Exposure Management
The Exposure Management service collection provides operations for managing external assets and ecosystem subsidiaries. Aggregate external asset data, retrieve and update assets, manage ecosystem subsidiaries, download asset blobs, and query assets using FQL filters.
| Language | Last Update |
|---|---|
| Python | v1.5.4 |
| PowerShell | v2.2.9 |
| Go | v0.20.0 |
| TypeScript | v0.6.0 |
| Rust | v0.7.0 |
| Ruby | v1.2.0 |
Table of Contents
Section titled “Table of Contents”| Operation | Description |
|---|---|
aggregate_external_assetsaggregate_assets | Returns external assets aggregates. |
combined_ecosystem_subsidiariesquery_combined_ecosystem_subsidiaries | Retrieves a list of ecosystem subsidiaries with their detailed information. |
blob_download_external_assetsdownload_assets | Download the entire contents of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request. |
blob_preview_external_assetspreview_assets | Download a preview of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request. |
get_ecosystem_subsidiariesget_ecosystem_subsidiaries | Retrieves detailed information about ecosystem subsidiaries by ID. |
post_external_assets_inventory_v1add_assets | Add external assets for external asset scanning. |
get_external_assetsget_assets | Get details on external assets by providing one or more IDs. |
delete_external_assetsdelete_assets | Delete multiple external assets. |
patch_external_assetsupdate_assets | Update the details of external assets. |
query_ecosystem_subsidiariesquery_ecosystem_subsidiaries | Retrieves a list of IDs for ecosystem subsidiaries. |
query_external_assetsquery_assets_v1 | Get a list of external asset IDs that match the provided filter conditions. Use these IDs with the /entities/external-assets/v1 endpoints |
query_external_assets_v2query_assets | Query external assets (v2). |
aggregate_external_assets
Section titled “aggregate_external_assets”Returns external assets aggregates.
POST /fem/aggregates/external-assets/v1
PEP 8
aggregate_assetsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| date_ranges | body | list of dictionaries | Applies to date_range aggregations. Example: [{“from”: “2016-05-28T09:00:31Z”,“to”: “2016-05-30T09:00:31Z”},{“from”: “2016-06-01T09:00:31Z”,“to”: “2016-06-10T09:00:31Z”}] |
| exclude | body | string | Elements to exclude. |
| field | body | string | The field on which to compute the aggregation. |
| filter | body | string | FQL syntax formatted string to use to filter the results. |
| from | body | integer | Starting position. |
| include | body | string | Elements to include. |
| interval | body | string | Time interval for date histogram aggregations. Valid values include: year, month, week, day, hour, minute |
| max_doc_count | body | integer | Only return buckets if values are less than or equal to the value here. |
| min_doc_count | body | integer | Only return buckets if values are greater than or equal to the value here. |
| missing | body | string | Missing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value. |
| name | body | string | Name of the aggregate query, as chosen by the user. Used to identify the results returned to you. |
| q | body | string | Full text search across all metadata fields. |
| ranges | body | list of dictionaries | Applies to range aggregations. Ranges values will depend on field. For example, if max_severity is used, ranges might look like: [{“From”: 0,“To”: 70},{“From”: 70,“To”: 100}] |
| size | body | integer | The max number of term buckets to be returned. |
| sub_aggregates | body | list of dictionaries | A nested aggregation, such as: [{“name”: “max_first_behavior”,“type”: “max”,“field”: “first_behavior”}]. There is a maximum of 3 nested aggregations per request. |
| sort | body | string | FQL syntax string to sort bucket results. _count - sort by document count, _term - sort by the string value alphabetically. Supports asc and desc using | format. Example: _count|desc |
| time_zone | body | string | Time zone for bucket results. |
| type | body | string | Type of aggregation. Valid values include: date_histogram, date_range, terms, range, cardinality, max, min, avg, sum, percentiles |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
ranges = [ { "From": 0, "To": 0 }]
response = falcon.aggregate_assets(date_ranges="string", exclude="string", field="string", filter="string", from=integer, include="string", interval="string", max_doc_count=integer, min_doc_count=integer, missing="string", name="string", q="string", ranges=ranges, size=integer, sort="string", sub_aggregates=["string"], time_zone="string", type="string")print(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
ranges = [ { "From": 0, "To": 0 }]
response = falcon.aggregate_external_assets(date_ranges="string", exclude="string", field="string", filter="string", from=integer, include="string", interval="string", max_doc_count=integer, min_doc_count=integer, missing="string", name="string", q="string", ranges=ranges, size=integer, sort="string", sub_aggregates=["string"], time_zone="string", type="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = [ { "date_ranges": [ { "from": "string", "to": "string" } ], "exclude": "string", "extended_bounds": { "max": "string", "min": "string" }, "field": "string", "filter": "string", "filters_spec": { "filters": {}, "other_bucket": boolean, "other_bucket_key": "string" }, "from": integer, "include": "string", "interval": "string", "max_doc_count": integer, "min_doc_count": integer, "missing": "string", "name": "string", "percents": ["string"], "q": "string", "ranges": [ { "from": integer, "to": integer } ], "size": integer, "sort": "string", "sub_aggregates": [ { "date_ranges": ["string"], "exclude": "string", "extended_bounds": {}, "field": "string", "filter": "string", "filters_spec": {}, "from": integer, "include": "string", "interval": "string", "max_doc_count": integer, "min_doc_count": integer, "missing": "string", "name": "string", "percents": ["string"], "q": "string", "ranges": ["string"], "size": integer, "sort": "string", "sub_aggregates": ["string"], "time_zone": "string", "type": "string" } ], "time_zone": "string", "type": "string" }]
response = falcon.command("aggregate_external_assets", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
from := "string" to := "string" exclude := "string" field := "string" filter := "string" from := integer include := "string" interval := "string" max_doc_count := integer min_doc_count := integer missing := "string" name := "string" q := "string" From := integer To := integer size := integer sort := "string" time_zone := "string" type := "string"
response, err := client.ExposureManagement.AggregateExternalAssets( &exposure_management.AggregateExternalAssetsParams{ Body: []*models.MsaAggregateQueryRequest{ { DateRanges: []interface{}{ { From: &from, To: &to, }, }, Exclude: &exclude, ExtendedBounds: &struct{}{}, Field: &field, Filter: &filter, FiltersSpec: &struct{}{}, From: &from, Include: &include, Interval: &interval, MaxDocCount: &max_doc_count, MinDocCount: &min_doc_count, Missing: &missing, Name: &name, Percents: []interface{}{}, Q: &q, Ranges: []interface{}{ { From: &From, To: &To, }, }, Size: &size, Sort: &sort, SubAggregates: []interface{}{ { DateRanges: []interface{}{ { From: &from, To: &to, }, }, Exclude: &exclude, ExtendedBounds: &struct{}{}, Field: &field, Filter: &filter, FiltersSpec: &struct{}{}, From: &from, Include: &include, Interval: &interval, MaxDocCount: &max_doc_count, MinDocCount: &min_doc_count, Missing: &missing, Name: &name, Percents: []interface{}{}, Q: &q, Ranges: []interface{}{ { From: &From, To: &To, }, }, Size: &size, Sort: &sort, SubAggregates: []interface{}{ { DateRanges: []interface{}{}, Exclude: &exclude, ExtendedBounds: &struct{}{}, Field: &field, Filter: &filter, FiltersSpec: &struct{}{}, From: &from, Include: &include, Interval: &interval, MaxDocCount: &max_doc_count, MinDocCount: &min_doc_count, Missing: &missing, Name: &name, Percents: []interface{}{}, Q: &q, Ranges: []interface{}{}, Size: &size, Sort: &sort, SubAggregates: []interface{}{}, TimeZone: &time_zone, Type: &type, }, }, TimeZone: &time_zone, Type: &type, }, }, TimeZone: &time_zone, Type: &type, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.aggregateExternalAssets( [{ dateRanges: [{ from: "string", to: "string" }], exclude: "string", extendedBounds: { max: "string", min: "string" }, field: "string", filter: "string", filtersSpec: { filters: {}, otherBucket: boolean, otherBucketKey: "string" }, from: integer, include: "string", interval: "string", maxDocCount: integer, minDocCount: integer, missing: "string", name: "string", percents: [], q: "string", ranges: [{ From: integer, To: integer }], size: integer, sort: "string", subAggregates: [{ dateRanges: [{ from: "string", to: "string" }], exclude: "string", extendedBounds: { max: "string", min: "string" }, field: "string", filter: "string", filtersSpec: { filters: {}, otherBucket: boolean, otherBucketKey: "string" }, from: integer, include: "string", interval: "string", maxDocCount: integer, minDocCount: integer, missing: "string", name: "string", percents: [], q: "string", ranges: [{ From: integer, To: integer }], size: integer, sort: "string", subAggregates: [{ dateRanges: [], exclude: "string", extendedBounds: {}, field: "string", filter: "string", filtersSpec: {}, from: integer, include: "string", interval: "string", maxDocCount: integer, minDocCount: integer, missing: "string", name: "string", percents: [], q: "string", ranges: [], size: integer, sort: "string", subAggregates: [], timeZone: "string", type: "string" }], timeZone: "string", type: "string" }], timeZone: "string", type: "string"}] // body);
console.log(response);use rusty_falcon::apis::exposure_management_api::aggregate_external_assets;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::MsaAggregateQueryRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = vec![MsaAggregateQueryRequest { date_ranges: vec![DateRangeSpec { from: Some("string".to_string()), to: Some("string".to_string()), ..Default::default() }], exclude: Some("string".to_string()), field: Some("string".to_string()), filter: Some("string".to_string()), filters_spec: Default::default(), from: Some(integer), include: Some("string".to_string()), interval: Some("string".to_string()), missing: Some("string".to_string()), name: Some("string".to_string()), percents: vec![], q: Some("string".to_string()), ranges: vec![RangeSpec { from: Some(integer), to: Some(integer), ..Default::default() }], size: Some(integer), sort: Some("string".to_string()), sub_aggregates: vec![AggregateQueryRequest { date_ranges: vec![DateRangeSpec { from: Some("string".to_string()), to: Some("string".to_string()), ..Default::default() }], exclude: Some("string".to_string()), field: Some("string".to_string()), filter: Some("string".to_string()), filters_spec: Default::default(), from: Some(integer), include: Some("string".to_string()), interval: Some("string".to_string()), missing: Some("string".to_string()), name: Some("string".to_string()), percents: vec![], q: Some("string".to_string()), ranges: vec![RangeSpec { from: Some(integer), to: Some(integer), ..Default::default() }], size: Some(integer), sort: Some("string".to_string()), sub_aggregates: vec![AggregateQueryRequest { date_ranges: vec![], exclude: Some("string".to_string()), field: Some("string".to_string()), filter: Some("string".to_string()), filters_spec: Default::default(), from: Some(integer), include: Some("string".to_string()), interval: Some("string".to_string()), missing: Some("string".to_string()), name: Some("string".to_string()), percents: vec![], q: Some("string".to_string()), ranges: vec![], size: Some(integer), sort: Some("string".to_string()), sub_aggregates: vec![], time_zone: Some("string".to_string()), type: Some("string".to_string()), ..Default::default() }], time_zone: Some("string".to_string()), type: Some("string".to_string()), ..Default::default() }], time_zone: Some("string".to_string()), type: Some("string".to_string()), ..Default::default() }];
let response = aggregate_external_assets( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
body = [Falcon::MsaAggregateQueryRequest.new( date_ranges: [{ from: 'string', to: 'string' }], exclude: 'string', extended_bounds: { max: 'string', min: 'string' }, field: 'string', filter: 'string', filters_spec: { filters: {}, other_bucket: boolean, other_bucket_key: 'string' }, from: integer, include: 'string', interval: 'string', max_doc_count: integer, min_doc_count: integer, missing: 'string', name: 'string', percents: [], q: 'string', ranges: [{ From: integer, To: integer }], size: integer, sort: 'string', sub_aggregates: [{ date_ranges: [{ from: 'string', to: 'string' }], exclude: 'string', extended_bounds: { max: 'string', min: 'string' }, field: 'string', filter: 'string', filters_spec: { filters: {}, other_bucket: boolean, other_bucket_key: 'string' }, from: integer, include: 'string', interval: 'string', max_doc_count: integer, min_doc_count: integer, missing: 'string', name: 'string', percents: [], q: 'string', ranges: [{ From: integer, To: integer }], size: integer, sort: 'string', sub_aggregates: [{ date_ranges: [], exclude: 'string', extended_bounds: {}, field: 'string', filter: 'string', filters_spec: {}, from: integer, include: 'string', interval: 'string', max_doc_count: integer, min_doc_count: integer, missing: 'string', name: 'string', percents: [], q: 'string', ranges: [], size: integer, sort: 'string', sub_aggregates: [], time_zone: 'string', type: 'string' }], time_zone: 'string', type: 'string' }], time_zone: 'string', type: 'string')]
response = api.aggregate_external_assets(body)
puts responsecombined_ecosystem_subsidiaries
Section titled “combined_ecosystem_subsidiaries”Retrieves a list of ecosystem subsidiaries with their detailed information.
GET /fem/combined/ecosystem-subsidiaries/v1
PEP 8
query_combined_ecosystem_subsidiariesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| offset | query | integer | Starting index of result set from which to return subsidiaries |
| limit | query | integer | The maximum number of subsidiaries to return in the response. |
| filter | query | string | Filter ecosystem subsidiaries |
| parameters | query | dictionary | Full query string parameters payload as a dictionary. Not required when using other keywords. |
| sort | query | string | The field by which to sort the list of subsidiaries. Possible values: name, primary_domain. Sort order can be specified by appending “asc” or “desc” to the field name (e.g. “name|asc” or “primary_domain|desc”). |
| version_id | query | string | The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter is required to ensure data consistency and prevent stale data. If a new version of the ecosystem subsidiaries data is written, the version ID will be updated. By including this parameter in the request, the client can ensure that the response will be invalidated if a new version is written. |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_combined_ecosystem_subsidiaries(offset=integer, limit=integer, sort="string", filter="string", version_id="string")print(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.combined_ecosystem_subsidiaries(offset=integer, limit=integer, sort="string", filter="string", version_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("combined_ecosystem_subsidiaries", offset=integer, limit=integer, filter="string", sort="string", version_id="string")print(response)Get-FalconSubsidiary -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
offset := int64(0) limit := int64(0) filter := "string" sort := "string" versionID := "string"
response, err := client.ExposureManagement.CombinedEcosystemSubsidiaries( &exposure_management.CombinedEcosystemSubsidiariesParams{ Offset: &offset, Limit: &limit, Filter: &filter, Sort: &sort, VersionID: &versionID, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.combinedEcosystemSubsidiaries( integer, // offset integer, // limit "string", // filter "string", // sort "string" // versionId);
console.log(response);use rusty_falcon::apis::exposure_management_api::combined_ecosystem_subsidiaries;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = combined_ecosystem_subsidiaries( &falcon.cfg, // configuration Some(integer), // offset Some(integer), // limit Some("string"), // filter Some("string"), // sort Some("string"), // version_id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
response = api.combined_ecosystem_subsidiaries(offset: integer, limit: integer, filter: 'string', sort: 'string', version_id: 'string')
puts responseblob_download_external_assets
Section titled “blob_download_external_assets”Download the entire contents of the blob. The relative link to this endpoint is returned in the get_external_assets request.
GET /fem/entities/blobs-download/v1
PEP 8
download_assetsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| assetId | query | string | The Asset ID |
| hash | query | string | The File Hash |
| parameters | query | dictionary | Full query string parameters payload as a dictionary. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.download_assets(assetId="string", hash="string", stream=boolean) save_file.write(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.blob_download_external_assets(assetId="string", hash="string", stream=boolean) save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.command("blob_download_external_assets", asset_id="string", hash="string") save_file.write(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ExposureManagement.BlobDownloadExternalAssets( &exposure_management.BlobDownloadExternalAssetsParams{ AssetID: "string", Hash: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.blobDownloadExternalAssets( "string", // assetId "string" // hash);
console.log(response);use rusty_falcon::apis::exposure_management_api::blob_download_external_assets;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = blob_download_external_assets( &falcon.cfg, // configuration "string", // asset_id "string", // hash ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
response = api.blob_download_external_assets('string', 'string')
puts responseblob_preview_external_assets
Section titled “blob_preview_external_assets”Download a preview of the blob. The relative link to this endpoint is returned in the get_external_assets request.
GET /fem/entities/blobs-preview/v1
PEP 8
preview_assetsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| assetId | query | string | The Asset ID |
| hash | query | string | The File Hash |
| parameters | query | dictionary | Full query string parameters payload as a dictionary. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.preview_assets(assetId="string", hash="string")print(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.blob_preview_external_assets(assetId="string", hash="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("blob_preview_external_assets", asset_id="string", hash="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ExposureManagement.BlobPreviewExternalAssets( &exposure_management.BlobPreviewExternalAssetsParams{ AssetID: "string", Hash: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.blobPreviewExternalAssets( "string", // assetId "string" // hash);
console.log(response);use rusty_falcon::apis::exposure_management_api::blob_preview_external_assets;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = blob_preview_external_assets( &falcon.cfg, // configuration "string", // asset_id "string", // hash ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
response = api.blob_preview_external_assets('string', 'string')
puts responseget_ecosystem_subsidiaries
Section titled “get_ecosystem_subsidiaries”Retrieves detailed information about ecosystem subsidiaries by ID.
GET /fem/entities/ecosystem-subsidiaries/v1
PEP 8
get_ecosystem_subsidiariesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | array (string) | One or more asset IDs (max: 100). Find ecosystem subsidiary IDs with GET /fem/entities/ecosystem-subsidiaries/v1 |
| parameters | query | dictionary | Full query string parameters payload as a dictionary. Not required when using other keywords. |
| version_id | query | string | The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter is required to ensure data consistency and prevent stale data. If a new version of the ecosystem subsidiaries data is written, the version ID will be updated. By including this parameter in the request, the client can ensure that the response will be invalidated if a new version is written. |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_ecosystem_subsidiaries(ids=id_list, version_id="string")print(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_ecosystem_subsidiaries(ids=id_list, version_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_ecosystem_subsidiaries", ids=id_list, version_id="string")print(response)Get-FalconSubsidiary -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
versionID := "string"
response, err := client.ExposureManagement.GetEcosystemSubsidiaries( &exposure_management.GetEcosystemSubsidiariesParams{ Ids: []string{"ID1", "ID2", "ID3"}, VersionID: &versionID, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.getEcosystemSubsidiaries( ["ID1", "ID2", "ID3"], // ids "string" // versionId);
console.log(response);use rusty_falcon::apis::exposure_management_api::get_ecosystem_subsidiaries;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_ecosystem_subsidiaries( &falcon.cfg, // configuration vec!["string".to_string()], // ids Some("string"), // version_id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
response = api.get_ecosystem_subsidiaries(['ID1', 'ID2', 'ID3'])
puts responsepost_external_assets_inventory_v1
Section titled “post_external_assets_inventory_v1”Add external assets for external asset scanning.
POST /fem/entities/external-asset-inventory/v1
PEP 8
add_assetsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| assets | body | list of dictionaries | List of assets to be added. |
| body | body | dictionary | Full body payload as a dictionary. Not required when using other keywords. |
| id | body | string | Asset ID to be added. |
| value | body | string | Asset value. |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.add_assets(assets=[{"key": "value"}], id="string", subsidiary_id="string", value="string")print(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.post_external_assets_inventory_v1(assets=[{"key": "value"}], id="string", subsidiary_id="string", value="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "data": [ { "assets": [ { "id": "string", "value": "string" } ], "subsidiary_id": "string" } ]}
response = falcon.command("post_external_assets_inventory_v1", body=body_payload)print(response)New-FalconAsset -Asset @{}package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
id := "string" value := "string" subsidiary_id := "string"
response, err := client.ExposureManagement.PostExternalAssetsInventoryV1( &exposure_management.PostExternalAssetsInventoryV1Params{ Body: &models.InventoryapiUserExternalAssetCreateRequestV1{ Data: []interface{}{ { Assets: []interface{}{ { ID: &id, Value: &value, }, }, SubsidiaryID: &subsidiary_id, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.postExternalAssetsInventoryV1( { data: [{ assets: [{ id: "string", value: "string" }], subsidiaryId: "string" }]} // body);
console.log(response);use rusty_falcon::apis::exposure_management_api::post_external_assets_inventory_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::InventoryapiUserExternalAssetCreateRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = InventoryapiUserExternalAssetCreateRequestV1 { data: vec![UserExternalAssetCreate { assets: vec![UserExternalAsset { id: Some("string".to_string()), value: Some("string".to_string()), ..Default::default() }], subsidiary_id: Some("string".to_string()), ..Default::default() }], ..Default::default() };
let response = post_external_assets_inventory_v1( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
body = Falcon::InventoryapiUserExternalAssetCreateRequestV1.new( data: [{ assets: [{ id: 'string', value: 'string' }], subsidiary_id: 'string' }])
response = api.post_external_assets_inventory_v1(body)
puts responseget_external_assets
Section titled “get_external_assets”Get details on external assets by providing one or more IDs.
GET /fem/entities/external-assets/v1
PEP 8
get_assetsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | One or more asset IDs (max: 100). Find asset IDs with query_external_assets. |
| parameters | query | dictionary | Full query string parameters payload as a dictionary. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_assets(ids=id_list)print(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_external_assets(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("get_external_assets", ids=id_list)print(response)Get-FalconAsset -Id @("ID1", "ID2") -External $booleanpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ExposureManagement.GetExternalAssets( &exposure_management.GetExternalAssetsParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.getExternalAssets(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::exposure_management_api::get_external_assets;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_external_assets( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
response = api.get_external_assets(['ID1', 'ID2', 'ID3'])
puts responsedelete_external_assets
Section titled “delete_external_assets”Delete multiple external assets.
DELETE /fem/entities/external-assets/v1
PEP 8
delete_assetsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionaries | Full body payload in JSON format. |
| description | body | string | Delete description. |
| ids | query | string or list of strings | One or more asset IDs (max: 100). Find asset IDs with query_external_assets. |
| parameters | query | dictionary | Full query string parameters payload as a dictionary. Not required when using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_assets(description="string", ids=id_list)print(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_external_assets(description="string", ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "description": "string"}
response = falcon.command("delete_external_assets", ids=id_list, body=body_payload)print(response)Remove-FalconAsset -Comment "string" -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string"
response, err := client.ExposureManagement.DeleteExternalAssets( &exposure_management.DeleteExternalAssetsParams{ Body: &models.DomainExternalAssetAPIDeleteRequestV1{ Description: &description, }, Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.deleteExternalAssets( ["ID1", "ID2", "ID3"], // ids { // body description: "string" });
console.log(response);use rusty_falcon::apis::exposure_management_api::delete_external_assets;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::DomainExternalAssetApiDeleteRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = DomainExternalAssetApiDeleteRequestV1 { ..Default::default() };
let response = delete_external_assets( &falcon.cfg, // configuration vec!["string".to_string()], // ids body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
body = Falcon::DomainExternalAssetAPIDeleteRequestV1.new( description: 'string')
response = api.delete_external_assets(body, ['ID1', 'ID2', 'ID3'])
puts responsepatch_external_assets
Section titled “patch_external_assets”Update the details of external assets.
PATCH /fem/entities/external-assets/v1
PEP 8
update_assetsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| action | body | string | The asset triage action. |
| assigned_to | body | string | The user assigned to triage the asset. |
| body | body | dictionary | Full body payload in JSON format |
| cid | body | string | Asset customer ID. |
| criticality | body | string | The criticality level manually assigned to this asset. |
| criticality_description | body | string | The criticality description manually assigned to this asset. |
| description | body | string | The asset triage description |
| id | body | string | The unique ID of the asset. |
| status | body | string | The asset triage status. |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_assets(action="string", assigned_to="string", cid="string", criticality="string", criticality_description="string", description="string", id="string", status="string")print(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.patch_external_assets(action="string", assigned_to="string", cid="string", criticality="string", criticality_description="string", description="string", id="string", status="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "assets": [ { "cid": "string", "criticality": "string", "criticality_description": "string", "id": "string", "triage": { "action": "string", "assigned_to": "string", "description": "string", "status": "string" } } ]}
response = falcon.command("patch_external_assets", body=body_payload)print(response)Edit-FalconAsset -Cid "string" -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
cid := "string" criticality := "string" criticality_description := "string" id := "string"
response, err := client.ExposureManagement.PatchExternalAssets( &exposure_management.PatchExternalAssetsParams{ Body: &models.DomainExternalAssetAPIPatchRequestV1{ Assets: []interface{}{ { CID: &cid, Criticality: &criticality, CriticalityDescription: &criticality_description, ID: &id, Triage: &struct{}{}, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.patchExternalAssets( { assets: [{ cid: "string", criticality: "string", criticalityDescription: "string", id: "string", triage: { action: "string", assignedTo: "string", description: "string", status: "string" } }]} // body);
console.log(response);use rusty_falcon::apis::exposure_management_api::patch_external_assets;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::DomainExternalAssetApiPatchRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = DomainExternalAssetApiPatchRequestV1 { assets: vec![ExternalAssetsAPIPatch { id: Some("string".to_string()), ..Default::default() }], ..Default::default() };
let response = patch_external_assets( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
body = Falcon::DomainExternalAssetAPIPatchRequestV1.new( assets: [{ cid: 'string', criticality: 'string', criticality_description: 'string', id: 'string', triage: { action: 'string', assigned_to: 'string', description: 'string', status: 'string' } }])
response = api.patch_external_assets(body)
puts responsequery_ecosystem_subsidiaries
Section titled “query_ecosystem_subsidiaries”Retrieves a list of IDs for ecosystem subsidiaries.
GET /fem/queries/ecosystem-subsidiaries/v1
PEP 8
query_ecosystem_subsidiariesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| offset | query | integer | Starting index of result set from which to return subsidiaries |
| limit | query | integer | The maximum number of IDs to return in the response. |
| filter | query | string | Filter ecosystem subsidiaries |
| parameters | query | dictionary | Full query string parameters payload as a dictionary. Not required when using other keywords. |
| sort | query | string | The field by which to sort the list of IDs. Possible values: name, primary_domain. Sort order can be specified by appending “asc” or “desc” to the field name (e.g. “name|asc” or “primary_domain|desc”). |
| version_id | query | string | The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter is required to ensure data consistency and prevent stale data. If a new version of the ecosystem subsidiaries data is written, the version ID will be updated. By including this parameter in the request, the client can ensure that the response will be invalidated if a new version is written. |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_ecosystem_subsidiaries(offset=integer, limit=integer, sort="string", filter="string", version_id="string")print(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_ecosystem_subsidiaries(offset=integer, limit=integer, sort="string", filter="string", version_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("query_ecosystem_subsidiaries", offset=integer, limit=integer, filter="string", sort="string", version_id="string")print(response)Get-FalconSubsidiary -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
offset := int64(0) limit := int64(0) filter := "string" sort := "string" versionID := "string"
response, err := client.ExposureManagement.QueryEcosystemSubsidiaries( &exposure_management.QueryEcosystemSubsidiariesParams{ Offset: &offset, Limit: &limit, Filter: &filter, Sort: &sort, VersionID: &versionID, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.queryEcosystemSubsidiaries( integer, // offset integer, // limit "string", // filter "string", // sort "string" // versionId);
console.log(response);use rusty_falcon::apis::exposure_management_api::query_ecosystem_subsidiaries;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = query_ecosystem_subsidiaries( &falcon.cfg, // configuration Some(integer), // offset Some(integer), // limit Some("string"), // filter Some("string"), // sort Some("string"), // version_id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
response = api.query_ecosystem_subsidiaries(offset: integer, limit: integer, filter: 'string', sort: 'string', version_id: 'string')
puts responsequery_external_assets
Section titled “query_external_assets”Get a list of external asset IDs that match the provided filter conditions. Use these IDs with the GET and PATCH endpoints.
GET /fem/queries/external-assets/v1
PEP 8
query_assets_v1Parameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | Filter assets using an FQL query. Common filter options include: asset_type:‘ip’, last_seen_timestamp:>‘now-7d’. All filter fields and operations supports negation (!). |
| limit | query | integer | Number of IDs to return. |
| offset | query | string | Starting index of result set from which to return IDs. |
| sort | query | string | Order by fields. |
| parameters | query | dictionary | Full query string parameters payload as a dictionary. Not required when using other keywords. |
Available filters (Exact Match)
Section titled “Available filters (Exact Match)”asset_id | asset_type |
confidence | connectivity_status |
criticality | criticality_description |
criticality_timestamp | criticality_username |
data_providers | discovered_by |
dns_domain.fqdn | dns_domain.isps |
dns_domain.parent_domain | dns_domain.resolved_ips |
dns_domain.services.applications.category | dns_domain.services.applications.cpe |
dns_domain.services.applications.name | dns_domain.services.applications.vendor |
dns_domain.services.applications.version | dns_domain.services.cloud_provider |
dns_domain.services.cpes | dns_domain.services.hosting_provider |
dns_domain.services.last_seen | dns_domain.services.platform_name |
dns_domain.services.port | dns_domain.services.protocol |
dns_domain.services.protocol_port | dns_domain.services.status |
dns_domain.services.status_code | dns_domain.services.transport |
dns_domain.type | first_seen |
id | internet_exposure |
ip.asn | ip.cloud_vm.description |
ip.cloud_vm.instance_id | ip.cloud_vm.lifecycle |
ip.cloud_vm.mac_address | ip.cloud_vm.owner_id |
ip.cloud_vm.platform | ip.cloud_vm.private_ip |
ip.cloud_vm.public_ip | ip.cloud_vm.region |
ip.cloud_vm.security_groups | ip.cloud_vm.source |
ip.cloud_vm.status | ip.fqdns |
ip.ip_address | ip.isp |
ip.location.area_code | ip.location.city |
ip.location.country_code | ip.location.country_name |
ip.location.postal_code | ip.location.region_code |
ip.location.region_name | ip.location.timezone |
ip.ptr | ip.aid |
ip.services.applications.category | ip.services.applications.cpe |
ip.services.applications.name | ip.services.applications.vendor |
ip.services.applications.version | ip.services.cloud_provider |
ip.services.cpes | ip.services.first_seen |
ip.services.last_seen | ip.services.platform_name |
ip.services.port | ip.services.protocol |
ip.services.protocol_port | ip.services.status |
ip.services.status_code | ip.services.transport |
last_seen | manual |
perimeter | subsidiaries.id |
subsidiaries.name | triage.action |
triage.assigned_to | triage.status |
triage.updated_by | triage.updated_timestamp |
Available filter fields that support wildcard (*)
Section titled “Available filter fields that support wildcard (*)”asset_id | asset_type |
confidence | connectivity_status |
criticality | criticality_username |
data_providers | discovered_by |
dns_domain.fqdn | dns_domain.isps |
dns_domain.parent_domain | dns_domain.resolved_ips |
dns_domain.services.applications.category | dns_domain.services.applications.cpe |
dns_domain.services.applications.name | dns_domain.services.applications.vendor |
dns_domain.services.applications.version | dns_domain.services.cloud_provider |
dns_domain.services.cpes | dns_domain.services.hosting_provider |
dns_domain.services.id | dns_domain.services.platform_name |
dns_domain.services.port | dns_domain.services.protocol |
dns_domain.services.protocol_port | dns_domain.services.status |
dns_domain.services.status_code | dns_domain.services.transport |
dns_domain.type | id |
internet_exposure | ip.asn |
ip.cloud_vm.instance_id | ip.cloud_vm.lifecycle |
ip.cloud_vm.mac_address | ip.cloud_vm.owner_id |
ip.cloud_vm.platform | ip.cloud_vm.private_ip |
ip.cloud_vm.public_ip | ip.cloud_vm.region |
ip.cloud_vm.security_groups | ip.cloud_vm.source |
ip.cloud_vm.status | ip.fqdns |
ip.ip_address | ip.isp |
ip.location.area_code | ip.location.city |
ip.location.country_code | ip.location.country_name |
ip.location.postal_code | ip.location.region_code |
ip.location.region_name | ip.location.timezone |
ip.ptr | ip.aid |
ip.services.applications.category | ip.services.applications.cpe |
ip.services.applications.name | ip.services.applications.vendor |
ip.services.applications.version | ip.services.cloud_provider |
ip.services.cpes | ip.services.platform_name |
ip.services.port | ip.services.protocol |
ip.services.protocol_port | ip.services.status |
ip.services.status_code | ip.services.transport |
manual | perimeter |
subsidiaries.id | subsidiaries.name |
triage.action | triage.assigned_to |
triage.status | triage.updated_by |
Available filter fields that support lists ([v1, v2])
Section titled “Available filter fields that support lists ([v1, v2])”asset_id | asset_type |
confidence | connectivity_status |
criticality | criticality_username |
data_providers | discovered_by |
dns_domain.fqdn | dns_domain.isps |
dns_domain.parent_domain | dns_domain.services.applications.category |
dns_domain.services.applications.cpe | dns_domain.services.applications.name |
dns_domain.services.applications.vendor | dns_domain.services.applications.version |
dns_domain.services.cloud_provider | dns_domain.services.cpes |
dns_domain.services.id | dns_domain.services.platform_name |
dns_domain.services.port | dns_domain.services.protocol |
dns_domain.services.protocol_port | dns_domain.services.status |
dns_domain.services.status_code | dns_domain.services.transport |
dns_domain.type | id |
internet_exposure | ip.asn |
ip.cloud_vm.instance_id | ip.cloud_vm.lifecycle |
ip.cloud_vm.mac_address | ip.cloud_vm.owner_id |
ip.cloud_vm.platform | ip.cloud_vm.region |
ip.cloud_vm.security_groups | ip.cloud_vm.source |
ip.cloud_vm.status | ip.fqdns |
ip.isp | ip.location.area_code |
ip.location.city | ip.location.country_code |
ip.location.country_name | ip.location.postal_code |
ip.location.region_code | ip.location.region_name |
ip.location.timezone | ip.ptr |
ip.aid | ip.services.applications.category |
ip.services.applications.cpe | ip.services.applications.name |
ip.services.applications.vendor | ip.services.applications.version |
ip.services.cloud_provider | ip.services.cpes |
ip.services.platform_name | ip.services.port |
ip.services.protocol | ip.services.protocol_port |
ip.services.status | ip.services.status_code |
ip.services.transport | manual |
perimeter | subsidiaries.id |
subsidiaries.name | triage.action |
triage.assigned_to | triage.status |
triage.updated_by |
Available filter fields that support range comparisons (>, <, >=, <=)
Section titled “Available filter fields that support range comparisons (>, <, >=, <=)”criticality_timestamp | dns_domain.resolved_ips |
dns_domain.services.first_seen | dns_domain.services.last_seen |
dns_domain.services.port | dns_domain.services.status_code |
first_seen | ip.cloud_vm.private_ip |
ip.cloud_vm.public_ip | ip.ip_address |
ip.services.first_seen | ip.services.last_seen |
ip.services.port | ip.services.status_code |
last_seen | triage.updated_timestamp |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_assets(offset=integer, limit=integer, sort="string", filter="string")print(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_external_assets(offset=integer, limit=integer, sort="string", filter="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("query_external_assets", offset="string", limit=integer, sort="string", filter="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
offset := "string" limit := int64(0) sort := "string" filter := "string"
response, err := client.ExposureManagement.QueryExternalAssets( &exposure_management.QueryExternalAssetsParams{ Offset: &offset, Limit: &limit, Sort: &sort, Filter: &filter, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.queryExternalAssets( "string", // offset integer, // limit "string", // sort "string" // filter);
console.log(response);use rusty_falcon::apis::exposure_management_api::query_external_assets;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = query_external_assets( &falcon.cfg, // configuration Some("string"), // offset Some(integer), // limit Some("string"), // sort Some("string"), // filter ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
response = api.query_external_assets(offset: 'string', limit: integer, sort: 'string', filter: 'string')
puts responsequery_external_assets_v2
Section titled “query_external_assets_v2”Get a list of external asset IDs that match the provided filter conditions.
GET /fem/queries/external-assets/v2
PEP 8
query_assetsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| offset | query | integer | Starting index of result set from which to return IDs. |
| limit | query | integer | Number of IDs to return. |
| sort | query | string | Order by fields. |
| filter | query | string | Filter assets using an FQL query. |
| parameters | query | dictionary | Full parameters payload dictionary. Not required if using other keywords. |
Code Examples
Section titled “Code Examples”from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_assets(offset=integer, limit=integer, sort="string", filter="string")print(response)from falconpy import ExposureManagement
falcon = ExposureManagement(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_external_assets_v2(offset=integer, limit=integer, sort="string", filter="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("query_external_assets_v2", after="string", limit=integer, sort="string", filter="string")print(response)Get-FalconAsset -Filter "string" ` -Sort "string" ` -Limit integer ` -External $booleanpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/exposure_management")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
after := "string" limit := int64(0) sort := "string" filter := "string"
response, err := client.ExposureManagement.QueryExternalAssetsV2( &exposure_management.QueryExternalAssetsV2Params{ After: &after, Limit: &limit, Sort: &sort, Filter: &filter, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.exposureManagement.queryExternalAssetsV2( "string", // after integer, // limit "string", // sort "string" // filter);
console.log(response);use rusty_falcon::apis::exposure_management_api::query_external_assets_v2;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = query_external_assets_v2( &falcon.cfg, // configuration Some("string"), // after Some(integer), // limit Some("string"), // sort Some("string"), // filter ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ExposureManagement.new
response = api.query_external_assets_v2(after: 'string', limit: integer, sort: 'string', filter: 'string')
puts response