-url, aws-dspm-url, aws-idp-url, aws-modular-cft-url, and aws-modular-cft-gov-commercial-url |
| use_existing_cloudtrail | query | string | Boolean flag indicating if the CloudTrail be used. (Accepted values: true or false) |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_console_setup_urls(ids=id_list, use_existing_cloudtrail="string", region="string", tags="string", template="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAwsConsoleSetupURLs(ids=id_list, use_existing_cloudtrail="string", region="string", tags="string", template="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAwsConsoleSetupURLs", ids=id_list, use_existing_cloudtrail="string", region="string", tags="string", template="string")print(response)Get-FalconCloudAwsLinkpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
useExistingCloudtrail := "string" region := "string" tags := "string" template := "string"
response, err := client.CspmRegistration.GetCSPMAwsConsoleSetupURLs( &cspm_registration.GetCSPMAwsConsoleSetupURLsParams{ Ids: []string{"ID1", "ID2", "ID3"}, UseExistingCloudtrail: &useExistingCloudtrail, Region: ®ion, Tags: &tags, Template: &template, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMAwsConsoleSetupURLs( ["ID1", "ID2", "ID3"], // ids "string", // useExistingCloudtrail "string", // region "string", // tags "string" // template);
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspm_aws_console_setup_urls;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cspm_aws_console_setup_urls( &falcon.cfg, // configuration Some(vec!["string".to_string()]), // ids Some("string"), // use_existing_cloudtrail Some("string"), // region Some("string"), // tags Some("string"), // template ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cspm_aws_console_setup_urls(ids: ['ID1', 'ID2', 'ID3'], use_existing_cloudtrail: 'string', region: 'string', tags: 'string', template: 'string')
puts responseGetCSPMAwsAccountScriptsAttachment
Section titled “GetCSPMAwsAccountScriptsAttachment”Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
GET /cloud-connect-cspm-aws/entities/user-scripts-download/v1
PEP 8
get_aws_account_scripts_attachmentParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| accounts | query | string or list of strings | List of accounts to register. |
| account_type | query | string | The account type (commercial or gov). |
| aws_profile | query | string | The AWS profile to be used during registration. |
| behavior_assessment_enabled | query | string | Enable behavior assessment. Allowed values: true or false |
| custom_role_name | query | string | The custom IAM role to be used during registration. |
| dspm_enabled | query | string | Enable DSPM. Allowed values: true or false |
| dspm_regions | query | string or list of strings | DSPM regions. |
| dspm_role | query | string | DSPM role. |
| ids | query | string or list of strings | The AWS account ID(s) to retrieve script attachments. |
| organization_id | query | string or list of strings | The AWS organization ID to be registered. |
| parameters | query | dictionary | Full query string parameters payload as a dictionary. |
| sensor_management_enabled | query | string | Enable sensor management. Allowed values: true or false |
| template | query | string | Template to be rendered. Allowed values: aws-bash or aws-terraform |
| use_existing_cloudtrail | query | string | Use the existing cloudtrail log. Allowed values: true or false |
Code Examples
Section titled “Code Examples”Examples coming soon.
Examples coming soon.
Examples coming soon.
Examples coming soon.
Examples coming soon.
Examples coming soon.
GetCSPMAzureAccount
Section titled “GetCSPMAzureAccount”Return information about Azure account registration
GET /cloud-connect-azure/entities/account/v1
PEP 8
get_azure_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| cspm_lite | query | boolean | Only return CSPM lite accounts. |
| ids | query | string or list of strings | Subscription ID(s). When empty, all accounts are returned. |
| limit | query | integer | Maximum number of results to return. (Default: 100) |
| offset | query | integer | Starting record position. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| scan_type | query | string | Type of scan to perform, dry or full. |
| status | query | string | Account status to filter results by. Allowed values: Event_DiscoverAccountStatusProvisioned, Event_DiscoverAccountStatusOperational |
| tenant_ids | query | string or list of strings | Tenant ID(s) used to filter Azure accounts returned. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_account(scan_type="string", cspm_lite=boolean, ids=id_list, limit=integer, offset=integer, status="string", tenant_ids=id_list)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAzureAccount(scan_type="string", cspm_lite=boolean, ids=id_list, limit=integer, offset=integer, status="string", tenant_ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAzureAccount", ids=id_list, tenant_ids=id_list, scan_type="string", status="string", cspm_lite="string", limit=integer, offset=integer)print(response)Get-FalconCloudAzureAccountpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
status := "string" cspmLite := "string" limit := int64(0) offset := int64(0)
response, err := client.CspmRegistration.GetCSPMAzureAccount( &cspm_registration.GetCSPMAzureAccountParams{ Ids: []string{"ID1", "ID2", "ID3"}, TenantIds: []string{"ID1", "ID2", "ID3"}, ScanType: "string", Status: &status, CspmLite: &cspmLite, Limit: &limit, Offset: &offset, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMAzureAccount( ["ID1", "ID2", "ID3"], // ids ["ID1", "ID2", "ID3"], // tenantIds "string", // scanType "string", // status "string", // cspmLite integer, // limit integer // offset);
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspm_azure_account;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cspm_azure_account( &falcon.cfg, // configuration Some(vec!["string".to_string()]), // ids Some(vec!["string".to_string()]), // tenant_ids Some("string"), // scan_type Some("string"), // status Some("string"), // cspm_lite Some(integer), // limit Some(integer), // offset ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cspm_azure_account(ids: ['ID1', 'ID2', 'ID3'], tenant_ids: ['ID1', 'ID2', 'ID3'], scan_type: 'string', status: 'string', cspm_lite: 'string', limit: integer, offset: integer)
puts responseCreateCSPMAzureAccount
Section titled “CreateCSPMAzureAccount”Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
POST /cloud-connect-azure/entities/account/v1
PEP 8
create_azure_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| account_type | body | string | Azure account type. |
| body | body | dictionary | Full body payload in JSON format. |
| client_id | body | string | Client ID. |
| default_subscription | body | boolean | Flag indicating if this is the default Azure subscription. |
| subscription_id | body | string | Azure Subscription ID. |
| tenant_id | body | string | Azure tenant ID. |
| years_valid | body | integer | Years valid. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_azure_account(account_type="string", client_id="string", default_subscription=boolean, subscription_id="string", tenant_id="string", years_valid=integer)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.CreateCSPMAzureAccount(account_type="string", client_id="string", default_subscription=boolean, subscription_id="string", tenant_id="string", years_valid=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "account_type": "string", "client_id": "string", "default_subscription": boolean, "subscription_id": "string", "tenant_id": "string", "years_valid": integer } ]}
response = falcon.command("CreateCSPMAzureAccount", body=body_payload)print(response)New-FalconCloudAzureAccountpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
account_type := "string" client_id := "string" default_subscription := boolean subscription_id := "string" tenant_id := "string" years_valid := integer
response, err := client.CspmRegistration.CreateCSPMAzureAccount( &cspm_registration.CreateCSPMAzureAccountParams{ Body: &models.RegistrationAzureAccountCreateRequestExternalV1{ Resources: []interface{}{ { AccountType: &account_type, ClientID: &client_id, DefaultSubscription: &default_subscription, SubscriptionID: &subscription_id, TenantID: &tenant_id, YearsValid: &years_valid, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.createCSPMAzureAccount( { resources: [{ accountType: "string", clientId: "string", defaultSubscription: boolean, subscriptionId: "string", tenantId: "string", yearsValid: integer }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::create_cspm_azure_account;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationAzureAccountCreateRequestExternalV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationAzureAccountCreateRequestExternalV1 { resources: vec![], ..Default::default() };
let response = create_cspm_azure_account( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationAzureAccountCreateRequestExternalV1.new( resources: [{ account_type: 'string', client_id: 'string', default_subscription: boolean, subscription_id: 'string', tenant_id: 'string', years_valid: integer }])
response = api.create_cspm_azure_account(body)
puts responseDeleteCSPMAzureAccount
Section titled “DeleteCSPMAzureAccount”Deletes an Azure subscription from the system.
DELETE /cloud-connect-cspm-azure/entities/account/v1
PEP 8
delete_azure_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Azure subscription IDs to remove. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| retain_tenant | query | string | Retain tenant. |
| tenant_ids | query | string or list of strings | Tenant IDs to remove. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_azure_account(ids=id_list, retain_tenant="string", tenant_ids=id_list)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteCSPMAzureAccount(ids=id_list, retain_tenant="string", tenant_ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteCSPMAzureAccount", ids=id_list, tenant_ids=id_list, retain_tenant="string")print(response)Remove-FalconCloudAzureAccount -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
retainTenant := "string"
response, err := client.CspmRegistration.DeleteCSPMAzureAccount( &cspm_registration.DeleteCSPMAzureAccountParams{ Ids: []string{"ID1", "ID2", "ID3"}, TenantIds: []string{"ID1", "ID2", "ID3"}, RetainTenant: &retainTenant, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.deleteCSPMAzureAccount( ["ID1", "ID2", "ID3"], // ids ["ID1", "ID2", "ID3"], // tenantIds "string" // retainTenant);
console.log(response);use rusty_falcon::apis::cspm_registration_api::delete_cspm_azure_account;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = delete_cspm_azure_account( &falcon.cfg, // configuration Some(vec!["string".to_string()]), // ids Some(vec!["string".to_string()]), // tenant_ids Some("string"), // retain_tenant ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.delete_cspm_azure_account(ids: ['ID1', 'ID2', 'ID3'], tenant_ids: ['ID1', 'ID2', 'ID3'], retain_tenant: 'string')
puts responseUpdateCSPMAzureAccountClientID
Section titled “UpdateCSPMAzureAccountClientID”Update an Azure service account in our system by with the user-created client_id created with the public key we’ve provided
PATCH /cloud-connect-azure/entities/client-id/v1
PEP 8
update_azure_account_client_idParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | string | This field is not used. Ignore. |
| id | query | string or list of strings | The Azure Client ID to use for the Service Principal associated with the Azure account. |
| tenant_id | query | string or list of strings | The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_azure_account_client_id(id=id_list, tenant_id="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.UpdateCSPMAzureAccountClientID(id=id_list, tenant_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("UpdateCSPMAzureAccountClientID", id="string", tenant_id="string")print(response)Edit-FalconCloudAzureAccount -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CspmRegistration.UpdateCSPMAzureAccountClientID( &cspm_registration.UpdateCSPMAzureAccountClientIDParams{ ID: "string", TenantID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.updateCSPMAzureAccountClientID( "string", // id "string" // tenantId);
console.log(response);use rusty_falcon::apis::cspm_registration_api::update_cspm_azure_account_client_id;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = update_cspm_azure_account_client_id( &falcon.cfg, // configuration "string", // id Some("string"), // tenant_id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.update_cspm_azure_account_client_id('string')
puts responseUpdateCSPMAzureTenantDefaultSubscriptionID
Section titled “UpdateCSPMAzureTenantDefaultSubscriptionID”Update an Azure default subscription_id in our system for given tenant_id
PATCH /cloud-connect-cspm-azure/entities/default-subscription-id/v1
PEP 8
update_azure_tenant_default_subscription_idParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | string | This field is not used. Ignore. |
| subscription_id | query | string or list of strings | The Azure subscription ID to use as a default for all subscriptions within the tenant. |
| tenant_id | query | string or list of strings | The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_azure_tenant_default_subscription_id(subscription_id="string", tenant_id="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.UpdateCSPMAzureTenantDefaultSubscriptionID(subscription_id="string", tenant_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("UpdateCSPMAzureTenantDefaultSubscriptionID", tenant_id="string", subscription_id="string")print(response)Edit-FalconCloudAzureAccount -SubscriptionId "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CspmRegistration.UpdateCSPMAzureTenantDefaultSubscriptionID( &cspm_registration.UpdateCSPMAzureTenantDefaultSubscriptionIDParams{ TenantID: "string", SubscriptionID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.updateCSPMAzureTenantDefaultSubscriptionID( "string", // subscriptionId "string" // tenantId);
console.log(response);use rusty_falcon::apis::cspm_registration_api::update_cspm_azure_tenant_default_subscription_id;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = update_cspm_azure_tenant_default_subscription_id( &falcon.cfg, // configuration "string", // subscription_id Some("string"), // tenant_id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.update_cspm_azure_tenant_default_subscription_id('string')
puts responseAzureDownloadCertificate
Section titled “AzureDownloadCertificate”Returns JSON object(s) that contain the base64 encoded certificate for a service principal.
GET /cloud-connect-cspm-azure/entities/download-certificate/v1
PEP 8
azure_download_certificateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| tenant_id | query | string or list of strings | The Azure Client ID to generate script for. Defaults to the most recently registered tenant. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.azure_download_certificate(tenant_id="string", stream=boolean) save_file.write(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.AzureDownloadCertificate(tenant_id="string", stream=boolean) save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.command("AzureDownloadCertificate", tenant_id=id_list) save_file.write(response)Get-FalconCloudAzureCertificate -TenantId @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CspmRegistration.AzureDownloadCertificate( &cspm_registration.AzureDownloadCertificateParams{ TenantID: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.azureDownloadCertificate(["ID1", "ID2", "ID3"]); // tenantId
console.log(response);use rusty_falcon::apis::cspm_registration_api::azure_download_certificate;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = azure_download_certificate( &falcon.cfg, // configuration vec!["string".to_string()], // tenant_id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.azure_download_certificate(['ID1', 'ID2', 'ID3'])
puts responseAzureRefreshCertificate
Section titled “AzureRefreshCertificate”Refresh certificate and returns JSON object(s) that contain the base64 encoded certificate for a service principal.
POST /cloud-connect-cspm-azure/entities/refresh-certificate/v1
PEP 8
azure_refresh_certificateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| tenant_id | query | string or list of strings | Azure Tenant ID. |
| years_valid | query | string | Years the certificate should be valid. Max: 2, Default: 1 |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.azure_refresh_certificate(tenant_id="string", years_valid=integer, stream=boolean) save_file.write(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.AzureRefreshCertificate(tenant_id="string", years_valid=integer, stream=boolean) save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.command("AzureRefreshCertificate", tenant_id=id_list, years_valid="string") save_file.write(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
yearsValid := "string"
response, err := client.CspmRegistration.AzureRefreshCertificate( &cspm_registration.AzureRefreshCertificateParams{ TenantID: []string{"ID1", "ID2", "ID3"}, YearsValid: &yearsValid, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.azureRefreshCertificate( ["ID1", "ID2", "ID3"], // tenantId "string" // yearsValid);
console.log(response);use rusty_falcon::apis::cspm_registration_api::azure_refresh_certificate;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = azure_refresh_certificate( &falcon.cfg, // configuration vec!["string".to_string()], // tenant_id Some("string"), // years_valid ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.azure_refresh_certificate(['ID1', 'ID2', 'ID3'])
puts responseGetCSPMAzureUserScriptsAttachment
Section titled “GetCSPMAzureUserScriptsAttachment”Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
GET /cloud-connect-azure/entities/user-scripts-download/v1
PEP 8
get_azure_user_scripts_attachmentParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| account_type | query | string | Account type (gov or commercial). |
| azure_management_group | query | boolean | Use Azure Management Group. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| subscription_ids | query | string or list of strings | Subscription IDs to generate scripts for. Defaults to all. |
| template | query | string or list of strings | Template to be rendered. |
| tenant_id | query | string | The Azure tenant ID to generate scripts for. Defaults to the most recently registered tenant. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
with open("output_file", "wb") as save_file: response = falcon.get_azure_user_scripts_attachment(account_type="string", azure_management_group=boolean, tenant_id="string", subscription_ids=id_list, template="string", stream=boolean) save_file.write(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
with open("output_file", "wb") as save_file: response = falcon.GetCSPMAzureUserScriptsAttachment(account_type="string", azure_management_group=boolean, tenant_id="string", subscription_ids=id_list, template="string", stream=boolean) save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
with open("output_file", "wb") as save_file: response = falcon.command("GetCSPMAzureUserScriptsAttachment", tenant_id="string", subscription_ids=id_list, account_type="string", template="string", azure_management_group=boolean) save_file.write(response)Receive-FalconCloudAzureScript -Path "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
accountType := "string" template := "string" azureManagementGroup := boolean
response, err := client.CspmRegistration.GetCSPMAzureUserScriptsAttachment( &cspm_registration.GetCSPMAzureUserScriptsAttachmentParams{ TenantID: "string", SubscriptionIds: []string{"ID1", "ID2", "ID3"}, AccountType: &accountType, Template: &template, AzureManagementGroup: &azureManagementGroup, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMAzureUserScriptsAttachment( "string", // tenantId ["ID1", "ID2", "ID3"], // subscriptionIds "string", // accountType "string", // template boolean // azureManagementGroup);
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspm_azure_user_scripts_attachment;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cspm_azure_user_scripts_attachment( &falcon.cfg, // configuration Some("string"), // tenant_id Some(vec!["string".to_string()]), // subscription_ids Some("string"), // account_type Some("string"), // template Some(boolean), // azure_management_group ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cspm_azure_user_scripts_attachment(tenant_id: 'string', subscription_ids: ['ID1', 'ID2', 'ID3'], account_type: 'string', template: 'string', azure_management_group: boolean)
puts responseGetBehaviorDetections
Section titled “GetBehaviorDetections”Retrieve list of detected behaviors.
GET /detects/entities/ioa/v1
PEP 8
get_behavior_detectionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| account_id | query | string | Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID). |
| aws_account_id | query | string | AWS Account ID. |
| azure_subscription_id | query | string | Azure Subscription ID. |
| azure_tenant_id | query | string | Azure Tenant ID. |
| cloud_provider | query | string | Cloud Provider (azure, aws, gcp). |
| date_time_since | query | string | Filter to retrieve all events after specified date. RFC3339 format. Example: 2006-01-01T12:00:01Z07:00. |
| limit | query | integer | Maximum number of results to return. (Max: 500) |
| next_token | query | string | String to get next page of results, associated with the previous execution. Must include all filters from previous execution. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| resource_id | query | string or list of strings | Resource ID. |
| resource_uuid | query | string or list of strings | Resource UUID. |
| service | query | string | Filter by Cloud Service. See Available Services table below. |
| severity | query | string | Filter by severity. Example: High, Medium or Informational. |
| state | query | string | Filter by state. Example: open or closed. |
Available Services
Section titled “Available Services”| ACM | Identity |
| ACR | KMS |
| Any | KeyVault |
| App Engine | Kinesis |
| BigQuery | Kubernetes |
| Cloud Load Balancing | Lambda |
| Cloud Logging | LoadBalancer |
| Cloud SQL | Monitor |
| Cloud Storage | NLB/ALB |
| CloudFormation | NetworkSecurityGroup |
| CloudTrail | PostgreSQL |
| CloudWatch Logs | RDS |
| Cloudfront | Redshift |
| Compute Engine | S3 |
| Config | SES |
| Disk | SNS |
| DynamoDB | SQLDatabase |
| EBS | SQLServer |
| EC2 | SQS |
| ECR | SSM |
| EFS | Serverless Application Repository |
| EKS | StorageAccount |
| ELB | Subscriptions |
| EMR | VPC |
| Elasticache | VirtualMachine |
| GuardDuty | VirtualNetwork |
| IAM |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_behavior_detections(account_id="string", aws_account_id="string", azure_subscription_id="string", azure_tenant_id="string", cloud_provider="string", date_time_since="string", limit=integer, next_token="string", resource_id="string", service="string", severity="string", since="string", state="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.GetBehaviorDetections(account_id="string", aws_account_id="string", azure_subscription_id="string", azure_tenant_id="string", cloud_provider="string", date_time_since="string", limit=integer, next_token="string", resource_id="string", service="string", severity="string", since="string", state="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("GetBehaviorDetections", cloud_provider="string", service="string", account_id="string", aws_account_id="string", azure_subscription_id="string", azure_tenant_id="string", state="string", date_time_since="string", since="string", severity="string", next_token="string", limit=integer, resource_id=id_list, resource_uuid=id_list)print(response)Get-FalconCloudIoa -CloudPlatform "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
cloudProvider := "string" service := "string" accountID := "string" awsAccountID := "string" azureSubscriptionID := "string" azureTenantID := "string" state := "string" dateTimeSince := "string" since := "string" severity := "string" nextToken := "string" limit := int64(0)
response, err := client.CspmRegistration.GetBehaviorDetections( &cspm_registration.GetBehaviorDetectionsParams{ CloudProvider: &cloudProvider, Service: &service, AccountID: &accountID, AwsAccountID: &awsAccountID, AzureSubscriptionID: &azureSubscriptionID, AzureTenantID: &azureTenantID, State: &state, DateTimeSince: &dateTimeSince, Since: &since, Severity: &severity, NextToken: &nextToken, Limit: &limit, ResourceID: []string{"ID1", "ID2", "ID3"}, ResourceUUID: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getBehaviorDetections( "string", // cloudProvider "string", // service "string", // accountId "string", // awsAccountId "string", // azureSubscriptionId "string", // azureTenantId "string", // state "string", // dateTimeSince "string", // since "string", // severity "string", // nextToken integer, // limit ["ID1", "ID2", "ID3"], // resourceId ["ID1", "ID2", "ID3"] // resourceUuid);
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_behavior_detections;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_behavior_detections( &falcon.cfg, // configuration Some("string"), // cloud_provider Some("string"), // service Some("string"), // account_id Some("string"), // aws_account_id Some("string"), // azure_subscription_id Some("string"), // azure_tenant_id Some("string"), // state Some("string"), // date_time_since Some("string"), // since Some("string"), // severity Some("string"), // next_token Some(integer), // limit Some(vec!["string".to_string()]), // resource_id Some(vec!["string".to_string()]), // resource_uuid ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_behavior_detections(cloud_provider: 'string', service: 'string', account_id: 'string', aws_account_id: 'string', azure_subscription_id: 'string', azure_tenant_id: 'string', state: 'string', date_time_since: 'string', since: 'string', severity: 'string', next_token: 'string', limit: integer, resource_id: ['ID1', 'ID2', 'ID3'], resource_uuid: ['ID1', 'ID2', 'ID3'])
puts responseGetConfigurationDetections
Section titled “GetConfigurationDetections”Retrieve list of detected behaviors.
GET /detects/entities/iom/v1
PEP 8
get_configuration_detectionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| account_id | query | string | Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID). |
| aws_account_id | query | string | AWS Account ID. |
| azure_subscription_id | query | string | Azure Subscription ID. |
| azure_tenant_id | query | string | Azure Tenant ID. |
| cloud_provider | query | string | Cloud Provider (azure, aws, gcp). |
| limit | query | integer | Maximum number of results to return. (Max: 500) |
| next_token | query | string | String to get next page of results, associated with the previous execution. Must include all filters from previous execution. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| region | query | string | Cloud Provider Region. Example: us-east-1. |
| service | query | string | Filter by Cloud Service. See Available Services table below. |
| severity | query | string | Filter by severity. Example: High, Medium or Informational. |
| status | query | string | Filter by status. Example: new, reoccurring or all. |
Available Services
Section titled “Available Services”| ACM | Identity |
| ACR | KMS |
| Any | KeyVault |
| App Engine | Kinesis |
| BigQuery | Kubernetes |
| Cloud Load Balancing | Lambda |
| Cloud Logging | LoadBalancer |
| Cloud SQL | Monitor |
| Cloud Storage | NLB/ALB |
| CloudFormation | NetworkSecurityGroup |
| CloudTrail | PostgreSQL |
| CloudWatch Logs | RDS |
| Cloudfront | Redshift |
| Compute Engine | S3 |
| Config | SES |
| Disk | SNS |
| DynamoDB | SQLDatabase |
| EBS | SQLServer |
| EC2 | SQS |
| ECR | SSM |
| EFS | Serverless Application Repository |
| EKS | StorageAccount |
| ELB | Subscriptions |
| EMR | VPC |
| Elasticache | VirtualMachine |
| GuardDuty | VirtualNetwork |
| IAM |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_configuration_detections(account_id="string", aws_account_id="string", azure_subscription_id="string", azure_tenant_id="string", cloud_provider="string", limit=integer, next_token="string", region="string", service="string", severity="string", status="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.GetConfigurationDetections(account_id="string", aws_account_id="string", azure_subscription_id="string", azure_tenant_id="string", cloud_provider="string", limit=integer, next_token="string", region="string", service="string", severity="string", status="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("GetConfigurationDetections", cloud_provider="string", account_id="string", azure_subscription_id="string", azure_tenant_id="string", status="string", region="string", severity="string", service="string", next_token="string", limit=integer)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
cloudProvider := "string" accountID := "string" azureSubscriptionID := "string" azureTenantID := "string" status := "string" region := "string" severity := "string" service := "string" nextToken := "string" limit := int64(0)
response, err := client.CspmRegistration.GetConfigurationDetections( &cspm_registration.GetConfigurationDetectionsParams{ CloudProvider: &cloudProvider, AccountID: &accountID, AzureSubscriptionID: &azureSubscriptionID, AzureTenantID: &azureTenantID, Status: &status, Region: ®ion, Severity: &severity, Service: &service, NextToken: &nextToken, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getConfigurationDetections( "string", // cloudProvider "string", // accountId "string", // azureSubscriptionId "string", // azureTenantId "string", // status "string", // region "string", // severity "string", // service "string", // nextToken integer // limit);
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_configuration_detections;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_configuration_detections( &falcon.cfg, // configuration Some("string"), // cloud_provider Some("string"), // account_id Some("string"), // azure_subscription_id Some("string"), // azure_tenant_id Some("string"), // status Some("string"), // region Some("string"), // severity Some("string"), // service Some("string"), // next_token Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_configuration_detections(cloud_provider: 'string', account_id: 'string', azure_subscription_id: 'string', azure_tenant_id: 'string', status: 'string', region: 'string', severity: 'string', service: 'string', next_token: 'string', limit: integer)
puts responseGetConfigurationDetectionEntities
Section titled “GetConfigurationDetectionEntities”Get misconfigurations based on the ID - including custom policy detections in addition to default policy detections.
GET /detects/entities/iom/v2
PEP 8
get_configuration_detection_entitiesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Detection IDs to retrieve. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_configuration_detection_entities(ids=id_list)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetConfigurationDetectionEntities(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetConfigurationDetectionEntities", ids=id_list)print(response)Get-FalconCloudIom -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CspmRegistration.GetConfigurationDetectionEntities( &cspm_registration.GetConfigurationDetectionEntitiesParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getConfigurationDetectionEntities(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_configuration_detection_entities;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_configuration_detection_entities( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_configuration_detection_entities(['ID1', 'ID2', 'ID3'])
puts responseGetConfigurationDetectionIDsV2
Section titled “GetConfigurationDetectionIDsV2”Get a list of active misconfiguration ids - including custom policy detections in addition to default policy detections.
GET /detects/queries/iom/v2
PEP 8
get_configuration_detection_ids_v2Parameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The FQL filter expression that should be used to limit the results. Available filters: use_current_scan_ids, account_name, account_id, agent_id, attack_types, azure_subscription_id, cloud_provider, cloud_service_keyword, custom_policy_id, is_managed, policy_id, policy_type, resource_id, region, status, scan_time, severity, severity_string |
| limit | query | integer | The maximum number of detections to return. [1-1000] |
| next_token | query | string | String to get next page of results. Cannot be combined with any other keyword except limit. |
| offset | query | integer | The offset to start retrieving detections from |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| sort | query | string | The property to sort by (e.g. timestamp|desc or policy_id|asc). Default: timestamp|desc. Available fields: account_name, account_id, attack_types, azure_subscription_id, cloud_provider, cloud_service_keyword, status, is_managed, policy_id, policy_type, resource_id, region, scan_time, severity, severity_string, timestamp |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_configuration_detection_ids_v2(filter="string", limit=integer, next_token="string", offset=integer, sort="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.GetConfigurationDetectionIDsV2(filter="string", limit=integer, next_token="string", offset=integer, sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("GetConfigurationDetectionIDsV2", filter="string", sort="string", limit=integer, offset=integer, next_token="string")print(response)Get-FalconCloudIom -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" limit := int64(0) offset := int64(0) nextToken := "string"
response, err := client.CspmRegistration.GetConfigurationDetectionIDsV2( &cspm_registration.GetConfigurationDetectionIDsV2Params{ Filter: &filter, Sort: &sort, Limit: &limit, Offset: &offset, NextToken: &nextToken, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getConfigurationDetectionIDsV2( "string", // filter "string", // sort integer, // limit integer, // offset "string" // nextToken);
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_configuration_detection_ids_v2;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_configuration_detection_ids_v2( &falcon.cfg, // configuration Some("string"), // filter Some("string"), // sort Some(integer), // limit Some(integer), // offset Some("string"), // next_token ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_configuration_detection_ids_v2(filter: 'string', sort: 'string', limit: integer, offset: integer, next_token: 'string')
puts responseGetCSPMPolicy
Section titled “GetCSPMPolicy”Given a policy ID, returns detailed policy information.
GET /settings/entities/policy-details/v1
PEP 8
get_policyParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Policy IDs to retrieve. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policy(ids=id_list)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMPolicy(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMPolicy", ids=integer)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CspmRegistration.GetCSPMPolicy( &cspm_registration.GetCSPMPolicyParams{ Ids: integer, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMPolicy(integer); // ids
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspm_policy;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cspm_policy( &falcon.cfg, // configuration integer, // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cspm_policy(integer)
puts responseGetCSPMPoliciesDetails
Section titled “GetCSPMPoliciesDetails”Given an array of policy IDs, returns detailed policies information.
GET /settings/entities/policy-details/v2
PEP 8
get_policy_detailsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Detection IDs to retrieve. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policy_details(ids=id_list)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMPoliciesDetails(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMPoliciesDetails", ids=id_list)print(response)Get-FalconCloudPolicy -PolicyId integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CspmRegistration.GetCSPMPoliciesDetails( &cspm_registration.GetCSPMPoliciesDetailsParams{ Ids: []integer{0}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMPoliciesDetails(integer); // ids
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspm_policies_details;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cspm_policies_details( &falcon.cfg, // configuration vec![], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cspm_policies_details([0])
puts responseGetCSPMPolicySettings
Section titled “GetCSPMPolicySettings”Returns information about current policy settings.
GET /settings/entities/policy/v1
PEP 8
get_policy_settingsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| cloud_platform | query | string | Cloud Provider (azure, aws, gcp). |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| policy_id | query | string | IOA Policy ID. |
| service | query | string | Filter by Service type. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_policy_settings(policy_id="string", cloud_platform="string", service="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.GetCSPMPolicySettings(policy_id="string", cloud_platform="string", service="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("GetCSPMPolicySettings", service="string", policy_id="string", cloud_platform="string")print(response)Get-FalconCloudPolicypackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
service := "string"
response, err := client.CspmRegistration.GetCSPMPolicySettings( &cspm_registration.GetCSPMPolicySettingsParams{ Service: &service, PolicyID: "string", CloudPlatform: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMPolicySettings( "string", // service "string", // policyId "string" // cloudPlatform);
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspm_policy_settings;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cspm_policy_settings( &falcon.cfg, // configuration Some("string"), // service Some("string"), // policy_id Some("string"), // cloud_platform ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cspm_policy_settings(service: 'string', policy_id: 'string', cloud_platform: 'string')
puts responseUpdateCSPMPolicySettings
Section titled “UpdateCSPMPolicySettings”Updates a policy setting - can be used to override policy severity or to disable a policy entirely.
PATCH /settings/entities/policy/v1
PEP 8
update_policy_settingsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| account_id | body | string | Cloud Account ID to impact. |
| body | body | dictionary | Full body payload in JSON format. |
| enabled | body | boolean | Flag indicating if this policy is enabled. |
| policy_id | body | integer | Policy ID to be updated. |
| regions | body | string or list of strings | List of regions where this policy is enforced. |
| severity | body | string | Policy severity value. |
| tag_excluded | body | boolean | Tag exclusion flag. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_policy_settings(account_id="string", account_ids=id_list, enabled=boolean, policy_id=integer, region=id_list, severity="string", tag_excluded=boolean)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.UpdateCSPMPolicySettings(account_id="string", account_ids=id_list, enabled=boolean, policy_id=integer, region=id_list, severity="string", tag_excluded=boolean)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "resources": [ { "account_id": "string", "account_ids": ["string"], "enabled": boolean, "policy_id": integer, "regions": ["string"], "severity": "string", "tag_excluded": boolean } ]}
response = falcon.command("UpdateCSPMPolicySettings", body=body_payload)print(response)Edit-FalconCloudPolicy -Severity "string" ` -Enabled $boolean ` -Id integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
account_id := "string" enabled := boolean policy_id := integer severity := "string" tag_excluded := boolean
response, err := client.CspmRegistration.UpdateCSPMPolicySettings( &cspm_registration.UpdateCSPMPolicySettingsParams{ Body: &models.RegistrationPolicyRequestExtV1{ Resources: []interface{}{ { AccountID: &account_id, AccountIds: []string{"string"}, Enabled: &enabled, PolicyID: &policy_id, Regions: []string{"string"}, Severity: &severity, TagExcluded: &tag_excluded, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.updateCSPMPolicySettings( { resources: [{ accountId: "string", accountIds: [], enabled: boolean, policyId: integer, regions: [], severity: "string", tagExcluded: boolean }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::update_cspm_policy_settings;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationPolicyRequestExtV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationPolicyRequestExtV1 { resources: vec![PolicyExtV1 { account_id: Some("string".to_string()), account_ids: vec!["string".to_string()], enabled: Some(boolean), policy_id: Some(integer), regions: vec!["string".to_string()], severity: Some("string".to_string()), tag_excluded: Some(boolean), ..Default::default() }], ..Default::default() };
let response = update_cspm_policy_settings( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationPolicyRequestExtV1.new( resources: [{ account_id: 'string', account_ids: [], enabled: boolean, policy_id: integer, regions: [], severity: 'string', tag_excluded: boolean }])
response = api.update_cspm_policy_settings(body)
puts responseGetCSPMScanSchedule
Section titled “GetCSPMScanSchedule”Returns scan schedule configuration for one or more cloud platforms.
GET /settings/scan-schedule/v1
PEP 8
get_scan_scheduleParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| cloud_platform | query | string or list of strings | The Cloud Platform. (azure, aws, gcp) |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_scan_schedule(cloud_platform="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.GetCSPMScanSchedule(cloud_platform="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("GetCSPMScanSchedule", cloud_platform=id_list)print(response)Get-FalconCloudSchedule -CloudPlatform @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CspmRegistration.GetCSPMScanSchedule( &cspm_registration.GetCSPMScanScheduleParams{ CloudPlatform: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMScanSchedule(["ID1", "ID2", "ID3"]); // cloudPlatform
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspm_scan_schedule;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cspm_scan_schedule( &falcon.cfg, // configuration Some(vec!["string".to_string()]), // cloud_platform ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cspm_scan_schedule(cloud_platform: ['ID1', 'ID2', 'ID3'])
puts responseUpdateCSPMScanSchedule
Section titled “UpdateCSPMScanSchedule”Updates scan schedule configuration for one or more cloud platforms.
POST /settings/scan-schedule/v1
PEP 8
update_scan_scheduleParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| cloud_platform | body | string | Cloud platform (Azure, AWS, GCP). |
| next_scan_timestamp | body | string | UTC formatted string. |
| scan_schedule | body | string | Scan schedule type. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_scan_schedule(cloud_platform="string", next_scan_timestamp="string", scan_interval="string", scan_schedule="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.UpdateCSPMScanSchedule(cloud_platform="string", next_scan_timestamp="string", scan_interval="string", scan_schedule="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "cloud_platform": "string", "last_scan_completed_at": "string", "next_scan_timestamp": "string", "scan_interval": "string", "scan_schedule": "string" } ]}
response = falcon.command("UpdateCSPMScanSchedule", body=body_payload)print(response)Edit-FalconCloudSchedule -ScanSchedule "string" -CloudPlatform "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
cloud_platform := "string" last_scan_completed_at := "string" next_scan_timestamp := "string" scan_interval := "string" scan_schedule := "string"
response, err := client.CspmRegistration.UpdateCSPMScanSchedule( &cspm_registration.UpdateCSPMScanScheduleParams{ Body: &models.RegistrationScanScheduleUpdateRequestV1{ Resources: []interface{}{ { CloudPlatform: &cloud_platform, LastScanCompletedAt: &last_scan_completed_at, NextScanTimestamp: &next_scan_timestamp, ScanInterval: &scan_interval, ScanSchedule: &scan_schedule, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.updateCSPMScanSchedule( { resources: [{ cloudPlatform: "string", lastScanCompletedAt: "string", nextScanTimestamp: "string", scanInterval: "string", scanSchedule: "string" }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::update_cspm_scan_schedule;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationScanScheduleUpdateRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationScanScheduleUpdateRequestV1 { resources: vec![ScanScheduleDataV1 { cloud_platform: Some("string".to_string()), ..Default::default() }], ..Default::default() };
let response = update_cspm_scan_schedule( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationScanScheduleUpdateRequestV1.new( resources: [{ cloud_platform: 'string', last_scan_completed_at: 'string', next_scan_timestamp: 'string', scan_interval: 'string', scan_schedule: 'string' }])
response = api.update_cspm_scan_schedule(body)
puts responseGetCSPMAzureManagementGroup
Section titled “GetCSPMAzureManagementGroup”Return information about Azure management group registration
GET /cloud-connect-cspm-azure/entities/management-group/v1
PEP 8
get_azure_management_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| limit | query | integer | The maximum records to return. Defaults to 100. |
| offset | query | integer | The offset to start retrieving records from |
| tenant_ids | query | string or list of strings | Tenant ids to filter azure accounts |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_management_group(limit=integer, offset=integer, tenant_ids=id_list)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAzureManagementGroup(limit=integer, offset=integer, tenant_ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAzureManagementGroup", tenant_ids=id_list, limit=integer, offset=integer)print(response)Get-FalconCloudAzureGrouppackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
limit := int64(0) offset := int64(0)
response, err := client.CspmRegistration.GetCSPMAzureManagementGroup( &cspm_registration.GetCSPMAzureManagementGroupParams{ TenantIds: []string{"ID1", "ID2", "ID3"}, Limit: &limit, Offset: &offset, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMAzureManagementGroup( ["ID1", "ID2", "ID3"], // tenantIds integer, // limit integer // offset);
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspm_azure_management_group;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cspm_azure_management_group( &falcon.cfg, // configuration Some(vec!["string".to_string()]), // tenant_ids Some(integer), // limit Some(integer), // offset ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cspm_azure_management_group(tenant_ids: ['ID1', 'ID2', 'ID3'], limit: integer, offset: integer)
puts responseDeleteCSPMAzureManagementGroup
Section titled “DeleteCSPMAzureManagementGroup”Deletes Azure management groups from the system.
DELETE /cloud-connect-cspm-azure/entities/management-group/v1
PEP 8
delete_azure_management_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| tenant_ids | query | string or list of strings | Tenant IDs to remove. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_azure_management_group(tenant_ids=id_list)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteCSPMAzureManagementGroup(tenant_ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteCSPMAzureManagementGroup", tenant_ids=id_list)print(response)Remove-FalconCloudAzureGrouppackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CspmRegistration.DeleteCSPMAzureManagementGroup( &cspm_registration.DeleteCSPMAzureManagementGroupParams{ TenantIds: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.deleteCSPMAzureManagementGroup(["ID1", "ID2", "ID3"]); // tenantIds
console.log(response);use rusty_falcon::apis::cspm_registration_api::delete_cspm_azure_management_group;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = delete_cspm_azure_management_group( &falcon.cfg, // configuration Some(vec!["string".to_string()]), // tenant_ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.delete_cspm_azure_management_group(tenant_ids: ['ID1', 'ID2', 'ID3'])
puts responseCreateCSPMAzureManagementGroup
Section titled “CreateCSPMAzureManagementGroup”Creates a new management group in our system for a customer.
POST /cloud-connect-cspm-azure/entities/management-group/v1
PEP 8
create_azure_management_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| default_subscription_id | body | string | AWS Account ID. |
| tenant_id | body | string | AWS Account ID. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_azure_management_group(default_subscription_id="string", tenant_id="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.CreateCSPMAzureManagementGroup(default_subscription_id="string", tenant_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "default_subscription_id": "string", "tenant_id": "string" } ]}
response = falcon.command("CreateCSPMAzureManagementGroup", body=body_payload)print(response)New-FalconCloudAzureGrouppackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
default_subscription_id := "string" tenant_id := "string"
response, err := client.CspmRegistration.CreateCSPMAzureManagementGroup( &cspm_registration.CreateCSPMAzureManagementGroupParams{ Body: &models.RegistrationAzureManagementGroupCreateRequestExternalV1{ Resources: []interface{}{ { DefaultSubscriptionID: &default_subscription_id, TenantID: &tenant_id, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.createCSPMAzureManagementGroup( { resources: [{ defaultSubscriptionId: "string", tenantId: "string" }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::create_cspm_azure_management_group;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationAzureManagementGroupCreateRequestExternalV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationAzureManagementGroupCreateRequestExternalV1 { resources: vec![AzureManagementGroupExternalV1 { tenant_id: Some("string".to_string()), ..Default::default() }], ..Default::default() };
let response = create_cspm_azure_management_group( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationAzureManagementGroupCreateRequestExternalV1.new( resources: [{ default_subscription_id: 'string', tenant_id: 'string' }])
response = api.create_cspm_azure_management_group(body)
puts responseCreateCSPMGCPAccount
Section titled “CreateCSPMGCPAccount”Creates a new account and generates a new service account to add access to your GCP environment.
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
POST /cloud-connect-cspm-gcp/entities/account/v1
PEP 8
create_gcp_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| parent_id | body | string | Parent ID. |
| parent_type | body | string | Parent Type. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_gcp_account(parent_id="string", parent_type="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.CreateCSPMGCPAccount(parent_id="string", parent_type="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "parent_id": "string", "parent_type": "string" } ]}
response = falcon.command("CreateCSPMGCPAccount", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
parent_id := "string" parent_type := "string"
response, err := client.CspmRegistration.CreateCSPMGCPAccount( &cspm_registration.CreateCSPMGCPAccountParams{ Body: &models.RegistrationGCPAccountCreateRequestExtV1{ Resources: []interface{}{ { ParentID: &parent_id, ParentType: &parent_type, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.createCSPMGCPAccount( { resources: [{ parentId: "string", parentType: "string" }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::create_cspmgcp_account;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationGcpAccountCreateRequestExtV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationGcpAccountCreateRequestExtV1 { resources: vec![GCPAccountExtV1 { parent_id: Some("string".to_string()), ..Default::default() }], ..Default::default() };
let response = create_cspmgcp_account( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationGCPAccountCreateRequestExtV1.new( resources: [{ parent_id: 'string', parent_type: 'string' }])
response = api.create_cspm_gcp_account(body)
puts responseDeleteCSPMGCPAccount
Section titled “DeleteCSPMGCPAccount”Deletes a GCP account from the system.
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
DELETE /cloud-connect-cspm-gcp/entities/account/v1
PEP 8
delete_gcp_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Hierarchical Resource IDs of accounts to delete. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_gcp_account(ids=id_list)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteCSPMGCPAccount(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteCSPMGCPAccount", ids=id_list)print(response)Remove-FalconCloudGcpAccount -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CspmRegistration.DeleteCSPMGCPAccount( &cspm_registration.DeleteCSPMGCPAccountParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.deleteCSPMGCPAccount(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::cspm_registration_api::delete_cspmgcp_account;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = delete_cspmgcp_account( &falcon.cfg, // configuration Some(vec!["string".to_string()]), // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.delete_cspm_gcp_account(ids: ['ID1', 'ID2', 'ID3'])
puts responseUpdateCSPMGCPAccount
Section titled “UpdateCSPMGCPAccount”Updates an existing GCP account.
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
PATCH /cloud-connect-cspm-gcp/entities/account/v1
PEP 8
update_gcp_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| environment | body | string | Environment. |
| parent_id | body | string | Parent ID. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_gcp_account(environment="string", parent_id="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.UpdateCSPMGCPAccount(environment="string", parent_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "environment": "string", "parent_id": "string", "service_account": { "client_email": "string", "client_id": "string", "private_key": "string", "private_key_id": "string", "project_id": "string", "service_account_conditions": ["string"], "service_account_id": integer } } ]}
response = falcon.command("UpdateCSPMGCPAccount", body=body_payload)print(response)Edit-FalconCloudGcpAccountpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
environment := "string" parent_id := "string"
response, err := client.CspmRegistration.UpdateCSPMGCPAccount( &cspm_registration.UpdateCSPMGCPAccountParams{ Body: &models.RegistrationGCPAccountPatchRequestV1{ Resources: []interface{}{ { Environment: &environment, ParentID: &parent_id, ServiceAccount: &struct{}{}, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.updateCSPMGCPAccount( { resources: [{ environment: "string", parentId: "string", serviceAccount: { clientEmail: "string", clientId: "string", privateKey: "string", privateKeyId: "string", projectId: "string", serviceAccountConditions: [], serviceAccountId: integer } }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::update_cspmgcp_account;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationGcpAccountPatchRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationGcpAccountPatchRequestV1 { resources: vec![GCPAccountPatchV1 { parent_id: Some("string".to_string()), service_account: Default::default(), ..Default::default() }], ..Default::default() };
let response = update_cspmgcp_account( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationGCPAccountPatchRequestV1.new( resources: [{ environment: 'string', parent_id: 'string', service_account: { client_email: 'string', client_id: 'string', private_key: 'string', private_key_id: 'string', project_id: 'string', service_account_conditions: [], service_account_id: integer } }])
response = api.update_cspm_gcp_account(body)
puts responseConnectCSPMGCPAccount
Section titled “ConnectCSPMGCPAccount”Creates a new GCP account with newly-uploaded service account or connects with existing service account with only the following fields: parent_id, parent_type and service_account_id
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
POST /cloud-connect-cspm-gcp/entities/account/v2
PEP 8
connect_gcp_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| client_email | body | string | GCP client email. |
| client_id | body | string | GCP client ID. |
| parent_id | body | string | Parent ID. |
| parent_type | body | string | Parent type. |
| private_key | body | string | GCP private key. |
| private_key_id | body | string | GCP private key ID. |
| project_id | body | string | GCP project ID. |
| service_account_id | body | integer | GCP service account ID. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.connect_gcp_account(client_email="string", client_id="string", parent_id="string", parent_type="string", private_key="string", private_key_id="string", project_id="string", service_account_id=integer)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ConnectCSPMGCPAccount(client_email="string", client_id="string", parent_id="string", parent_type="string", private_key="string", private_key_id="string", project_id="string", service_account_id=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "client_email": "string", "client_id": "string", "parent_id": "string", "parent_type": "string", "private_key": "string", "private_key_id": "string", "project_id": "string", "service_account_conditions": [ { "feature": "string", "is_visible": boolean, "last_transition": "string", "message": "string", "reason": "string", "status": "string", "type": "string" } ], "service_account_id": integer } ]}
response = falcon.command("ConnectCSPMGCPAccount", body=body_payload)print(response)New-FalconCloudGcpAccountpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
client_email := "string" client_id := "string" parent_id := "string" parent_type := "string" private_key := "string" private_key_id := "string" project_id := "string" feature := "string" is_visible := boolean last_transition := "string" message := "string" reason := "string" status := "string" type := "string" service_account_id := integer
response, err := client.CspmRegistration.ConnectCSPMGCPAccount( &cspm_registration.ConnectCSPMGCPAccountParams{ Body: &models.RegistrationGCPAccountExtRequestV2{ Resources: []interface{}{ { ClientEmail: &client_email, ClientID: &client_id, ParentID: &parent_id, ParentType: &parent_type, PrivateKey: &private_key, PrivateKeyID: &private_key_id, ProjectID: &project_id, ServiceAccountConditions: []interface{}{ { Feature: &feature, IsVisible: &is_visible, LastTransition: &last_transition, Message: &message, Reason: &reason, Status: &status, Type: &type, }, }, ServiceAccountID: &service_account_id, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.connectCSPMGCPAccount( { resources: [{ clientEmail: "string", clientId: "string", parentId: "string", parentType: "string", privateKey: "string", privateKeyId: "string", projectId: "string", serviceAccountConditions: [{ feature: "string", isVisible: boolean, lastTransition: "string", message: "string", reason: "string", status: "string", type: "string" }], serviceAccountId: integer }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::connect_cspmgcp_account;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationGcpAccountExtRequestV2;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationGcpAccountExtRequestV2 { resources: vec![GCPAccountReqObjV2 { parent_id: Some("string".to_string()), ..Default::default() }], ..Default::default() };
let response = connect_cspmgcp_account( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationGCPAccountExtRequestV2.new( resources: [{ client_email: 'string', client_id: 'string', parent_id: 'string', parent_type: 'string', private_key: 'string', private_key_id: 'string', project_id: 'string', service_account_conditions: [{ feature: 'string', is_visible: boolean, last_transition: 'string', message: 'string', reason: 'string', status: 'string', type: 'string' }], service_account_id: integer }])
response = api.connect_cspm_gcp_account(body)
puts responseGetCSPMGCPServiceAccountsExt
Section titled “GetCSPMGCPServiceAccountsExt”Returns the service account id and client email for external clients.
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
GET /cloud-connect-cspm-gcp/entities/service-accounts/v1
PEP 8
get_gcp_service_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| id | query | string | Service account ID to retrieve. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_gcp_service_account(id="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.GetCSPMGCPServiceAccountsExt(id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("GetCSPMGCPServiceAccountsExt", id="string")print(response)Get-FalconCloudGcpServiceAccount -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
iD := "string"
response, err := client.CspmRegistration.GetCSPMGCPServiceAccountsExt( &cspm_registration.GetCSPMGCPServiceAccountsExtParams{ ID: &iD, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMGCPServiceAccountsExt("string"); // id
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspmgcp_service_accounts_ext;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cspmgcp_service_accounts_ext( &falcon.cfg, // configuration Some("string"), // id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cspm_gcp_service_accounts_ext(id: 'string')
puts responseUpdateCSPMGCPServiceAccountsExt
Section titled “UpdateCSPMGCPServiceAccountsExt”Updates an existing GCP service account.
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
PATCH /cloud-connect-cspm-gcp/entities/service-accounts/v1
PEP 8
update_gcp_service_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| client_email | body | string | Client email associated with the account. |
| client_id | body | string | GCP Client ID. |
| private_key | body | string | GCP private key. |
| private_key_id | body | string | GCP private key ID. |
| project_id | body | string | GCP project ID. |
| service_account_conditions | body | list of dictionaries | GCP service account conditions. |
| service_account_id | body | integer | GCP service account ID. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_gcp_service_account(client_email="string", client_id="string", private_key="string", private_key_id="string", project_id="string", resources=[{"key": "value"}], service_account_conditions=[{"key": "value"}], service_account_id=integer)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.UpdateCSPMGCPServiceAccountsExt(client_email="string", client_id="string", private_key="string", private_key_id="string", project_id="string", resources=[{"key": "value"}], service_account_conditions=[{"key": "value"}], service_account_id=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "client_email": "string", "client_id": "string", "private_key": "string", "private_key_id": "string", "project_id": "string", "service_account_conditions": [ { "feature": "string", "is_visible": boolean, "last_transition": "string", "message": "string", "reason": "string", "status": "string", "type": "string" } ], "service_account_id": integer } ]}
response = falcon.command("UpdateCSPMGCPServiceAccountsExt", body=body_payload)print(response)Edit-FalconCloudGcpServiceAccount -ServiceAccountId integer ` -ServiceAccountCondition @{} ` -ProjectId "string" ` -ClientId "string" ` -ClientEmail "string" ` -PrivateKeyId "string" ` -PrivateKey "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
client_email := "string" client_id := "string" private_key := "string" private_key_id := "string" project_id := "string" feature := "string" is_visible := boolean last_transition := "string" message := "string" reason := "string" status := "string" type := "string" service_account_id := integer
response, err := client.CspmRegistration.UpdateCSPMGCPServiceAccountsExt( &cspm_registration.UpdateCSPMGCPServiceAccountsExtParams{ Body: &models.RegistrationGCPServiceAccountPatchRequestV1{ Resources: []interface{}{ { ClientEmail: &client_email, ClientID: &client_id, PrivateKey: &private_key, PrivateKeyID: &private_key_id, ProjectID: &project_id, ServiceAccountConditions: []interface{}{ { Feature: &feature, IsVisible: &is_visible, LastTransition: &last_transition, Message: &message, Reason: &reason, Status: &status, Type: &type, }, }, ServiceAccountID: &service_account_id, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.updateCSPMGCPServiceAccountsExt( { resources: [{ clientEmail: "string", clientId: "string", privateKey: "string", privateKeyId: "string", projectId: "string", serviceAccountConditions: [{ feature: "string", isVisible: boolean, lastTransition: "string", message: "string", reason: "string", status: "string", type: "string" }], serviceAccountId: integer }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::update_cspmgcp_service_accounts_ext;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationGcpServiceAccountPatchRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationGcpServiceAccountPatchRequestV1 { resources: vec![], ..Default::default() };
let response = update_cspmgcp_service_accounts_ext( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationGCPServiceAccountPatchRequestV1.new( resources: [{ client_email: 'string', client_id: 'string', private_key: 'string', private_key_id: 'string', project_id: 'string', service_account_conditions: [{ feature: 'string', is_visible: boolean, last_transition: 'string', message: 'string', reason: 'string', status: 'string', type: 'string' }], service_account_id: integer }])
response = api.update_cspm_gcp_service_accounts_ext(body)
puts responseGetCSPMGCPUserScriptsAttachment
Section titled “GetCSPMGCPUserScriptsAttachment”Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
GET /cloud-connect-cspm-gcp/entities/user-scripts-download/v1
PEP 8
get_gcp_user_scripts_attachmentParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Hierarchical Resource IDs of accounts. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| parent_type | query | string | GCP Hierarchy Parent Type. Allowed values: organization, folder or project |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
with open("output_file", "wb") as save_file: response = falcon.get_gcp_user_scripts_attachment(ids=id_list, parent_type="string", stream=boolean) save_file.write(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
with open("output_file", "wb") as save_file: response = falcon.GetCSPMGCPUserScriptsAttachment(ids=id_list, parent_type="string", stream=boolean) save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
with open("output_file", "wb") as save_file: response = falcon.command("GetCSPMGCPUserScriptsAttachment", parent_type="string", ids=id_list) save_file.write(response)Receive-FalconCloudGcpScript -Path "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
parentType := "string"
response, err := client.CspmRegistration.GetCSPMGCPUserScriptsAttachment( &cspm_registration.GetCSPMGCPUserScriptsAttachmentParams{ ParentType: &parentType, Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMGCPUserScriptsAttachment( "string", // parentType ["ID1", "ID2", "ID3"] // ids);
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspmgcp_user_scripts_attachment;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cspmgcp_user_scripts_attachment( &falcon.cfg, // configuration Some("string"), // parent_type Some(vec!["string".to_string()]), // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cspm_gcp_user_scripts_attachment(parent_type: 'string', ids: ['ID1', 'ID2', 'ID3'])
puts responseGetCSPMGCPValidateAccountsExt
Section titled “GetCSPMGCPValidateAccountsExt”Run a synchronous health check.
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
POST /cloud-connect-cspm-gcp/entities/account/validate/v1
PEP 8
validate_gcp_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| resources | body | string or list of strings | GCP Account IDs to validate. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.validate_gcp_account(resources=id_list)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMGCPValidateAccountsExt(resources=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "resources": [ { "parent_id": "string" } ]}
response = falcon.command("GetCSPMGCPValidateAccountsExt", body=body_payload)print(response)Invoke-FalconCloudGcpHealthCheckpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
parent_id := "string"
response, err := client.CspmRegistration.GetCSPMGCPValidateAccountsExt( &cspm_registration.GetCSPMGCPValidateAccountsExtParams{ Body: &models.RegistrationGCPAccountValidationRequestV1{ Resources: []interface{}{ { ParentID: &parent_id, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCSPMGCPValidateAccountsExt( { resources: [{ parentId: "string" }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cspmgcp_validate_accounts_ext;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationGcpAccountValidationRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationGcpAccountValidationRequestV1 { resources: vec![GCPAccountValidationReqObjV1 { parent_id: Some("string".to_string()), ..Default::default() }], ..Default::default() };
let response = get_cspmgcp_validate_accounts_ext( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationGCPAccountValidationRequestV1.new( resources: [{ parent_id: 'string' }])
response = api.get_cspm_gcp_validate_accounts_ext(body)
puts responseValidateCSPMGCPServiceAccountExt
Section titled “ValidateCSPMGCPServiceAccountExt”Validates credentials for a service account
This operation has been deprecated and will be removed from the SDK when this endpoint is decommissioned.
POST /cloud-connect-cspm-gcp/entities/service-accounts/validate/v1
PEP 8
validate_gcp_service_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| client_email | body | string | Client email associated with the service account. |
| client_id | body | string | GCP Client ID. |
| private_key | body | string | GCP private key. |
| private_key_id | body | string | GCP private key ID. |
| project_id | body | string | GCP project ID. |
| resources | body | list of dictionaries | List of GCP service accounts to validate. Overrides other keywords except for body if used. |
| service_account_conditions | body | list of dictionaries | GCP service account conditions. |
| service_account_id | body | integer | GCP service account ID. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
resources = [ { "client_email": "string", "client_id": "string", "private_key": "string", "private_key_id": "string", "project_id": "string", "service_account_conditions": [ { "last_transition": "2024-03-19T22:48:28.987Z", "message": "string", "reason": "string", "status": "string", "type": "string" } ], "service_account_id": 0 }]
response = falcon.validate_gcp_service_account(client_email="string", client_id="string", private_key="string", private_key_id="string", project_id="string", resources=resources, service_account_conditions=[{"key": "value"}], service_account_id=integer)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
resources = [ { "client_email": "string", "client_id": "string", "private_key": "string", "private_key_id": "string", "project_id": "string", "service_account_conditions": [ { "last_transition": "2024-03-19T22:48:28.987Z", "message": "string", "reason": "string", "status": "string", "type": "string" } ], "service_account_id": 0 }]
response = falcon.ValidateCSPMGCPServiceAccountExt(client_email="string", client_id="string", private_key="string", private_key_id="string", project_id="string", resources=resources, service_account_conditions=[{"key": "value"}], service_account_id=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "client_email": "string", "client_id": "string", "private_key": "string", "private_key_id": "string", "project_id": "string", "service_account_conditions": [ { "feature": "string", "is_visible": boolean, "last_transition": "string", "message": "string", "reason": "string", "status": "string", "type": "string" } ], "service_account_id": integer } ]}
response = falcon.command("ValidateCSPMGCPServiceAccountExt", body=body_payload)print(response)Test-FalconCloudGcpServiceAccount -ServiceAccountId integer ` -ServiceAccountCondition @{} ` -ProjectId "string" ` -ClientId "string" ` -ClientEmail "string" ` -PrivateKeyId "string" ` -PrivateKey "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
client_email := "string" client_id := "string" private_key := "string" private_key_id := "string" project_id := "string" feature := "string" is_visible := boolean last_transition := "string" message := "string" reason := "string" status := "string" type := "string" service_account_id := integer
response, err := client.CspmRegistration.ValidateCSPMGCPServiceAccountExt( &cspm_registration.ValidateCSPMGCPServiceAccountExtParams{ Body: &models.RegistrationGCPServiceAccountValidationRequestV1{ Resources: []interface{}{ { ClientEmail: &client_email, ClientID: &client_id, PrivateKey: &private_key, PrivateKeyID: &private_key_id, ProjectID: &project_id, ServiceAccountConditions: []interface{}{ { Feature: &feature, IsVisible: &is_visible, LastTransition: &last_transition, Message: &message, Reason: &reason, Status: &status, Type: &type, }, }, ServiceAccountID: &service_account_id, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.validateCSPMGCPServiceAccountExt( { resources: [{ clientEmail: "string", clientId: "string", privateKey: "string", privateKeyId: "string", projectId: "string", serviceAccountConditions: [{ feature: "string", isVisible: boolean, lastTransition: "string", message: "string", reason: "string", status: "string", type: "string" }], serviceAccountId: integer }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::validate_cspmgcp_service_account_ext;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationGcpServiceAccountValidationRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationGcpServiceAccountValidationRequestV1 { resources: vec![], ..Default::default() };
let response = validate_cspmgcp_service_account_ext( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationGCPServiceAccountValidationRequestV1.new( resources: [{ client_email: 'string', client_id: 'string', private_key: 'string', private_key_id: 'string', project_id: 'string', service_account_conditions: [{ feature: 'string', is_visible: boolean, last_transition: 'string', message: 'string', reason: 'string', status: 'string', type: 'string' }], service_account_id: integer }])
response = api.validate_cspm_gcp_service_account_ext(body)
puts responseGetCSPMCGPAccount
Section titled “GetCSPMCGPAccount”Returns information about the current status of an GCP account.
GET /cloud-connect-cspm-gcp/entities/account/v1
PEP 8
get_gcp_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | list | Hierarchical Resource IDs of accounts |
| limit | query | integer | The maximum records to return. Defaults to 100. |
| offset | query | integer | The offset to start retrieving records from |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| parent_type | query | string | GCP Hierarchy Parent Type, organization/folder/project |
| scan_type | query | string | Type of scan, dry or full, to perform on selected accounts |
| sort | query | string | Order fields in ascending or descending order. Ex: parent_type|asc. |
| status | query | string | Account status to filter results by. |
Code Examples
Section titled “Code Examples”Examples coming soon.
Examples coming soon.
Examples coming soon.
Examples coming soon.
Examples coming soon.
Examples coming soon.
UpdateCSPMAzureAccount
Section titled “UpdateCSPMAzureAccount”Patches a existing account in our system for a customer.
PATCH /cloud-connect-cspm-azure/entities/account/v1
PEP 8
update_azure_accountParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | string | |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| body | body | dictionary | Full body payload as a JSON formatted dictionary. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_azure_account(account_type="string", client_id="string", default_subscription=boolean, subscription_id="string", tenant_id="string", years_valid=integer)print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.UpdateCSPMAzureAccount(account_type="string", client_id="string", default_subscription=boolean, subscription_id="string", tenant_id="string", years_valid=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "resources": [ { "environment": "string", "subscription_id": "string" } ]}
response = falcon.command("UpdateCSPMAzureAccount", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
environment := "string" subscription_id := "string"
response, err := client.CspmRegistration.UpdateCSPMAzureAccount( &cspm_registration.UpdateCSPMAzureAccountParams{ Body: &models.RegistrationAzureAccountPatchRequest{ Resources: []interface{}{ { Environment: &environment, SubscriptionID: &subscription_id, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.updateCSPMAzureAccount( { resources: [{ environment: "string", subscriptionId: "string" }]} // body);
console.log(response);use rusty_falcon::apis::cspm_registration_api::update_cspm_azure_account;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::RegistrationAzureAccountPatchRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = RegistrationAzureAccountPatchRequest { resources: vec![AzureAccountPatch { subscription_id: Some("string".to_string()), ..Default::default() }], ..Default::default() };
let response = update_cspm_azure_account( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
body = Falcon::RegistrationAzureAccountPatchRequest.new( resources: [{ environment: 'string', subscription_id: 'string' }])
response = api.update_cspm_azure_account(body)
puts responsegetCloudEventIDs
Section titled “getCloudEventIDs”Get list of related cloud event LogScale IDs for a given IOA
GET /detects/queries/cloud-events/v1
PEP 8
get_cloud_event_idsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| id | query | string | IOA Aggregate Event ID |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_cloud_event_ids(id="string")print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.getCloudEventIDs(id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("getCloudEventIDs", id="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/cspm_registration")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.CspmRegistration.GetCloudEventIDs( &cspm_registration.GetCloudEventIDsParams{ ID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.cspmRegistration.getCloudEventIDs("string"); // id
console.log(response);use rusty_falcon::apis::cspm_registration_api::get_cloud_event_ids;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_cloud_event_ids( &falcon.cfg, // configuration "string", // x_cs_useruuid "string", // id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::CspmRegistration.new
response = api.get_cloud_event_ids('string', 'string')
puts response