IT Automation
The IT Automation service collection provides operations for managing automation policies, executions, jobs, and templates. Create and manage workflows for automated IT processes across your CrowdStrike environment.
| Language | Last Update |
|---|---|
| Python | v1.6.1 |
| PowerShell | v2.2.9 |
| Go | v0.20.0 |
| TypeScript | v0.6.0 |
| Rust | v0.7.0 |
| Ruby | v1.2.0 |
Table of Contents
Section titled “Table of Contents”| Operation | Description |
|---|---|
ITAutomationGetAssociatedTasksget_associated_tasks | Retrieve tasks associated with the provided file ID |
ITAutomationCombinedScheduledTasksscheduled_task_details | Returns full details of scheduled tasks matching the filter query parameter |
ITAutomationRunLiveQueryrun_live_query | Start a new task execution from the provided query data in the request and return the initiated task executions |
ITAutomationGetTaskExecutionsByQueryget_executions_by_query | Retrieve task executions by query |
ITAutomationGetTaskGroupsByQueryget_task_groups_by_query | Retrieve task groups by query |
ITAutomationGetTasksByQueryget_tasks_by_query | Retrieve tasks by query |
ITAutomationGetPoliciesget_policies | Retrieve policies |
ITAutomationCreatePolicycreate_policy | Create a new policy of the specified type |
ITAutomationUpdatePoliciesupdate_policy | Update a new policy of the specified type |
ITAutomationDeletePolicydelete_policy | Delete a policy |
ITAutomationUpdatePolicyHostGroupsupdate_policy_host_groups | Update policy host groups |
ITAutomationUpdatePoliciesPrecedenceupdate_policies_precedence | Update policies precedence |
ITAutomationGetScheduledTasksget_scheduled_task | Retrieve scheduled tasks |
ITAutomationCreateScheduledTaskcreate_scheduled_task | Create a scheduled task from the given request |
ITAutomationUpdateScheduledTaskupdate_scheduled_task | Update an existing scheduled task with the supplied info |
ITAutomationDeleteScheduledTasksdelete_scheduled_task | Delete scheduled tasks |
ITAutomationCancelTaskExecutioncancel_execution | Cancel a task execution |
ITAutomationGetTaskExecutionHostStatusget_execution_host_status | Retrieve task execution host status |
ITAutomationRerunTaskExecutionrerun_execution | Rerun the task execution specified in the request |
ITAutomationGetExecutionResultsSearchStatusget_execution_results_search_status | Retrieve execution results search status |
ITAutomationStartExecutionResultsSearchexecution_results_search | Start an asynchronous task execution results search |
ITAutomationGetExecutionResultsget_execution_results | Retrieve execution results |
ITAutomationGetTaskExecutionget_execution | Retrieve a task execution |
ITAutomationStartTaskExecutionstart_execution | Start a new task execution from an existing task provided in the request and returns the initiated task executions |
ITAutomationGetTaskGroupsget_task_group | Retrieve task groups |
ITAutomationCreateTaskGroupcreate_task_group | Create a task group |
ITAutomationUpdateTaskGroupupdate_task_group | Update a task group for a given ID |
ITAutomationDeleteTaskGroupsdelete_task_groups | Delete task groups |
ITAutomationGetTasksget_tasks | Retrieve tasks |
ITAutomationCreateTaskcreate_task | Create a task with details from the given request |
ITAutomationUpdateTaskupdate_task | Update a task with details from the given request |
ITAutomationDeleteTaskdelete_task | Delete a task |
ITAutomationQueryPoliciesquery_policies | Query policies |
ITAutomationSearchScheduledTaskssearch_scheduled_tasks | Search scheduled tasks |
ITAutomationSearchTaskExecutionssearch_task_executions | Search task executions |
ITAutomationSearchTaskGroupssearch_task_groups | Search task groups |
ITAutomationSearchTaskssearch_tasks | Search tasks |
ITAutomationGetUserGroupget_user_group | Returns user groups for each provided id |
ITAutomationCreateUserGroupcreate_user_group | Creates a user group from the given request |
ITAutomationUpdateUserGroupupdate_user_group | Update a user group for a given id |
ITAutomationDeleteUserGroupdelete_user_groups | Deletes user groups for each provided ids |
ITAutomationSearchUserGroupsearch_user_groups | Returns the list of user group ids matching the filter query parameter. It can be used together with the entities endpoint to retrieve full information on user groups |
ITAutomationGetAssociatedTasks
Section titled “ITAutomationGetAssociatedTasks”Retrieve tasks associated with the provided file ID
GET /it-automation/combined/associated-tasks/v1
PEP 8
get_associated_tasksParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| id | query | string | The ID of the file to fetch associated tasks for |
| filter | query | string | The filter expression that should be used to limit the results |
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_associated_tasks(id="string", filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationGetAssociatedTasks(id="string", filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationGetAssociatedTasks", id="string", filter="string", sort="string", offset=integer, limit=integer)print(response)Get-FalconItFileTask -Id "string" ` -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" offset := int64(0) limit := int64(0)
response, err := client.ItAutomation.ITAutomationGetAssociatedTasks( &it_automation.ITAutomationGetAssociatedTasksParams{ ID: "string", Filter: &filter, Sort: &sort, Offset: &offset, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetAssociatedTasks( "string", // id "string", // filter "string", // sort integer, // offset integer // limit);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_associated_tasks;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_associated_tasks( &falcon.cfg, // configuration "string", // id Some("string"), // filter Some("string"), // sort Some(integer), // offset Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_associated_tasks('string')
puts responseITAutomationCombinedScheduledTasks
Section titled “ITAutomationCombinedScheduledTasks”Returns full details of scheduled tasks matching the filter query parameter
GET /it-automation/combined/scheduled-tasks/v1
PEP 8
scheduled_task_detailsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The filter expression that should be used to limit the results |
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.scheduled_task_details(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationCombinedScheduledTasks(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationCombinedScheduledTasks", filter="string", sort="string", offset=integer, limit=integer)print(response)Get-FalconItScheduledTask -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" offset := int64(0) limit := int64(0)
response, err := client.ItAutomation.ITAutomationCombinedScheduledTasks( &it_automation.ITAutomationCombinedScheduledTasksParams{ Filter: &filter, Sort: &sort, Offset: &offset, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationCombinedScheduledTasks( "string", // filter "string", // sort integer, // offset integer // limit);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_combined_scheduled_tasks;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_combined_scheduled_tasks( &falcon.cfg, // configuration Some("string"), // filter Some("string"), // sort Some(integer), // offset Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_combined_scheduled_tasks(filter: 'string', sort: 'string', offset: integer, limit: integer)
puts responseITAutomationRunLiveQuery
Section titled “ITAutomationRunLiveQuery”Start a new task execution from the provided query data in the request and return the initiated task executions
POST /it-automation/entities/live-query-execution/v1
PEP 8
run_live_queryParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload provided as a dictionary |
| discover_new_hosts | body | boolean | Flag indicating if this task can discover new hosts |
| discover_offline_hosts | body | boolean | Flag indicating if this task can discover offline hosts |
| distribute | body | boolean | Flag indicating if this task is distributed |
| expiration_interval | body | string | Task expiration interval |
| guardrails | body | dictionary | Task guardrails (limiters) |
| osquery | body | string | OS Query content |
| output_parser_config | body | dictionary | Output parser configuration |
| queries | body | dictionary | Queries to perform |
| target | body | string | Execution target |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.run_live_query(discover_new_hosts=boolean, discover_offline_hosts=boolean, distribute=boolean, expiration_interval="string", guardrails={}, osquery="string", output_parser_config={}, queries={}, target="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationRunLiveQuery(discover_new_hosts=boolean, discover_offline_hosts=boolean, distribute=boolean, expiration_interval="string", guardrails={}, osquery="string", output_parser_config={}, queries={}, target="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "composite_query": { "host_attributes": ["string"], "task_ids": ["string"] }, "discover_new_hosts": boolean, "discover_offline_hosts": boolean, "distribute": boolean, "expiration_interval": "string", "guardrails": { "run_time_limit_millis": integer }, "osquery": "string", "output_parser_config": { "columns": [ { "name": "string" } ], "default_group_by": boolean, "delimiter": "string" }, "queries": { "linux": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" }, "mac": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" }, "windows": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" } }, "rows_parser_config": { "delimiter": "string" }, "target": "string"}
response = falcon.command("ITAutomationRunLiveQuery", body=body_payload)print(response)Invoke-FalconItTask -Target "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
discover_new_hosts := boolean discover_offline_hosts := boolean distribute := boolean expiration_interval := "string" osquery := "string" target := "string"
response, err := client.ItAutomation.ITAutomationRunLiveQuery( &it_automation.ITAutomationRunLiveQueryParams{ Body: &models.ItautomationRunLiveQueryRequest{ CompositeQuery: &struct{}{}, DiscoverNewHosts: &discover_new_hosts, DiscoverOfflineHosts: &discover_offline_hosts, Distribute: &distribute, ExpirationInterval: &expiration_interval, Guardrails: &struct{}{}, Osquery: &osquery, OutputParserConfig: &struct{}{}, Queries: &struct{}{}, RowsParserConfig: &struct{}{}, Target: &target, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationRunLiveQuery( { compositeQuery: { hostAttributes: [], taskIds: [] }, discoverNewHosts: boolean, discoverOfflineHosts: boolean, distribute: boolean, expirationInterval: "string", guardrails: { runTimeLimitMillis: integer }, osquery: "string", outputParserConfig: { columns: [{ name: "string" }], defaultGroupBy: boolean, delimiter: "string" }, queries: { linux: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" }, mac: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" }, windows: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" } }, rowsParserConfig: { delimiter: "string" }, target: "string"} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_run_live_query;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationRunLiveQueryRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationRunLiveQueryRequest { target: Some("string".to_string()), ..Default::default() };
let response = i_t_automation_run_live_query( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationRunLiveQueryRequest.new( composite_query: { host_attributes: [], task_ids: [] }, discover_new_hosts: boolean, discover_offline_hosts: boolean, distribute: boolean, expiration_interval: 'string', guardrails: { run_time_limit_millis: integer }, osquery: 'string', output_parser_config: { columns: [{ name: 'string' }], default_group_by: boolean, delimiter: 'string' }, queries: { linux: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' }, mac: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' }, windows: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' } }, rows_parser_config: { delimiter: 'string' }, target: 'string')
response = api.i_t_automation_run_live_query(body)
puts responseITAutomationGetTaskExecutionsByQuery
Section titled “ITAutomationGetTaskExecutionsByQuery”Retrieve task executions by query
GET /it-automation/combined/task-executions/v1
PEP 8
get_executions_by_queryParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The filter expression that should be used to limit the results |
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_executions_by_query(filter="string", sort="string", offset=integer, limit="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationGetTaskExecutionsByQuery(filter="string", sort="string", offset=integer, limit="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationGetTaskExecutionsByQuery", filter="string", sort="string", offset=integer, limit=integer)print(response)Get-FalconItTaskExecution -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" offset := int64(0) limit := int64(0)
response, err := client.ItAutomation.ITAutomationGetTaskExecutionsByQuery( &it_automation.ITAutomationGetTaskExecutionsByQueryParams{ Filter: &filter, Sort: &sort, Offset: &offset, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetTaskExecutionsByQuery( "string", // filter "string", // sort integer, // offset integer // limit);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_task_executions_by_query;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_task_executions_by_query( &falcon.cfg, // configuration Some("string"), // filter Some("string"), // sort Some(integer), // offset Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_task_executions_by_query(filter: 'string', sort: 'string', offset: integer, limit: integer)
puts responseITAutomationGetTaskGroupsByQuery
Section titled “ITAutomationGetTaskGroupsByQuery”Retrieve task groups by query
GET /it-automation/combined/task-groups/v1
PEP 8
get_task_groups_by_queryParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The filter expression that should be used to limit the results |
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_task_groups_by_query(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationGetTaskGroupsByQuery(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationGetTaskGroupsByQuery", filter="string", sort="string", offset=integer, limit=integer)print(response)Get-FalconItTaskGroup -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" offset := int64(0) limit := int64(0)
response, err := client.ItAutomation.ITAutomationGetTaskGroupsByQuery( &it_automation.ITAutomationGetTaskGroupsByQueryParams{ Filter: &filter, Sort: &sort, Offset: &offset, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetTaskGroupsByQuery( "string", // filter "string", // sort integer, // offset integer // limit);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_task_groups_by_query;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_task_groups_by_query( &falcon.cfg, // configuration Some("string"), // filter Some("string"), // sort Some(integer), // offset Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_task_groups_by_query(filter: 'string', sort: 'string', offset: integer, limit: integer)
puts responseITAutomationGetTasksByQuery
Section titled “ITAutomationGetTasksByQuery”Retrieve tasks by query
GET /it-automation/combined/tasks/v1
PEP 8
get_tasks_by_queryParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The filter expression that should be used to limit the results |
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_tasks_by_query(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationGetTasksByQuery(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationGetTasksByQuery", filter="string", sort="string", offset=integer, limit=integer)print(response)Get-FalconItTask -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" offset := int64(0) limit := int64(0)
response, err := client.ItAutomation.ITAutomationGetTasksByQuery( &it_automation.ITAutomationGetTasksByQueryParams{ Filter: &filter, Sort: &sort, Offset: &offset, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetTasksByQuery( "string", // filter "string", // sort integer, // offset integer // limit);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_tasks_by_query;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_tasks_by_query( &falcon.cfg, // configuration Some("string"), // filter Some("string"), // sort Some(integer), // offset Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_tasks_by_query(filter: 'string', sort: 'string', offset: integer, limit: integer)
puts responseITAutomationGetPolicies
Section titled “ITAutomationGetPolicies”Retrieve policies
GET /it-automation/entities/policies/v1
PEP 8
get_policiesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | One or more policy IDs |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policies(ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationGetPolicies(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationGetPolicies", ids=id_list)print(response)Get-FalconItPolicy -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationGetPolicies( &it_automation.ITAutomationGetPoliciesParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetPolicies(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_policies;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_policies( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_policies(['ID1', 'ID2', 'ID3'])
puts responseITAutomationCreatePolicy
Section titled “ITAutomationCreatePolicy”Create a new policy of the specified type
New policies are always added at the end of the precedence list for the provided policy type.
POST /it-automation/entities/policies/v1
PEP 8
create_policyParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| name | body | string | Policy name. Max: 100 characters |
| description | body | string | Policy description. Max: 500 characters |
| platform | body | string | Execution host platform. Allowed values: Windows, Linux, Mac |
| enable_script_execution | body | boolean | Enable or disable script execution |
| enable_python_execution | body | boolean | Enable or disable Python execution |
| enable_os_query | body | boolean | Enable or disable OS Query |
| execution_timeout | body | integer | Specifies the timeout value for executions |
| execution_timeout_unit | body | string | Execution timeout unit. Allowed values: Hours, Minutes |
| cpu_throttle | body | integer | Specifies the CPU throttle value |
| cpu_scheduling | body | string | Sets priority to determine the order in which a query process will run on a host’s CPU |
| memory_pressure_level | body | string | Sets memory pressure level to control system resource allocation during task execution |
| memory_allocation | body | integer | Specifies the memory allocation value |
| memory_allocation_unit | body | string | Memory allocation unit. Allowed values: MB, GB |
| concurrent_host_limit | body | integer | Specifies the maximum number of concurrent hosts |
| concurrent_task_limit | body | integer | Specifies the maximum number of concurrent tasks |
| concurrent_host_file_transfer_limit | body | integer | Specifies the maximum number of concurrent file transfers |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_policy(name="string", description="string", platform="string", enable_script_execution=boolean, enable_python_execution=boolean, enable_os_query=boolean, execution_timeout=integer, execution_timeout_unit="string", cpu_throttle=integer, cpu_scheduling="string", memory_pressure_level="string", memory_allocation=integer, memory_allocation_unit="string", concurrent_host_limit=integer, concurrent_task_limit=integer, concurrent_host_file_transfer_limit=integer)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationCreatePolicy(name="string", description="string", platform="string", enable_script_execution=boolean, enable_python_execution=boolean, enable_os_query=boolean, execution_timeout=integer, execution_timeout_unit="string", cpu_throttle=integer, cpu_scheduling="string", memory_pressure_level="string", memory_allocation=integer, memory_allocation_unit="string", concurrent_host_limit=integer, concurrent_task_limit=integer, concurrent_host_file_transfer_limit=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "config": { "concurrency": { "concurrent_host_file_transfer_limit": integer, "concurrent_host_limit": integer, "concurrent_task_limit": integer }, "execution": { "enable_os_query": boolean, "enable_python_execution": boolean, "enable_script_execution": boolean, "execution_timeout": integer, "execution_timeout_unit": "string" }, "resources": { "cpu_scheduling": "string", "cpu_throttle": integer, "memory_allocation": integer, "memory_allocation_unit": "string", "memory_pressure_level": "string" } }, "description": "string", "name": "string", "platform": "string"}
response = falcon.command("ITAutomationCreatePolicy", body=body_payload)print(response)New-FalconItPolicy -Name "string" -Platform "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string" name := "string" platform := "string"
response, err := client.ItAutomation.ITAutomationCreatePolicy( &it_automation.ITAutomationCreatePolicyParams{ Body: &models.ItautomationCreatePolicyRequest{ Config: &struct{}{}, Description: &description, Name: &name, Platform: &platform, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationCreatePolicy( { config: { concurrency: { concurrentHostFileTransferLimit: integer, concurrentHostLimit: integer, concurrentTaskLimit: integer }, execution: { enableOsQuery: boolean, enablePythonExecution: boolean, enableScriptExecution: boolean, executionTimeout: integer, executionTimeoutUnit: "string" }, resources: { cpuScheduling: "string", cpuThrottle: integer, memoryAllocation: integer, memoryAllocationUnit: "string", memoryPressureLevel: "string" } }, description: "string", name: "string", platform: "string"} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_create_policy;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationCreatePolicyRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationCreatePolicyRequest { description: Some("string".to_string()), platform: Some("string".to_string()), ..Default::default() };
let response = i_t_automation_create_policy( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = { config: { concurrency: { concurrent_host_file_transfer_limit: integer, concurrent_host_limit: integer, concurrent_task_limit: integer }, execution: { enable_os_query: boolean, enable_python_execution: boolean, enable_script_execution: boolean, execution_timeout: integer, execution_timeout_unit: 'string' }, resources: { cpu_scheduling: 'string', cpu_throttle: integer, memory_allocation: integer, memory_allocation_unit: 'string', memory_pressure_level: 'string' } }, description: 'string', name: 'string', platform: 'string'}
response = api.i_t_automation_create_policy(body)
puts responseITAutomationUpdatePolicies
Section titled “ITAutomationUpdatePolicies”Update a new policy of the specified type
PATCH /it-automation/entities/policies/v1
PEP 8
update_policyParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| id | body | string | A valid policy ID representing the policy to be updated. Required |
| name | body | string | Policy name. Max: 100 characters |
| description | body | string | Policy description. Max: 500 characters |
| is_enabled | body | boolean | Flag controlling whether the policy is active |
| enable_script_execution | body | boolean | Enable or disable script execution |
| enable_python_execution | body | boolean | Enable or disable Python execution |
| enable_os_query | body | boolean | Enable or disable OS Query |
| execution_timeout | body | integer | Specifies the timeout value for executions |
| execution_timeout_unit | body | string | Execution timeout unit. Allowed values: Hours, Minutes |
| cpu_throttle | body | integer | Specifies the CPU throttle value |
| cpu_scheduling | body | string | Sets priority to determine the order in which a query process will run on a host’s CPU |
| memory_pressure_level | body | string | Sets memory pressure level to control system resource allocation during task execution |
| memory_allocation | body | integer | Specifies the memory allocation value |
| memory_allocation_unit | body | string | Memory allocation unit. Allowed values: MB, GB |
| concurrent_host_limit | body | integer | Specifies the maximum number of concurrent hosts |
| concurrent_task_limit | body | integer | Specifies the maximum number of concurrent tasks |
| concurrent_host_file_transfer_limit | body | integer | Specifies the maximum number of concurrent file transfers |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_policy(id="string", name="string", description="string", is_enabled=boolean, enable_script_execution=boolean, enable_python_execution=boolean, enable_os_query=boolean, execution_timeout=integer, execution_timeout_unit="string", cpu_throttle=integer, cpu_scheduling="string", memory_pressure_level="string", memory_allocation=integer, memory_allocation_unit="string", concurrent_host_limit=integer, concurrent_task_limit=integer, concurrent_host_file_transfer_limit=integer)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationUpdatePolicies(id="string", name="string", description="string", is_enabled=boolean, enable_script_execution=boolean, enable_python_execution=boolean, enable_os_query=boolean, execution_timeout=integer, execution_timeout_unit="string", cpu_throttle=integer, cpu_scheduling="string", memory_pressure_level="string", memory_allocation=integer, memory_allocation_unit="string", concurrent_host_limit=integer, concurrent_task_limit=integer, concurrent_host_file_transfer_limit=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "config": { "concurrency": { "concurrent_host_file_transfer_limit": integer, "concurrent_host_limit": integer, "concurrent_task_limit": integer }, "execution": { "enable_os_query": boolean, "enable_python_execution": boolean, "enable_script_execution": boolean, "execution_timeout": integer, "execution_timeout_unit": "string" }, "resources": { "cpu_scheduling": "string", "cpu_throttle": integer, "memory_allocation": integer, "memory_allocation_unit": "string", "memory_pressure_level": "string" } }, "description": "string", "id": "string", "is_enabled": boolean, "name": "string"}
response = falcon.command("ITAutomationUpdatePolicies", body=body_payload)print(response)Edit-FalconItPolicy -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string" id := "string" is_enabled := boolean name := "string"
response, err := client.ItAutomation.ITAutomationUpdatePolicies( &it_automation.ITAutomationUpdatePoliciesParams{ Body: &models.ItautomationUpdatePolicyRequest{ Config: &struct{}{}, Description: &description, ID: &id, IsEnabled: &is_enabled, Name: &name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationUpdatePolicies( { config: { concurrency: { concurrentHostFileTransferLimit: integer, concurrentHostLimit: integer, concurrentTaskLimit: integer }, execution: { enableOsQuery: boolean, enablePythonExecution: boolean, enableScriptExecution: boolean, executionTimeout: integer, executionTimeoutUnit: "string" }, resources: { cpuScheduling: "string", cpuThrottle: integer, memoryAllocation: integer, memoryAllocationUnit: "string", memoryPressureLevel: "string" } }, description: "string", id: "string", isEnabled: boolean, name: "string"} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_update_policies;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationUpdatePolicyRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationUpdatePolicyRequest { ..Default::default() };
let response = i_t_automation_update_policies( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = { config: { concurrency: { concurrent_host_file_transfer_limit: integer, concurrent_host_limit: integer, concurrent_task_limit: integer }, execution: { enable_os_query: boolean, enable_python_execution: boolean, enable_script_execution: boolean, execution_timeout: integer, execution_timeout_unit: 'string' }, resources: { cpu_scheduling: 'string', cpu_throttle: integer, memory_allocation: integer, memory_allocation_unit: 'string', memory_pressure_level: 'string' } }, description: 'string', id: 'string', is_enabled: boolean, name: 'string'}
response = api.i_t_automation_update_policies(body)
puts responseITAutomationDeletePolicy
Section titled “ITAutomationDeletePolicy”Delete a policy
DELETE /it-automation/entities/policies/v1
PEP 8
delete_policyParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | One or more policy IDs to delete |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_policy(ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationDeletePolicy(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationDeletePolicy", ids=id_list)print(response)Remove-FalconItPolicy -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationDeletePolicy( &it_automation.ITAutomationDeletePolicyParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationDeletePolicy(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_delete_policy;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_delete_policy( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_delete_policy(['ID1', 'ID2', 'ID3'])
puts responseITAutomationUpdatePolicyHostGroups
Section titled “ITAutomationUpdatePolicyHostGroups”Update policy host groups
PATCH /it-automation/entities/policies-host-groups/v1
PEP 8
update_policy_host_groupsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| policy_id | body | string | Policy ID |
| host_group_ids | body | array | List of host group IDs |
| action | body | string | Action to perform |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_policy_host_groups(action="string", host_group_ids=id_list, policy_id="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationUpdatePolicyHostGroups(action="string", host_group_ids=id_list, policy_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "action": "string", "host_group_ids": ["string"], "policy_id": "string"}
response = falcon.command("ITAutomationUpdatePolicyHostGroups", body=body_payload)print(response)Remove-FalconItHostGroup -PolicyId "string" -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
action := "string" policy_id := "string"
response, err := client.ItAutomation.ITAutomationUpdatePolicyHostGroups( &it_automation.ITAutomationUpdatePolicyHostGroupsParams{ Body: &models.ItautomationUpdatePoliciesHostGroupsRequest{ Action: &action, HostGroupIds: []string{"string"}, PolicyID: &policy_id, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationUpdatePolicyHostGroups( { action: "string", hostGroupIds: [], policyId: "string"} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_update_policy_host_groups;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationUpdatePoliciesHostGroupsRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationUpdatePoliciesHostGroupsRequest { action: Some("string".to_string()), host_group_ids: vec!["string".to_string()], policy_id: Some("string".to_string()), ..Default::default() };
let response = i_t_automation_update_policy_host_groups( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationUpdatePoliciesHostGroupsRequest.new( action: 'string', host_group_ids: [], policy_id: 'string')
response = api.i_t_automation_update_policy_host_groups(body)
puts responseITAutomationUpdatePoliciesPrecedence
Section titled “ITAutomationUpdatePoliciesPrecedence”Update policies precedence
PATCH /it-automation/entities/policies-precedence/v1
PEP 8
update_policies_precedenceParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| ids | body | array | List of policy IDs in precedence order |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
| platform | query | string | The policy platform for which to set the precedence order |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_policies_precedence(ids=id_list, platform="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationUpdatePoliciesPrecedence(ids=id_list, platform="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "ids": ["string"]}
response = falcon.command("ITAutomationUpdatePoliciesPrecedence", platform="string", body=body_payload)print(response)Set-FalconItPolicyPrecedence -Platform "string" -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationUpdatePoliciesPrecedence( &it_automation.ITAutomationUpdatePoliciesPrecedenceParams{ Body: &models.ItautomationUpdatePoliciesPrecedenceRequest{ Ids: []string{"string"}, }, Platform: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationUpdatePoliciesPrecedence( "string", // platform { // body ids: [] });
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_update_policies_precedence;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationUpdatePoliciesPrecedenceRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationUpdatePoliciesPrecedenceRequest { ids: vec!["string".to_string()], ..Default::default() };
let response = i_t_automation_update_policies_precedence( &falcon.cfg, // configuration "string", // platform body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationUpdatePoliciesPrecedenceRequest.new( ids: [])
response = api.i_t_automation_update_policies_precedence(body, 'string')
puts responseITAutomationGetScheduledTasks
Section titled “ITAutomationGetScheduledTasks”Retrieve scheduled tasks
GET /it-automation/entities/scheduled-tasks/v1
PEP 8
get_scheduled_taskParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | One or more scheduled task IDs |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scheduled_task(ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationGetScheduledTasks(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationGetScheduledTasks", ids=id_list)print(response)Get-FalconItScheduledTask -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationGetScheduledTasks( &it_automation.ITAutomationGetScheduledTasksParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetScheduledTasks(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_scheduled_tasks;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_scheduled_tasks( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_scheduled_tasks(['ID1', 'ID2', 'ID3'])
puts responseITAutomationCreateScheduledTask
Section titled “ITAutomationCreateScheduledTask”Create a scheduled task from the given request
POST /it-automation/entities/scheduled-tasks/v1
PEP 8
create_scheduled_taskParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload provided as a dictionary |
| execution_args | body | dictionary | Arguments to provide to the task when executed |
| discover_new_hosts | body | boolean | Allow the task to discover new hosts |
| discover_offline_hosts | body | boolean | Allow the task to discover offline hosts |
| distribute | body | boolean | Distribute the task |
| expiration_interval | body | string | Task expiration interval |
| guardrails | body | dictionary | Task execution guardrails (limiters) |
| id | body | string | The id of the scheduled task to update |
| is_active | body | boolean | Flag indicating if the task is active |
| schedule | body | dictionary | Task schedule |
| target | body | string | Task target |
| task_id | body | string | Task ID |
| trigger_condition | body | list of dictionaries | Task trigger conditions |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_scheduled_task(arguments={}, discover_new_hosts=boolean, discover_offline_hosts=boolean, distribute=boolean, expiration_interval="string", guardrails={}, id="string", is_active=boolean, schedule={}, target="string", task_id="string", trigger_condition=[{"key": "value"}])print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationCreateScheduledTask(arguments={}, discover_new_hosts=boolean, discover_offline_hosts=boolean, distribute=boolean, expiration_interval="string", guardrails={}, id="string", is_active=boolean, schedule={}, target="string", task_id="string", trigger_condition=[{"key": "value"}])print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "discover_new_hosts": boolean, "discover_offline_hosts": boolean, "distribute": boolean, "execution_args": {}, "expiration_interval": "string", "guardrails": { "run_time_limit_millis": integer }, "is_active": boolean, "schedule": { "day_of_month": integer, "days_of_week": ["string"], "end_time": "string", "frequency": "string", "interval": integer, "start_time": "string", "time": "string", "timezone": "string" }, "schedule_name": "string", "target": "string", "task_id": "string", "trigger_condition": [ { "groups": [ { "groups": ["string"], "operator": "string", "statements": ["string"] } ], "operator": "string", "statements": [ { "data_comparator": "string", "data_type": "string", "key": "string", "task_id": "string", "value": "string" } ] } ]}
response = falcon.command("ITAutomationCreateScheduledTask", body=body_payload)print(response)New-FalconItScheduledTask -TaskId "string" ` -Target "string" ` -Schedule @{} ` -Enabled $booleanpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
discover_new_hosts := boolean discover_offline_hosts := boolean distribute := boolean expiration_interval := "string" is_active := boolean schedule_name := "string" target := "string" task_id := "string" operator := "string" data_comparator := "string" data_type := "string" key := "string" value := "string"
response, err := client.ItAutomation.ITAutomationCreateScheduledTask( &it_automation.ITAutomationCreateScheduledTaskParams{ Body: &models.ItautomationCreateScheduledTaskRequest{ DiscoverNewHosts: &discover_new_hosts, DiscoverOfflineHosts: &discover_offline_hosts, Distribute: &distribute, ExecutionArgs: &struct{}{}, ExpirationInterval: &expiration_interval, Guardrails: &struct{}{}, IsActive: &is_active, Schedule: &struct{}{}, ScheduleName: &schedule_name, Target: &target, TaskID: &task_id, TriggerCondition: []interface{}{ { Groups: []interface{}{ { Groups: []interface{}{}, Operator: &operator, Statements: []interface{}{}, }, }, Operator: &operator, Statements: []interface{}{ { DataComparator: &data_comparator, DataType: &data_type, Key: &key, TaskID: &task_id, Value: &value, }, }, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationCreateScheduledTask( { discoverNewHosts: boolean, discoverOfflineHosts: boolean, distribute: boolean, executionArgs: {}, expirationInterval: "string", guardrails: { runTimeLimitMillis: integer }, isActive: boolean, schedule: { dayOfMonth: integer, daysOfWeek: [], endTime: "string", frequency: "string", interval: integer, startTime: "string", time: "string", timezone: "string" }, scheduleName: "string", target: "string", taskId: "string", triggerCondition: [{ groups: [{ groups: [], operator: "string", statements: [] }], operator: "string", statements: [{ dataComparator: "string", dataType: "string", key: "string", taskId: "string", value: "string" }] }]} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_create_scheduled_task;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationCreateScheduledTaskRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationCreateScheduledTaskRequest { is_active: Some(boolean), schedule: Default::default(), target: Some("string".to_string()), task_id: Some("string".to_string()), ..Default::default() };
let response = i_t_automation_create_scheduled_task( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationCreateScheduledTaskRequest.new( discover_new_hosts: boolean, discover_offline_hosts: boolean, distribute: boolean, execution_args: {}, expiration_interval: 'string', guardrails: { run_time_limit_millis: integer }, is_active: boolean, schedule: { day_of_month: integer, days_of_week: [], end_time: 'string', frequency: 'string', interval: integer, start_time: 'string', time: 'string', timezone: 'string' }, schedule_name: 'string', target: 'string', task_id: 'string', trigger_condition: [{ groups: [{ groups: [], operator: 'string', statements: [] }], operator: 'string', statements: [{ data_comparator: 'string', data_type: 'string', key: 'string', task_id: 'string', value: 'string' }] }])
response = api.i_t_automation_create_scheduled_task(body)
puts responseITAutomationUpdateScheduledTask
Section titled “ITAutomationUpdateScheduledTask”Update an existing scheduled task with the supplied info
PATCH /it-automation/entities/scheduled-tasks/v1
PEP 8
update_scheduled_taskParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| discover_new_hosts | body | boolean | Allow the task to discover new hosts |
| discover_offline_hosts | body | boolean | Allow the task to discover offline hosts |
| distribute | body | boolean | Distribute the task |
| execution_args | body | dictionary | Arguments to provide to the task when executed |
| expiration_interval | body | string | Task expiration interval |
| guardrails | body | dictionary | Task execution guardrails (limiters) |
| id | query | string | The id of the scheduled task to update |
| is_active | body | boolean | Flag indicating if the task is active |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
| schedule | body | dictionary | Task schedule |
| target | body | string | Task target |
| task_id | body | string | Task ID |
| trigger_condition | body | list of dictionaries | Task trigger conditions |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_scheduled_task(discover_new_hosts=boolean, discover_offline_hosts=boolean, distribute=boolean, execution_args={}, expiration_interval="string", guardrails={}, id="string", is_active=boolean, schedule={}, target="string", task_id="string", trigger_condition=[{"key": "value"}])print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationUpdateScheduledTask(discover_new_hosts=boolean, discover_offline_hosts=boolean, distribute=boolean, execution_args={}, expiration_interval="string", guardrails={}, id="string", is_active=boolean, schedule={}, target="string", task_id="string", trigger_condition=[{"key": "value"}])print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "discover_new_hosts": boolean, "discover_offline_hosts": boolean, "distribute": boolean, "execution_args": {}, "expiration_interval": "string", "guardrails": { "run_time_limit_millis": integer }, "is_active": boolean, "schedule": { "day_of_month": integer, "days_of_week": ["string"], "end_time": "string", "frequency": "string", "interval": integer, "start_time": "string", "time": "string", "timezone": "string" }, "schedule_name": "string", "target": "string", "task_id": "string", "trigger_condition": [ { "groups": [ { "groups": ["string"], "operator": "string", "statements": ["string"] } ], "operator": "string", "statements": [ { "data_comparator": "string", "data_type": "string", "key": "string", "task_id": "string", "value": "string" } ] } ]}
response = falcon.command("ITAutomationUpdateScheduledTask", id="string", body=body_payload)print(response)Edit-FalconItScheduledTask -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
discover_new_hosts := boolean discover_offline_hosts := boolean distribute := boolean expiration_interval := "string" is_active := boolean schedule_name := "string" target := "string" task_id := "string" operator := "string" data_comparator := "string" data_type := "string" key := "string" value := "string"
response, err := client.ItAutomation.ITAutomationUpdateScheduledTask( &it_automation.ITAutomationUpdateScheduledTaskParams{ Body: &models.ItautomationUpdateScheduledTaskRequest{ DiscoverNewHosts: &discover_new_hosts, DiscoverOfflineHosts: &discover_offline_hosts, Distribute: &distribute, ExecutionArgs: &struct{}{}, ExpirationInterval: &expiration_interval, Guardrails: &struct{}{}, IsActive: &is_active, Schedule: &struct{}{}, ScheduleName: &schedule_name, Target: &target, TaskID: &task_id, TriggerCondition: []interface{}{ { Groups: []interface{}{ { Groups: []interface{}{}, Operator: &operator, Statements: []interface{}{}, }, }, Operator: &operator, Statements: []interface{}{ { DataComparator: &data_comparator, DataType: &data_type, Key: &key, TaskID: &task_id, Value: &value, }, }, }, }, }, ID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationUpdateScheduledTask( "string", // id { // body discoverNewHosts: boolean, discoverOfflineHosts: boolean, distribute: boolean, executionArgs: {}, expirationInterval: "string", guardrails: { runTimeLimitMillis: integer }, isActive: boolean, schedule: { dayOfMonth: integer, daysOfWeek: [], endTime: "string", frequency: "string", interval: integer, startTime: "string", time: "string", timezone: "string" }, scheduleName: "string", target: "string", taskId: "string", triggerCondition: [{ groups: [{ groups: [], operator: "string", statements: [] }], operator: "string", statements: [{ dataComparator: "string", dataType: "string", key: "string", taskId: "string", value: "string" }] }] });
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_update_scheduled_task;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationUpdateScheduledTaskRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationUpdateScheduledTaskRequest { ..Default::default() };
let response = i_t_automation_update_scheduled_task( &falcon.cfg, // configuration "string", // id body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationUpdateScheduledTaskRequest.new( discover_new_hosts: boolean, discover_offline_hosts: boolean, distribute: boolean, execution_args: {}, expiration_interval: 'string', guardrails: { run_time_limit_millis: integer }, is_active: boolean, schedule: { day_of_month: integer, days_of_week: [], end_time: 'string', frequency: 'string', interval: integer, start_time: 'string', time: 'string', timezone: 'string' }, schedule_name: 'string', target: 'string', task_id: 'string', trigger_condition: [{ groups: [{ groups: [], operator: 'string', statements: [] }], operator: 'string', statements: [{ data_comparator: 'string', data_type: 'string', key: 'string', task_id: 'string', value: 'string' }] }])
response = api.i_t_automation_update_scheduled_task(body, 'string')
puts responseITAutomationDeleteScheduledTasks
Section titled “ITAutomationDeleteScheduledTasks”Delete scheduled tasks
DELETE /it-automation/entities/scheduled-tasks/v1
PEP 8
delete_scheduled_taskParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | One or more scheduled task IDs to delete |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_scheduled_task(ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationDeleteScheduledTasks(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationDeleteScheduledTasks", ids=id_list)print(response)Remove-FalconItScheduledTask -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationDeleteScheduledTasks( &it_automation.ITAutomationDeleteScheduledTasksParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationDeleteScheduledTasks(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_delete_scheduled_tasks;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_delete_scheduled_tasks( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_delete_scheduled_tasks(['ID1', 'ID2', 'ID3'])
puts responseITAutomationCancelTaskExecution
Section titled “ITAutomationCancelTaskExecution”Cancel a task execution
POST /it-automation/entities/task-execution-cancel/v1
PEP 8
cancel_executionParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| task_execution_id | body | string | Task execution ID |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.cancel_execution(task_execution_id="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationCancelTaskExecution(task_execution_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "task_execution_id": "string"}
response = falcon.command("ITAutomationCancelTaskExecution", body=body_payload)print(response)Stop-FalconItTaskExecution -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
task_execution_id := "string"
response, err := client.ItAutomation.ITAutomationCancelTaskExecution( &it_automation.ITAutomationCancelTaskExecutionParams{ Body: &models.ItautomationCancelTaskExecutionRequest{ TaskExecutionID: &task_execution_id, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationCancelTaskExecution( { taskExecutionId: "string"} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_cancel_task_execution;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationCancelTaskExecutionRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationCancelTaskExecutionRequest { task_execution_id: Some("string".to_string()), ..Default::default() };
let response = i_t_automation_cancel_task_execution( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationCancelTaskExecutionRequest.new( task_execution_id: 'string')
response = api.i_t_automation_cancel_task_execution(body)
puts responseITAutomationGetTaskExecutionHostStatus
Section titled “ITAutomationGetTaskExecutionHostStatus”Retrieve task execution host status
GET /it-automation/entities/task-execution-host-status/v1
PEP 8
get_execution_host_statusParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Task execution ID |
| filter | query | string | The filter expression that should be used to limit the results |
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_execution_host_status(ids=id_list, filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationGetTaskExecutionHostStatus(ids=id_list, filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationGetTaskExecutionHostStatus", ids=id_list, filter="string", sort="string", offset=integer, limit=integer)print(response)Get-FalconItHostExecution -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" offset := int64(0) limit := int64(0)
response, err := client.ItAutomation.ITAutomationGetTaskExecutionHostStatus( &it_automation.ITAutomationGetTaskExecutionHostStatusParams{ Ids: []string{"ID1", "ID2", "ID3"}, Filter: &filter, Sort: &sort, Offset: &offset, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetTaskExecutionHostStatus( ["ID1", "ID2", "ID3"], // ids "string", // filter "string", // sort integer, // offset integer // limit);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_task_execution_host_status;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_task_execution_host_status( &falcon.cfg, // configuration vec!["string".to_string()], // ids Some("string"), // filter Some("string"), // sort Some(integer), // offset Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_task_execution_host_status(['ID1', 'ID2', 'ID3'])
puts responseITAutomationRerunTaskExecution
Section titled “ITAutomationRerunTaskExecution”Rerun the task execution specified in the request
POST /it-automation/entities/task-execution-rerun/v1
PEP 8
rerun_executionParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| run_type | body | string | Task run type |
| task_execution_id | body | string | Task execution ID |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.rerun_execution(run_type="string", task_execution_id="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationRerunTaskExecution(run_type="string", task_execution_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "run_type": "string", "task_execution_id": "string"}
response = falcon.command("ITAutomationRerunTaskExecution", body=body_payload)print(response)Redo-FalconItTaskExecution -RunType "string" -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
run_type := "string" task_execution_id := "string"
response, err := client.ItAutomation.ITAutomationRerunTaskExecution( &it_automation.ITAutomationRerunTaskExecutionParams{ Body: &models.ItautomationRerunTaskExecutionRequest{ RunType: &run_type, TaskExecutionID: &task_execution_id, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationRerunTaskExecution( { runType: "string", taskExecutionId: "string"} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_rerun_task_execution;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationRerunTaskExecutionRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationRerunTaskExecutionRequest { run_type: Some("string".to_string()), task_execution_id: Some("string".to_string()), ..Default::default() };
let response = i_t_automation_rerun_task_execution( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationRerunTaskExecutionRequest.new( run_type: 'string', task_execution_id: 'string')
response = api.i_t_automation_rerun_task_execution(body)
puts responseITAutomationGetExecutionResultsSearchStatus
Section titled “ITAutomationGetExecutionResultsSearchStatus”Retrieve execution results search status
GET /it-automation/entities/task-execution-results-search/v1
PEP 8
get_execution_results_search_statusParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| id | query | string | Search ID |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_execution_results_search_status(id="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationGetExecutionResultsSearchStatus(id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationGetExecutionResultsSearchStatus", id="string")print(response)Get-FalconItTaskExecutionSearch -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationGetExecutionResultsSearchStatus( &it_automation.ITAutomationGetExecutionResultsSearchStatusParams{ ID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetExecutionResultsSearchStatus("string"); // id
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_execution_results_search_status;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_execution_results_search_status( &falcon.cfg, // configuration "string", // id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_execution_results_search_status('string')
puts responseITAutomationStartExecutionResultsSearch
Section titled “ITAutomationStartExecutionResultsSearch”Start an asynchronous task execution results search
Poll ITAutomationGetExecutionResultsSearchStatus to determine when the search is complete.
POST /it-automation/entities/task-execution-results-search/v1
PEP 8
execution_results_searchParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| end | body | string | Task end |
| filter_expressions | body | string or list of strings | Filter expressions to apply |
| group_by_fields | body | string or list of strings | Fields to use to group results |
| start | body | string | Task start |
| task_execution_id | body | string | Task execution ID |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.execution_results_search(end="string", filter_expressions=id_list, group_by_fields=id_list, start="string", task_execution_id="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationStartExecutionResultsSearch(end="string", filter_expressions=id_list, group_by_fields=id_list, start="string", task_execution_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "filter_expressions": ["string"], "group_by_fields": ["string"], "search_end": "string", "search_start": "string", "task_execution_id": "string"}
response = falcon.command("ITAutomationStartExecutionResultsSearch", body=body_payload)print(response)Search-FalconItTaskExecution -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
search_end := "string" search_start := "string" task_execution_id := "string"
response, err := client.ItAutomation.ITAutomationStartExecutionResultsSearch( &it_automation.ITAutomationStartExecutionResultsSearchParams{ Body: &models.ItautomationSearchRequest{ FilterExpressions: []string{"string"}, GroupByFields: []string{"string"}, SearchEnd: &search_end, SearchStart: &search_start, TaskExecutionID: &task_execution_id, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationStartExecutionResultsSearch( { filterExpressions: [], groupByFields: [], searchEnd: "string", searchStart: "string", taskExecutionId: "string"} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_start_execution_results_search;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationSearchRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationSearchRequest { search_end: Some("string".to_string()), search_start: Some("string".to_string()), task_execution_id: Some("string".to_string()), ..Default::default() };
let response = i_t_automation_start_execution_results_search( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationSearchRequest.new( filter_expressions: [], group_by_fields: [], search_end: 'string', search_start: 'string', task_execution_id: 'string')
response = api.i_t_automation_start_execution_results_search(body)
puts responseITAutomationGetExecutionResults
Section titled “ITAutomationGetExecutionResults”Retrieve execution results
GET /it-automation/entities/task-execution-results/v1
PEP 8
get_execution_resultsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| id | query | string | Search ID |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| sort | query | string | Sort results by one of the fields in the event results, either asc (ascending) or desc (descending) |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_execution_results(id="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationGetExecutionResults(id="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationGetExecutionResults", id="string", offset=integer, limit=integer, sort="string")print(response)Get-FalconItTaskExecutionSearch -Id "string" -HostResult $booleanpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
offset := int64(0) limit := int64(0) sort := "string"
response, err := client.ItAutomation.ITAutomationGetExecutionResults( &it_automation.ITAutomationGetExecutionResultsParams{ ID: "string", Offset: &offset, Limit: &limit, Sort: &sort, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetExecutionResults( "string", // id integer, // offset integer, // limit "string" // sort);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_execution_results;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_execution_results( &falcon.cfg, // configuration "string", // id Some(integer), // offset Some(integer), // limit Some("string"), // sort ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_execution_results('string')
puts responseITAutomationGetTaskExecution
Section titled “ITAutomationGetTaskExecution”Retrieve a task execution
GET /it-automation/entities/task-executions/v1
PEP 8
get_executionParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | Task execution ID |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_execution(ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationGetTaskExecution(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationGetTaskExecution", ids=id_list)print(response)Get-FalconItTaskExecution -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationGetTaskExecution( &it_automation.ITAutomationGetTaskExecutionParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetTaskExecution(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_task_execution;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_task_execution( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_task_execution(['ID1', 'ID2', 'ID3'])
puts responseITAutomationStartTaskExecution
Section titled “ITAutomationStartTaskExecution”Start a new task execution from an existing task provided in the request and returns the initiated task executions
POST /it-automation/entities/task-executions/v1
PEP 8
start_executionParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| arguments | body | dictionary | Arguments to pass to the execution |
| body | body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| discover_new_hosts | body | boolean | Allow the task execution to discover new hosts |
| discover_offline_hosts | body | boolean | Allow the task execution to discover offline hosts |
| distribute | body | boolean | Distribute this task |
| expiration_interval | body | string | Task expiration interval |
| guardrails | body | dictionary | Task execution guardrails (limiters) |
| target | body | string | Task target |
| task_id | body | string | Task ID |
| trigger_conditions | body | list of dictionaries | List of task triggers |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.start_execution(arguments={}, discover_new_hosts=boolean, discover_offline_hosts=boolean, distribute=boolean, expiration_interval="string", guardrails={}, target="string", task_id="string", trigger_conditions=[{"key": "value"}])print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationStartTaskExecution(arguments={}, discover_new_hosts=boolean, discover_offline_hosts=boolean, distribute=boolean, expiration_interval="string", guardrails={}, target="string", task_id="string", trigger_conditions=[{"key": "value"}])print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "discover_new_hosts": boolean, "discover_offline_hosts": boolean, "distribute": boolean, "execution_args": {}, "expiration_interval": "string", "guardrails": { "run_time_limit_millis": integer }, "scheduled_task_id": "string", "target": "string", "task_id": "string", "trigger_condition": [ { "groups": [ { "groups": ["string"], "operator": "string", "statements": ["string"] } ], "operator": "string", "statements": [ { "data_comparator": "string", "data_type": "string", "key": "string", "task_id": "string", "value": "string" } ] } ]}
response = falcon.command("ITAutomationStartTaskExecution", body=body_payload)print(response)Invoke-FalconItTask -Id "string" -Target "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
discover_new_hosts := boolean discover_offline_hosts := boolean distribute := boolean expiration_interval := "string" scheduled_task_id := "string" target := "string" task_id := "string" operator := "string" data_comparator := "string" data_type := "string" key := "string" value := "string"
response, err := client.ItAutomation.ITAutomationStartTaskExecution( &it_automation.ITAutomationStartTaskExecutionParams{ Body: &models.ItautomationStartTaskExecutionRequest{ DiscoverNewHosts: &discover_new_hosts, DiscoverOfflineHosts: &discover_offline_hosts, Distribute: &distribute, ExecutionArgs: &struct{}{}, ExpirationInterval: &expiration_interval, Guardrails: &struct{}{}, ScheduledTaskID: &scheduled_task_id, Target: &target, TaskID: &task_id, TriggerCondition: []interface{}{ { Groups: []interface{}{ { Groups: []interface{}{}, Operator: &operator, Statements: []interface{}{}, }, }, Operator: &operator, Statements: []interface{}{ { DataComparator: &data_comparator, DataType: &data_type, Key: &key, TaskID: &task_id, Value: &value, }, }, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationStartTaskExecution( { discoverNewHosts: boolean, discoverOfflineHosts: boolean, distribute: boolean, executionArgs: {}, expirationInterval: "string", guardrails: { runTimeLimitMillis: integer }, scheduledTaskId: "string", target: "string", taskId: "string", triggerCondition: [{ groups: [{ groups: [], operator: "string", statements: [] }], operator: "string", statements: [{ dataComparator: "string", dataType: "string", key: "string", taskId: "string", value: "string" }] }]} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_start_task_execution;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationStartTaskExecutionRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationStartTaskExecutionRequest { ..Default::default() };
let response = i_t_automation_start_task_execution( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationStartTaskExecutionRequest.new( discover_new_hosts: boolean, discover_offline_hosts: boolean, distribute: boolean, execution_args: {}, expiration_interval: 'string', guardrails: { run_time_limit_millis: integer }, scheduled_task_id: 'string', target: 'string', task_id: 'string', trigger_condition: [{ groups: [{ groups: [], operator: 'string', statements: [] }], operator: 'string', statements: [{ data_comparator: 'string', data_type: 'string', key: 'string', task_id: 'string', value: 'string' }] }])
response = api.i_t_automation_start_task_execution(body)
puts responseITAutomationGetTaskGroups
Section titled “ITAutomationGetTaskGroups”Retrieve task groups
GET /it-automation/entities/task-groups/v1
PEP 8
get_task_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | One or more task group IDs |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_task_group(ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationGetTaskGroups(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationGetTaskGroups", ids=id_list)print(response)Get-FalconItTaskGroup -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationGetTaskGroups( &it_automation.ITAutomationGetTaskGroupsParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetTaskGroups(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_task_groups;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_task_groups( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_task_groups(['ID1', 'ID2', 'ID3'])
puts responseITAutomationCreateTaskGroup
Section titled “ITAutomationCreateTaskGroup”Create a task group
POST /it-automation/entities/task-groups/v1
PEP 8
create_task_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| access_type | body | string | Access type for the task group |
| assigned_user_group_ids | body | string or list of strings | Assigned user group IDs |
| assigned_user_ids | body | string or list of strings | Assigned user IDs |
| name | body | string | Task group name |
| description | body | string | Task group description |
| task_ids | body | string | Task IDs to add to the group. String or list of strings. |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.create_task_group(access_type="string", assigned_user_group_ids=id_list, assigned_user_ids=id_list, description="string", name="string", task_ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationCreateTaskGroup(access_type="string", assigned_user_group_ids=id_list, assigned_user_ids=id_list, description="string", name="string", task_ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "access_type": "string", "assigned_user_group_ids": ["string"], "assigned_user_ids": ["string"], "description": "string", "name": "string", "task_ids": ["string"]}
response = falcon.command("ITAutomationCreateTaskGroup", body=body_payload)print(response)New-FalconItTaskGroup -Name "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
access_type := "string" description := "string" name := "string"
response, err := client.ItAutomation.ITAutomationCreateTaskGroup( &it_automation.ITAutomationCreateTaskGroupParams{ Body: &models.ItautomationCreateTaskGroupRequest{ AccessType: &access_type, AssignedUserGroupIds: []string{"string"}, AssignedUserIds: []string{"string"}, Description: &description, Name: &name, TaskIds: []string{"string"}, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationCreateTaskGroup( { accessType: "string", assignedUserGroupIds: [], assignedUserIds: [], description: "string", name: "string", taskIds: []} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_create_task_group;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationCreateTaskGroupRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationCreateTaskGroupRequest { access_type: Some("string".to_string()), name: Some("string".to_string()), ..Default::default() };
let response = i_t_automation_create_task_group( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationCreateTaskGroupRequest.new( access_type: 'string', assigned_user_group_ids: [], assigned_user_ids: [], description: 'string', name: 'string', task_ids: [])
response = api.i_t_automation_create_task_group(body)
puts responseITAutomationUpdateTaskGroup
Section titled “ITAutomationUpdateTaskGroup”Update a task group for a given ID
PATCH /it-automation/entities/task-groups/v1
PEP 8
update_task_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| access_type | body | string | Task group access type |
| add_assigned_user_group_ids | body | string or list of strings | User group IDs to add |
| add_assigned_user_ids | body | string or list of strings | User IDs to add |
| add_task_ids | body | string or list of strings | Task IDs to add to the group |
| body | body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| description | body | string | Task group description |
| id | query | string | The ID of the task group to update |
| name | body | string | Task group name |
| remove_assigned_user_group_ids | body | string or list of strings | User group IDs to be removed |
| remove_assigned_user_ids | body | string or list of strings | User IDs to be removed |
| remove_task_ids | body | string or list of strings | Task IDs to be removed |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_task_group(access_type="string", add_assigned_user_group_ids=id_list, add_assigned_user_ids=id_list, add_task_ids=id_list, description="string", id="string", name="string", removed_assigned_user_group_ids=id_list, remove_assigned_user_ids=id_list, remove_task_ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationUpdateTaskGroup(access_type="string", add_assigned_user_group_ids=id_list, add_assigned_user_ids=id_list, add_task_ids=id_list, description="string", id="string", name="string", removed_assigned_user_group_ids=id_list, remove_assigned_user_ids=id_list, remove_task_ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "access_type": "string", "add_assigned_user_group_ids": ["string"], "add_assigned_user_ids": ["string"], "add_task_ids": ["string"], "description": "string", "name": "string", "remove_assigned_user_group_ids": ["string"], "remove_assigned_user_ids": ["string"], "remove_task_ids": ["string"]}
response = falcon.command("ITAutomationUpdateTaskGroup", id="string", body=body_payload)print(response)Edit-FalconItTaskGroup -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
access_type := "string" description := "string" name := "string"
response, err := client.ItAutomation.ITAutomationUpdateTaskGroup( &it_automation.ITAutomationUpdateTaskGroupParams{ Body: &models.ItautomationUpdateTaskGroupRequest{ AccessType: &access_type, AddAssignedUserGroupIds: []string{"string"}, AddAssignedUserIds: []string{"string"}, AddTaskIds: []string{"string"}, Description: &description, Name: &name, RemoveAssignedUserGroupIds: []string{"string"}, RemoveAssignedUserIds: []string{"string"}, RemoveTaskIds: []string{"string"}, }, ID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationUpdateTaskGroup( "string", // id { // body accessType: "string", addAssignedUserGroupIds: [], addAssignedUserIds: [], addTaskIds: [], description: "string", name: "string", removeAssignedUserGroupIds: [], removeAssignedUserIds: [], removeTaskIds: [] });
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_update_task_group;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationUpdateTaskGroupRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationUpdateTaskGroupRequest { ..Default::default() };
let response = i_t_automation_update_task_group( &falcon.cfg, // configuration "string", // id body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationUpdateTaskGroupRequest.new( access_type: 'string', add_assigned_user_group_ids: [], add_assigned_user_ids: [], add_task_ids: [], description: 'string', name: 'string', remove_assigned_user_group_ids: [], remove_assigned_user_ids: [], remove_task_ids: [])
response = api.i_t_automation_update_task_group(body, 'string')
puts responseITAutomationDeleteTaskGroups
Section titled “ITAutomationDeleteTaskGroups”Delete task groups
DELETE /it-automation/entities/task-groups/v1
PEP 8
delete_task_groupsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | One or more task group IDs to delete |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_task_groups(ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationDeleteTaskGroups(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationDeleteTaskGroups", ids=id_list)print(response)Remove-FalconItTaskGroup -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationDeleteTaskGroups( &it_automation.ITAutomationDeleteTaskGroupsParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationDeleteTaskGroups(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_delete_task_groups;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_delete_task_groups( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_delete_task_groups(['ID1', 'ID2', 'ID3'])
puts responseITAutomationGetTasks
Section titled “ITAutomationGetTasks”Retrieve tasks
GET /it-automation/entities/tasks/v1
PEP 8
get_tasksParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | One or more task IDs |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_tasks(ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationGetTasks(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationGetTasks", ids=id_list)print(response)Get-FalconItTask -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationGetTasks( &it_automation.ITAutomationGetTasksParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetTasks(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_tasks;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_tasks( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_tasks(['ID1', 'ID2', 'ID3'])
puts responseITAutomationCreateTask
Section titled “ITAutomationCreateTask”Create a task with details from the given request
POST /it-automation/entities/tasks/v1
PEP 8
create_taskParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| access_type | body | string | Task access type |
| add_assigned_user_group_ids | body | string or list of strings | User group IDs to add |
| add_assigned_user_ids | body | string or list of strings | User IDs to add |
| body | body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| description | body | string | Task description |
| name | body | string | Task name |
| os_query | body | string | OS query detail |
| output_parser_config | body | dictionary | Parser output configuration |
| queries | body | dictionary | Queries to perform (by OS) |
| remediations | body | dictionary | Remediations to perform (by OS) |
| remove_assigned_user_group_ids | body | string or list of strings | User group IDs to be removed |
| remove_assigned_user_ids | body | string or list of strings | User IDs to be removed |
| target | body | string | Task target |
| task_group_id | body | string | Task group ID |
| task_parameters | body | list of dictionaries | Task parameters |
| task_type | body | string | Task type |
| trigger_condition | body | list of dictionaries | Trigger conditions |
| verification_condition | body | list of dictionaries | Verification conditions |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.create_task(access_type="string", add_assigned_user_group_ids=id_list, add_assigned_user_ids=id_list, description="string", name="string", os_query="string", output_parser_config={}, queries={}, remediations={}, removed_assigned_user_group_ids=id_list, remove_assigned_user_ids=id_list, target="string", task_parameters=[{"key": "value"}], task_group_id="string", task_type="string", trigger_condition=[{"key": "value"}], verification_condition=[{"key": "value"}])print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationCreateTask(access_type="string", add_assigned_user_group_ids=id_list, add_assigned_user_ids=id_list, description="string", name="string", os_query="string", output_parser_config={}, queries={}, remediations={}, removed_assigned_user_group_ids=id_list, remove_assigned_user_ids=id_list, target="string", task_parameters=[{"key": "value"}], task_group_id="string", task_type="string", trigger_condition=[{"key": "value"}], verification_condition=[{"key": "value"}])print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "access_type": "string", "assigned_user_group_ids": ["string"], "assigned_user_ids": ["string"], "composite_query": { "host_attributes": ["string"], "task_ids": ["string"] }, "description": "string", "name": "string", "os_query": "string", "output_parser_config": { "columns": [ { "name": "string" } ], "default_group_by": boolean, "delimiter": "string" }, "queries": { "linux": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" }, "mac": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" }, "windows": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" } }, "remediations": { "linux": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" }, "mac": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" }, "windows": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" } }, "rows_parser_config": { "delimiter": "string" }, "target": "string", "task_group_id": "string", "task_parameters": [ { "custom_validation_message": "string", "custom_validation_regex": "string", "default_value": "string", "format_hint": "string", "input_type": "string", "is_optional": boolean, "key": "string", "label": "string", "options": [ { "key": "string", "value": "string" } ], "purpose": "string", "validation_type": "string" } ], "task_type": "string", "trigger_condition": [ { "groups": [ { "groups": ["string"], "operator": "string", "statements": ["string"] } ], "operator": "string", "statements": [ { "data_comparator": "string", "data_type": "string", "key": "string", "task_id": "string", "value": "string" } ] } ], "verification_condition": [ { "groups": [ { "groups": ["string"], "operator": "string", "statements": ["string"] } ], "operator": "string", "statements": [ { "data_comparator": "string", "data_type": "string", "key": "string", "task_id": "string", "value": "string" } ] } ]}
response = falcon.command("ITAutomationCreateTask", body=body_payload)print(response)New-FalconItTask -Name "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
access_type := "string" description := "string" name := "string" os_query := "string" target := "string" task_group_id := "string" custom_validation_message := "string" custom_validation_regex := "string" default_value := "string" format_hint := "string" input_type := "string" is_optional := boolean key := "string" label := "string" value := "string" purpose := "string" validation_type := "string" task_type := "string" operator := "string" data_comparator := "string" data_type := "string" task_id := "string"
response, err := client.ItAutomation.ITAutomationCreateTask( &it_automation.ITAutomationCreateTaskParams{ Body: &models.ItautomationCreateTaskRequest{ AccessType: &access_type, AssignedUserGroupIds: []string{"string"}, AssignedUserIds: []string{"string"}, CompositeQuery: &struct{}{}, Description: &description, Name: &name, OsQuery: &os_query, OutputParserConfig: &struct{}{}, Queries: &struct{}{}, Remediations: &struct{}{}, RowsParserConfig: &struct{}{}, Target: &target, TaskGroupID: &task_group_id, TaskParameters: []interface{}{ { CustomValidationMessage: &custom_validation_message, CustomValidationRegex: &custom_validation_regex, DefaultValue: &default_value, FormatHint: &format_hint, InputType: &input_type, IsOptional: &is_optional, Key: &key, Label: &label, Options: []interface{}{ { Key: &key, Value: &value, }, }, Purpose: &purpose, ValidationType: &validation_type, }, }, TaskType: &task_type, TriggerCondition: []interface{}{ { Groups: []interface{}{ { Groups: []interface{}{}, Operator: &operator, Statements: []interface{}{}, }, }, Operator: &operator, Statements: []interface{}{ { DataComparator: &data_comparator, DataType: &data_type, Key: &key, TaskID: &task_id, Value: &value, }, }, }, }, VerificationCondition: []interface{}{ { Groups: []interface{}{ { Groups: []interface{}{}, Operator: &operator, Statements: []interface{}{}, }, }, Operator: &operator, Statements: []interface{}{ { DataComparator: &data_comparator, DataType: &data_type, Key: &key, TaskID: &task_id, Value: &value, }, }, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationCreateTask( { accessType: "string", assignedUserGroupIds: [], assignedUserIds: [], compositeQuery: { hostAttributes: [], taskIds: [] }, description: "string", name: "string", osQuery: "string", outputParserConfig: { columns: [{ name: "string" }], defaultGroupBy: boolean, delimiter: "string" }, queries: { linux: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" }, mac: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" }, windows: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" } }, remediations: { linux: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" }, mac: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" }, windows: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" } }, rowsParserConfig: { delimiter: "string" }, target: "string", taskGroupId: "string", taskParameters: [{ customValidationMessage: "string", customValidationRegex: "string", defaultValue: "string", formatHint: "string", inputType: "string", isOptional: boolean, key: "string", label: "string", options: [{ key: "string", value: "string" }], purpose: "string", validationType: "string" }], taskType: "string", triggerCondition: [{ groups: [{ groups: [], operator: "string", statements: [] }], operator: "string", statements: [{ dataComparator: "string", dataType: "string", key: "string", taskId: "string", value: "string" }] }], verificationCondition: [{ groups: [{ groups: [], operator: "string", statements: [] }], operator: "string", statements: [{ dataComparator: "string", dataType: "string", key: "string", taskId: "string", value: "string" }] }]} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_create_task;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationCreateTaskRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationCreateTaskRequest { access_type: Some("string".to_string()), name: Some("string".to_string()), target: Some("string".to_string()), task_type: Some("string".to_string()), ..Default::default() };
let response = i_t_automation_create_task( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationCreateTaskRequest.new( access_type: 'string', assigned_user_group_ids: [], assigned_user_ids: [], composite_query: { host_attributes: [], task_ids: [] }, description: 'string', name: 'string', os_query: 'string', output_parser_config: { columns: [{ name: 'string' }], default_group_by: boolean, delimiter: 'string' }, queries: { linux: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' }, mac: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' }, windows: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' } }, remediations: { linux: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' }, mac: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' }, windows: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' } }, rows_parser_config: { delimiter: 'string' }, target: 'string', task_group_id: 'string', task_parameters: [{ custom_validation_message: 'string', custom_validation_regex: 'string', default_value: 'string', format_hint: 'string', input_type: 'string', is_optional: boolean, key: 'string', label: 'string', options: [{ key: 'string', value: 'string' }], purpose: 'string', validation_type: 'string' }], task_type: 'string', trigger_condition: [{ groups: [{ groups: [], operator: 'string', statements: [] }], operator: 'string', statements: [{ data_comparator: 'string', data_type: 'string', key: 'string', task_id: 'string', value: 'string' }] }], verification_condition: [{ groups: [{ groups: [], operator: 'string', statements: [] }], operator: 'string', statements: [{ data_comparator: 'string', data_type: 'string', key: 'string', task_id: 'string', value: 'string' }] }])
response = api.i_t_automation_create_task(body)
puts responseITAutomationUpdateTask
Section titled “ITAutomationUpdateTask”Update a task with details from the given request
PATCH /it-automation/entities/tasks/v1
PEP 8
update_taskParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| access_type | body | string | Task access type |
| add_assigned_user_group_ids | body | string or list of strings | User group IDs to add |
| add_assigned_user_ids | body | string or list of strings | User IDs to add |
| body | body | dictionary | Full body payload provided as a dictionary. Not required if using other keywords |
| description | body | string | Task description |
| id | query | string | ID of the task to update. Use ITAutomationSearchTasks to fetch IDs |
| name | body | string | Task name |
| os_query | body | string | OS query detail |
| output_parser_config | body | dictionary | Parser output configuration |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
| queries | body | dictionary | Queries to perform (by OS) |
| remediations | body | dictionary | Remediations to perform (by OS) |
| remove_assigned_user_group_ids | body | string or list of strings | User group IDs to be removed |
| remove_assigned_user_ids | body | string or list of strings | User IDs to be removed |
| target | body | string | Task target |
| task_group_id | body | string | Task group ID |
| task_parameters | body | list of dictionaries | Task parameters |
| task_type | body | string | Task type |
| trigger_condition | body | list of dictionaries | Trigger conditions |
| verification_condition | body | list of dictionaries | Verification conditions |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_task(access_type="string", add_assigned_user_group_ids=id_list, add_assigned_user_ids=id_list, description="string", id=id_list, name="string", os_query="string", output_parser_config={}, queries={}, remediations={}, removed_assigned_user_group_ids=id_list, remove_assigned_user_ids=id_list, target="string", task_parameters=[{"key": "value"}], task_group_id="string", task_type="string", trigger_condition=[{"key": "value"}], verification_condition=[{"key": "value"}])print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationUpdateTask(access_type="string", add_assigned_user_group_ids=id_list, add_assigned_user_ids=id_list, description="string", id=id_list, name="string", os_query="string", output_parser_config={}, queries={}, remediations={}, removed_assigned_user_group_ids=id_list, remove_assigned_user_ids=id_list, target="string", task_parameters=[{"key": "value"}], task_group_id="string", task_type="string", trigger_condition=[{"key": "value"}], verification_condition=[{"key": "value"}])print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "access_type": "string", "add_assigned_user_group_ids": ["string"], "add_assigned_user_ids": ["string"], "composite_query": { "host_attributes": ["string"], "task_ids": ["string"] }, "description": "string", "name": "string", "os_query": "string", "output_parser_config": { "columns": [ { "name": "string" } ], "default_group_by": boolean, "delimiter": "string" }, "queries": { "linux": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" }, "mac": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" }, "windows": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" } }, "remediations": { "linux": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" }, "mac": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" }, "windows": { "action_type": "string", "content": "string", "file_ids": ["string"], "language": "string", "script_args": "string", "script_file_id": "string" } }, "remove_assigned_user_group_ids": ["string"], "remove_assigned_user_ids": ["string"], "rows_parser_config": { "delimiter": "string" }, "target": "string", "task_group_id": "string", "task_parameters": [ { "custom_validation_message": "string", "custom_validation_regex": "string", "default_value": "string", "format_hint": "string", "input_type": "string", "is_optional": boolean, "key": "string", "label": "string", "options": [ { "key": "string", "value": "string" } ], "purpose": "string", "validation_type": "string" } ], "task_type": "string", "trigger_condition": [ { "groups": [ { "groups": ["string"], "operator": "string", "statements": ["string"] } ], "operator": "string", "statements": [ { "data_comparator": "string", "data_type": "string", "key": "string", "task_id": "string", "value": "string" } ] } ], "verification_condition": [ { "groups": [ { "groups": ["string"], "operator": "string", "statements": ["string"] } ], "operator": "string", "statements": [ { "data_comparator": "string", "data_type": "string", "key": "string", "task_id": "string", "value": "string" } ] } ]}
response = falcon.command("ITAutomationUpdateTask", id="string", body=body_payload)print(response)Edit-FalconItTask -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
access_type := "string" description := "string" name := "string" os_query := "string" target := "string" task_group_id := "string" custom_validation_message := "string" custom_validation_regex := "string" default_value := "string" format_hint := "string" input_type := "string" is_optional := boolean key := "string" label := "string" value := "string" purpose := "string" validation_type := "string" task_type := "string" operator := "string" data_comparator := "string" data_type := "string" task_id := "string"
response, err := client.ItAutomation.ITAutomationUpdateTask( &it_automation.ITAutomationUpdateTaskParams{ Body: &models.ItautomationUpdateTaskRequest{ AccessType: &access_type, AddAssignedUserGroupIds: []string{"string"}, AddAssignedUserIds: []string{"string"}, CompositeQuery: &struct{}{}, Description: &description, Name: &name, OsQuery: &os_query, OutputParserConfig: &struct{}{}, Queries: &struct{}{}, Remediations: &struct{}{}, RemoveAssignedUserGroupIds: []string{"string"}, RemoveAssignedUserIds: []string{"string"}, RowsParserConfig: &struct{}{}, Target: &target, TaskGroupID: &task_group_id, TaskParameters: []interface{}{ { CustomValidationMessage: &custom_validation_message, CustomValidationRegex: &custom_validation_regex, DefaultValue: &default_value, FormatHint: &format_hint, InputType: &input_type, IsOptional: &is_optional, Key: &key, Label: &label, Options: []interface{}{ { Key: &key, Value: &value, }, }, Purpose: &purpose, ValidationType: &validation_type, }, }, TaskType: &task_type, TriggerCondition: []interface{}{ { Groups: []interface{}{ { Groups: []interface{}{}, Operator: &operator, Statements: []interface{}{}, }, }, Operator: &operator, Statements: []interface{}{ { DataComparator: &data_comparator, DataType: &data_type, Key: &key, TaskID: &task_id, Value: &value, }, }, }, }, VerificationCondition: []interface{}{ { Groups: []interface{}{ { Groups: []interface{}{}, Operator: &operator, Statements: []interface{}{}, }, }, Operator: &operator, Statements: []interface{}{ { DataComparator: &data_comparator, DataType: &data_type, Key: &key, TaskID: &task_id, Value: &value, }, }, }, }, }, ID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationUpdateTask( "string", // id { // body accessType: "string", addAssignedUserGroupIds: [], addAssignedUserIds: [], compositeQuery: { hostAttributes: [], taskIds: [] }, description: "string", name: "string", osQuery: "string", outputParserConfig: { columns: [{ name: "string" }], defaultGroupBy: boolean, delimiter: "string" }, queries: { linux: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" }, mac: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" }, windows: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" } }, remediations: { linux: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" }, mac: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" }, windows: { actionType: "string", content: "string", fileIds: [], language: "string", scriptArgs: "string", scriptFileId: "string" } }, removeAssignedUserGroupIds: [], removeAssignedUserIds: [], rowsParserConfig: { delimiter: "string" }, target: "string", taskGroupId: "string", taskParameters: [{ customValidationMessage: "string", customValidationRegex: "string", defaultValue: "string", formatHint: "string", inputType: "string", isOptional: boolean, key: "string", label: "string", options: [{ key: "string", value: "string" }], purpose: "string", validationType: "string" }], taskType: "string", triggerCondition: [{ groups: [{ groups: [], operator: "string", statements: [] }], operator: "string", statements: [{ dataComparator: "string", dataType: "string", key: "string", taskId: "string", value: "string" }] }], verificationCondition: [{ groups: [{ groups: [], operator: "string", statements: [] }], operator: "string", statements: [{ dataComparator: "string", dataType: "string", key: "string", taskId: "string", value: "string" }] }] });
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_update_task;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationUpdateTaskRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationUpdateTaskRequest { ..Default::default() };
let response = i_t_automation_update_task( &falcon.cfg, // configuration "string", // id body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationUpdateTaskRequest.new( access_type: 'string', add_assigned_user_group_ids: [], add_assigned_user_ids: [], composite_query: { host_attributes: [], task_ids: [] }, description: 'string', name: 'string', os_query: 'string', output_parser_config: { columns: [{ name: 'string' }], default_group_by: boolean, delimiter: 'string' }, queries: { linux: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' }, mac: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' }, windows: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' } }, remediations: { linux: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' }, mac: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' }, windows: { action_type: 'string', content: 'string', file_ids: [], language: 'string', script_args: 'string', script_file_id: 'string' } }, remove_assigned_user_group_ids: [], remove_assigned_user_ids: [], rows_parser_config: { delimiter: 'string' }, target: 'string', task_group_id: 'string', task_parameters: [{ custom_validation_message: 'string', custom_validation_regex: 'string', default_value: 'string', format_hint: 'string', input_type: 'string', is_optional: boolean, key: 'string', label: 'string', options: [{ key: 'string', value: 'string' }], purpose: 'string', validation_type: 'string' }], task_type: 'string', trigger_condition: [{ groups: [{ groups: [], operator: 'string', statements: [] }], operator: 'string', statements: [{ data_comparator: 'string', data_type: 'string', key: 'string', task_id: 'string', value: 'string' }] }], verification_condition: [{ groups: [{ groups: [], operator: 'string', statements: [] }], operator: 'string', statements: [{ data_comparator: 'string', data_type: 'string', key: 'string', task_id: 'string', value: 'string' }] }])
response = api.i_t_automation_update_task(body, 'string')
puts responseITAutomationDeleteTask
Section titled “ITAutomationDeleteTask”Delete a task
DELETE /it-automation/entities/tasks/v1
PEP 8
delete_taskParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list of strings | One or more task IDs to delete |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_task(ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationDeleteTask(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationDeleteTask", ids=id_list)print(response)Remove-FalconItTask -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationDeleteTask( &it_automation.ITAutomationDeleteTaskParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationDeleteTask(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_delete_task;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_delete_task( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_delete_task(['ID1', 'ID2', 'ID3'])
puts responseITAutomationQueryPolicies
Section titled “ITAutomationQueryPolicies”Query policies
GET /it-automation/queries/policies/v1
PEP 8
query_policiesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| platform | query | string | Required. The platform of policies to retrieve. Allowed values: Windows, Mac, Linux |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.query_policies(offset=integer, limit=integer, sort="string", platform="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationQueryPolicies(offset=integer, limit=integer, sort="string", platform="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationQueryPolicies", offset=integer, limit=integer, sort="string", platform="string")print(response)Get-FalconItPolicy -Platform "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
offset := int64(0) limit := int64(0) sort := "string"
response, err := client.ItAutomation.ITAutomationQueryPolicies( &it_automation.ITAutomationQueryPoliciesParams{ Offset: &offset, Limit: &limit, Sort: &sort, Platform: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationQueryPolicies( "string", // platform integer, // offset integer, // limit "string" // sort);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_query_policies;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_query_policies( &falcon.cfg, // configuration "string", // platform Some(integer), // offset Some(integer), // limit Some("string"), // sort ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_query_policies('string')
puts responseITAutomationSearchScheduledTasks
Section titled “ITAutomationSearchScheduledTasks”Search scheduled tasks
GET /it-automation/queries/scheduled-tasks/v1
PEP 8
search_scheduled_tasksParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The filter expression that should be used to limit the results |
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.search_scheduled_tasks(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationSearchScheduledTasks(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationSearchScheduledTasks", filter="string", sort="string", offset=integer, limit=integer)print(response)Get-FalconItScheduledTask -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" offset := int64(0) limit := int64(0)
response, err := client.ItAutomation.ITAutomationSearchScheduledTasks( &it_automation.ITAutomationSearchScheduledTasksParams{ Filter: &filter, Sort: &sort, Offset: &offset, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationSearchScheduledTasks( "string", // filter "string", // sort integer, // offset integer // limit);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_search_scheduled_tasks;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_search_scheduled_tasks( &falcon.cfg, // configuration Some("string"), // filter Some("string"), // sort Some(integer), // offset Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_search_scheduled_tasks(filter: 'string', sort: 'string', offset: integer, limit: integer)
puts responseITAutomationSearchTaskExecutions
Section titled “ITAutomationSearchTaskExecutions”Search task executions
GET /it-automation/queries/task-executions/v1
PEP 8
search_task_executionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The filter expression that should be used to limit the results |
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.search_task_executions(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationSearchTaskExecutions(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationSearchTaskExecutions", filter="string", sort="string", offset=integer, limit=integer)print(response)Get-FalconItTaskExecution -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" offset := int64(0) limit := int64(0)
response, err := client.ItAutomation.ITAutomationSearchTaskExecutions( &it_automation.ITAutomationSearchTaskExecutionsParams{ Filter: &filter, Sort: &sort, Offset: &offset, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationSearchTaskExecutions( "string", // filter "string", // sort integer, // offset integer // limit);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_search_task_executions;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_search_task_executions( &falcon.cfg, // configuration Some("string"), // filter Some("string"), // sort Some(integer), // offset Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_search_task_executions(filter: 'string', sort: 'string', offset: integer, limit: integer)
puts responseITAutomationSearchTaskGroups
Section titled “ITAutomationSearchTaskGroups”Search task groups
GET /it-automation/queries/task-groups/v1
PEP 8
search_task_groupsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The filter expression that should be used to limit the results |
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.search_task_groups(filter="string", sort="string", offset=integer, limit="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationSearchTaskGroups(filter="string", sort="string", offset=integer, limit="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationSearchTaskGroups", filter="string", sort="string", offset=integer, limit=integer)print(response)Get-FalconItTaskGroup -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" offset := int64(0) limit := int64(0)
response, err := client.ItAutomation.ITAutomationSearchTaskGroups( &it_automation.ITAutomationSearchTaskGroupsParams{ Filter: &filter, Sort: &sort, Offset: &offset, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationSearchTaskGroups( "string", // filter "string", // sort integer, // offset integer // limit);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_search_task_groups;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_search_task_groups( &falcon.cfg, // configuration Some("string"), // filter Some("string"), // sort Some(integer), // offset Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_search_task_groups(filter: 'string', sort: 'string', offset: integer, limit: integer)
puts responseITAutomationSearchTasks
Section titled “ITAutomationSearchTasks”Search tasks
GET /it-automation/queries/tasks/v1
PEP 8
search_tasksParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The filter expression that should be used to limit the results |
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.search_tasks(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationSearchTasks(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationSearchTasks", filter="string", sort="string", offset=integer, limit=integer)print(response)Get-FalconItTask -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" offset := int64(0) limit := int64(0)
response, err := client.ItAutomation.ITAutomationSearchTasks( &it_automation.ITAutomationSearchTasksParams{ Filter: &filter, Sort: &sort, Offset: &offset, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationSearchTasks( "string", // filter "string", // sort integer, // offset integer // limit);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_search_tasks;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_search_tasks( &falcon.cfg, // configuration Some("string"), // filter Some("string"), // sort Some(integer), // offset Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_search_tasks(filter: 'string', sort: 'string', offset: integer, limit: integer)
puts responseITAutomationGetUserGroup
Section titled “ITAutomationGetUserGroup”Returns user groups for each provided id
GET /it-automation/entities/it-user-groups/v1
PEP 8
get_user_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | list of strings | User group IDs |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_user_group(ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationGetUserGroup(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationGetUserGroup", ids=id_list)print(response)Get-FalconItUserGroup -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationGetUserGroup( &it_automation.ITAutomationGetUserGroupParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationGetUserGroup(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_get_user_group;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_get_user_group( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_get_user_group(['ID1', 'ID2', 'ID3'])
puts responseITAutomationCreateUserGroup
Section titled “ITAutomationCreateUserGroup”Creates a user group from the given request
POST /it-automation/entities/it-user-groups/v1
PEP 8
create_user_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Required parameter. Full body payload in JSON format |
| description | body | string | Description of the user group. |
| name | body | string | Name of the user group. |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_user_group(description="string", name="string")print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationCreateUserGroup(description="string", name="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "description": "string", "name": "string"}
response = falcon.command("ITAutomationCreateUserGroup", body=body_payload)print(response)New-FalconItUserGroup -Name "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string" name := "string"
response, err := client.ItAutomation.ITAutomationCreateUserGroup( &it_automation.ITAutomationCreateUserGroupParams{ Body: &models.ItautomationCreateUserGroupRequest{ Description: &description, Name: &name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationCreateUserGroup( { description: "string", name: "string"} // body);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_create_user_group;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationCreateUserGroupRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationCreateUserGroupRequest { name: Some("string".to_string()), ..Default::default() };
let response = i_t_automation_create_user_group( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationCreateUserGroupRequest.new( description: 'string', name: 'string')
response = api.i_t_automation_create_user_group(body)
puts responseITAutomationUpdateUserGroup
Section titled “ITAutomationUpdateUserGroup”Update a user group for a given id
PATCH /it-automation/entities/it-user-groups/v1
PEP 8
update_user_groupParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. Not required if using other keywords. |
| add_user_ids | body | list of strings | List of user IDs to add. |
| description | body | string | The updated user group description. |
| id | query | string | The ID of the user group to update. |
| name | body | string | The updated user group name. |
| remove_user_ids | body | list of strings | List of user IDs to remove. |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_user_group(add_user_ids=id_list, description="string", name="string", id="string", remove_user_ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationUpdateUserGroup(add_user_ids=id_list, description="string", name="string", id="string", remove_user_ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "add_user_ids": ["string"], "description": "string", "name": "string", "remove_user_ids": ["string"]}
response = falcon.command("ITAutomationUpdateUserGroup", id="string", body=body_payload)print(response)Edit-FalconItUserGroup -Id "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
description := "string" name := "string"
response, err := client.ItAutomation.ITAutomationUpdateUserGroup( &it_automation.ITAutomationUpdateUserGroupParams{ Body: &models.ItautomationUpdateUserGroupRequest{ AddUserIds: []string{"string"}, Description: &description, Name: &name, RemoveUserIds: []string{"string"}, }, ID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationUpdateUserGroup( "string", // id { // body addUserIds: [], description: "string", name: "string", removeUserIds: [] });
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_update_user_group;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ItautomationUpdateUserGroupRequest;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ItautomationUpdateUserGroupRequest { ..Default::default() };
let response = i_t_automation_update_user_group( &falcon.cfg, // configuration "string", // id body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
body = Falcon::ItautomationUpdateUserGroupRequest.new( add_user_ids: [], description: 'string', name: 'string', remove_user_ids: [])
response = api.i_t_automation_update_user_group(body, 'string')
puts responseITAutomationDeleteUserGroup
Section titled “ITAutomationDeleteUserGroup”Deletes user groups for each provided ids
DELETE /it-automation/entities/it-user-groups/v1
PEP 8
delete_user_groupsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | list of strings | User group IDs |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_user_groups(ids=id_list)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ITAutomationDeleteUserGroup(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ITAutomationDeleteUserGroup", ids=id_list)print(response)Remove-FalconItUserGroup -Id @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.ItAutomation.ITAutomationDeleteUserGroup( &it_automation.ITAutomationDeleteUserGroupParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationDeleteUserGroup(["ID1", "ID2", "ID3"]); // ids
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_delete_user_group;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_delete_user_group( &falcon.cfg, // configuration vec!["string".to_string()], // ids ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_delete_user_group(['ID1', 'ID2', 'ID3'])
puts responseITAutomationSearchUserGroup
Section titled “ITAutomationSearchUserGroup”Returns the list of user group ids matching the filter query parameter. It can be used together with the entities endpoint to retrieve full information on user groups
GET /it-automation/queries/it-user-groups/v1
PEP 8
search_user_groupsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | The filter expression that should be used to limit the results |
| sort | query | string | The sort expression that should be used to sort the results |
| offset | query | integer | Starting index for record retrieval |
| limit | query | integer | The maximum records to return |
| parameters | query | dictionary | Full query string parameters payload in JSON format |
Code Examples
Section titled “Code Examples”from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.search_user_groups(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import ITAutomation
falcon = ITAutomation(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ITAutomationSearchUserGroup(filter="string", sort="string", offset=integer, limit=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ITAutomationSearchUserGroup", filter="string", sort="string", offset=integer, limit=integer)print(response)Get-FalconItUserGroup -Filter "string" ` -Sort "string" ` -Limit integer ` -Offset integerpackage main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/it_automation")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" sort := "string" offset := int64(0) limit := int64(0)
response, err := client.ItAutomation.ITAutomationSearchUserGroup( &it_automation.ITAutomationSearchUserGroupParams{ Filter: &filter, Sort: &sort, Offset: &offset, Limit: &limit, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.itAutomation.iTAutomationSearchUserGroup( "string", // filter "string", // sort integer, // offset integer // limit);
console.log(response);use rusty_falcon::apis::it_automation_api::i_t_automation_search_user_group;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = i_t_automation_search_user_group( &falcon.cfg, // configuration Some("string"), // filter Some("string"), // sort Some(integer), // offset Some(integer), // limit ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::ItAutomation.new
response = api.i_t_automation_search_user_group(filter: 'string', sort: 'string', offset: integer, limit: integer)
puts response