Installation Tokens
The Installation Tokens service collection provides operations for managing installation tokens and auditing token activity. Create, read, update, and delete installation tokens, manage customer token settings, and query audit events.
| Language | Last Update |
|---|---|
| Python | v1.4.6 |
| PowerShell | v2.2.9 |
| Go | v0.20.0 |
| TypeScript | v0.6.0 |
| Rust | v0.7.0 |
| Ruby | v1.2.0 |
Table of Contents
Section titled “Table of Contents”| Operation | Description |
|---|---|
audit_events_readaudit_events_read | Gets the details of one or more audit events by id. |
customer_settings_readcustomer_settings_read | Check current installation token settings. |
customer_settings_updatecustomer_settings_update | Update installation token settings. |
tokens_readtokens_read | Gets the details of one or more tokens by id. |
tokens_createtokens_create | Creates a token. |
tokens_deletetokens_delete | Deletes a token immediately. To revoke a token, use tokens_update instead. |
tokens_updatetokens_update | Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore. |
audit_events_queryaudit_events_query | Search for audit events by providing a FQL filter and paging details. |
tokens_querytokens_query | Search for tokens by providing a FQL filter and paging details. |
audit_events_read
Section titled “audit_events_read”Gets the details of one or more audit events by id.
GET /installation-tokens/entities/audit-events/v1
PEP 8
audit_events_readParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | ID(s) of the audit events to retrieve details for. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.audit_events_read(ids=id_list)print(response)from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.audit_events_read(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("audit_events_read", ids=id_list)print(response)Get-FalconInstallTokenEvent -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/installation_tokens")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.InstallationTokens.AuditEventsRead( &installation_tokens.AuditEventsReadParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.installationTokens.auditEventsRead(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::installation_tokens_api::audit_events_read;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = audit_events_read( &falcon.cfg, // configuration Some(vec!["string".to_string()]), // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::InstallationTokens.new
response = api.audit_events_read(ids: ['ID1', 'ID2', 'ID3'])
puts responsecustomer_settings_read
Section titled “customer_settings_read”Check current installation token settings.
GET /installation-tokens/entities/customer-settings/v1
PEP 8
customer_settings_readNo keywords or arguments accepted.
Code Examples
Section titled “Code Examples”from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.customer_settings_read()print(response)from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.customer_settings_read()print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("customer_settings_read")print(response)Get-FalconInstallTokenSettingpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/installation_tokens")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.InstallationTokens.CustomerSettingsRead( &installation_tokens.CustomerSettingsReadParams{ Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.installationTokens.customerSettingsRead();
console.log(response);use rusty_falcon::apis::installation_tokens_api::customer_settings_read;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = customer_settings_read(&falcon.cfg).await.expect("API call failed"); // configuration
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::InstallationTokens.new
response = api.customer_settings_read
puts responsecustomer_settings_update
Section titled “customer_settings_update”Update installation token settings.
PATCH /installation-tokens/entities/customer-settings/v1
PEP 8
customer_settings_updateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| max_active_tokens | body | integer | Maximum number of active tokens. |
| tokens_required | body | boolean | Flag indicating if tokens are required. |
Code Examples
Section titled “Code Examples”from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.customer_settings_update(max_active_tokens=integer, tokens_required=boolean)print(response)from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.customer_settings_update(max_active_tokens=integer, tokens_required=boolean)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "max_active_tokens": integer, "tokens_required": boolean}
response = falcon.command("customer_settings_update", body=body_payload)print(response)Edit-FalconInstallTokenSettingpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/installation_tokens_settings" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
max_active_tokens := integer tokens_required := boolean
response, err := client.InstallationTokensSettings.CustomerSettingsUpdate( &installation_tokens_settings.CustomerSettingsUpdateParams{ Body: &models.APICustomerSettingsPatchRequestV1{ MaxActiveTokens: &max_active_tokens, TokensRequired: &tokens_required, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.installationTokensSettings.customerSettingsUpdate( { maxActiveTokens: integer, tokensRequired: boolean} // body);
console.log(response);use rusty_falcon::apis::installation_tokens_settings_api::customer_settings_update;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApiCustomerSettingsPatchRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApiCustomerSettingsPatchRequestV1 { ..Default::default() };
let response = customer_settings_update( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::InstallationTokensSettings.new
body = Falcon::ApiCustomerSettingsPatchRequestV1.new( max_active_tokens: integer, tokens_required: boolean)
response = api.customer_settings_update(body)
puts responsetokens_read
Section titled “tokens_read”Gets the details of one or more tokens by id.
GET /installation-tokens/entities/tokens/v1
PEP 8
tokens_readParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | ID(s) of the tokens to retrieve details for. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_read(ids=id_list)print(response)from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_read(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("tokens_read", ids=id_list)print(response)Get-FalconInstallToken -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/installation_tokens")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.InstallationTokens.TokensRead( &installation_tokens.TokensReadParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.installationTokens.tokensRead(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::installation_tokens_api::tokens_read;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = tokens_read( &falcon.cfg, // configuration Some(vec!["string".to_string()]), // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::InstallationTokens.new
response = api.tokens_read(ids: ['ID1', 'ID2', 'ID3'])
puts responsetokens_create
Section titled “tokens_create”Creates a token.
POST /installation-tokens/entities/tokens/v1
PEP 8
tokens_createParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| expires_timestamp | body | string | Expiration timestamp. UTC format. |
| label | body | string | Installation token label. |
| revoked | body | boolean | Flag indicating if the token is revoked. |
Code Examples
Section titled “Code Examples”from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.tokens_create(expires_timestamp="string", label="string", type="string")print(response)from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.tokens_create(expires_timestamp="string", label="string", type="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "expires_timestamp": "string", "label": "string", "type": "string"}
response = falcon.command("tokens_create", body=body_payload)print(response)New-FalconInstallToken -Label "string" -ExpiresTimestamp "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/installation_tokens" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
expires_timestamp := "string" label := "string" type := "string"
response, err := client.InstallationTokens.TokensCreate( &installation_tokens.TokensCreateParams{ Body: &models.APITokenCreateRequestV1{ ExpiresTimestamp: &expires_timestamp, Label: &label, Type: &type, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.installationTokens.tokensCreate( { expiresTimestamp: "string", label: "string", type: "string"} // body);
console.log(response);use rusty_falcon::apis::installation_tokens_api::tokens_create;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApiTokenCreateRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApiTokenCreateRequestV1 { ..Default::default() };
let response = tokens_create( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::InstallationTokens.new
body = Falcon::ApiTokenCreateRequestV1.new( expires_timestamp: 'string', label: 'string', type: 'string')
response = api.tokens_create(body)
puts responsetokens_delete
Section titled “tokens_delete”Deletes a token immediately. To revoke a token, use tokens_update instead.
DELETE /installation-tokens/entities/tokens/v1
PEP 8
tokens_deleteParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | ID(s) of the tokens to delete. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_delete(ids=id_list)print(response)from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_delete(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("tokens_delete", ids=id_list)print(response)Remove-FalconInstallToken -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/installation_tokens")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.InstallationTokens.TokensDelete( &installation_tokens.TokensDeleteParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.installationTokens.tokensDelete(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::installation_tokens_api::tokens_delete;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = tokens_delete( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::InstallationTokens.new
response = api.tokens_delete(['ID1', 'ID2', 'ID3'])
puts responsetokens_update
Section titled “tokens_update”Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.
PATCH /installation-tokens/entities/tokens/v1
PEP 8
tokens_updateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| expires_timestamp | body | string | Expiration timestamp. UTC format. |
| label | body | string | Installation token label. |
| ids | query | string or list of strings | ID(s) of the tokens to update. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| revoked | body | boolean | Flag indicating if the token is revoked. |
Code Examples
Section titled “Code Examples”from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_update(expires_timestamp="string", ids=id_list, label="string", revoked=boolean)print(response)from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_update(expires_timestamp="string", ids=id_list, label="string", revoked=boolean)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "expires_timestamp": "string", "label": "string", "revoked": boolean}
response = falcon.command("tokens_update", ids=id_list, body=body_payload)print(response)Edit-FalconInstallToken -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/installation_tokens" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
expires_timestamp := "string" label := "string" revoked := boolean
response, err := client.InstallationTokens.TokensUpdate( &installation_tokens.TokensUpdateParams{ Body: &models.APITokenPatchRequestV1{ ExpiresTimestamp: &expires_timestamp, Label: &label, Revoked: &revoked, }, Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.installationTokens.tokensUpdate( ["ID1", "ID2", "ID3"], // ids { // body expiresTimestamp: "string", label: "string", revoked: boolean });
console.log(response);use rusty_falcon::apis::installation_tokens_api::tokens_update;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApiTokenPatchRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApiTokenPatchRequestV1 { ..Default::default() };
let response = tokens_update( &falcon.cfg, // configuration vec!["string".to_string()], // ids body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::InstallationTokens.new
body = Falcon::ApiTokenPatchRequestV1.new( expires_timestamp: 'string', label: 'string', revoked: boolean)
response = api.tokens_update(body, ['ID1', 'ID2', 'ID3'])
puts responseaudit_events_query
Section titled “audit_events_query”Search for audit events by providing a FQL filter and paging details.
GET /installation-tokens/queries/audit-events/v1
PEP 8
audit_events_queryParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | FQL formatted string used to limit the results. |
| limit | query | integer | Maximum number of records to return. (Max: 1000, Default: 10) |
| offset | query | integer | Starting index of overall result set from which to return ids. |
| sort | query | string | The property to sort by. (Ex: timestamp.desc) |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.audit_events_query(filter="string", limit=integer, offset=integer, sort="string")print(response)from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.audit_events_query(filter="string", limit=integer, offset=integer, sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("audit_events_query", offset=integer, limit=integer, sort="string", filter="string")print(response)Get-FalconInstallTokenEvent -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/installation_tokens")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
offset := int64(0) limit := int64(0) sort := "string" filter := "string"
response, err := client.InstallationTokens.AuditEventsQuery( &installation_tokens.AuditEventsQueryParams{ Offset: &offset, Limit: &limit, Sort: &sort, Filter: &filter, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.installationTokens.auditEventsQuery( integer, // offset integer, // limit "string", // sort "string" // filter);
console.log(response);use rusty_falcon::apis::installation_tokens_api::audit_events_query;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = audit_events_query( &falcon.cfg, // configuration Some(integer), // offset Some(integer), // limit Some("string"), // sort Some("string"), // filter ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::InstallationTokens.new
response = api.audit_events_query(offset: integer, limit: integer, sort: 'string', filter: 'string')
puts responsetokens_query
Section titled “tokens_query”Search for tokens by providing a FQL filter and paging details.
GET /installation-tokens/queries/tokens/v1
PEP 8
tokens_queryParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | FQL formatted string used to limit the results. |
| limit | query | integer | Maximum number of records to return. (Max: 1000, Default: 10) |
| offset | query | integer | Starting index of overall result set from which to return ids. |
| sort | query | string | The property to sort by. (Ex: created_timestamp.desc) |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.tokens_query(filter="string", limit=integer, offset=integer, sort="string")print(response)from falconpy import InstallationTokens
falcon = InstallationTokens(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.tokens_query(filter="string", limit=integer, offset=integer, sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("tokens_query", offset=integer, limit=integer, sort="string", filter="string")print(response)Get-FalconInstallToken -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/installation_tokens")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
offset := int64(0) limit := int64(0) sort := "string" filter := "string"
response, err := client.InstallationTokens.TokensQuery( &installation_tokens.TokensQueryParams{ Offset: &offset, Limit: &limit, Sort: &sort, Filter: &filter, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.installationTokens.tokensQuery( integer, // offset integer, // limit "string", // sort "string" // filter);
console.log(response);use rusty_falcon::apis::installation_tokens_api::tokens_query;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = tokens_query( &falcon.cfg, // configuration Some(integer), // offset Some(integer), // limit Some("string"), // sort Some("string"), // filter ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::InstallationTokens.new
response = api.tokens_query(offset: integer, limit: integer, sort: 'string', filter: 'string')
puts response