Skip to content
CrowdStrike Developer Center

Discover

The Discover service collection provides operations for searching and retrieving asset data across your environment. Search and retrieve details for applications, hosts, IoT hosts, accounts, and logins using FQL filters.

LanguageLast Update
Pythonv1.4.6
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

This service collection has code examples posted to the repository.

Table of Contents

Section titled “Table of Contents”
OperationDescription
combined_applications
query_combined_applications		Search for applications in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns details on applications which match the filter criteria.
combined_hosts
query_combined_hosts		Search for assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns details on assets which match the filter criteria.
get_accounts
get_accounts		Get details on accounts by providing one or more IDs.
get_applications
get_applications		Get details on applications by providing one or more IDs.
get_hosts
get_hosts		Get details on assets by providing one or more IDs.
get_iot_hosts
get_iot_hosts		Get details on IoT assets by providing one or more IDs.
get_logins
get_logins		Get details on logins by providing one or more IDs.
query_accounts
query_accounts		Search for accounts in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.
query_applications
query_applications		Search for applications in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of application IDs which match the filter criteria.
query_hosts
query_hosts		Search for assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.
query_iot_hosts
query_iot_hosts		Search for IoT assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.
query_iot_hostsV2
query_iot_hosts_v2		Search for IoT assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.
query_logins
query_logins		Search for logins in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

combined_applications

Section titled “combined_applications”

Search for applications in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns details on applications which match the filter criteria.

GET /discover/combined/applications/v1
Scope Discover: READ Produces application/json
PEP 8 query_combined_applications

Parameters

Section titled “Parameters”
NameTypeData typeDescription
facetquerystringSelect various details blocks to be returned for each application entity. Supported values: browser_extension, host_info, install_usage, package, ide_extension
filterquerystringFilter applications using a FQL query. A list of available filters can be found in the Available filters section below.
limitqueryintegerThe number of account IDs to return in this response (Max: 1000, Default: 100). Use with the after parameter to manage pagination of results.
afterquerystringA pagination token used with the limit parameter to manage pagination of results. On your first request, don’t provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
parametersquerydictionaryFull query string parameters payload in JSON format.
sortquerystringSort accounts by their properties. A single sort field is allowed. Common sort options include: username|asc, last_failed_login_timestamp|desc
Available filters
Section titled “Available filters”
NameDescription
idUnique ID of the application. Each application ID represents a particular instance of an application on a particular asset. Example: id:'a89xxxxxxxxxxxxxxxxxxxxxxxxx08e_137xxxxxxxxxxxx191'
cidThe application’s customer ID.
nameName of the application. Example: name:'Chrome'
vendorName of the application vendor.
versionApplication version.
name_vendorThe app name and vendor name for all application IDs with this application name, this field can be used to group results by application.
name_vendor_versionThe app name, vendor name, and vendor version for all application IDs with this application name, this field can be used to group results by application version.
versioning_schemeVersioning scheme of the application.
groupsAll application groups the application is assigned to.
categoryCategory the application is in.
architecturesApplication architecture.
installation_pathsFile paths of the application or executable file to the folder on the asset.
installation_timestampDate and time the application was installed, if available.
first_seen_timestampDate and time the application was first seen.
last_updated_timestampDate and time the installation fields of the application instance most recently changed.
last_used_user_sidFor Windows and macOS: Security identifier of the account that most recently used the application.
last_used_user_nameFor Windows and macOS: Username of the account that most recently used the application.
last_used_file_nameFor Windows and macOS: Most recent file name used for the application.
last_used_file_hashFor Windows and macOS: Most recent file hash used for the application.
last_used_timestampFor Windows and macOS: Date and time the application was most recently used.
is_normalizedFor Windows: Whether the application name is normalized (true or false).
is_suspiciousWhether the application is suspicious based on how often it’s been seen in a detection on that asset (true or false).
host.idUnique ID of the asset the application is on.
host.aidID of the Falcon sensor installed on the asset the application is on.
host.countryName of the country where the asset the application is on is located.
host.platform_nameThe platform name of the asset the application is on (Windows, Mac, Linux).
host.os_versionOS version of the asset the application is on.
host.kernel_versionFor Linux and Mac: The major version, minor version, and patch version of the kernel for the asset the application is on. For Windows: the build number of the asset the application is on.
host.product_type_descThe product type of the asset the application is on (Workstation, Domain Controller, Server).
host.tagsSensor and cloud tags of the asset the application is on.
host.groupsHost management groups the asset the application is on is part of.
host.agent_versionVersion of the Falcon sensor that’s installed on the asset the application is on.
host.system_manufacturerSystem manufacturer of the asset the application is on.
host.ouOrganizational unit of the asset the application is on.
host.machine_domainDomain name the asset the application is on is currently joined to.
host.site_nameSite name of the domain the asset the asset the application is on is joined to (applies only to Windows hosts).
host.external_ipExternal IPv4 address of the asset the application is on.
host.hostnameHostname of the asset the application is on.
host.current_network_prefixMost recent network prefix of the asset the application is on.
host.internet_exposureWhether the asset the application is on is exposed to the internet (Yes or Unknown).
host.current_mac_addressMost recent MAC address of the asset the application is on.

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


response = falcon.query_combined_applications(after="string",
                                              facet="string",
                                              filter="string",
                                              limit="string",
                                              sort="string")
print(response)

combined_hosts

Section titled “combined_hosts”

Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns details on assets which match the filter criteria.

GET /discover/combined/hosts/v1
Scope Discover: READ Produces application/json
PEP 8 query_combined_hosts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
facetquerystringSelect various details blocks to be returned for each host entity. Supported values: system_insights, third_party, risk_factors.
filterquerystringFilter assets using a FQL query. A complete list of available filters can be found in the Available FQL Filters section below.
limitqueryintegerThe number of asset IDs to return in this response (Max: 1000, Default: 100). Use with the after parameter to manage pagination of results.
afterquerystringA pagination token used with the limit parameter to manage pagination of results. On your first request, don’t provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
parametersquerydictionaryFull query string parameters payload in JSON format.
sortquerystringSort assets by their properties. A single sort field is allowed. Common sort options include: hostname|asc, product_type_desc|desc
Available FQL Filters
Section titled “Available FQL Filters”

Available filter fields that support exact match: id, aid, entity_type, country, city, platform_name, os_version, kernel_version, product_type_desc, tags, groups, agent_version, system_product_name, system_manufacturer, system_serial_number, bios_manufacturer, bios_version, ou, machine_domain, site_name, external_ip, hostname, local_ips_count, network_interfaces.local_ip, network_interfaces.mac_address, network_interfaces.interface_alias, network_interfaces.interface_description, network_interfaces.network_prefix, last_discoverer_aid, discoverer_count, discoverer_aids, discoverer_tags, discoverer_platform_names, discoverer_product_type_descs, confidence, internet_exposure, os_is_eol, data_providers, data_providers_count, mac_addresses, local_ip_addresses, reduced_functionality_mode, number_of_disk_drives, processor_package_count, physical_core_count, logical_core_count, total_disk_space, disk_sizes.disk_name, disk_sizes.disk_space, cpu_processor_name, total_memory, encryption_status, encrypted_drives, encrypted_drives_count, unencrypted_drives, unencrypted_drives_count, os_security.secure_boot_requested_status, os_security.device_guard_status, os_security.system_guard_status, os_security.credential_guard_status, os_security.iommu_protection_status, os_security.secure_boot_enabled_status, os_security.uefi_memory_protection_status, os_security.virtualization_based_security_status, os_security.kernel_dma_protection_status, total_bios_files, bios_hashes_data.sha256_hash, bios_hashes_data.measurement_type, bios_id, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.mount_path, mount_storage_info.used_space, mount_storage_info.available_space, form_factor, servicenow_id, owned_by, managed_by, assigned_to, department, fqdn, used_for, object_guid, object_sid, ad_user_account_control, account_enabled, creation_timestamp, email, os_service_pack, location, state, cpu_manufacturer, discovering_by, scan_details.scan_id, scan_details.schedule_id

Available filter fields that support range comparisons (>, <, >=, <=): first_seen_timestamp, last_seen_timestamp, local_ips_count, discoverer_count, confidence, number_of_disk_drives, processor_package_count, physical_core_count, data_providers_count, logical_core_count, total_disk_space, disk_sizes.disk_space, total_memory, encrypted_drives_count, unencrypted_drives_count, total_bios_files, average_processor_usage, average_memory_usage, average_memory_usage_pct, max_processor_usage, max_memory_usage, max_memory_usage_pct, used_disk_space, used_disk_space_pct, available_disk_space, available_disk_space_pct, mount_storage_info.used_space, mount_storage_info.available_space, ad_user_account_control, creation_timestamp, scan_details.scan_date, vulnerability_assessment_date

All filter fields and operations supports negation (!).

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


response = falcon.query_combined_hosts(facet="string",
                                       filter="string",
                                       limit="string",
                                       offset="string",
                                       sort="string")
print(response)

get_accounts

Section titled “get_accounts”

Get details on assets by providing one or more IDs.

GET /discover/entities/accounts/v1
Scope Discover: READ Produces application/json
PEP 8 get_accounts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsOne or more account IDs. (Max: 100) Find account IDs with query_accounts.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_accounts(ids=id_list)
print(response)

get_applications

Section titled “get_applications”

Get details on applications by providing one or more IDs.

GET /discover/entities/applications/v1
Scope Discover: READ Produces application/json
PEP 8 get_applications

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsOne or more account IDs. (Max: 100) Find account IDs with query_accounts.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_applications(ids=id_list)
print(response)

get_hosts

Section titled “get_hosts”

Get details on assets by providing one or more IDs.

GET /discover/entities/hosts/v1
Scope Discover: READ Produces application/json
PEP 8 get_hosts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsOne or more asset IDs. (Max: 100) Find asset IDs with query_hosts.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_hosts(ids=id_list)
print(response)

get_iot_hosts

Section titled “get_iot_hosts”

Get details on IoT assets by providing one or more IDs.

GET /discover/entities/iot-hosts/v1
Scope Discover IoT: READ Produces application/json
PEP 8 get_iot_hosts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsOne or more IoT asset IDs. (Max: 100) Find asset IDs with query_iot_hosts.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_iot_hosts(ids=id_list)
print(response)

get_logins

Section titled “get_logins”

Get details on assets by providing one or more IDs.

GET /discover/entities/logins/v1
Scope Discover: READ Produces application/json
PEP 8 get_logins

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsOne or more login IDs. (Max: 100) Find login IDs with query_logins.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_logins(ids=id_list)
print(response)

query_accounts

Section titled “query_accounts”

Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

GET /discover/queries/accounts/v1
Scope Discover: READ Produces application/json
PEP 8 query_accounts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter accounts using a FQL query. A complete list of available filters can be found in the Available FQL Filters section below.
limitqueryintegerThe number of account IDs to return in this response (Max: 100, Default: 100). Use with the offset parameter to manage pagination of results.
offsetquerystringAn offset used with the limit parameter to manage pagination of results. On your first request, don’t provide an offset. On subsequent requests, provide the offset from the previous response to continue from that place in the results.
parametersquerydictionaryFull query string parameters payload in JSON format.
sortquerystringSort accounts by their properties. A single sort field is allowed. Common sort options include: username|asc, last_failed_login_timestamp|desc
Available FQL Filters
Section titled “Available FQL Filters”

Common filters include:

  • account_type:'Local'
  • admin_privileges:'Yes'
  • first_seen_timestamp:<'now-7d'
  • last_successful_login_type:'Terminal server'
idlast_successful_login_timestamp
cidlast_successful_login_hostname
user_sidlast_successful_login_remote_ip
login_domainlast_successful_login_host_country
account_namelast_successful_login_host_city
usernamelast_failed_login_type
account_typelast_failed_login_timestamp
admin_privilegeslast_failed_login_hostname
first_seen_timestamppassword_last_set_timestamp
last_successful_login_type 

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


response = falcon.query_accounts(filter="string",
                                 limit="string",
                                 offset="string",
                                 sort="string")
print(response)

query_applications

Section titled “query_applications”

Search for applications in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of application IDs which match the filter criteria.

GET /discover/queries/applications/v1
Scope Discover: READ Produces application/json
PEP 8 query_applications

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter applications using a FQL query. A list of available filters can be found in the Available filters section below.
limitqueryintegerThe number of account IDs to return in this response (Max: 100, Default: 100). Use with the offset parameter to manage pagination of results.
offsetquerystringAn offset used with the limit parameter to manage pagination of results. On your first request, don’t provide an offset. On subsequent requests, provide the offset from the previous response to continue from that place in the results.
parametersquerydictionaryFull query string parameters payload in JSON format.
sortquerystringSort accounts by their properties. A single sort field is allowed. Common sort options include: username|asc, last_failed_login_timestamp|desc
Available filters
Section titled “Available filters”

Same filter set as combined_applications.

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


response = falcon.query_applications(filter="string",
                                     limit="string",
                                     offset="string",
                                     sort="string")
print(response)

query_hosts

Section titled “query_hosts”

Search for assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

GET /discover/queries/hosts/v1
Scope Discover: READ Produces application/json
PEP 8 query_hosts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter assets using a FQL query. A complete list of available filters can be found in the Available FQL Filters section below.
limitqueryintegerThe number of asset IDs to return in this response (Max: 100, Default: 100). Use with the offset parameter to manage pagination of results.
offsetquerystringAn offset used with the limit parameter to manage pagination of results. On your first request, don’t provide an offset. On subsequent requests, provide the offset from the previous response to continue from that place in the results.
parametersquerydictionaryFull query string parameters payload in JSON format.
sortquerystringSort assets by their properties. A single sort field is allowed. Common sort options include: hostname|asc, product_type_desc|desc
Available FQL Filters
Section titled “Available FQL Filters”
agent_versionkernel_version
aidlast_discoverer_aid
bios_manufacturerlast_seen_timestamp
bios_versionlocal_ips_count
cidmachine_domain
citynetwork_interfaces
confidencenetwork_interfaces.interface_alias
countrynetwork_interfaces.interface_description
current_local_ipnetwork_interfaces.local_ip
discoverer_aidsnetwork_interfaces.mac_address
discoverer_countnetwork_interfaces.network_prefix
discoverer_platform_namesos_version
discoverer_product_type_descsou
discoverer_tagsplatform_name
entity_typeproduct_type
external_ipproduct_type_desc
first_discoverer_aidsite_name
first_discoverer_ipsystem_manufacturer
first_seen_timestampsystem_product_name
groupssystem_serial_number
hostnametags
idscan_details.scan_id
scan_details.schedule_id 

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


response = falcon.query_hosts(filter="string",
                              limit="string",
                              offset="string",
                              sort="string")
print(response)

query_iot_hosts

Section titled “query_iot_hosts”

Search for IoT assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

GET /discover/queries/iot-hosts/v1
Scope Discover IoT: READ Produces application/json
PEP 8 query_iot_hosts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter assets using a FQL query. A complete list of available filters can be found in the Available FQL Filters section below.
limitqueryintegerThe number of IoT asset IDs to return in this response (Max: 100, Default: 100). Use with the offset parameter to manage pagination of results.
offsetquerystringAn offset used with the limit parameter to manage pagination of results. On your first request, don’t provide an offset. On subsequent requests, provide the offset from the previous response to continue from that place in the results.
parametersquerydictionaryFull query string parameters payload in JSON format.
sortquerystringSort IoT assets by their properties. A single sort field is allowed. Common sort options include: hostname|asc, product_type_desc|desc
Available FQL Filters
Section titled “Available FQL Filters”
agent_versionlocal_ips_count
aidmac_addresses
bios_manufacturermachine_domain
bios_versionnetwork_id
business_criticalitynetwork_interfaces
cidnetwork_interfaces.interface_alias
citynetwork_interfaces.interface_description
claroty_idnetwork_interfaces.local_ip
confidencenetwork_interfaces.mac_address
countrynetwork_interfaces.network_prefix
current_local_ipnumber_of_disk_drives
data_providersos_is_eol
data_providers_countos_version
device_classou
device_familyphysical_core_count
device_typeplatform_name
discoverer_countprocessor_package_count
discoverer_product_type_descsproduct_type_desc
discoverer_tagsprotocols
entity_typepurdue_level
external_ipreduced_functionality_mode
first_seen_timestampsite_name
groupssubnet
hostnamesystem_manufacturer
ics_idsystem_product_name
idsystem_serial_number
internet_exposuretags
kernel_versionvirtual_zone
last_seen_timestampvlan
local_ip_addresses 

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


response = falcon.query_iot_hosts(filter="string",
                                  limit="string",
                                  offset="string",
                                  sort="string")
print(response)

query_logins

Section titled “query_logins”

Search for accounts in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

GET /discover/queries/logins/v1
Scope Discover: READ Produces application/json
PEP 8 query_logins

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter logins using a FQL query. A complete list of available filters can be found in the Available FQL Filters section below.
limitqueryintegerThe number of login IDs to return in this response (Max: 100, Default: 100). Use with the offset parameter to manage pagination of results.
offsetquerystringAn offset used with the limit parameter to manage pagination of results. On your first request, don’t provide an offset. On subsequent requests, provide the offset from the previous response to continue from that place in the results.
parametersquerydictionaryFull query string parameters payload in JSON format.
sortquerystringSort logins by their properties. A single sort field is allowed. Common sort options include: account_name|asc, login_timestamp|desc
Available FQL Filters
Section titled “Available FQL Filters”

Common filters include:

  • account_type:'Local'
  • login_type:'Interactive'
  • first_seen_timestamp:<'now-7d'
  • admin_privileges:'No'
idlogin_timestamp
cidlogin_domain
login_statusadmin_privileges
account_idlocal_ip
host_idremote_ip
user_sidhost_country
aidhost_city
account_nameis_suspicious
usernamefailure_description
hostnamelogin_event_count
account_typeaggregation_time_interval
login_type 

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


response = falcon.query_logins(filter="string",
                               limit="string",
                               offset="string",
                               sort="string")
print(response)

query_iot_hostsV2

Section titled “query_iot_hostsV2”

Search for IoT assets in your environment by providing an FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria.

GET /discover/queries/iot-hosts/v2
Scope Discover IoT: READ Produces application/json
PEP 8 query_iot_hosts_v2

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter assets using a FQL query. A complete list of available filters can be found in the Available FQL Filters section below.
limitqueryintegerThe number of IoT asset IDs to return in this response (Max: 100, Default: 100). Use with the offset parameter to manage pagination of results.
offsetquerystringAn offset used with the limit parameter to manage pagination of results. On your first request, don’t provide an offset. On subsequent requests, provide the offset from the previous response to continue from that place in the results.
parametersquerydictionaryFull query string parameters payload in JSON format.
sortquerystringSort IoT assets by their properties. A single sort field is allowed. Common sort options include: hostname|asc, product_type_desc|desc
Available FQL Filters
Section titled “Available FQL Filters”

Same filter set as query_iot_hosts.

Code Examples

Section titled “Code Examples”
from falconpy import Discover


falcon = Discover(client_id=CLIENT_ID,
                  client_secret=CLIENT_SECRET
                  )


response = falcon.query_iot_hosts_v2(filter="string",
                                     limit="string",
                                     offset="string",
                                     sort="string")
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use