Knowledge Base Audit Events

Operations for the Knowledge Base Audit Events service collection.

Language	Last Update
Python	v1.6.1
PowerShell	v2.2.9
Go	v0.20.0
TypeScript	v0.6.0
Rust	v0.7.0
Ruby	v1.2.0

Operation	Description
aggregates_knowledge_base_audit_events_v1	Aggregate knowledge base audit events based on the provided msa criteria.
combined_knowledge_base_audit_events_v1	Get knowledge base audit events with full event details and pagination.
entities_knowledge_base_audit_events_v1	Retrieve knowledge base audit event entities by their IDs.
queries_knowledge_base_audit_events_v1	Query knowledge base audit event IDs with pagination and filtering.

aggregates_knowledge_base_audit_events_v1

Aggregate knowledge base audit events based on the provided msa criteria.

POST /agentic-studio/aggregates/knowledge_base_audit_events/v1

Scope Charlotte Ai Agent Definition: READ Consumes · Produces application/json

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload as JSON formatted dictionary.
date_ranges	body	array
exclude	body	string
extended_bounds	body	object
field	body	string
filter	body	string
filters_spec	body	object
from	body	integer
include	body	string
interval	body	string
max_doc_count	body	integer
min_doc_count	body	integer
missing	body	string
name	body	string
percents	body	array
q	body	string
ranges	body	array
size	body	integer
sort	body	string
sub_aggregates	body	array
time_zone	body	string
type	body	string
include_deleted	query	boolean	Include audit events for deleted knowledge bases. Defaults to false.

Code Examples

Examples coming soon.

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/knowledge_base_audit_events"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  from := "string"
  to := "string"
  exclude := "string"
  field := "string"
  filter := "string"
  from := integer
  include := "string"
  interval := "string"
  max_doc_count := integer
  min_doc_count := integer
  missing := "string"
  name := "string"
  q := "string"
  From := integer
  To := integer
  size := integer
  sort := "string"
  time_zone := "string"
  type := "string"
  includeDeleted := boolean

  response, err := client.KnowledgeBaseAuditEvents.AggregatesKnowledgeBaseAuditEventsV1(
    &knowledge_base_audit_events.AggregatesKnowledgeBaseAuditEventsV1Params{
      Body: []*models.MsaAggregateQueryRequest{
        {
          DateRanges: []interface{}{
            {
            From: &from,
            To: &to,
            },
          },
          Exclude: &exclude,
          ExtendedBounds: &struct{}{},
          Field: &field,
          Filter: &filter,
          FiltersSpec: &struct{}{},
          From: &from,
          Include: &include,
          Interval: &interval,
          MaxDocCount: &max_doc_count,
          MinDocCount: &min_doc_count,
          Missing: &missing,
          Name: &name,
          Percents: []interface{}{},
          Q: &q,
          Ranges: []interface{}{
            {
            From: &From,
            To: &To,
            },
          },
          Size: &size,
          Sort: &sort,
          SubAggregates: []interface{}{
            {
            DateRanges: []interface{}{
              {
              From: &from,
              To: &to,
              },
            },
            Exclude: &exclude,
            ExtendedBounds: &struct{}{},
            Field: &field,
            Filter: &filter,
            FiltersSpec: &struct{}{},
            From: &from,
            Include: &include,
            Interval: &interval,
            MaxDocCount: &max_doc_count,
            MinDocCount: &min_doc_count,
            Missing: &missing,
            Name: &name,
            Percents: []interface{}{},
            Q: &q,
            Ranges: []interface{}{
              {
              From: &From,
              To: &To,
              },
            },
            Size: &size,
            Sort: &sort,
            SubAggregates: []interface{}{
              {
              DateRanges: []interface{}{},
              Exclude: &exclude,
              ExtendedBounds: &struct{}{},
              Field: &field,
              Filter: &filter,
              FiltersSpec: &struct{}{},
              From: &from,
              Include: &include,
              Interval: &interval,
              MaxDocCount: &max_doc_count,
              MinDocCount: &min_doc_count,
              Missing: &missing,
              Name: &name,
              Percents: []interface{}{},
              Q: &q,
              Ranges: []interface{}{},
              Size: &size,
              Sort: &sort,
              SubAggregates: []interface{}{},
              TimeZone: &time_zone,
              Type: &type,
              },
            },
            TimeZone: &time_zone,
            Type: &type,
            },
          },
          TimeZone: &time_zone,
          Type: &type,
        },
      },
      IncludeDeleted: &includeDeleted,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.knowledgeBaseAuditEvents.aggregatesKnowledgeBaseAuditEventsV1(
  [{  // body
      dateRanges: [{
          from: "string",
          to: "string"
        }],
      exclude: "string",
      extendedBounds: {
        max: "string",
        min: "string"
      },
      field: "string",
      filter: "string",
      filtersSpec: {
        filters: {},
        otherBucket: boolean,
        otherBucketKey: "string"
      },
      from: integer,
      include: "string",
      interval: "string",
      maxDocCount: integer,
      minDocCount: integer,
      missing: "string",
      name: "string",
      percents: [],
      q: "string",
      ranges: [{
          From: integer,
          To: integer
        }],
      size: integer,
      sort: "string",
      subAggregates: [{
          dateRanges: [{
              from: "string",
              to: "string"
            }],
          exclude: "string",
          extendedBounds: {
            max: "string",
            min: "string"
          },
          field: "string",
          filter: "string",
          filtersSpec: {
            filters: {},
            otherBucket: boolean,
            otherBucketKey: "string"
          },
          from: integer,
          include: "string",
          interval: "string",
          maxDocCount: integer,
          minDocCount: integer,
          missing: "string",
          name: "string",
          percents: [],
          q: "string",
          ranges: [{
              From: integer,
              To: integer
            }],
          size: integer,
          sort: "string",
          subAggregates: [{
              dateRanges: [],
              exclude: "string",
              extendedBounds: {},
              field: "string",
              filter: "string",
              filtersSpec: {},
              from: integer,
              include: "string",
              interval: "string",
              maxDocCount: integer,
              minDocCount: integer,
              missing: "string",
              name: "string",
              percents: [],
              q: "string",
              ranges: [],
              size: integer,
              sort: "string",
              subAggregates: [],
              timeZone: "string",
              type: "string"
            }],
          timeZone: "string",
          type: "string"
        }],
      timeZone: "string",
      type: "string"
  }],
  boolean  // includeDeleted
);

console.log(response);

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::KnowledgeBaseAuditEvents.new

body = [Falcon::MsaAggregateQueryRequest.new(
  date_ranges: [{
      from: 'string',
      to: 'string'
    }],
  exclude: 'string',
  extended_bounds: {
    max: 'string',
    min: 'string'
  },
  field: 'string',
  filter: 'string',
  filters_spec: {
    filters: {},
    other_bucket: boolean,
    other_bucket_key: 'string'
  },
  from: integer,
  include: 'string',
  interval: 'string',
  max_doc_count: integer,
  min_doc_count: integer,
  missing: 'string',
  name: 'string',
  percents: [],
  q: 'string',
  ranges: [{
      From: integer,
      To: integer
    }],
  size: integer,
  sort: 'string',
  sub_aggregates: [{
      date_ranges: [{
          from: 'string',
          to: 'string'
        }],
      exclude: 'string',
      extended_bounds: {
        max: 'string',
        min: 'string'
      },
      field: 'string',
      filter: 'string',
      filters_spec: {
        filters: {},
        other_bucket: boolean,
        other_bucket_key: 'string'
      },
      from: integer,
      include: 'string',
      interval: 'string',
      max_doc_count: integer,
      min_doc_count: integer,
      missing: 'string',
      name: 'string',
      percents: [],
      q: 'string',
      ranges: [{
          From: integer,
          To: integer
        }],
      size: integer,
      sort: 'string',
      sub_aggregates: [{
          date_ranges: [],
          exclude: 'string',
          extended_bounds: {},
          field: 'string',
          filter: 'string',
          filters_spec: {},
          from: integer,
          include: 'string',
          interval: 'string',
          max_doc_count: integer,
          min_doc_count: integer,
          missing: 'string',
          name: 'string',
          percents: [],
          q: 'string',
          ranges: [],
          size: integer,
          sort: 'string',
          sub_aggregates: [],
          time_zone: 'string',
          type: 'string'
        }],
      time_zone: 'string',
      type: 'string'
    }],
  time_zone: 'string',
  type: 'string'
)]

response = api.aggregates_knowledge_base_audit_events_v1(body)

puts response

combined_knowledge_base_audit_events_v1

Get knowledge base audit events with full event details and pagination.

GET /agentic-studio/combined/knowledge_base_audit_events/v1

Scope Charlotte Ai Agent Definition: READ Consumes · Produces application/json

Parameters

Name	Type	Data type	Description
knowledge_base_id	query	string	ID of the knowledge base to get audit events for
offset	query	integer	Starting index of overall result set from which to return events.
limit	query	integer	Number of events to return.
sort	query	string	Sort order. Ex: ‘created_at\|desc’.
filter	query	string	FQL query specifying the filter parameters.
include_deleted	query	boolean	Include audit events for deleted knowledge bases. Defaults to false.

Code Examples

Examples coming soon.

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/knowledge_base_audit_events"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  offset := int64(0)
  limit := int64(0)
  sort := "string"
  filter := "string"
  includeDeleted := boolean

  response, err := client.KnowledgeBaseAuditEvents.CombinedKnowledgeBaseAuditEventsV1(
    &knowledge_base_audit_events.CombinedKnowledgeBaseAuditEventsV1Params{
      KnowledgeBaseID: "string",
      Offset: &offset,
      Limit: &limit,
      Sort: &sort,
      Filter: &filter,
      IncludeDeleted: &includeDeleted,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.knowledgeBaseAuditEvents.combinedKnowledgeBaseAuditEventsV1(
  "string",  // knowledgeBaseId
  integer,  // offset
  integer,  // limit
  "string",  // sort
  "string",  // filter
  boolean  // includeDeleted
);

console.log(response);

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::KnowledgeBaseAuditEvents.new

response = api.combined_knowledge_base_audit_events_v1('string')

puts response

entities_knowledge_base_audit_events_v1

Retrieve knowledge base audit event entities by their IDs.

GET /agentic-studio/entities/knowledge_base_audit_events/v1

Scope Charlotte Ai Agent Definition: READ Consumes · Produces application/json

Parameters

Name	Type	Data type	Description
knowledge_base_id	query	string	ID of the knowledge base
ids	query	string or list of strings	IDs of audit events to retrieve.
include_deleted	query	boolean	Include audit events for deleted knowledge bases. Defaults to false.

Code Examples

Examples coming soon.

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/knowledge_base_audit_events"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  includeDeleted := boolean

  response, err := client.KnowledgeBaseAuditEvents.EntitiesKnowledgeBaseAuditEventsV1(
    &knowledge_base_audit_events.EntitiesKnowledgeBaseAuditEventsV1Params{
      KnowledgeBaseID: "string",
      Ids: []string{"ID1", "ID2", "ID3"},
      IncludeDeleted: &includeDeleted,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.knowledgeBaseAuditEvents.entitiesKnowledgeBaseAuditEventsV1(
  "string",  // knowledgeBaseId
  ["ID1", "ID2", "ID3"],  // ids
  boolean  // includeDeleted
);

console.log(response);

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::KnowledgeBaseAuditEvents.new

response = api.entities_knowledge_base_audit_events_v1('string', ['ID1', 'ID2', 'ID3'])

puts response

queries_knowledge_base_audit_events_v1

Query knowledge base audit event IDs with pagination and filtering.

GET /agentic-studio/queries/knowledge_base_audit_events/v1

Scope Charlotte Ai Agent Definition: READ Consumes · Produces application/json

Parameters

Name	Type	Data type	Description
knowledge_base_id	query	string	ID of the knowledge base to query audit events for
offset	query	integer	Starting index of overall result set from which to return ids.
limit	query	integer	Number of IDs to return.
sort	query	string	Sort order. Ex: ‘created_at\|desc’.
filter	query	string	FQL query specifying the filter parameters.
include_deleted	query	boolean	Include audit events for deleted knowledge bases. Defaults to false.

Code Examples

Examples coming soon.

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/knowledge_base_audit_events"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  offset := int64(0)
  limit := int64(0)
  sort := "string"
  filter := "string"
  includeDeleted := boolean

  response, err := client.KnowledgeBaseAuditEvents.QueriesKnowledgeBaseAuditEventsV1(
    &knowledge_base_audit_events.QueriesKnowledgeBaseAuditEventsV1Params{
      KnowledgeBaseID: "string",
      Offset: &offset,
      Limit: &limit,
      Sort: &sort,
      Filter: &filter,
      IncludeDeleted: &includeDeleted,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.knowledgeBaseAuditEvents.queriesKnowledgeBaseAuditEventsV1(
  "string",  // knowledgeBaseId
  integer,  // offset
  integer,  // limit
  "string",  // sort
  "string",  // filter
  boolean  // includeDeleted
);

console.log(response);

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::KnowledgeBaseAuditEvents.new

response = api.queries_knowledge_base_audit_events_v1('string')

puts response

Knowledge Base Audit Events

Table of Contents

aggregates_knowledge_base_audit_events_v1

Parameters

Code Examples

combined_knowledge_base_audit_events_v1

Parameters

Code Examples

entities_knowledge_base_audit_events_v1

Parameters

Code Examples

queries_knowledge_base_audit_events_v1

Parameters

Code Examples