Device Control Policies

The Device Control Policies service collection provides operations for managing device control policies across your CrowdStrike Falcon environment. Search, create, update, and delete Device Control Policies. Set policy precedence, manage policy members, and configure default device control settings for USB and Bluetooth devices.

Language	Last Update
Python	v1.6.1
PowerShell	v2.2.9
Go	v0.20.0
TypeScript	v0.6.0
Rust	v0.7.0
Ruby	v1.2.0

Operation	Description
queryCombinedDeviceControlPolicyMembers `query_combined_policy_members`	Search for members of a Device Control Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria.
queryCombinedDeviceControlPolicies `query_combined_policies`	Search for Device Control Policies in your environment by providing a FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria.
getDefaultDeviceControlPolicies `get_default_policies`	Retrieve the configuration for the Default Device Control Policy.
updateDefaultDeviceControlPolicies `update_default_policies`	Update the configuration for the Default Device Control Policy.
performDeviceControlPoliciesAction `perform_action`	Perform the specified action on the Device Control Policies specified in the request.
getDefaultDeviceControlSettings `get_default_settings`	Get default device control settings (USB and Bluetooth).
updateDefaultDeviceControlSettings `update_default_settings`	Update the configuration for Default Device Control Settings.
setDeviceControlPoliciesPrecedence `set_precedence`	Sets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence.
getDeviceControlPolicies `get_policies`	Retrieve a set of Device Control Policies by specifying their IDs.
getDeviceControlPoliciesV2 `get_policies_v2`	Get device control policies for the given filter criteria. Supports USB and Bluetooth.
createDeviceControlPolicies `create_policies`	Create Device Control Policies by specifying details about the policy to create.
postDeviceControlPoliciesV2 `create_policies_v2`	Create Device Control Policies by specifying details about the policy to create.
deleteDeviceControlPolicies `delete_policies`	Delete a set of Device Control Policies by specifying their IDs.
patchDeviceControlPoliciesClassesV1 `update_policy_classes`	Update device control policy’s classes (USB and Bluetooth).
updateDeviceControlPolicies `update_policies`	Update Device Control Policies by specifying the ID of the policy and details to update.
patchDeviceControlPoliciesV2 `update_policies_v2`	Update Device Control Policies by specifying the ID of the policy and details to update.
queryDeviceControlPolicyMembers `query_policy_members`	Search for members of a Device Control Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.
queryDeviceControlPolicies `query_policies`	Search for Device Control Policies in your environment by providing a FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria.

queryCombinedDeviceControlPolicyMembers

Search for members of a Device Control Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria.

GET /policy/combined/device-control-members/v1

Scope Device Control Policies: READ Consumes · Produces application/json

PEP 8 query_combined_policy_members

Parameters

Name	Type	Data type	Description
filter	query	string	FQL Syntax formatted string used to limit the results.
id	query	integer	The ID of the Device Control Policy to search for members of.
limit	query	integer	Maximum number of records to return. (Max: 5000)
offset	query	integer	Starting index of overall result set from which to return ids.
sort	query	string	The property to sort by. (Ex: modified_timestamp.desc)
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.query_combined_policy_members(id="string",
                                                filter="string",
                                                limit=integer,
                                                offset=integer,
                                                sort="string")
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.queryCombinedDeviceControlPolicyMembers(id="string",
                                                          filter="string",
                                                          limit=integer,
                                                          offset=integer,
                                                          sort="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedDeviceControlPolicyMembers",
                          id="string",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string")
print(response)

Get-FalconDeviceControlPolicyMember -Filter "string" `
  -Sort "string" `
  -Limit integer `
  -Offset integer

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  iD := "string"
  filter := "string"
  offset := int64(0)
  limit := int64(0)
  sort := "string"

  response, err := client.DeviceControlPolicies.QueryCombinedDeviceControlPolicyMembers(
    &device_control_policies.QueryCombinedDeviceControlPolicyMembersParams{
      ID: &iD,
      Filter: &filter,
      Offset: &offset,
      Limit: &limit,
      Sort: &sort,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.queryCombinedDeviceControlPolicyMembers(
  "string",  // id
  "string",  // filter
  integer,  // offset
  integer,  // limit
  "string"  // sort
);

console.log(response);

use rusty_falcon::apis::device_control_policies_api::query_combined_device_control_policy_members;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = query_combined_device_control_policy_members(
        &falcon.cfg,  // configuration
        Some("string"),  // id
        Some("string"),  // filter
        Some(integer),  // offset
        Some(integer),  // limit
        Some("string"),  // sort
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

response = api.query_combined_device_control_policy_members(id: 'string',
                                                            filter: 'string',
                                                            offset: integer,
                                                            limit: integer,
                                                            sort: 'string')

puts response

queryCombinedDeviceControlPolicies

Search for Device Control Policies in your environment by providing a FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria.

GET /policy/combined/device-control/v1

Scope Device Control Policies: READ Consumes · Produces application/json

PEP 8 query_combined_policies

Parameters

Name	Type	Data type	Description
filter	query	string	FQL Syntax formatted string used to limit the results.
limit	query	integer	Maximum number of records to return. (Max: 5000)
offset	query	integer	Starting index of overall result set from which to return ids.
sort	query	string	The property to sort by. (Ex: modified_timestamp.desc)
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.query_combined_policies(filter="string",
                                          limit=integer,
                                          offset=integer,
                                          sort="string")
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.queryCombinedDeviceControlPolicies(filter="string",
                                                     limit=integer,
                                                     offset=integer,
                                                     sort="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryCombinedDeviceControlPolicies",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  filter := "string"
  offset := int64(0)
  limit := int64(0)
  sort := "string"

  response, err := client.DeviceControlPolicies.QueryCombinedDeviceControlPolicies(
    &device_control_policies.QueryCombinedDeviceControlPoliciesParams{
      Filter: &filter,
      Offset: &offset,
      Limit: &limit,
      Sort: &sort,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.queryCombinedDeviceControlPolicies(
  "string",  // filter
  integer,  // offset
  integer,  // limit
  "string"  // sort
);

console.log(response);

use rusty_falcon::apis::device_control_policies_api::query_combined_device_control_policies;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = query_combined_device_control_policies(
        &falcon.cfg,  // configuration
        Some("string"),  // filter
        Some(integer),  // offset
        Some(integer),  // limit
        Some("string"),  // sort
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

response = api.query_combined_device_control_policies(filter: 'string',
                                                      offset: integer,
                                                      limit: integer,
                                                      sort: 'string')

puts response

getDefaultDeviceControlPolicies

Retrieve the configuration for the Default Device Control Policy.

GET /policy/entities/default-device-control/v1

Scope Device Control Policies: READ Consumes · Produces application/json

PEP 8 get_default_policies

Parameters

No keywords or arguments accepted.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.get_default_policies()
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.getDefaultDeviceControlPolicies()
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("getDefaultDeviceControlPolicies")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.DeviceControlPolicies.GetDefaultDeviceControlPolicies(
    &device_control_policies.GetDefaultDeviceControlPoliciesParams{
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.getDefaultDeviceControlPolicies();

console.log(response);

use rusty_falcon::apis::device_control_policies_api::get_default_device_control_policies;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_default_device_control_policies(&falcon.cfg).await.expect("API call failed");  // configuration

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

response = api.get_default_device_control_policies

puts response

updateDefaultDeviceControlPolicies

Retrieve the configuration for the Default Device Control Policy.

PATCH /policy/entities/default-device-control/v1

Scope Device Control Policies: WRITE Consumes · Produces application/json

PEP 8 update_default_policies

Parameters

Name	Type	Data type	Description
blocked_custom_message	body	string	String containing the blocked notification custom message. When this keyword is provided, you do not need to provide the `blocked_notification` or `body` keywords.
blocked_notification	body	dictionary	Dictionary containing the blocked notification message. {“custom_message”: “string”, “use_custom”: true}
body	body	dictionary	Full body payload in JSON format.
restricted_custom_message	body	string	String containing the restricted notification custom message. When this keyword is provided, you do not need to provide the `restricted_notification` or `body` keywords.
restricted_notification	body	dictionary	Dictionary containing the restricted notification message. {“custom_message”: “string”, “use_custom”: true}

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.update_default_policies(blocked_notification={},
                                          blocked_custom_message="string",
                                          restricted_custom_message="string",
                                          restricted_notification={})
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.updateDefaultDeviceControlPolicies(blocked_notification={},
                                                     blocked_custom_message="string",
                                                     restricted_custom_message="string",
                                                     restricted_notification={})
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "custom_notifications": {
        "blocked_notification": {
            "custom_message": "string",
            "use_custom": boolean
        },
        "restricted_notification": {
            "custom_message": "string",
            "use_custom": boolean
        }
    }
}

response = falcon.command("updateDefaultDeviceControlPolicies", body=body_payload)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.DeviceControlPolicies.UpdateDefaultDeviceControlPolicies(
    &device_control_policies.UpdateDefaultDeviceControlPoliciesParams{
      Body: &models.DeviceControlReqUpdateDefaultDCPolicyV1{
        CustomNotifications: &struct{}{},
      },
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.updateDefaultDeviceControlPolicies(
  {
    customNotifications: {
      blockedNotification: {
        customMessage: "string",
        useCustom: boolean
      },
      restrictedNotification: {
        customMessage: "string",
        useCustom: boolean
      }
    }
}  // body
);

console.log(response);

use rusty_falcon::apis::device_control_policies_api::update_default_device_control_policies;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::DeviceControlReqUpdateDefaultDcPolicyV1;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = DeviceControlReqUpdateDefaultDcPolicyV1 {
        ..Default::default()
    };

    let response = update_default_device_control_policies(
        &falcon.cfg,  // configuration
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

body = Falcon::DeviceControlReqUpdateDefaultDCPolicyV1.new(
  custom_notifications: {
    blocked_notification: {
      custom_message: 'string',
      use_custom: boolean
    },
    restricted_notification: {
      custom_message: 'string',
      use_custom: boolean
    }
  }
)

response = api.update_default_device_control_policies(body)

puts response

performDeviceControlPoliciesAction

Perform the specified action on the Device Control Policies specified in the request.

POST /policy/entities/device-control-actions/v1

Scope Device Control Policies: WRITE Consumes · Produces application/json

PEP 8 perform_action

Parameters

Name	Type	Data type	Description
action_name	query	string	The action to perform. Allowed values: `add-host-group`, `add-rule-group`, `disable`, `enable`, `remove-host-group`, `remove-rule-group`.
action_parameters	body	list of dictionaries	List of name / value pairs in JSON format.
body	body	dictionary	Full body payload in JSON format.
group_id	body action_parameters	string	Host Group ID to apply the policy to. String. Overridden if `action_parameters` is specified.
ids	body	string or list of strings	Device Control Policy ID(s) to perform actions against.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.perform_action(action_name="string",
                                 action_parameters=[{"key": "value"}],
                                 group_id="string",
                                 ids=id_list)
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.performDeviceControlPoliciesAction(action_name="string",
                                                     action_parameters=[{"key": "value"}],
                                                     group_id="string",
                                                     ids=id_list)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

body_payload = {
    "action_parameters": [
        {
            "name": "string",
            "value": "string"
        }
    ],
    "ids": ["string"]
}

response = falcon.command("performDeviceControlPoliciesAction",
                          action_name="string",
                          body=body_payload)
print(response)

Invoke-FalconDeviceControlPolicyAction -Name "string" -Id "string"

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  name := "string"
  value := "string"

  response, err := client.DeviceControlPolicies.PerformDeviceControlPoliciesAction(
    &device_control_policies.PerformDeviceControlPoliciesActionParams{
      Body: &models.MsaEntityActionRequestV2{
        ActionParameters: []interface{}{
          {
          Name: &name,
          Value: &value,
          },
        },
        Ids: []string{"string"},
      },
      ActionName: "string",
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.performDeviceControlPoliciesAction(
  "string",  // actionName
  {  // body
      actionParameters: [{
          name: "string",
          value: "string"
        }],
      ids: []
  }
);

console.log(response);

use rusty_falcon::apis::device_control_policies_api::perform_device_control_policies_action;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::MsaEntityActionRequestV2;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = MsaEntityActionRequestV2 {
        ids: vec!["string".to_string()],
        ..Default::default()
    };

    let response = perform_device_control_policies_action(
        &falcon.cfg,  // configuration
        "string",  // action_name
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

body = Falcon::MsaEntityActionRequestV2.new(
  action_parameters: [{
      name: 'string',
      value: 'string'
    }],
  ids: []
)

response = api.perform_device_control_policies_action(body, 'string')

puts response

getDefaultDeviceControlSettings

Get default device control settings (USB and Bluetooth).

GET /policy/entities/device-control-default-settings/v1

Scope Device Control Policies: READ Consumes · Produces application/json

PEP 8 get_default_settings

Parameters

No keywords or arguments accepted.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.get_default_settings()
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.getDefaultDeviceControlSettings()
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("getDefaultDeviceControlSettings")
print(response)

Get-FalconDeviceControlNotification

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_with_bluetooth"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.DeviceControlWithBluetooth.GetDefaultDeviceControlSettings(
    &device_control_with_bluetooth.GetDefaultDeviceControlSettingsParams{
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlWithBluetooth.getDefaultDeviceControlSettings();

console.log(response);

use rusty_falcon::apis::device_control_with_bluetooth_api::get_default_device_control_settings;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_default_device_control_settings(&falcon.cfg).await.expect("API call failed");  // configuration

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlWithBluetooth.new

response = api.get_default_device_control_settings

puts response

updateDefaultDeviceControlSettings

Update the configuration for Default Device Control Settings.

PATCH /policy/entities/device-control-default-settings/v1

Scope Device Control Policies: WRITE Consumes · Produces application/json

PEP 8 update_default_settings

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format.
bluetooth_custom_notifications	body	dictionary	Device Control policy bluetooth custom notifications.
usb_custom_notifications	body	dictionary	Device Control policy USB custom notifications.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.update_default_settings(bluetooth_custom_notifications={},
                                          usb_custom_notifications={},
                                          usb_exceptions=[{"key": "value"}])
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.updateDefaultDeviceControlSettings(bluetooth_custom_notifications={},
                                                     usb_custom_notifications={},
                                                     usb_exceptions=[{"key": "value"}])
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "bluetooth_custom_notifications": {
        "blocked_notification": {
            "custom_message": "string",
            "use_custom": boolean
        }
    },
    "usb_custom_notifications": {
        "blocked_notification": {
            "custom_message": "string",
            "use_custom": boolean
        },
        "restricted_notification": {
            "custom_message": "string",
            "use_custom": boolean
        }
    }
}

response = falcon.command("updateDefaultDeviceControlSettings", body=body_payload)
print(response)

Edit-FalconDeviceControlNotification -Bluetooth @{} -Usb @{}

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_with_bluetooth"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.DeviceControlWithBluetooth.UpdateDefaultDeviceControlSettings(
    &device_control_with_bluetooth.UpdateDefaultDeviceControlSettingsParams{
      Body: &models.DeviceControlReqUpdateDefaultSettingsV1{
        BluetoothCustomNotifications: &struct{}{},
        UsbCustomNotifications: &struct{}{},
      },
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlWithBluetooth.updateDefaultDeviceControlSettings(
  {
    bluetoothCustomNotifications: {
      blockedNotification: {
        customMessage: "string",
        useCustom: boolean
      }
    },
    usbCustomNotifications: {
      blockedNotification: {
        customMessage: "string",
        useCustom: boolean
      },
      restrictedNotification: {
        customMessage: "string",
        useCustom: boolean
      }
    }
}  // body
);

console.log(response);

use rusty_falcon::apis::device_control_with_bluetooth_api::update_default_device_control_settings;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::DeviceControlReqUpdateDefaultSettingsV1;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = DeviceControlReqUpdateDefaultSettingsV1 {
        ..Default::default()
    };

    let response = update_default_device_control_settings(
        &falcon.cfg,  // configuration
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlWithBluetooth.new

body = Falcon::DeviceControlReqUpdateDefaultSettingsV1.new(
  bluetooth_custom_notifications: {
    blocked_notification: {
      custom_message: 'string',
      use_custom: boolean
    }
  },
  usb_custom_notifications: {
    blocked_notification: {
      custom_message: 'string',
      use_custom: boolean
    },
    restricted_notification: {
      custom_message: 'string',
      use_custom: boolean
    }
  }
)

response = api.update_default_device_control_settings(body)

puts response

setDeviceControlPoliciesPrecedence

Sets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence.

POST /policy/entities/device-control-precedence/v1

Scope Device Control Policies: WRITE Consumes · Produces application/json

PEP 8 set_precedence

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format.
ids	body	string or list of strings	Device Control Policy ID(s) to adjust precedence.
platform_name	body	string	OS platform name. (Linux, Mac, Windows)

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.set_precedence(ids=id_list, platform_name="string")
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.setDeviceControlPoliciesPrecedence(ids=id_list,
                                                     platform_name="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

body_payload = {
    "ids": ["string"],
    "platform_name": "string"
}

response = falcon.command("setDeviceControlPoliciesPrecedence", body=body_payload)
print(response)

Set-FalconDeviceControlPrecedence -PlatformName "string" -Id @("ID1", "ID2")

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  platform_name := "string"

  response, err := client.DeviceControlPolicies.SetDeviceControlPoliciesPrecedence(
    &device_control_policies.SetDeviceControlPoliciesPrecedenceParams{
      Body: &models.BaseSetPolicyPrecedenceReqV1{
        Ids: []string{"string"},
        PlatformName: &platform_name,
      },
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.setDeviceControlPoliciesPrecedence(
  {
    ids: [],
    platformName: "string"
}  // body
);

console.log(response);

use rusty_falcon::apis::device_control_policies_api::set_device_control_policies_precedence;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::BaseSetPolicyPrecedenceReqV1;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = BaseSetPolicyPrecedenceReqV1 {
        ids: vec!["string".to_string()],
        platform_name: Some("string".to_string()),
        ..Default::default()
    };

    let response = set_device_control_policies_precedence(
        &falcon.cfg,  // configuration
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

body = Falcon::BaseSetPolicyPrecedenceReqV1.new(
  ids: [],
  platform_name: 'string'
)

response = api.set_device_control_policies_precedence(body)

puts response

getDeviceControlPolicies

Retrieve a set of Device Control Policies by specifying their IDs.

GET /policy/entities/device-control/v1

Scope Device Control Policies: READ Consumes · Produces application/json

PEP 8 get_policies

Parameters

Name	Type	Data type	Description
ids	query	string or list of strings	The ID(s) of the Device Control Policies to return.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policies(ids=id_list)
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getDeviceControlPolicies(ids=id_list)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getDeviceControlPolicies",
                          ids=id_list)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.DeviceControlPolicies.GetDeviceControlPolicies(
    &device_control_policies.GetDeviceControlPoliciesParams{
      Ids: []string{"ID1", "ID2", "ID3"},
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.getDeviceControlPolicies(["ID1", "ID2", "ID3"]);  // ids

console.log(response);

use rusty_falcon::apis::device_control_policies_api::get_device_control_policies;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_device_control_policies(
        &falcon.cfg,  // configuration
        vec!["string".to_string()],  // ids
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

response = api.get_device_control_policies(['ID1', 'ID2', 'ID3'])

puts response

getDeviceControlPoliciesV2

Get device control policies for the given filter criteria. Supports USB and Bluetooth.

GET /policy/entities/device-control/v1

Scope Device Control Policies: READ Consumes · Produces application/json

PEP 8 get_policies_v2

Parameters

Name	Type	Data type	Description
ids	query	string or list of strings	The ID(s) of the Device Control Policies to return.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_policies_v2(ids=id_list)
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getDeviceControlPoliciesV2(ids=id_list)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getDeviceControlPoliciesV2",
                          ids=id_list)
print(response)

Get-FalconDeviceControlPolicy -Id @("ID1", "ID2")

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_with_bluetooth"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.DeviceControlWithBluetooth.GetDeviceControlPoliciesV2(
    &device_control_with_bluetooth.GetDeviceControlPoliciesV2Params{
      Ids: []string{"ID1", "ID2", "ID3"},
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlWithBluetooth.getDeviceControlPoliciesV2(["ID1", "ID2", "ID3"]);  // ids

console.log(response);

use rusty_falcon::apis::device_control_with_bluetooth_api::get_device_control_policies_v2;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_device_control_policies_v2(
        &falcon.cfg,  // configuration
        vec!["string".to_string()],  // ids
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlWithBluetooth.new

response = api.get_device_control_policies_v2(['ID1', 'ID2', 'ID3'])

puts response

createDeviceControlPolicies

Create Device Control Policies by specifying details about the policy to create.

POST /policy/entities/device-control/v1

Scope Device Control Policies: WRITE Consumes · Produces application/json

PEP 8 create_policies

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format.
description	body	string	Device Control Policy description.
clone_id	body	string	Device Control Policy ID to clone.
name	body	string	Device Control Policy name.
platform_name	body	string	Device Control Policy platform.
settings	body	dictionary	Device Control specific settings.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.create_policies(clone_id="string",
                                  description="string",
                                  name="string",
                                  platform_name="string",
                                  settings={})
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.createDeviceControlPolicies(clone_id="string",
                                              description="string",
                                              name="string",
                                              platform_name="string",
                                              settings={})
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "clone_id": "string",
            "description": "string",
            "name": "string",
            "platform_name": "string",
            "settings": {
                "classes": ["string"],
                "custom_notifications": {},
                "delete_exceptions": ["string"],
                "end_user_notification": "string",
                "enforcement_mode": "string",
                "enhanced_file_metadata": boolean
            }
        }
    ]
}

response = falcon.command("createDeviceControlPolicies", body=body_payload)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  clone_id := "string"
  description := "string"
  name := "string"
  platform_name := "string"

  response, err := client.DeviceControlPolicies.CreateDeviceControlPolicies(
    &device_control_policies.CreateDeviceControlPoliciesParams{
      Body: &models.DeviceControlCreatePoliciesV1{
        Resources: []interface{}{
          {
          CloneID: &clone_id,
          Description: &description,
          Name: &name,
          PlatformName: &platform_name,
          Settings: &struct{}{},
          },
        },
      },
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.createDeviceControlPolicies(
  {
    resources: [{
        cloneId: "string",
        description: "string",
        name: "string",
        platformName: "string",
        settings: {
          classes: [],
          customNotifications: {},
          deleteExceptions: [],
          endUserNotification: "string",
          enforcementMode: "string",
          enhancedFileMetadata: boolean
        }
      }]
}  // body
);

console.log(response);

use rusty_falcon::apis::device_control_policies_api::create_device_control_policies;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::DeviceControlCreatePoliciesV1;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = DeviceControlCreatePoliciesV1 {
        resources: vec![CreatePolicyReqV1 {
            name: Some("string".to_string()),
            platform_name: Some("string".to_string()),
            ..Default::default()
        }],
        ..Default::default()
    };

    let response = create_device_control_policies(
        &falcon.cfg,  // configuration
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

body = Falcon::DeviceControlCreatePoliciesV1.new(
  resources: [{
      clone_id: 'string',
      description: 'string',
      name: 'string',
      platform_name: 'string',
      settings: {
        classes: [],
        custom_notifications: {},
        delete_exceptions: [],
        end_user_notification: 'string',
        enforcement_mode: 'string',
        enhanced_file_metadata: boolean
      }
    }]
)

response = api.create_device_control_policies(body)

puts response

postDeviceControlPoliciesV2

Create Device Control Policies by specifying details about the policy to create.

POST /policy/entities/device-control/v1

Scope Device Control Policies: WRITE Consumes · Produces application/json

PEP 8 create_policies_v2

Parameters

Name	Type	Data type	Description
bluetooth_settings	body	dictionary	Device Control bluetooth specific settings.
body	body	dictionary	Full body payload in JSON format.
description	body	string	Device Control Policy description.
clone_id	body	string	Device Control Policy ID to clone.
name	body	string	Device Control Policy name.
platform_name	body	string	Device Control Policy platform.
usb_settings	body	dictionary	Device Control USB specific settings.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.create_policies_v2(bluetooth_settings={},
                                     clone_id="string",
                                     description="string",
                                     name="string",
                                     platform_name="string",
                                     usb_settings={})
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.postDeviceControlPoliciesV2(bluetooth_settings={},
                                              clone_id="string",
                                              description="string",
                                              name="string",
                                              platform_name="string",
                                              usb_settings={})
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "policies": [
        {
            "bluetooth_settings": {
                "custom_end_user_notifications": {},
                "end_user_notification": "string",
                "enforcement_mode": "string"
            },
            "clone_id": "string",
            "description": "string",
            "name": "string",
            "platform_name": "string",
            "usb_settings": {
                "custom_notifications": {},
                "end_user_notification": "string",
                "enforcement_mode": "string",
                "enhanced_file_metadata": boolean,
                "pcie_enforcement_mode": "string",
                "storage_space_enforcement_mode": "string",
                "user_based_enforcement_mode": "string",
                "whitelist_mode": "string"
            }
        }
    ]
}

response = falcon.command("postDeviceControlPoliciesV2", body=body_payload)
print(response)

New-FalconDeviceControlPolicy -Name "string" -PlatformName "string"

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_with_bluetooth"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  clone_id := "string"
  description := "string"
  name := "string"
  platform_name := "string"

  response, err := client.DeviceControlWithBluetooth.PostDeviceControlPoliciesV2(
    &device_control_with_bluetooth.PostDeviceControlPoliciesV2Params{
      Body: &models.DevicecontrolapiReqCreatePoliciesV1{
        Policies: []interface{}{
          {
          BluetoothSettings: &struct{}{},
          CloneID: &clone_id,
          Description: &description,
          Name: &name,
          PlatformName: &platform_name,
          UsbSettings: &struct{}{},
          },
        },
      },
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlWithBluetooth.postDeviceControlPoliciesV2(
  {
    policies: [{
        bluetoothSettings: {
          customEndUserNotifications: {},
          endUserNotification: "string",
          enforcementMode: "string"
        },
        cloneId: "string",
        description: "string",
        name: "string",
        platformName: "string",
        usbSettings: {
          customNotifications: {},
          endUserNotification: "string",
          enforcementMode: "string",
          enhancedFileMetadata: boolean,
          pcieEnforcementMode: "string",
          storageSpaceEnforcementMode: "string",
          userBasedEnforcementMode: "string",
          whitelistMode: "string"
        }
      }]
}  // body
);

console.log(response);

use rusty_falcon::apis::device_control_with_bluetooth_api::post_device_control_policies_v2;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::DevicecontrolapiReqCreatePoliciesV1;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = DevicecontrolapiReqCreatePoliciesV1 {
        policies: vec![],
        ..Default::default()
    };

    let response = post_device_control_policies_v2(
        &falcon.cfg,  // configuration
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlWithBluetooth.new

body = Falcon::DevicecontrolapiReqCreatePoliciesV1.new(
  policies: [{
      bluetooth_settings: {
        custom_end_user_notifications: {},
        end_user_notification: 'string',
        enforcement_mode: 'string'
      },
      clone_id: 'string',
      description: 'string',
      name: 'string',
      platform_name: 'string',
      usb_settings: {
        custom_notifications: {},
        end_user_notification: 'string',
        enforcement_mode: 'string',
        enhanced_file_metadata: boolean,
        pcie_enforcement_mode: 'string',
        storage_space_enforcement_mode: 'string',
        user_based_enforcement_mode: 'string',
        whitelist_mode: 'string'
      }
    }]
)

response = api.post_device_control_policies_v2(body)

puts response

deleteDeviceControlPolicies

Delete a set of Device Control Policies by specifying their IDs.

DELETE /policy/entities/device-control/v1

Scope Device Control Policies: WRITE Consumes · Produces application/json

PEP 8 delete_policies

Parameters

Name	Type	Data type	Description
ids	query	string or list of strings	The ID(s) of the Device Control Policies to delete.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_policies(ids=id_list)
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteDeviceControlPolicies(ids=id_list)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteDeviceControlPolicies",
                          ids=id_list)
print(response)

Remove-FalconDeviceControlPolicy -Id @("ID1", "ID2")

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.DeviceControlPolicies.DeleteDeviceControlPolicies(
    &device_control_policies.DeleteDeviceControlPoliciesParams{
      Ids: []string{"ID1", "ID2", "ID3"},
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.deleteDeviceControlPolicies(["ID1", "ID2", "ID3"]);  // ids

console.log(response);

use rusty_falcon::apis::device_control_policies_api::delete_device_control_policies;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = delete_device_control_policies(
        &falcon.cfg,  // configuration
        vec!["string".to_string()],  // ids
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

response = api.delete_device_control_policies(['ID1', 'ID2', 'ID3'])

puts response

patchDeviceControlPoliciesClassesV1

Update device control policy’s classes (USB and Bluetooth).

PATCH /policy/entities/device-control-classes/v1

Scope Device Control Policies: WRITE Consumes · Produces application/json

PEP 8 update_policy_classes

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format.
bluetooth_classes	body	dictionary	Bluetooth device control policy.
id	body	string	Device Control policy ID.
usb_classes	body	dictionary	USB device control policy.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.update_policy_classes(bluetooth_classes={},
                                        id="string",
                                        usb_classes={})
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.patchDeviceControlPoliciesClassesV1(bluetooth_classes={},
                                                      id="string",
                                                      usb_classes={})
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "policies": [
        {
            "bluetooth_classes": {
                "classes": ["string"],
                "delete_exceptions": ["string"],
                "upsert_exceptions": ["string"]
            },
            "id": "string",
            "usb_classes": {
                "classes": ["string"],
                "delete_exceptions": ["string"],
                "upsert_exceptions": ["string"]
            }
        }
    ]
}

response = falcon.command("patchDeviceControlPoliciesClassesV1", body=body_payload)
print(response)

Edit-FalconDeviceControlClass -Id "string"

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_with_bluetooth"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  id := "string"

  response, err := client.DeviceControlWithBluetooth.PatchDeviceControlPoliciesClassesV1(
    &device_control_with_bluetooth.PatchDeviceControlPoliciesClassesV1Params{
      Body: &models.DevicecontrolapiReqUpdatePoliciesClassesV1{
        Policies: []interface{}{
          {
          BluetoothClasses: &struct{}{},
          ID: &id,
          UsbClasses: &struct{}{},
          },
        },
      },
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlWithBluetooth.patchDeviceControlPoliciesClassesV1(
  {
    policies: [{
        bluetoothClasses: {
          classes: [],
          deleteExceptions: [],
          upsertExceptions: []
        },
        id: "string",
        usbClasses: {
          classes: [],
          deleteExceptions: [],
          upsertExceptions: []
        }
      }]
}  // body
);

console.log(response);

use rusty_falcon::apis::device_control_with_bluetooth_api::patch_device_control_policies_classes_v1;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::DevicecontrolapiReqUpdatePoliciesClassesV1;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = DevicecontrolapiReqUpdatePoliciesClassesV1 {
        policies: vec![ReqUpdatePolicyClassesV1 {
            id: Some("string".to_string()),
            ..Default::default()
        }],
        ..Default::default()
    };

    let response = patch_device_control_policies_classes_v1(
        &falcon.cfg,  // configuration
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlWithBluetooth.new

body = Falcon::DevicecontrolapiReqUpdatePoliciesClassesV1.new(
  policies: [{
      bluetooth_classes: {
        classes: [],
        delete_exceptions: [],
        upsert_exceptions: []
      },
      id: 'string',
      usb_classes: {
        classes: [],
        delete_exceptions: [],
        upsert_exceptions: []
      }
    }]
)

response = api.patch_device_control_policies_classes_v1(body)

puts response

updateDeviceControlPolicies

Update Device Control Policies by specifying the ID of the policy and details to update.

PATCH /policy/entities/device-control/v1

Scope Device Control Policies: WRITE Consumes · Produces application/json

PEP 8 update_policies

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format.
description	body	string	Device Control Policy description.
id	body	string	Device Control Policy ID to update.
name	body	string	Device Control Policy name.
settings	body	dictionary	Device control specific policy settings.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.update_policies(id="string",
                                  description="string",
                                  name="string",
                                  settings={})
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.updateDeviceControlPolicies(id="string",
                                              description="string",
                                              name="string",
                                              settings={})
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "description": "string",
            "id": "string",
            "name": "string",
            "settings": {
                "classes": ["string"],
                "custom_notifications": {},
                "delete_exceptions": ["string"],
                "end_user_notification": "string",
                "enforcement_mode": "string",
                "enhanced_file_metadata": boolean
            }
        }
    ]
}

response = falcon.command("updateDeviceControlPolicies", body=body_payload)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  description := "string"
  id := "string"
  name := "string"

  response, err := client.DeviceControlPolicies.UpdateDeviceControlPolicies(
    &device_control_policies.UpdateDeviceControlPoliciesParams{
      Body: &models.DeviceControlUpdatePoliciesReqV1{
        Resources: []interface{}{
          {
          Description: &description,
          ID: &id,
          Name: &name,
          Settings: &struct{}{},
          },
        },
      },
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.updateDeviceControlPolicies(
  {
    resources: [{
        description: "string",
        id: "string",
        name: "string",
        settings: {
          classes: [],
          customNotifications: {},
          deleteExceptions: [],
          endUserNotification: "string",
          enforcementMode: "string",
          enhancedFileMetadata: boolean
        }
      }]
}  // body
);

console.log(response);

use rusty_falcon::apis::device_control_policies_api::update_device_control_policies;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::DeviceControlUpdatePoliciesReqV1;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = DeviceControlUpdatePoliciesReqV1 {
        resources: vec![UpdatePolicyReqV1 {
            id: Some("string".to_string()),
            settings: Default::default(),
            ..Default::default()
        }],
        ..Default::default()
    };

    let response = update_device_control_policies(
        &falcon.cfg,  // configuration
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

body = Falcon::DeviceControlUpdatePoliciesReqV1.new(
  resources: [{
      description: 'string',
      id: 'string',
      name: 'string',
      settings: {
        classes: [],
        custom_notifications: {},
        delete_exceptions: [],
        end_user_notification: 'string',
        enforcement_mode: 'string',
        enhanced_file_metadata: boolean
      }
    }]
)

response = api.update_device_control_policies(body)

puts response

patchDeviceControlPoliciesV2

Update Device Control Policies by specifying the ID of the policy and details to update.

PATCH /policy/entities/device-control/v1

Scope Device Control Policies: WRITE Consumes · Produces application/json

PEP 8 update_policies_v2

Parameters

Name	Type	Data type	Description
bluetooth_settings	body	dictionary	Device control bluetooth specific policy settings.
body	body	dictionary	Full body payload in JSON format.
description	body	string	Device Control Policy description.
id	body	string	Device Control Policy ID to update.
name	body	string	Device Control Policy name.
usb_settings	body	dictionary	Device control USB specific policy settings.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.update_policies_v2(bluetooth_settings={},
                                     description="string",
                                     id="string",
                                     name="string",
                                     platform_name="string",
                                     usb_settings={})
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.patchDeviceControlPoliciesV2(bluetooth_settings={},
                                               description="string",
                                               id="string",
                                               name="string",
                                               platform_name="string",
                                               usb_settings={})
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "policies": [
        {
            "bluetooth_settings": {
                "custom_end_user_notifications": {},
                "end_user_notification": "string",
                "enforcement_mode": "string"
            },
            "description": "string",
            "id": "string",
            "name": "string",
            "propagated": boolean,
            "usb_settings": {
                "custom_notifications": {},
                "end_user_notification": "string",
                "enforcement_mode": "string",
                "enhanced_file_metadata": boolean,
                "pcie_enforcement_mode": "string",
                "storage_space_enforcement_mode": "string",
                "user_based_enforcement_mode": "string"
            }
        }
    ]
}

response = falcon.command("patchDeviceControlPoliciesV2", body=body_payload)
print(response)

Edit-FalconDeviceControlPolicy -Id "string"

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_with_bluetooth"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  description := "string"
  id := "string"
  name := "string"
  propagated := boolean

  response, err := client.DeviceControlWithBluetooth.PatchDeviceControlPoliciesV2(
    &device_control_with_bluetooth.PatchDeviceControlPoliciesV2Params{
      Body: &models.DevicecontrolapiReqUpdateBasesV1External{
        Policies: []interface{}{
          {
          BluetoothSettings: &struct{}{},
          Description: &description,
          ID: &id,
          Name: &name,
          Propagated: &propagated,
          UsbSettings: &struct{}{},
          },
        },
      },
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlWithBluetooth.patchDeviceControlPoliciesV2(
  {
    policies: [{
        bluetoothSettings: {
          customEndUserNotifications: {},
          endUserNotification: "string",
          enforcementMode: "string"
        },
        description: "string",
        id: "string",
        name: "string",
        propagated: boolean,
        usbSettings: {
          customNotifications: {},
          endUserNotification: "string",
          enforcementMode: "string",
          enhancedFileMetadata: boolean,
          pcieEnforcementMode: "string",
          storageSpaceEnforcementMode: "string",
          userBasedEnforcementMode: "string"
        }
      }]
}  // body
);

console.log(response);

use rusty_falcon::apis::device_control_with_bluetooth_api::patch_device_control_policies_v2;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::DevicecontrolapiReqUpdateBasesV1External;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = DevicecontrolapiReqUpdateBasesV1External {
        policies: vec![ReqUpdateBaseV1External {
            id: Some("string".to_string()),
            propagated: Some(boolean),
            ..Default::default()
        }],
        ..Default::default()
    };

    let response = patch_device_control_policies_v2(
        &falcon.cfg,  // configuration
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlWithBluetooth.new

body = Falcon::DevicecontrolapiReqUpdateBasesV1External.new(
  policies: [{
      bluetooth_settings: {
        custom_end_user_notifications: {},
        end_user_notification: 'string',
        enforcement_mode: 'string'
      },
      description: 'string',
      id: 'string',
      name: 'string',
      propagated: boolean,
      usb_settings: {
        custom_notifications: {},
        end_user_notification: 'string',
        enforcement_mode: 'string',
        enhanced_file_metadata: boolean,
        pcie_enforcement_mode: 'string',
        storage_space_enforcement_mode: 'string',
        user_based_enforcement_mode: 'string'
      }
    }]
)

response = api.patch_device_control_policies_v2(body)

puts response

queryDeviceControlPolicyMembers

Search for members of a Device Control Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria.

GET /policy/queries/device-control-members/v1

Scope Device Control Policies: READ Consumes · Produces application/json

PEP 8 query_policy_members

Parameters

Name	Type	Data type	Description
filter	query	string	FQL Syntax formatted string used to limit the results.
id	query	integer	The ID of the Device Control Policy to search for members of.
limit	query	integer	Maximum number of records to return. (Max: 5000)
offset	query	integer	Starting index of overall result set from which to return ids.
sort	query	string	The property to sort by. (Ex: modified_timestamp.desc)
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.query_policy_members(id="string",
                                       filter="string",
                                       limit=integer,
                                       offset=integer,
                                       sort="string")
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.queryDeviceControlPolicyMembers(id="string",
                                                  filter="string",
                                                  limit=integer,
                                                  offset=integer,
                                                  sort="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryDeviceControlPolicyMembers",
                          id="string",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string")
print(response)

Get-FalconDeviceControlPolicyMember -Filter "string" `
  -Sort "string" `
  -Limit integer `
  -Offset integer

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  iD := "string"
  filter := "string"
  offset := int64(0)
  limit := int64(0)
  sort := "string"

  response, err := client.DeviceControlPolicies.QueryDeviceControlPolicyMembers(
    &device_control_policies.QueryDeviceControlPolicyMembersParams{
      ID: &iD,
      Filter: &filter,
      Offset: &offset,
      Limit: &limit,
      Sort: &sort,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.queryDeviceControlPolicyMembers(
  "string",  // id
  "string",  // filter
  integer,  // offset
  integer,  // limit
  "string"  // sort
);

console.log(response);

use rusty_falcon::apis::device_control_policies_api::query_device_control_policy_members;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = query_device_control_policy_members(
        &falcon.cfg,  // configuration
        Some("string"),  // id
        Some("string"),  // filter
        Some(integer),  // offset
        Some(integer),  // limit
        Some("string"),  // sort
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

response = api.query_device_control_policy_members(id: 'string',
                                                   filter: 'string',
                                                   offset: integer,
                                                   limit: integer,
                                                   sort: 'string')

puts response

queryDeviceControlPolicies

Search for Device Control Policies in your environment by providing a FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria.

GET /policy/queries/device-control/v1

Scope Device Control Policies: READ Consumes · Produces application/json

PEP 8 query_policies

Parameters

Name	Type	Data type	Description
filter	query	string	FQL Syntax formatted string used to limit the results.
limit	query	integer	Maximum number of records to return. (Max: 5000)
offset	query	integer	Starting index of overall result set from which to return ids.
sort	query	string	The property to sort by. (Ex: modified_timestamp.desc)
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.query_policies(filter="string",
                                 limit=integer,
                                 offset=integer,
                                 sort="string")
print(response)

from falconpy import DeviceControlPolicies

falcon = DeviceControlPolicies(client_id=CLIENT_ID,
                               client_secret=CLIENT_SECRET
                               )

response = falcon.queryDeviceControlPolicies(filter="string",
                                             limit=integer,
                                             offset=integer,
                                             sort="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryDeviceControlPolicies",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string")
print(response)

Get-FalconDeviceControlPolicy -Filter "string" `
  -Sort "string" `
  -Limit integer `
  -Offset integer

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/device_control_policies"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  filter := "string"
  offset := int64(0)
  limit := int64(0)
  sort := "string"

  response, err := client.DeviceControlPolicies.QueryDeviceControlPolicies(
    &device_control_policies.QueryDeviceControlPoliciesParams{
      Filter: &filter,
      Offset: &offset,
      Limit: &limit,
      Sort: &sort,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.deviceControlPolicies.queryDeviceControlPolicies(
  "string",  // filter
  integer,  // offset
  integer,  // limit
  "string"  // sort
);

console.log(response);

use rusty_falcon::apis::device_control_policies_api::query_device_control_policies;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = query_device_control_policies(
        &falcon.cfg,  // configuration
        Some("string"),  // filter
        Some(integer),  // offset
        Some(integer),  // limit
        Some("string"),  // sort
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::DeviceControlPolicies.new

response = api.query_device_control_policies(filter: 'string',
                                             offset: integer,
                                             limit: integer,
                                             sort: 'string')

puts response

Device Control Policies

Table of Contents

queryCombinedDeviceControlPolicyMembers

Parameters

Code Examples

queryCombinedDeviceControlPolicies

Parameters

Code Examples

getDefaultDeviceControlPolicies

Parameters

Code Examples

updateDefaultDeviceControlPolicies

Parameters

Code Examples

performDeviceControlPoliciesAction

Parameters

Code Examples

getDefaultDeviceControlSettings

Parameters

Code Examples

updateDefaultDeviceControlSettings

Parameters

Code Examples

setDeviceControlPoliciesPrecedence

Parameters

Code Examples

getDeviceControlPolicies

Parameters

Code Examples

getDeviceControlPoliciesV2

Parameters

Code Examples

createDeviceControlPolicies

Parameters

Code Examples

postDeviceControlPoliciesV2

Parameters

Code Examples

deleteDeviceControlPolicies

Parameters

Code Examples

patchDeviceControlPoliciesClassesV1

Parameters

Code Examples

updateDeviceControlPolicies

Parameters

Code Examples

patchDeviceControlPoliciesV2

Parameters

Code Examples

queryDeviceControlPolicyMembers

Parameters

Code Examples

queryDeviceControlPolicies

Parameters

Code Examples