IOA Exclusions
The IOA Exclusions service collection provides operations for managing Indicator of Attack exclusion rules. Create, update, delete, and query standard IOA exclusions, as well as manage Self Service IOA Exclusions including aggregates, reports, matched rules, and default rule retrieval.
| Language | Last Update |
|---|---|
| Python | v1.6.1 |
| PowerShell | v2.2.9 |
| Go | v0.20.0 |
| TypeScript | v0.6.0 |
| Rust | v0.7.0 |
| Ruby | v1.2.0 |
Table of Contents
Section titled “Table of Contents”| Operation | Description |
|---|---|
getIOAExclusionsV1get_exclusions | Get a set of IOA Exclusions by specifying their IDs. |
createIOAExclusionsV1create_exclusions | Create the IOA exclusions. |
deleteIOAExclusionsV1delete_exclusions | Delete the IOA exclusions by ID. |
updateIOAExclusionsV1update_exclusions | Update the IOA exclusions. |
queryIOAExclusionsV1query_exclusions | Search for IOA exclusions. |
ss_ioa_exclusions_aggregates_v2get_ss_exclusion_aggregates | Get Self Service IOA Exclusion aggregates as specified via json in the request body. |
ss_ioa_exclusions_get_reports_v2get_ss_exclusion_reports_v2 | Create a report of Self Service IOA Exclusions scoped by the given filters. |
ss_ioa_exclusions_get_v2get_ss_exclusion_rules_v2 | Get the Self Service IOA Exclusions rules by id. |
ss_ioa_exclusions_create_v2create_ss_exclusions | Create new Self Service IOA Exclusions. |
ss_ioa_exclusions_update_v2update_ss_exclusions | Update the Self Service IOA Exclusions rule by id. |
ss_ioa_exclusions_delete_v2delete_ss_exclusions | Delete the Self Service IOA Exclusions rule by id. |
ss_ioa_exclusions_matched_rule_v2get_ss_exclusion_matched_rules | Get Self Service IOA Exclusions rules for matched IFN/CLI for child, parent and grandparent. |
ss_ioa_exclusions_new_rules_v2get_default_ss_exclusions | Get defaults for Self Service IOA Exclusions based on provided IFN/CLI for child, parent and grandparent. |
ss_ioa_exclusions_search_v2query_ss_exclusions | Search for Self Service IOA Exclusions. |
getIOAExclusionsV1
Section titled “getIOAExclusionsV1”Get a set of IOA Exclusions by specifying their IDs
GET /policy/entities/ioa-exclusions/v1
PEP 8
get_exclusionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_exclusions(ids=id_list)print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getIOAExclusionsV1(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getIOAExclusionsV1", ids=id_list)print(response)Get-FalconIoaExclusion -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.IoaExclusions.GetIOAExclusionsV1( &ioa_exclusions.GetIOAExclusionsV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.getIOAExclusionsV1(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::ioa_exclusions_api::get_ioa_exclusions_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_ioa_exclusions_v1( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
response = api.get_ioa_exclusions_v1(['ID1', 'ID2', 'ID3'])
puts responsecreateIOAExclusionsV1
Section titled “createIOAExclusionsV1”Create the IOA exclusions
POST /policy/entities/ioa-exclusions/v1
PEP 8
create_exclusionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| cl_regex | body | string | Command line regular expression. |
| comment | body | string | String comment describing why the exclusions was created. |
| description | body | string | Exclusion description. |
| detection_json | body | string | JSON formatted detection template. |
| groups | body | list of strings | Group ID(s) impacted by the exclusion. |
| ifn_regex | body | string | Indicator file name regular expression. |
| name | body | string | Name of the exclusion. |
| pattern_id | body | string | ID of the pattern to use for the exclusion. |
| pattern_name | body | string | Name of the pattern to use for the exclusion. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_exclusions(cl_regex="string", comment="string", description="string", detection_json="string", groups=["string"], ifn_regex="string", name="string", pattern_id="string", pattern_name="string")print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.createIOAExclusionsV1(cl_regex="string", comment="string", description="string", detection_json="string", groups=["string"], ifn_regex="string", name="string", pattern_id="string", pattern_name="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "cl_regex": "string", "comment": "string", "description": "string", "detection_json": "string", "groups": ["string"], "ifn_regex": "string", "name": "string", "pattern_id": "string", "pattern_name": "string"}
response = falcon.command("createIOAExclusionsV1", body=body_payload)print(response)New-FalconIoaExclusion -Name "string" ` -PatternId "string" ` -PatternName "string" ` -ClRegex "string" ` -IfnRegex "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
cl_regex := "string" comment := "string" description := "string" detection_json := "string" ifn_regex := "string" name := "string" pattern_id := "string" pattern_name := "string"
response, err := client.IoaExclusions.CreateIOAExclusionsV1( &ioa_exclusions.CreateIOAExclusionsV1Params{ Body: &models.IoaExclusionsIoaExclusionCreateReqV1{ ClRegex: &cl_regex, Comment: &comment, Description: &description, DetectionJson: &detection_json, Groups: []string{"string"}, IfnRegex: &ifn_regex, Name: &name, PatternID: &pattern_id, PatternName: &pattern_name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.createIOAExclusionsV1( { clRegex: "string", comment: "string", description: "string", detectionJson: "string", groups: [], ifnRegex: "string", name: "string", patternId: "string", patternName: "string"} // body);
console.log(response);use rusty_falcon::apis::ioa_exclusions_api::create_ioa_exclusions_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::IoaExclusionsIoaExclusionCreateReqV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = IoaExclusionsIoaExclusionCreateReqV1 { cl_regex: Some("string".to_string()), description: Some("string".to_string()), detection_json: Some("string".to_string()), groups: vec!["string".to_string()], ifn_regex: Some("string".to_string()), name: Some("string".to_string()), pattern_id: Some("string".to_string()), pattern_name: Some("string".to_string()), ..Default::default() };
let response = create_ioa_exclusions_v1( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
body = Falcon::IoaExclusionsIoaExclusionCreateReqV1.new( cl_regex: 'string', comment: 'string', description: 'string', detection_json: 'string', groups: [], ifn_regex: 'string', name: 'string', pattern_id: 'string', pattern_name: 'string')
response = api.create_ioa_exclusions_v1(body)
puts responsedeleteIOAExclusionsV1
Section titled “deleteIOAExclusionsV1”Delete the IOA exclusions by id
DELETE /policy/entities/ioa-exclusions/v1
PEP 8
delete_exclusionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| comment | query | string | Explains why this exclusion was deleted. |
| ids | query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_exclusions(comment="string", ids=id_list)print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteIOAExclusionsV1(comment="string", ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteIOAExclusionsV1", ids=id_list, comment="string")print(response)Remove-FalconIoaExclusion -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
comment := "string"
response, err := client.IoaExclusions.DeleteIOAExclusionsV1( &ioa_exclusions.DeleteIOAExclusionsV1Params{ Ids: []string{"ID1", "ID2", "ID3"}, Comment: &comment, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.deleteIOAExclusionsV1( ["ID1", "ID2", "ID3"], // ids "string" // comment);
console.log(response);use rusty_falcon::apis::ioa_exclusions_api::delete_ioa_exclusions_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = delete_ioa_exclusions_v1( &falcon.cfg, // configuration vec!["string".to_string()], // ids Some("string"), // comment ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
response = api.delete_ioa_exclusions_v1(['ID1', 'ID2', 'ID3'])
puts responseupdateIOAExclusionsV1
Section titled “updateIOAExclusionsV1”Update the IOA exclusions
PATCH /policy/entities/ioa-exclusions/v1
PEP 8
update_exclusionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| cl_regex | body | string | Command line regular expression. |
| comment | body | string | String comment describing why the exclusions was created. |
| description | body | string | Exclusion description. |
| detection_json | body | string | JSON formatted detection template. |
| groups | body | list of strings | Group ID(s) impacted by the exclusion. |
| id | body | string | ID of the exclusion to update. |
| ifn_regex | body | string | Indicator file name regular expression. |
| name | body | string | Name of the exclusion. |
| pattern_id | body | string | ID of the pattern to use for the exclusion. |
| pattern_name | body | string | Name of the pattern to use for the exclusion. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_exclusions(cl_regex="string", comment="string", description="string", detection_json="string", groups=["string"], id="string", ifn_regex="string", name="string", pattern_id="string", pattern_name="string")print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.updateIOAExclusionsV1(cl_regex="string", comment="string", description="string", detection_json="string", groups=["string"], id="string", ifn_regex="string", name="string", pattern_id="string", pattern_name="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "cl_regex": "string", "comment": "string", "description": "string", "detection_json": "string", "groups": ["string"], "id": "string", "ifn_regex": "string", "name": "string", "pattern_id": "string", "pattern_name": "string"}
response = falcon.command("updateIOAExclusionsV1", body=body_payload)print(response)Edit-FalconIoaExclusion -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
cl_regex := "string" comment := "string" description := "string" detection_json := "string" id := "string" ifn_regex := "string" name := "string" pattern_id := "string" pattern_name := "string"
response, err := client.IoaExclusions.UpdateIOAExclusionsV1( &ioa_exclusions.UpdateIOAExclusionsV1Params{ Body: &models.IoaExclusionsIoaExclusionUpdateReqV1{ ClRegex: &cl_regex, Comment: &comment, Description: &description, DetectionJson: &detection_json, Groups: []string{"string"}, ID: &id, IfnRegex: &ifn_regex, Name: &name, PatternID: &pattern_id, PatternName: &pattern_name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.updateIOAExclusionsV1( { clRegex: "string", comment: "string", description: "string", detectionJson: "string", groups: [], id: "string", ifnRegex: "string", name: "string", patternId: "string", patternName: "string"} // body);
console.log(response);use rusty_falcon::apis::ioa_exclusions_api::update_ioa_exclusions_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::IoaExclusionsIoaExclusionUpdateReqV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = IoaExclusionsIoaExclusionUpdateReqV1 { cl_regex: Some("string".to_string()), description: Some("string".to_string()), detection_json: Some("string".to_string()), groups: vec!["string".to_string()], id: Some("string".to_string()), ifn_regex: Some("string".to_string()), name: Some("string".to_string()), pattern_id: Some("string".to_string()), pattern_name: Some("string".to_string()), ..Default::default() };
let response = update_ioa_exclusions_v1( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
body = Falcon::IoaExclusionsIoaExclusionUpdateReqV1.new( cl_regex: 'string', comment: 'string', description: 'string', detection_json: 'string', groups: [], id: 'string', ifn_regex: 'string', name: 'string', pattern_id: 'string', pattern_name: 'string')
response = api.update_ioa_exclusions_v1(body)
puts responsequeryIOAExclusionsV1
Section titled “queryIOAExclusionsV1”Search for IOA exclusions.
GET /policy/queries/ioa-exclusions/v1
PEP 8
query_exclusionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| cl_regex | query | string | Command line regular expression. |
| filter | query | string | The filter expression that should be used to limit the results. FQL syntax. Available filters: name, pattern_id, pattern_name, applied_globally, created_on, created_by, last_modified, modified_by. |
| ifn_regex | query | string | Indicator file name regular expression. |
| limit | query | integer | The maximum number of records to return. [1-500] |
| offset | query | integer | The offset to start retrieving records from. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| sort | query | string | The property to sort by. FQL syntax. (e.g. last_behavior.asc) Available sort fields: name, pattern_id, pattern_name, applied_globally, created_on, created_by, last_modified, modified_by. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_exclusions(cl_regex="string", filter="string", ifn_regex="string", limit="string", offset="string", sort="string")print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.queryIOAExclusionsV1(cl_regex="string", filter="string", ifn_regex="string", limit="string", offset="string", sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("queryIOAExclusionsV1", filter="string", ifn_regex="string", cl_regex="string", offset=integer, limit=integer, sort="string")print(response)Get-FalconIoaExclusion -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" ifnRegex := "string" clRegex := "string" offset := int64(0) limit := int64(0) sort := "string"
response, err := client.IoaExclusions.QueryIOAExclusionsV1( &ioa_exclusions.QueryIOAExclusionsV1Params{ Filter: &filter, IfnRegex: &ifnRegex, ClRegex: &clRegex, Offset: &offset, Limit: &limit, Sort: &sort, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.queryIOAExclusionsV1( "string", // filter "string", // ifnRegex "string", // clRegex integer, // offset integer, // limit "string" // sort);
console.log(response);use rusty_falcon::apis::ioa_exclusions_api::query_ioa_exclusions_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = query_ioa_exclusions_v1( &falcon.cfg, // configuration Some("string"), // filter Some("string"), // ifn_regex Some("string"), // cl_regex Some(integer), // offset Some(integer), // limit Some("string"), // sort ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
response = api.query_ioa_exclusions_v1(filter: 'string', ifn_regex: 'string', cl_regex: 'string', offset: integer, limit: integer, sort: 'string')
puts responsess_ioa_exclusions_aggregates_v2
Section titled “ss_ioa_exclusions_aggregates_v2”Get Self Service IOA Exclusion aggregates as specified via json in the request body.
POST /exclusions/aggregates/ss-ioa-exclusions/GET/v2
PEP 8
get_ss_exclusion_aggregatesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| cl_regex | query | string | The cl_regex expression to filter exclusion aggregations by. |
| date_ranges | body | list of dictionaries | Date range specifications. |
| exclude | body | string | Exclusion string. |
| extended_bounds | body | dictionary | Extended bounds specification. |
| field | body | string | Field to aggregate on. |
| filter | body | string | FQL filter expression. |
| filters_spec | body | dictionary | Filter specification. |
| from | body | integer | Starting position. |
| grandparent_cl_regex | query | string | The grandparent_cl_regex expression to filter exclusion aggregations by. |
| grandparent_ifn_regex | query | string | The grandparent_ifn_regex expression to filter exclusion aggregations by. |
| ifn_regex | query | string | The ifn_regex expression to filter exclusion aggregations by. |
| include | body | string | Include string. |
| interval | body | string | Time interval for date histogram aggregations. |
| max_doc_count | body | integer | Maximum document count. |
| min_doc_count | body | integer | Minimum document count. |
| missing | body | string | Missing value. |
| name | body | string | Aggregation name. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| parent_cl_regex | query | string | The parent_cl_regex expression to filter exclusion aggregations by. |
| parent_ifn_regex | query | string | The parent_ifn_regex expression to filter exclusion aggregations by. |
| percents | body | list of integers | Percentile values. |
| q | body | string | FQL syntax query. |
| ranges | body | list of dictionaries | Range specifications. |
| size | body | integer | Maximum number of results to return. |
| sort | body | string | Sort expression. |
| sub_aggregates | body | list | Sub-aggregation specifications. |
| time_zone | body | string | Time zone for date aggregations. |
| type | body | string | Aggregation type. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
extended_bounds = { "max": "string", "min": "string"}
filters_spec = { "filters": { "additionalProp1": "string", "additionalProp2": "string", "additionalProp3": "string" }, "other_bucket": true, "other_bucket_key": "string"}
ranges = [ { "From": 0, "To": 0 }]
response = falcon.get_ss_exclusion_aggregates(ifn_regex="string", cl_regex="string", parent_ifn_regex="string", parent_cl_regex="string", grandparent_ifn_regex="string", grandparent_cl_regex="string", date_ranges=date_ranges, exclude="string", extended_bounds=extended_bounds, field="string", filters_spec=filters_spec, from=integer, include="string", max_doc_count=integer, min_doc_count=integer, missing="string", name="string", percents=integer, q="string", ranges=ranges, size=integer, sort="string", sub_aggregates=["string"], time_zone="string", type="string")print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
date_ranges = [ { "from": "string", "to": "string" }]
extended_bounds = { "max": "string", "min": "string"}
filters_spec = { "filters": { "additionalProp1": "string", "additionalProp2": "string", "additionalProp3": "string" }, "other_bucket": true, "other_bucket_key": "string"}
ranges = [ { "From": 0, "To": 0 }]
response = falcon.ss_ioa_exclusions_aggregates_v2(ifn_regex="string", cl_regex="string", parent_ifn_regex="string", parent_cl_regex="string", grandparent_ifn_regex="string", grandparent_cl_regex="string", date_ranges=date_ranges, exclude="string", extended_bounds=extended_bounds, field="string", filters_spec=filters_spec, from=integer, include="string", max_doc_count=integer, min_doc_count=integer, missing="string", name="string", percents=integer, q="string", ranges=ranges, size=integer, sort="string", sub_aggregates=["string"], time_zone="string", type="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "date_ranges": [ { "from": "string", "to": "string" } ], "exclude": "string", "extended_bounds": { "max": "string", "min": "string" }, "field": "string", "filter": "string", "filters_spec": { "filters": {}, "other_bucket": boolean, "other_bucket_key": "string" }, "from": integer, "include": "string", "interval": "string", "max_doc_count": integer, "min_doc_count": integer, "missing": "string", "name": "string", "percents": ["string"], "q": "string", "ranges": [ { "from": integer, "to": integer } ], "size": integer, "sort": "string", "sub_aggregates": [ { "date_ranges": [ { "from": "string", "to": "string" } ], "exclude": "string", "extended_bounds": { "max": "string", "min": "string" }, "field": "string", "filter": "string", "filters_spec": { "filters": {}, "other_bucket": boolean, "other_bucket_key": "string" }, "from": integer, "include": "string", "interval": "string", "max_doc_count": integer, "min_doc_count": integer, "missing": "string", "name": "string", "percents": ["string"], "q": "string", "ranges": [ { "from": integer, "to": integer } ], "size": integer, "sort": "string", "sub_aggregates": [ { "date_ranges": ["string"], "exclude": "string", "extended_bounds": {}, "field": "string", "filter": "string", "filters_spec": {}, "from": integer, "include": "string", "interval": "string", "max_doc_count": integer, "min_doc_count": integer, "missing": "string", "name": "string", "percents": ["string"], "q": "string", "ranges": ["string"], "size": integer, "sort": "string", "sub_aggregates": ["string"], "time_zone": "string", "type": "string" } ], "time_zone": "string", "type": "string" } ], "time_zone": "string", "type": "string"}
response = falcon.command("ss_ioa_exclusions_aggregates_v2", ifn_regex="string", cl_regex="string", parent_ifn_regex="string", parent_cl_regex="string", grandparent_ifn_regex="string", grandparent_cl_regex="string", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
from := "string" to := "string" exclude := "string" field := "string" filter := "string" from := integer include := "string" interval := "string" max_doc_count := integer min_doc_count := integer missing := "string" name := "string" q := "string" From := integer To := integer size := integer sort := "string" time_zone := "string" type := "string" ifnRegex := "string" clRegex := "string" parentIfnRegex := "string" parentClRegex := "string" grandparentIfnRegex := "string" grandparentClRegex := "string"
response, err := client.IoaExclusions.SsIoaExclusionsAggregatesV2( &ioa_exclusions.SsIoaExclusionsAggregatesV2Params{ Body: &models.MsaAggregateQueryRequest{ DateRanges: []interface{}{ { From: &from, To: &to, }, }, Exclude: &exclude, ExtendedBounds: &struct{}{}, Field: &field, Filter: &filter, FiltersSpec: &struct{}{}, From: &from, Include: &include, Interval: &interval, MaxDocCount: &max_doc_count, MinDocCount: &min_doc_count, Missing: &missing, Name: &name, Percents: []interface{}{}, Q: &q, Ranges: []interface{}{ { From: &From, To: &To, }, }, Size: &size, Sort: &sort, SubAggregates: []interface{}{ { DateRanges: []interface{}{ { From: &from, To: &to, }, }, Exclude: &exclude, ExtendedBounds: &struct{}{}, Field: &field, Filter: &filter, FiltersSpec: &struct{}{}, From: &from, Include: &include, Interval: &interval, MaxDocCount: &max_doc_count, MinDocCount: &min_doc_count, Missing: &missing, Name: &name, Percents: []interface{}{}, Q: &q, Ranges: []interface{}{ { From: &From, To: &To, }, }, Size: &size, Sort: &sort, SubAggregates: []interface{}{ { DateRanges: []interface{}{}, Exclude: &exclude, ExtendedBounds: &struct{}{}, Field: &field, Filter: &filter, FiltersSpec: &struct{}{}, From: &from, Include: &include, Interval: &interval, MaxDocCount: &max_doc_count, MinDocCount: &min_doc_count, Missing: &missing, Name: &name, Percents: []interface{}{}, Q: &q, Ranges: []interface{}{}, Size: &size, Sort: &sort, SubAggregates: []interface{}{}, TimeZone: &time_zone, Type: &type, }, }, TimeZone: &time_zone, Type: &type, }, }, TimeZone: &time_zone, Type: &type, }, IfnRegex: &ifnRegex, ClRegex: &clRegex, ParentIfnRegex: &parentIfnRegex, ParentClRegex: &parentClRegex, GrandparentIfnRegex: &grandparentIfnRegex, GrandparentClRegex: &grandparentClRegex, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.ssIoaExclusionsAggregatesV2( { // body dateRanges: [{ from: "string", to: "string" }], exclude: "string", extendedBounds: { max: "string", min: "string" }, field: "string", filter: "string", filtersSpec: { filters: {}, otherBucket: boolean, otherBucketKey: "string" }, from: integer, include: "string", interval: "string", maxDocCount: integer, minDocCount: integer, missing: "string", name: "string", percents: [], q: "string", ranges: [{ From: integer, To: integer }], size: integer, sort: "string", subAggregates: [{ dateRanges: [{ from: "string", to: "string" }], exclude: "string", extendedBounds: { max: "string", min: "string" }, field: "string", filter: "string", filtersSpec: { filters: {}, otherBucket: boolean, otherBucketKey: "string" }, from: integer, include: "string", interval: "string", maxDocCount: integer, minDocCount: integer, missing: "string", name: "string", percents: [], q: "string", ranges: [{ From: integer, To: integer }], size: integer, sort: "string", subAggregates: [{ dateRanges: [], exclude: "string", extendedBounds: {}, field: "string", filter: "string", filtersSpec: {}, from: integer, include: "string", interval: "string", maxDocCount: integer, minDocCount: integer, missing: "string", name: "string", percents: [], q: "string", ranges: [], size: integer, sort: "string", subAggregates: [], timeZone: "string", type: "string" }], timeZone: "string", type: "string" }], timeZone: "string", type: "string" }, "string", // ifnRegex "string", // clRegex "string", // parentIfnRegex "string", // parentClRegex "string", // grandparentIfnRegex "string" // grandparentClRegex);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
body = { date_ranges: [{ from: 'string', to: 'string' }], exclude: 'string', extended_bounds: { max: 'string', min: 'string' }, field: 'string', filter: 'string', filters_spec: { filters: {}, other_bucket: boolean, other_bucket_key: 'string' }, from: integer, include: 'string', interval: 'string', max_doc_count: integer, min_doc_count: integer, missing: 'string', name: 'string', percents: [], q: 'string', ranges: [{ From: integer, To: integer }], size: integer, sort: 'string', sub_aggregates: [{ date_ranges: [{ from: 'string', to: 'string' }], exclude: 'string', extended_bounds: { max: 'string', min: 'string' }, field: 'string', filter: 'string', filters_spec: { filters: {}, other_bucket: boolean, other_bucket_key: 'string' }, from: integer, include: 'string', interval: 'string', max_doc_count: integer, min_doc_count: integer, missing: 'string', name: 'string', percents: [], q: 'string', ranges: [{ From: integer, To: integer }], size: integer, sort: 'string', sub_aggregates: [{ date_ranges: [], exclude: 'string', extended_bounds: {}, field: 'string', filter: 'string', filters_spec: {}, from: integer, include: 'string', interval: 'string', max_doc_count: integer, min_doc_count: integer, missing: 'string', name: 'string', percents: [], q: 'string', ranges: [], size: integer, sort: 'string', sub_aggregates: [], time_zone: 'string', type: 'string' }], time_zone: 'string', type: 'string' }], time_zone: 'string', type: 'string'}
response = api.ss_ioa_exclusions_aggregates_v2(body)
puts responsess_ioa_exclusions_get_reports_v2
Section titled “ss_ioa_exclusions_get_reports_v2”Create a report of Self Service IOA Exclusions scoped by the given filters.
POST /exclusions/entities/ss-ioa-exclusions/reports/v2
PEP 8
get_ss_exclusion_reports_v2Parameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| report_format | body | string | Report format. |
| search | body | dictionary | Search filter and sort specification. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
search = { "filter": "string", "sort": "string"}
response = falcon.get_ss_exclusion_reports_v2(report_format="string", search=search)print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
search = { "filter": "string", "sort": "string"}
response = falcon.ss_ioa_exclusions_get_reports_v2(report_format="string", search=search)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "report_format": "string", "search": { "filter": "string", "sort": "string" }}
response = falcon.command("ss_ioa_exclusions_get_reports_v2", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
report_format := "string"
response, err := client.IoaExclusions.SsIoaExclusionsGetReportsV2( &ioa_exclusions.SsIoaExclusionsGetReportsV2Params{ Body: &models.DomainExclusionsReportRequest{ ReportFormat: &report_format, Search: &struct{}{}, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.ssIoaExclusionsGetReportsV2( { reportFormat: "string", search: { filter: "string", sort: "string" }} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
body = Falcon::DomainExclusionsReportRequest.new( report_format: 'string', search: { filter: 'string', sort: 'string' })
response = api.ss_ioa_exclusions_get_reports_v2(body)
puts responsess_ioa_exclusions_get_v2
Section titled “ss_ioa_exclusions_get_v2”Get the Self Service IOA Exclusions rules by id.
GET /exclusions/entities/ss-ioa-exclusions/v2
PEP 8
get_ss_exclusion_rules_v2Parameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_ss_exclusion_rules_v2(ids=id_list)print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ss_ioa_exclusions_get_v2(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ss_ioa_exclusions_get_v2", ids=id_list)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.IoaExclusions.SsIoaExclusionsGetV2( &ioa_exclusions.SsIoaExclusionsGetV2Params{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.ssIoaExclusionsGetV2(["ID1", "ID2", "ID3"]); // ids
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
response = api.ss_ioa_exclusions_get_v2(['ID1', 'ID2', 'ID3'])
puts responsess_ioa_exclusions_create_v2
Section titled “ss_ioa_exclusions_create_v2”Create new Self Service IOA Exclusions.
POST /exclusions/entities/ss-ioa-exclusions/v2
PEP 8
create_ss_exclusionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| exclusions | body | list of dictionaries | List of exclusion definitions. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
exclusions = [ { "cl_regex": "string", "comment": "string", "description": "string", "detection_json": "string", "grandparent_cl_regex": "string", "grandparent_ifn_regex": "string", "host_groups": [ "string" ], "ifn_regex": "string", "name": "string", "parent_cl_regex": "string", "parent_ifn_regex": "string", "pattern_id": "string", "pattern_name": "string" }]
response = falcon.create_ss_exclusions(exclusions=exclusions)print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
exclusions = [ { "cl_regex": "string", "comment": "string", "description": "string", "detection_json": "string", "grandparent_cl_regex": "string", "grandparent_ifn_regex": "string", "host_groups": [ "string" ], "ifn_regex": "string", "name": "string", "parent_cl_regex": "string", "parent_ifn_regex": "string", "pattern_id": "string", "pattern_name": "string" }]
response = falcon.ss_ioa_exclusions_create_v2(exclusions=exclusions)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "exclusions": [ { "cl_regex": "string", "comment": "string", "description": "string", "detection_json": "string", "grandparent_cl_regex": "string", "grandparent_ifn_regex": "string", "host_groups": ["string"], "ifn_regex": "string", "name": "string", "parent_cl_regex": "string", "parent_ifn_regex": "string", "pattern_id": "string", "pattern_name": "string" } ]}
response = falcon.command("ss_ioa_exclusions_create_v2", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
cl_regex := "string" comment := "string" description := "string" detection_json := "string" grandparent_cl_regex := "string" grandparent_ifn_regex := "string" ifn_regex := "string" name := "string" parent_cl_regex := "string" parent_ifn_regex := "string" pattern_id := "string" pattern_name := "string"
response, err := client.IoaExclusions.SsIoaExclusionsCreateV2( &ioa_exclusions.SsIoaExclusionsCreateV2Params{ Body: &models.DomainSsIoaExclusionsCreateReqV2{ Exclusions: []interface{}{ { ClRegex: &cl_regex, Comment: &comment, Description: &description, DetectionJson: &detection_json, GrandparentClRegex: &grandparent_cl_regex, GrandparentIfnRegex: &grandparent_ifn_regex, HostGroups: []string{"string"}, IfnRegex: &ifn_regex, Name: &name, ParentClRegex: &parent_cl_regex, ParentIfnRegex: &parent_ifn_regex, PatternID: &pattern_id, PatternName: &pattern_name, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.ssIoaExclusionsCreateV2( { exclusions: [{ clRegex: "string", comment: "string", description: "string", detectionJson: "string", grandparentClRegex: "string", grandparentIfnRegex: "string", hostGroups: [], ifnRegex: "string", name: "string", parentClRegex: "string", parentIfnRegex: "string", patternId: "string", patternName: "string" }]} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
body = Falcon::DomainSsIoaExclusionsCreateReqV2.new( exclusions: [{ cl_regex: 'string', comment: 'string', description: 'string', detection_json: 'string', grandparent_cl_regex: 'string', grandparent_ifn_regex: 'string', host_groups: [], ifn_regex: 'string', name: 'string', parent_cl_regex: 'string', parent_ifn_regex: 'string', pattern_id: 'string', pattern_name: 'string' }])
response = api.ss_ioa_exclusions_create_v2(body)
puts responsess_ioa_exclusions_update_v2
Section titled “ss_ioa_exclusions_update_v2”Update the Self Service IOA Exclusions rule by id.
PATCH /exclusions/entities/ss-ioa-exclusions/v2
PEP 8
update_ss_exclusionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| exclusions | body | list of dictionaries | List of exclusion definitions. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
exclusions = [ { "cl_regex": "string", "comment": "string", "description": "string", "detection_json": "string", "grandparent_cl_regex": "string", "grandparent_ifn_regex": "string", "host_groups": [ "string" ], "id": "string", "ifn_regex": "string", "name": "string", "parent_cl_regex": "string", "parent_ifn_regex": "string", "pattern_id": "string", "pattern_name": "string" }]
response = falcon.update_ss_exclusions(exclusions=exclusions)print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
exclusions = [ { "cl_regex": "string", "comment": "string", "description": "string", "detection_json": "string", "grandparent_cl_regex": "string", "grandparent_ifn_regex": "string", "host_groups": [ "string" ], "id": "string", "ifn_regex": "string", "name": "string", "parent_cl_regex": "string", "parent_ifn_regex": "string", "pattern_id": "string", "pattern_name": "string" }]
response = falcon.ss_ioa_exclusions_update_v2(exclusions=exclusions)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "exclusions": [ { "cl_regex": "string", "comment": "string", "description": "string", "detection_json": "string", "grandparent_cl_regex": "string", "grandparent_ifn_regex": "string", "host_groups": ["string"], "id": "string", "ifn_regex": "string", "name": "string", "parent_cl_regex": "string", "parent_ifn_regex": "string", "pattern_id": "string", "pattern_name": "string" } ]}
response = falcon.command("ss_ioa_exclusions_update_v2", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
cl_regex := "string" comment := "string" description := "string" detection_json := "string" grandparent_cl_regex := "string" grandparent_ifn_regex := "string" id := "string" ifn_regex := "string" name := "string" parent_cl_regex := "string" parent_ifn_regex := "string" pattern_id := "string" pattern_name := "string"
response, err := client.IoaExclusions.SsIoaExclusionsUpdateV2( &ioa_exclusions.SsIoaExclusionsUpdateV2Params{ Body: &models.DomainSsIoaExclusionsUpdateReqV2{ Exclusions: []interface{}{ { ClRegex: &cl_regex, Comment: &comment, Description: &description, DetectionJson: &detection_json, GrandparentClRegex: &grandparent_cl_regex, GrandparentIfnRegex: &grandparent_ifn_regex, HostGroups: []string{"string"}, ID: &id, IfnRegex: &ifn_regex, Name: &name, ParentClRegex: &parent_cl_regex, ParentIfnRegex: &parent_ifn_regex, PatternID: &pattern_id, PatternName: &pattern_name, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.ssIoaExclusionsUpdateV2( { exclusions: [{ clRegex: "string", comment: "string", description: "string", detectionJson: "string", grandparentClRegex: "string", grandparentIfnRegex: "string", hostGroups: [], id: "string", ifnRegex: "string", name: "string", parentClRegex: "string", parentIfnRegex: "string", patternId: "string", patternName: "string" }]} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
body = Falcon::DomainSsIoaExclusionsUpdateReqV2.new( exclusions: [{ cl_regex: 'string', comment: 'string', description: 'string', detection_json: 'string', grandparent_cl_regex: 'string', grandparent_ifn_regex: 'string', host_groups: [], id: 'string', ifn_regex: 'string', name: 'string', parent_cl_regex: 'string', parent_ifn_regex: 'string', pattern_id: 'string', pattern_name: 'string' }])
response = api.ss_ioa_exclusions_update_v2(body)
puts responsess_ioa_exclusions_delete_v2
Section titled “ss_ioa_exclusions_delete_v2”Delete the Self Service IOA Exclusions rule by id.
DELETE /exclusions/entities/ss-ioa-exclusions/v2
PEP 8
delete_ss_exclusionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| comment | query | string | The comment why these ss ioa exclusions were deleted. |
| ids | query | string or list of strings | The IDs of the exclusions to delete. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_ss_exclusions(ids=id_list, comment="string")print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ss_ioa_exclusions_delete_v2(ids=id_list, comment="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ss_ioa_exclusions_delete_v2", ids=id_list, comment="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
comment := "string"
response, err := client.IoaExclusions.SsIoaExclusionsDeleteV2( &ioa_exclusions.SsIoaExclusionsDeleteV2Params{ Ids: []string{"ID1", "ID2", "ID3"}, Comment: &comment, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.ssIoaExclusionsDeleteV2( ["ID1", "ID2", "ID3"], // ids "string" // comment);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
response = api.ss_ioa_exclusions_delete_v2(['ID1', 'ID2', 'ID3'])
puts responsess_ioa_exclusions_matched_rule_v2
Section titled “ss_ioa_exclusions_matched_rule_v2”Get Self Service IOA Exclusions rules for matched IFN/CLI for child, parent and grandparent.
POST /exclusions/entities/ss-ioa-matched-rules/v2
PEP 8
get_ss_exclusion_matched_rulesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| aid | body | string | Agent ID. |
| body | body | dictionary | Full body payload in JSON format. |
| command_line | body | string | Command line. |
| grandparent_command_line | body | string | Grandparent command line. |
| grandparent_image_file_name | body | string | Grandparent image file name. |
| image_file_name | body | string | Image file name. |
| parent_command_line | body | string | Parent command line. |
| parent_image_file_name | body | string | Parent image file name. |
| pattern_ids | body | list of strings | Pattern IDs. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_ss_exclusion_matched_rules(aid="string", command_line="string", grandparent_command_line="string", grandparent_image_file_name="string", image_file_name="string", parent_command_line="string", parent_image_file_name="string", pattern_ids=id_list)print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ss_ioa_exclusions_matched_rule_v2(aid="string", command_line="string", grandparent_command_line="string", grandparent_image_file_name="string", image_file_name="string", parent_command_line="string", parent_image_file_name="string", pattern_ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "aid": "string", "command_line": "string", "grandparent_command_line": "string", "grandparent_image_file_name": "string", "image_file_name": "string", "parent_command_line": "string", "parent_image_file_name": "string", "pattern_ids": ["string"]}
response = falcon.command("ss_ioa_exclusions_matched_rule_v2", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
aid := "string" command_line := "string" grandparent_command_line := "string" grandparent_image_file_name := "string" image_file_name := "string" parent_command_line := "string" parent_image_file_name := "string"
response, err := client.IoaExclusions.SsIoaExclusionsMatchedRuleV2( &ioa_exclusions.SsIoaExclusionsMatchedRuleV2Params{ Body: &models.DomainSsIoaExclusionsMatchedRuleReqV2{ Aid: &aid, CommandLine: &command_line, GrandparentCommandLine: &grandparent_command_line, GrandparentImageFileName: &grandparent_image_file_name, ImageFileName: &image_file_name, ParentCommandLine: &parent_command_line, ParentImageFileName: &parent_image_file_name, PatternIds: []string{"string"}, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.ssIoaExclusionsMatchedRuleV2( { aid: "string", commandLine: "string", grandparentCommandLine: "string", grandparentImageFileName: "string", imageFileName: "string", parentCommandLine: "string", parentImageFileName: "string", patternIds: []} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
body = Falcon::DomainSsIoaExclusionsMatchedRuleReqV2.new( aid: 'string', command_line: 'string', grandparent_command_line: 'string', grandparent_image_file_name: 'string', image_file_name: 'string', parent_command_line: 'string', parent_image_file_name: 'string', pattern_ids: [])
response = api.ss_ioa_exclusions_matched_rule_v2(body)
puts responsess_ioa_exclusions_new_rules_v2
Section titled “ss_ioa_exclusions_new_rules_v2”Get defaults for Self Service IOA Exclusions based on provided IFN/CLI for child, parent and grandparent.
POST /exclusions/entities/ss-ioa-new-rules/v2
PEP 8
get_default_ss_exclusionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| aid | body | string | Agent ID. |
| body | body | dictionary | Full body payload in JSON format. |
| command_line | body | string | Command line. |
| grandparent_command_line | body | string | Grandparent command line. |
| grandparent_image_file_name | body | string | Grandparent image file name. |
| image_file_name | body | string | Image file name. |
| parent_command_line | body | string | Parent command line. |
| parent_image_file_name | body | string | Parent image file name. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_default_ss_exclusions(aid="string", command_line="string", grandparent_command_line="string", grandparent_image_file_name="string", image_file_name="string", parent_command_line="string", parent_image_file_name="string")print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ss_ioa_exclusions_new_rules_v2(aid="string", command_line="string", grandparent_command_line="string", grandparent_image_file_name="string", image_file_name="string", parent_command_line="string", parent_image_file_name="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "aid": "string", "command_line": "string", "grandparent_command_line": "string", "grandparent_image_file_name": "string", "image_file_name": "string", "parent_command_line": "string", "parent_image_file_name": "string"}
response = falcon.command("ss_ioa_exclusions_new_rules_v2", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
aid := "string" command_line := "string" grandparent_command_line := "string" grandparent_image_file_name := "string" image_file_name := "string" parent_command_line := "string" parent_image_file_name := "string"
response, err := client.IoaExclusions.SsIoaExclusionsNewRulesV2( &ioa_exclusions.SsIoaExclusionsNewRulesV2Params{ Body: &models.DomainSsIoaExclusionsNewRuleReqV2{ Aid: &aid, CommandLine: &command_line, GrandparentCommandLine: &grandparent_command_line, GrandparentImageFileName: &grandparent_image_file_name, ImageFileName: &image_file_name, ParentCommandLine: &parent_command_line, ParentImageFileName: &parent_image_file_name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.ssIoaExclusionsNewRulesV2( { aid: "string", commandLine: "string", grandparentCommandLine: "string", grandparentImageFileName: "string", imageFileName: "string", parentCommandLine: "string", parentImageFileName: "string"} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
body = Falcon::DomainSsIoaExclusionsNewRuleReqV2.new( aid: 'string', command_line: 'string', grandparent_command_line: 'string', grandparent_image_file_name: 'string', image_file_name: 'string', parent_command_line: 'string', parent_image_file_name: 'string')
response = api.ss_ioa_exclusions_new_rules_v2(body)
puts responsess_ioa_exclusions_search_v2
Section titled “ss_ioa_exclusions_search_v2”Search for Self Service IOA Exclusions.
GET /exclusions/queries/ss-ioa-exclusions/v2
PEP 8
query_ss_exclusionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| cl_regex | query | string | The cl_regex expression to filter exclusions by. |
| filter | query | string | The filter expression that should be used to limit the results. |
| grandparent_cl_regex | query | string | The grandparent_cl_regex expression to filter exclusions by. |
| grandparent_ifn_regex | query | string | The grandparent_ifn_regex expression to filter exclusions by. |
| ifn_regex | query | string | The ifn_regex expression to filter exclusions by. |
| limit | query | integer | The maximum records to return. [1-500] |
| offset | query | integer | The offset to start retrieving records from. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
| parent_cl_regex | query | string | The parent_cl_regex expression to filter exclusions by. |
| parent_ifn_regex | query | string | The parent_ifn_regex expression to filter exclusions by. |
| sort | query | string | The sort expression that should be used to sort the results. |
Code Examples
Section titled “Code Examples”from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_ss_exclusions(filter="string", ifn_regex="string", cl_regex="string", parent_ifn_regex="string", parent_cl_regex="string", grandparent_ifn_regex="string", grandparent_cl_regex="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ss_ioa_exclusions_search_v2(filter="string", ifn_regex="string", cl_regex="string", parent_ifn_regex="string", parent_cl_regex="string", grandparent_ifn_regex="string", grandparent_cl_regex="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ss_ioa_exclusions_search_v2", filter="string", ifn_regex="string", cl_regex="string", parent_ifn_regex="string", parent_cl_regex="string", grandparent_ifn_regex="string", grandparent_cl_regex="string", offset=integer, limit=integer, sort="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ioa_exclusions")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" ifnRegex := "string" clRegex := "string" parentIfnRegex := "string" parentClRegex := "string" grandparentIfnRegex := "string" grandparentClRegex := "string" offset := int64(0) limit := int64(0) sort := "string"
response, err := client.IoaExclusions.SsIoaExclusionsSearchV2( &ioa_exclusions.SsIoaExclusionsSearchV2Params{ Filter: &filter, IfnRegex: &ifnRegex, ClRegex: &clRegex, ParentIfnRegex: &parentIfnRegex, ParentClRegex: &parentClRegex, GrandparentIfnRegex: &grandparentIfnRegex, GrandparentClRegex: &grandparentClRegex, Offset: &offset, Limit: &limit, Sort: &sort, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ioaExclusions.ssIoaExclusionsSearchV2( "string", // filter "string", // ifnRegex "string", // clRegex "string", // parentIfnRegex "string", // parentClRegex "string", // grandparentIfnRegex "string", // grandparentClRegex integer, // offset integer, // limit "string" // sort);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::IoaExclusions.new
response = api.ss_ioa_exclusions_search_v2(filter: 'string', ifn_regex: 'string', cl_regex: 'string', parent_ifn_regex: 'string', parent_cl_regex: 'string', grandparent_ifn_regex: 'string', grandparent_cl_regex: 'string', offset: integer, limit: integer, sort: 'string')
puts response