NGSIEM
The NGSIEM service collection provides operations for managing NGSIEM search, lookup files, dashboards, parsers, and saved queries. Upload and retrieve lookup files, initiate and manage searches, and manage dashboards, parsers, and data connections.
| Language | Last Update |
|---|---|
| Python | v1.6.1 |
| PowerShell | v2.2.9 |
| Go | v0.20.0 |
| TypeScript | v0.6.0 |
| Rust | v0.7.0 |
| Ruby | v1.2.0 |
Table of Contents
Section titled “Table of Contents”| Operation | Description |
|---|---|
UploadLookupV1upload_file | Upload a lookup file to NGSIEM. |
GetLookupV1get_file | Download lookup file from NGSIEM. |
GetLookupFromPackageWithNamespaceV1get_file_from_package_with_namespace | Download lookup file in namespaced package from NGSIEM. |
GetLookupFromPackageV1get_file_from_package | Download lookup file in package from NGSIEM. |
StartSearchV1start_search | Initiate a NGSIEM search. |
GetSearchStatusV1get_search_status | Get status of a NGSIEM search. |
StopSearchV1stop_search | Stop a NGSIEM search. |
GetDashboardTemplateget_dashboard_template | Get dashboard template by ID. |
CreateDashboardFromTemplatecreate_dashboard_from_template | Create dashboard from template. |
UpdateDashboardFromTemplateupdate_dashboard_from_template | Update dashboard from template. |
DeleteDashboarddelete_dashboard | Delete dashboard. |
GetLookupFileget_lookup_file | Get lookup file by ID. |
CreateLookupFilecreate_lookup_file | Create lookup file. |
UpdateLookupFileupdate_lookup_file | Update lookup file. |
DeleteLookupFiledelete_lookup_file | Delete lookup file. |
GetParserTemplateget_parser_template | Get parser template by ID. |
CreateParserFromTemplatecreate_parser_from_template | Create Parser in NGSIEM from template. |
GetParserget_parser | Get parser by ID. |
CreateParsercreate_parser | Create Parser in NGSIEM. |
UpdateParserupdate_parser | Update parser. |
DeleteParserdelete_parser | Delete Parser in NGSIEM. |
UpdateParserAutoUpdatePolicyupdate_parser_auto_update_policy | Update a parser auto update policy. |
InstallParserinstall_parser | Install a CrowdStrike-managed out-of-the-box (OOTB) parser. |
BulkInstallParsersbulk_install_parsers | Install multiple CrowdStrike-managed out-of-the-box (OOTB) parsers. |
GetSavedQueryTemplateget_saved_query_template | Retrieve Saved Query in NGSIEM as LogScale YAML Template by ID. |
CreateSavedQuerycreate_saved_query | Create Saved Query from LogScale YAML Template in NGSIEM. |
UpdateSavedQueryFromTemplateupdate_saved_query_from_template | Update Saved Query from LogScale YAML Template in NGSIEM. |
DeleteSavedQuerydelete_saved_query | Delete Saved Query in NGSIEM. |
ListDashboardslist_dashboards | List dashboards. |
ListLookupFileslist_lookup_files | List lookup files. |
ListParserslist_parsers | List parsers. |
ListSavedQuerieslist_saved_queries | List saved queries. |
UpdateLookupFileEntriesupdate_lookup_file_entries | Update entries in an existing Lookup File in NGSIEM. |
ExternalListDataConnectionslist_data_connections | List and search data connections. |
ExternalListDataConnectorslist_data_connectors | List available data connectors. |
ExternalGetDataConnectionStatusget_provisioning_status | Get data connection provisioning status. |
ExternalUpdateDataConnectionStatusupdate_connection_status | Update data connection status. |
ExternalGetDataConnectionTokenget_ingest_token | Get Ingest token for data connection. |
ExternalRegenerateDataConnectionTokenregenerate_ingest_token | Regenerate Ingest token for data connection. |
ExternalGetDataConnectionByIDget_connection_by_id | Get data connection by ID. |
ExternalCreateDataConnectioncreate_data_connection | Create a new data connection. |
ExternalUpdateDataConnectionupdate_data_connection | Update a data connection. |
ExternalDeleteDataConnectiondelete_data_connection | Delete a data connection. |
ExternalListConnectorConfigslist_connector_configs | List configurations for a data connector. |
ExternalCreateConnectorConfigcreate_connector_config | Create a new configuration for a data connector. |
ExternalPatchConnectorConfigpatch_connector_config | Patch configurations for a data connector. |
ExternalDeleteConnectorConfigsdelete_connector_configs | Delete data connection config. |
UpdateParserFromTemplateupdate_parser_from_template | Update Parser in NGSIEM from YAML Template. Please note that name changes are not supported, but rather should be created as a new parser. |
UploadLookupV1
Section titled “UploadLookupV1”Upload a lookup file to NGSIEM.
POST /humio/api/v1/repositories/{repository}/files
PEP 8
upload_fileParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| lookup_file | formData | string | Location of the file object to be uploaded. Service class will also accept file for this argument. |
| repository | path | string | Name of the repository. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.upload_file(lookup_file="string", repository="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.UploadLookupV1(lookup_file="string", repository="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("UploadLookupV1", repository="string", file_data=open("filename", "rb").read())print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.UploadLookupV1( &ngsiem.UploadLookupV1Params{ Repository: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.uploadLookupV1( "string", // repository "string" // file);
console.log(response);use rusty_falcon::apis::ngsiem_api::upload_lookup_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = upload_lookup_v1( &falcon.cfg, // configuration "string", // repository std::path::PathBuf::default(), // file ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.upload_lookup_v1('string', 'string')
puts responseGetLookupV1
Section titled “GetLookupV1”Download lookup file from NGSIEM.
GET /humio/api/v1/repositories/{repository}/files/{filename}
PEP 8
get_fileParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filename | path | string | Name of the lookup file. |
| repository | path | string | Name of the repository. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.get_file(repository="string", filename="string", stream=boolean, stream=boolean) save_file.write(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.GetLookupV1(repository="string", filename="string", stream=boolean, stream=boolean) save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.command("GetLookupV1", repository="string", filename="string") save_file.write(response)Receive-FalconNgsLookupFile -Repository "string" -Filename "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.GetLookupV1( &ngsiem.GetLookupV1Params{ Repository: "string", Filename: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.getLookupV1( "string", // repository "string" // filename);
console.log(response);use rusty_falcon::apis::ngsiem_api::get_lookup_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_lookup_v1( &falcon.cfg, // configuration "string", // repository "string", // filename ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.get_lookup_v1('string', 'string')
puts responseGetLookupFromPackageWithNamespaceV1
Section titled “GetLookupFromPackageWithNamespaceV1”Download lookup file in namespaced package from NGSIEM.
GET /humio/api/v1/repositories/{repository}/files/{namespace}/{package}/{filename}
PEP 8
get_file_from_package_with_namespaceParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filename | path | string | Name of the lookup file. |
| namespace | path | string | Name of the namespace. |
| package | path | string | Name of the package. |
| repository | path | string | Name of the repository. |
| stream | query | boolean | Enable streaming download of the returned file. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.get_file_from_package_with_namespace(repository="string", namespace="string", package="string", filename="string", stream=boolean, stream=boolean) save_file.write(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.GetLookupFromPackageWithNamespaceV1(repository="string", namespace="string", package="string", filename="string", stream=boolean, stream=boolean) save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.command("GetLookupFromPackageWithNamespaceV1", repository="string", namespace="string", package="string", filename="string") save_file.write(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.GetLookupFromPackageWithNamespaceV1( &ngsiem.GetLookupFromPackageWithNamespaceV1Params{ Repository: "string", Namespace: "string", Package: "string", Filename: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.getLookupFromPackageWithNamespaceV1( "string", // repository "string", // namespace "string", // _package "string" // filename);
console.log(response);use rusty_falcon::apis::ngsiem_api::get_lookup_from_package_with_namespace_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_lookup_from_package_with_namespace_v1( &falcon.cfg, // configuration "string", // repository "string", // namespace "string", // package "string", // filename ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.get_lookup_from_package_with_namespace_v1('string', 'string', 'string', 'string')
puts responseGetLookupFromPackageV1
Section titled “GetLookupFromPackageV1”Download lookup file in package from NGSIEM.
GET /humio/api/v1/repositories/{repository}/files/{package}/{filename}
PEP 8
get_file_from_packageParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filename | path | string | Name of the lookup file. |
| package | path | string | Name of the package. |
| repository | path | string | Name of the repository. |
| stream | query | boolean | Enable streaming download of the returned file. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.get_file_from_package(repository="string", package="string", filename="string", stream=boolean, stream=boolean) save_file.write(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.GetLookupFromPackageV1(repository="string", package="string", filename="string", stream=boolean, stream=boolean) save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.command("GetLookupFromPackageV1", repository="string", package="string", filename="string") save_file.write(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.GetLookupFromPackageV1( &ngsiem.GetLookupFromPackageV1Params{ Repository: "string", Package: "string", Filename: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.getLookupFromPackageV1( "string", // repository "string", // _package "string" // filename);
console.log(response);use rusty_falcon::apis::ngsiem_api::get_lookup_from_package_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_lookup_from_package_v1( &falcon.cfg, // configuration "string", // repository "string", // package "string", // filename ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.get_lookup_from_package_v1('string', 'string', 'string')
puts responseStartSearchV1
Section titled “StartSearchV1”Initiate a NGSIEM search.
POST /humio/api/v1/repositories/{repository}/queryjobs
PEP 8
start_searchParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| allow_event_skipping | body | boolean | Flag indicating if event skipping is allowed. |
| arguments | body | dictionary | Search arguments in JSON format. |
| around | body | dictionary | Search proximity arguments. |
| autobucket_count | body | integer | Number of events per bucket. |
| body | body | dictionary | Full body payload provided as a dictionary. |
| end | body | string | Last event limit. |
| ingest_end | body | integer | Ingest maximum. |
| ingest_start | body | integer | Ingest start. |
| is_live | body | boolean | Flag indicating if this is a live search. |
| query_string | body | string | Search query string. |
| repository | path | string | Name of the repository. |
| search | body | dictionary | Search query to perform. Can be used in replace of other keywords. |
| start | body | string | Search starting time range. |
| timezone | body | string | Timezone applied to the search. |
| timezone_offset_minutes | body | integer | Timezone offset. |
| use_ingest_time | body | boolean | Flag indicating if ingest time should be used. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.start_search(allow_event_skipping=boolean, arguments={}, around={}, autobucket_count=integer, end="string", ingest_end=integer, ingest_start=integer, is_live=boolean, query_string="string", repository="string", search="string", start="string", timezone="string", timezone_offset_minutes=integer)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.StartSearchV1(allow_event_skipping=boolean, arguments={}, around={}, autobucket_count=integer, end="string", ingest_end=integer, ingest_start=integer, is_live=boolean, query_string="string", repository="string", search="string", start="string", timezone="string", timezone_offset_minutes=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "allow_event_skipping": boolean, "arguments": {}, "around": { "event_id": "string", "number_of_events_after": integer, "number_of_events_before": integer, "timestamp": integer }, "autobucket_count": integer, "end": "string", "ingest_end": "string", "ingest_start": "string", "is_live": boolean, "query_string": "string", "start": "string", "time_zone": "string", "time_zone_offset_minutes": integer, "use_ingest_time": boolean}
response = falcon.command("StartSearchV1", repository="string", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
allowEventSkipping := boolean autobucketCount := integer end := "string" ingestEnd := "string" ingestStart := "string" isLive := boolean queryString := "string" start := "string" timeZone := "string" timeZoneOffsetMinutes := integer useIngestTime := boolean
response, err := client.Ngsiem.StartSearchV1( &ngsiem.StartSearchV1Params{ Body: &models.APIQueryJobInput{ Alloweventskipping: &allowEventSkipping, Arguments: &struct{}{}, Around: &struct{}{}, Autobucketcount: &autobucketCount, End: &end, Ingestend: &ingestEnd, Ingeststart: &ingestStart, Islive: &isLive, Querystring: &queryString, Start: &start, Timezone: &timeZone, Timezoneoffsetminutes: &timeZoneOffsetMinutes, Useingesttime: &useIngestTime, }, Repository: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.startSearchV1( "string", // repository { // body allowEventSkipping: boolean, arguments: {}, around: { eventId: "string", numberOfEventsAfter: integer, numberOfEventsBefore: integer, timestamp: integer }, autobucketCount: integer, end: "string", ingestEnd: "string", ingestStart: "string", isLive: boolean, queryString: "string", start: "string", timeZone: "string", timeZoneOffsetMinutes: integer, useIngestTime: boolean });
console.log(response);use rusty_falcon::apis::ngsiem_api::start_search_v1;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApiQueryJobInput;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApiQueryJobInput { query_string: Some("string".to_string()), ..Default::default() };
let response = start_search_v1( &falcon.cfg, // configuration "string", // repository body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
body = Falcon::ApiQueryJobInput.new( allowEventSkipping: boolean, arguments: {}, around: { eventId: 'string', numberOfEventsAfter: integer, numberOfEventsBefore: integer, timestamp: integer }, autobucketCount: integer, end: 'string', ingestEnd: 'string', ingestStart: 'string', isLive: boolean, queryString: 'string', start: 'string', timeZone: 'string', timeZoneOffsetMinutes: integer, useIngestTime: boolean)
response = api.start_search_v1(body, 'string')
puts responseGetSearchStatusV1
Section titled “GetSearchStatusV1”Get status of a NGSIEM search.
GET /humio/api/v1/repositories/{repository}/queryjobs/{id}
PEP 8
get_search_statusParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| repository | path | string | Name of the repository. |
| search_id | path | string | ID of the query. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.get_search_status(repository="string", id="string", search_id="string", paginationLimit=integer, paginationOffset=integer, pagination_limit=integer, pagination_offset=integer)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.GetSearchStatusV1(repository="string", id="string", search_id="string", paginationLimit=integer, paginationOffset=integer, pagination_limit=integer, pagination_offset=integer)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("GetSearchStatusV1", repository="string", id="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.GetSearchStatusV1( &ngsiem.GetSearchStatusV1Params{ Repository: "string", ID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.getSearchStatusV1( "string", // repository "string" // id);
console.log(response);use rusty_falcon::apis::ngsiem_api::get_search_status_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_search_status_v1( &falcon.cfg, // configuration "string", // repository "string", // id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.get_search_status_v1('string', 'string')
puts responseStopSearchV1
Section titled “StopSearchV1”Stop a NGSIEM search.
DELETE /humio/api/v1/repositories/{repository}/queryjobs/{id}
PEP 8
stop_searchParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| repository | path | string | Name of the repository. |
| id | path | string | ID of the query. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.stop_search(repository="string", id="string", search_id="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.StopSearchV1(repository="string", id="string", search_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("StopSearchV1", repository="string", id="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.StopSearchV1( &ngsiem.StopSearchV1Params{ Repository: "string", ID: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.stopSearchV1( "string", // repository "string" // id);
console.log(response);use rusty_falcon::apis::ngsiem_api::stop_search_v1;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = stop_search_v1( &falcon.cfg, // configuration "string", // repository "string", // id ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.stop_search_v1('string', 'string')
puts responseGetDashboardTemplate
Section titled “GetDashboardTemplate”Get dashboard template by ID.
GET /ngsiem-content/entities/dashboards-template/v1
PEP 8
get_dashboard_templateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Dashboard ID value. |
| search_domain | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_dashboard_template(ids=id_list, search_domain="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetDashboardTemplate(ids=id_list, search_domain="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetDashboardTemplate", ids="string", search_domain="string")print(response)Receive-FalconNgsDashboard -Id "string" -Domain "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
ids := "string" searchDomain := "string"
response, err := client.Ngsiem.GetDashboardTemplate( &ngsiem.GetDashboardTemplateParams{ Ids: &ids, SearchDomain: &searchDomain, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.getDashboardTemplate( "string", // ids "string" // searchDomain);
console.log(response);use rusty_falcon::apis::ngsiem_api::get_dashboard_template;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_dashboard_template( &falcon.cfg, // configuration Some("string"), // ids Some("string"), // search_domain ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.get_dashboard_template(ids: 'string', search_domain: 'string')
puts responseCreateDashboardFromTemplate
Section titled “CreateDashboardFromTemplate”Create Dashboard from LogScale YAML Template in NGSIEM.
POST /ngsiem-content/entities/dashboards-template/v1
PEP 8
create_dashboard_from_templateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| search_domain | formData | string | Name of search domain (view or repo), options; all, falcon, third-party. |
| name | formData | string | Name of the dashboard. |
| yaml_template | formData | string | LogScale dashboard YAML template content, see schema at https://schemas.humio.com/. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_dashboard_from_template(search_domain="string", name="string", yaml_template="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.CreateDashboardFromTemplate(search_domain="string", name="string", yaml_template="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("CreateDashboardFromTemplate", search_domain="string", name="string", yaml_template="string")print(response)Send-FalconNgsDashboard -Name "string" ` -Domain "string" ` -Path "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
searchDomain := "string" name := "string"
response, err := client.Ngsiem.CreateDashboardFromTemplate( &ngsiem.CreateDashboardFromTemplateParams{ SearchDomain: &searchDomain, Name: &name, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.createDashboardFromTemplate( "string", // searchDomain "string", // name "string" // yamlTemplate);
console.log(response);use rusty_falcon::apis::ngsiem_api::create_dashboard_from_template;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = create_dashboard_from_template( &falcon.cfg, // configuration Some("string"), // search_domain Some("string"), // name Some("string"), // yaml_template ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.create_dashboard_from_template(search_domain: 'string', name: 'string')
puts responseUpdateDashboardFromTemplate
Section titled “UpdateDashboardFromTemplate”Update Dashboard from LogScale YAML Template in NGSIEM. Please note a successful update will result in a new ID value being returned.
PATCH /ngsiem-content/entities/dashboards-template/v1
PEP 8
update_dashboard_from_templateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| search_domain | formData | string | Name of search domain (view or repo), options; all, falcon, third-party. |
| ids | formData | string | ID of the dashboard. |
| yaml_template | formData | string | LogScale dashboard YAML template content, see schema at https://schemas.humio.com/. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_dashboard_from_template(search_domain="string", name="string", yaml_template="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.UpdateDashboardFromTemplate(search_domain="string", name="string", yaml_template="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("UpdateDashboardFromTemplate", search_domain="string", ids="string", yaml_template="string")print(response)Update-FalconNgsDashboard -Id "string" ` -Domain "string" ` -Path "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
searchDomain := "string" ids := "string"
response, err := client.Ngsiem.UpdateDashboardFromTemplate( &ngsiem.UpdateDashboardFromTemplateParams{ SearchDomain: &searchDomain, Ids: &ids, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.updateDashboardFromTemplate( "string", // searchDomain "string", // ids "string" // yamlTemplate);
console.log(response);use rusty_falcon::apis::ngsiem_api::update_dashboard_from_template;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = update_dashboard_from_template( &falcon.cfg, // configuration Some("string"), // search_domain Some("string"), // ids Some("string"), // yaml_template ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.update_dashboard_from_template(search_domain: 'string', ids: 'string')
puts responseDeleteDashboard
Section titled “DeleteDashboard”Delete Dashboard in NGSIEM.
DELETE /ngsiem-content/entities/dashboards/v1
PEP 8
delete_dashboardParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Dashboard ID value. |
| search_domain | query | string | Name of search domain (view or repo), options; all, falcon, third-party. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_dashboard(ids=id_list, search_domain="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteDashboard(ids=id_list, search_domain="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteDashboard", ids="string", search_domain="string")print(response)Remove-FalconNgsDashboard -Id "string" -Domain "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
ids := "string" searchDomain := "string"
response, err := client.Ngsiem.DeleteDashboard( &ngsiem.DeleteDashboardParams{ Ids: &ids, SearchDomain: &searchDomain, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.deleteDashboard( "string", // ids "string" // searchDomain);
console.log(response);use rusty_falcon::apis::ngsiem_api::delete_dashboard;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = delete_dashboard( &falcon.cfg, // configuration Some("string"), // ids Some("string"), // search_domain ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.delete_dashboard(ids: 'string', search_domain: 'string')
puts responseGetLookupFile
Section titled “GetLookupFile”Retrieve Lookup File in NGSIEM.
GET /ngsiem-content/entities/lookupfiles/v1
PEP 8
get_lookup_fileParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filename | query | string | Lookup file filename. |
| search_domain | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards, parsers-repository. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.get_lookup_file(filename="string", search_domain="string", stream=boolean) save_file.write(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.GetLookupFile(filename="string", search_domain="string", stream=boolean) save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
with open("output_file", "wb") as save_file: response = falcon.command("GetLookupFile", filename="string", search_domain="string") save_file.write(response)Get-FalconNgsLookupFile -Filename "string" -Domain "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filename := "string" searchDomain := "string"
response, err := client.Ngsiem.GetLookupFile( &ngsiem.GetLookupFileParams{ Filename: &filename, SearchDomain: &searchDomain, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.getLookupFile( "string", // filename "string" // searchDomain);
console.log(response);use rusty_falcon::apis::ngsiem_api::get_lookup_file;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_lookup_file( &falcon.cfg, // configuration Some("string"), // filename Some("string"), // search_domain ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.get_lookup_file(filename: 'string', search_domain: 'string')
puts responseCreateLookupFile
Section titled “CreateLookupFile”Create Lookup File in NGSIEM.
POST /ngsiem-content/entities/lookupfiles/v1
PEP 8
create_lookup_fileParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| search_domain | formData | string | Name of search domain (view or repo), options; all, falcon, third-party, parsers-repository. |
| filename | formData | string | Filename of the lookup file to create. |
| file | formData | string | File content to upload. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_lookup_file(search_domain="string", filename="string", file="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.CreateLookupFile(search_domain="string", filename="string", file="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("CreateLookupFile", search_domain="string", filename="string", file_data=open("filename", "rb").read())print(response)Send-FalconNgsLookupFile -Filename "string" ` -Domain "string" ` -Path "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
searchDomain := "string" filename := "string"
response, err := client.Ngsiem.CreateLookupFile( &ngsiem.CreateLookupFileParams{ SearchDomain: &searchDomain, Filename: &filename, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.createLookupFile( "string", // searchDomain "string", // filename "string" // file);
console.log(response);use rusty_falcon::apis::ngsiem_api::create_lookup_file;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = create_lookup_file( &falcon.cfg, // configuration Some("string"), // search_domain Some("string"), // filename Some("string"), // file ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.create_lookup_file(search_domain: 'string', filename: 'string')
puts responseUpdateLookupFile
Section titled “UpdateLookupFile”Update Lookup File in NGSIEM.
PATCH /ngsiem-content/entities/lookupfiles/v1
PEP 8
update_lookup_fileParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| search_domain | formData | string | Name of search domain (view or repo), options; all, falcon, third-party, parsers-repository. |
| filename | formData | string | Filename of the lookup file to update. |
| file | formData | string | File content to upload. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_lookup_file(search_domain="string", filename="string", file="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.UpdateLookupFile(search_domain="string", filename="string", file="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("UpdateLookupFile", search_domain="string", filename="string", file_data=open("filename", "rb").read())print(response)Update-FalconNgsLookupFile -Filename "string" ` -Domain "string" ` -Path "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
searchDomain := "string" filename := "string"
response, err := client.Ngsiem.UpdateLookupFile( &ngsiem.UpdateLookupFileParams{ SearchDomain: &searchDomain, Filename: &filename, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.updateLookupFile( "string", // searchDomain "string", // filename "string" // file);
console.log(response);use rusty_falcon::apis::ngsiem_api::update_lookup_file;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = update_lookup_file( &falcon.cfg, // configuration Some("string"), // search_domain Some("string"), // filename Some("string"), // file ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.update_lookup_file(search_domain: 'string', filename: 'string')
puts responseDeleteLookupFile
Section titled “DeleteLookupFile”Delete Lookup File in NGSIEM.
DELETE /ngsiem-content/entities/lookupfiles/v1
PEP 8
delete_lookup_fileParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filename | query | string | Lookup file filename. |
| search_domain | query | string | Name of search domain (view or repo), options; all, falcon, third-party, parsers-repository. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.delete_lookup_file(filename="string", search_domain="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.DeleteLookupFile(filename="string", search_domain="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("DeleteLookupFile", filename="string", search_domain="string")print(response)Remove-FalconNgsLookupFile -Filename "string" -Domain "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filename := "string" searchDomain := "string"
response, err := client.Ngsiem.DeleteLookupFile( &ngsiem.DeleteLookupFileParams{ Filename: &filename, SearchDomain: &searchDomain, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.deleteLookupFile( "string", // filename "string" // searchDomain);
console.log(response);use rusty_falcon::apis::ngsiem_api::delete_lookup_file;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = delete_lookup_file( &falcon.cfg, // configuration Some("string"), // filename Some("string"), // search_domain ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.delete_lookup_file(filename: 'string', search_domain: 'string')
puts responseListDashboards
Section titled “ListDashboards”List dashboards.
GET /ngsiem-content/queries/dashboards/v1
PEP 8
list_dashboardsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| limit | query | string | Maximum number of results to return (default: 50, max: 9999) |
| offset | query | string | Number of results to offset the returned results by (default: 0, max: 9999) |
| filter | query | string | FQL filter to apply to the name of the content, only currently support text match on name field: name:~‘value’ |
| search_domain | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.list_dashboards(limit=integer, offset=integer, filter="string", search_domain="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ListDashboards(limit=integer, offset=integer, filter="string", search_domain="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ListDashboards", limit="string", offset="string", filter="string", search_domain="string")print(response)Get-FalconNgsDashboard -Domain "string" ` -Filter "string" ` -Limit "string" ` -Offset "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
limit := "string" offset := "string" filter := "string" searchDomain := "string"
response, err := client.Ngsiem.ListDashboards( &ngsiem.ListDashboardsParams{ Limit: &limit, Offset: &offset, Filter: &filter, SearchDomain: &searchDomain, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.listDashboards( "string", // limit "string", // offset "string", // filter "string" // searchDomain);
console.log(response);use rusty_falcon::apis::ngsiem_api::list_dashboards;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = list_dashboards( &falcon.cfg, // configuration Some("string"), // limit Some("string"), // offset Some("string"), // filter Some("string"), // search_domain ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.list_dashboards(limit: 'string', offset: 'string', filter: 'string', search_domain: 'string')
puts responseListLookupFiles
Section titled “ListLookupFiles”List lookup files.
GET /ngsiem-content/queries/lookupfiles/v1
PEP 8
list_lookup_filesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| limit | query | string | Maximum number of results to return (default: 50, max: 9999) |
| offset | query | string | Number of results to offset the returned results by (default: 0, max: 9999) |
| filter | query | string | FQL filter to apply to the name of the content, only currently support text match on name field: name:~‘value’ |
| search_domain | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards, parsers-repository |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.list_lookup_files(limit=integer, offset=integer, filter="string", search_domain="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ListLookupFiles(limit=integer, offset=integer, filter="string", search_domain="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ListLookupFiles", limit="string", offset="string", filter="string", search_domain="string")print(response)Get-FalconNgsLookupFile -Domain "string" ` -Filter "string" ` -Limit "string" ` -Offset "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
limit := "string" offset := "string" filter := "string" searchDomain := "string"
response, err := client.Ngsiem.ListLookupFiles( &ngsiem.ListLookupFilesParams{ Limit: &limit, Offset: &offset, Filter: &filter, SearchDomain: &searchDomain, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.listLookupFiles( "string", // limit "string", // offset "string", // filter "string" // searchDomain);
console.log(response);use rusty_falcon::apis::ngsiem_api::list_lookup_files;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = list_lookup_files( &falcon.cfg, // configuration Some("string"), // limit Some("string"), // offset Some("string"), // filter Some("string"), // search_domain ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.list_lookup_files(limit: 'string', offset: 'string', filter: 'string', search_domain: 'string')
puts responseListParsers
Section titled “ListParsers”List parsers.
GET /ngsiem-content/queries/parsers/v1
PEP 8
list_parsersParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| limit | query | string | Maximum number of results to return (default: 50, max: 9999) |
| offset | query | string | Number of results to offset the returned results by (default: 0, max: 9999) |
| filter | query | string | FQL filter to apply to the name of the content, only currently support text match on name field: name:~‘value’ |
| repository | query | string | Name of repository, options; parsers-repository |
| update_available | query | string | Filter parsers by update availability. Allowed values: true, false |
| parser_type | query | string | Filter parsers by type. Allowed values: ootb, custom |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.list_parsers(limit=integer, offset=integer, filter="string", repository="string", update_available="string", parser_type="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ListParsers(limit=integer, offset=integer, filter="string", repository="string", update_available="string", parser_type="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ListParsers", limit="string", offset="string", filter="string", repository="string", update_available="string", parser_type="string")print(response)Get-FalconNgsParser -Repository "string" ` -Filter "string" ` -Limit "string" ` -Offset "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
limit := "string" offset := "string" filter := "string" repository := "string"
response, err := client.Ngsiem.ListParsers( &ngsiem.ListParsersParams{ Limit: &limit, Offset: &offset, Filter: &filter, Repository: &repository, UpdateAvailable: "string", ParserType: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.listParsers( "string", // limit "string", // offset "string", // filter "string", // repository "string", // updateAvailable "string" // parserType);
console.log(response);use rusty_falcon::apis::ngsiem_api::list_parsers;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = list_parsers( &falcon.cfg, // configuration Some("string"), // limit Some("string"), // offset Some("string"), // filter Some("string"), // repository ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.list_parsers(limit: 'string', offset: 'string', filter: 'string', repository: 'string', update_available: 'string', parser_type: 'string')
puts responseListSavedQueries
Section titled “ListSavedQueries”List saved queries.
GET /ngsiem-content/queries/savedqueries/v1
PEP 8
list_saved_queriesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| limit | query | string | Maximum number of results to return (default: 50, max: 9999) |
| offset | query | string | Number of results to offset the returned results by (default: 0, max: 9999) |
| filter | query | string | FQL filter to apply to the name of the content, only currently support text match on name field: name:~‘value’ |
| search_domain | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.list_saved_queries(limit=integer, offset=integer, filter="string", search_domain="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ListSavedQueries(limit=integer, offset=integer, filter="string", search_domain="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ListSavedQueries", limit="string", offset="string", filter="string", search_domain="string")print(response)Get-FalconNgsSavedQuery -Domain "string" ` -Filter "string" ` -Limit "string" ` -Offset "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
limit := "string" offset := "string" filter := "string" searchDomain := "string"
response, err := client.Ngsiem.ListSavedQueries( &ngsiem.ListSavedQueriesParams{ Limit: &limit, Offset: &offset, Filter: &filter, SearchDomain: &searchDomain, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.listSavedQueries( "string", // limit "string", // offset "string", // filter "string" // searchDomain);
console.log(response);use rusty_falcon::apis::ngsiem_api::list_saved_queries;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = list_saved_queries( &falcon.cfg, // configuration Some("string"), // limit Some("string"), // offset Some("string"), // filter Some("string"), // search_domain ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.list_saved_queries(limit: 'string', offset: 'string', filter: 'string', search_domain: 'string')
puts responseUpdateLookupFileEntries
Section titled “UpdateLookupFileEntries”Update entries in an existing Lookup File in NGSIEM.
PATCH /ngsiem-content/entities/lookupfiles-entries/v1
PEP 8
update_lookup_file_entriesParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| search_domain | formData | string | Name of search domain (view or repo), options; all, falcon, third-party, parsers-repository. |
| filename | formData | string | Filename of the lookup file to update. |
| file | formData | string | The file content for updating or appending the entries. |
| update_mode | formData | string | How to update the file entries, options; append, update. |
| key_columns | formData | string | For update mode, the comma separated list of key columns to use when matching entries (REQUIRED when update_mode=update). |
| ignore_case | formData | string | For update mode, whether to ignore case when matching keys (REQUIRED when update_mode=update), options; true, false. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_lookup_file_entries(search_domain="string", filename="string", file="string", update_mode="string", key_columns=["string"], ignore_case="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.UpdateLookupFileEntries(search_domain="string", filename="string", file="string", update_mode="string", key_columns=["string"], ignore_case="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("UpdateLookupFileEntries", search_domain="string", filename="string", file_data=open("filename", "rb").read(), update_mode="string", key_columns="string", ignore_case="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
searchDomain := "string" filename := "string" updateMode := "string" keyColumns := "string" ignoreCase := "string"
response, err := client.Ngsiem.UpdateLookupFileEntries( &ngsiem.UpdateLookupFileEntriesParams{ SearchDomain: &searchDomain, Filename: &filename, UpdateMode: &updateMode, KeyColumns: &keyColumns, IgnoreCase: &ignoreCase, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.updateLookupFileEntries( "string", // searchDomain "string", // filename "string", // file "string", // updateMode "string", // keyColumns "string" // ignoreCase);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.update_lookup_file_entries(search_domain: 'string', filename: 'string', update_mode: 'string', key_columns: 'string', ignore_case: 'string')
puts responseExternalListDataConnections
Section titled “ExternalListDataConnections”List and search data connections.
GET /ngsiem/combined/connections/v1
PEP 8
list_data_connectionsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | Optional filter criteria in FQL format. |
| offset | query | integer | Starting position for pagination. |
| limit | query | integer | Maximum number of items to return. |
| sort | query | string | Sort field and direction. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.list_data_connections(filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ExternalListDataConnections(filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ExternalListDataConnections", filter="string", offset=integer, limit=integer, sort="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" offset := int64(0) limit := int64(0) sort := "string"
response, err := client.Ngsiem.ExternalListDataConnections( &ngsiem.ExternalListDataConnectionsParams{ Filter: &filter, Offset: &offset, Limit: &limit, Sort: &sort, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalListDataConnections( "string", // filter integer, // offset integer, // limit "string" // sort);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.external_list_data_connections(filter: 'string', offset: integer, limit: integer, sort: 'string')
puts responseExternalListDataConnectors
Section titled “ExternalListDataConnectors”List available data connectors.
GET /ngsiem/combined/connectors/v1
PEP 8
list_data_connectorsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| filter | query | string | Optional filter criteria in FQL format. |
| offset | query | integer | Starting position for pagination. |
| limit | query | integer | Maximum number of items to return. |
| sort | query | string | Sort field and direction. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.list_data_connectors(filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.ExternalListDataConnectors(filter="string", offset=integer, limit=integer, sort="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("ExternalListDataConnectors", filter="string", offset=integer, limit=integer, sort="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
filter := "string" offset := int64(0) limit := int64(0) sort := "string"
response, err := client.Ngsiem.ExternalListDataConnectors( &ngsiem.ExternalListDataConnectorsParams{ Filter: &filter, Offset: &offset, Limit: &limit, Sort: &sort, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalListDataConnectors( "string", // filter integer, // offset integer, // limit "string" // sort);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.external_list_data_connectors(filter: 'string', offset: integer, limit: integer, sort: 'string')
puts responseExternalGetDataConnectionStatus
Section titled “ExternalGetDataConnectionStatus”Get data connection provisioning status.
GET /ngsiem/entities/connections/status/v1
PEP 8
get_provisioning_statusParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list | Unique identifier of the data connection. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_provisioning_status(ids=id_list)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ExternalGetDataConnectionStatus(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ExternalGetDataConnectionStatus", ids=id_list)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.ExternalGetDataConnectionStatus( &ngsiem.ExternalGetDataConnectionStatusParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalGetDataConnectionStatus(["ID1", "ID2", "ID3"]); // ids
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.external_get_data_connection_status(['ID1', 'ID2', 'ID3'])
puts responseExternalUpdateDataConnectionStatus
Section titled “ExternalUpdateDataConnectionStatus”Update data connection status.
PATCH /ngsiem/entities/connections/status/v1
PEP 8
update_connection_statusParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Unique identifier of the data connection. |
| body | body | dictionary | Full body payload in JSON format. |
| status | body | string | Status value. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_connection_status(ids=id_list, status="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ExternalUpdateDataConnectionStatus(ids=id_list, status="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "status": "string"}
response = falcon.command("ExternalUpdateDataConnectionStatus", ids="string", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
status := "string"
response, err := client.Ngsiem.ExternalUpdateDataConnectionStatus( &ngsiem.ExternalUpdateDataConnectionStatusParams{ Body: &models.DataconnectionmanagementUpdateDataConnectionStatusRequest{ Status: &status, }, Ids: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalUpdateDataConnectionStatus( "string", // ids { // body status: "string" });
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
body = Falcon::DataconnectionmanagementUpdateDataConnectionStatusRequest.new( status: 'string')
response = api.external_update_data_connection_status(body, 'string')
puts responseExternalGetDataConnectionToken
Section titled “ExternalGetDataConnectionToken”Get Ingest token for data connection.
GET /ngsiem/entities/connections/token/v1
PEP 8
get_ingest_tokenParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Unique identifier of the data connection. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_ingest_token(ids=id_list)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ExternalGetDataConnectionToken(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ExternalGetDataConnectionToken", ids="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.ExternalGetDataConnectionToken( &ngsiem.ExternalGetDataConnectionTokenParams{ Ids: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalGetDataConnectionToken("string"); // ids
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.external_get_data_connection_token('string')
puts responseExternalRegenerateDataConnectionToken
Section titled “ExternalRegenerateDataConnectionToken”Regenerate Ingest token for data connection.
POST /ngsiem/entities/connections/token/v1
PEP 8
regenerate_ingest_tokenParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Unique identifier of the data connection. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.regenerate_ingest_token(ids=id_list)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ExternalRegenerateDataConnectionToken(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ExternalRegenerateDataConnectionToken", ids="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.ExternalRegenerateDataConnectionToken( &ngsiem.ExternalRegenerateDataConnectionTokenParams{ Ids: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalRegenerateDataConnectionToken("string"); // ids
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.external_regenerate_data_connection_token('string')
puts responseExternalGetDataConnectionByID
Section titled “ExternalGetDataConnectionByID”Get data connection by ID.
GET /ngsiem/entities/connections/v1
PEP 8
get_connection_by_idParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string or list | Unique identifier of the data connection. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_connection_by_id(ids=id_list)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ExternalGetDataConnectionByID(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ExternalGetDataConnectionByID", ids=id_list)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.ExternalGetDataConnectionByID( &ngsiem.ExternalGetDataConnectionByIDParams{ Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalGetDataConnectionByID(["ID1", "ID2", "ID3"]); // ids
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.external_get_data_connection_by_id(['ID1', 'ID2', 'ID3'])
puts responseExternalCreateDataConnection
Section titled “ExternalCreateDataConnection”Create a new data connection.
POST /ngsiem/entities/connections/v1
PEP 8
create_data_connectionParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| config | body | dictionary | Configuration dictionary. |
| config_id | body | string | Configuration ID. |
| connector_id | body | string | Connector ID. |
| connector_type | body | string | Connector type. |
| description | body | string | Connection description. |
| enable_host_enrichment | body | boolean | Enable host enrichment. |
| enable_user_enrichment | body | boolean | Enable user enrichment. |
| name | body | string | Connection name. |
| parser | body | string | Parser. |
| vendor_name | body | string | Vendor name. |
| vendor_product_name | body | string | Vendor product name. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
config = { "auth": {}, "name": "string", "params": {}}
response = falcon.create_data_connection(config=config, config_id="string", connector_id="string", connector_type="string", description="string", enable_host_enrichment=boolean, enable_user_enrichment=boolean, log_sources=id_list, name="string", parser="string", vendor_name="string", vendor_product_name="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
config = { "auth": {}, "name": "string", "params": {}}
response = falcon.ExternalCreateDataConnection(config=config, config_id="string", connector_id="string", connector_type="string", description="string", enable_host_enrichment=boolean, enable_user_enrichment=boolean, log_sources=id_list, name="string", parser="string", vendor_name="string", vendor_product_name="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "config": { "auth": {}, "name": "string", "params": {} }, "config_id": "string", "connector_id": "string", "connector_type": "string", "custom": {}, "description": "string", "enable_host_enrichment": boolean, "enable_user_enrichment": boolean, "log_sources": ["string"], "name": "string", "parser": "string", "vendor_name": "string", "vendor_product_name": "string"}
response = falcon.command("ExternalCreateDataConnection", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
config_id := "string" connector_id := "string" connector_type := "string" description := "string" enable_host_enrichment := boolean enable_user_enrichment := boolean name := "string" parser := "string" vendor_name := "string" vendor_product_name := "string"
response, err := client.Ngsiem.ExternalCreateDataConnection( &ngsiem.ExternalCreateDataConnectionParams{ Body: &models.DataconnectionmanagementCreateDataConnectionRequest{ Config: &struct{}{}, ConfigID: &config_id, ConnectorID: &connector_id, ConnectorType: &connector_type, Custom: &struct{}{}, Description: &description, EnableHostEnrichment: &enable_host_enrichment, EnableUserEnrichment: &enable_user_enrichment, LogSources: []string{"string"}, Name: &name, Parser: &parser, VendorName: &vendor_name, VendorProductName: &vendor_product_name, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalCreateDataConnection( { config: { auth: {}, name: "string", params: {} }, configId: "string", connectorId: "string", connectorType: "string", custom: {}, description: "string", enableHostEnrichment: boolean, enableUserEnrichment: boolean, logSources: [], name: "string", parser: "string", vendorName: "string", vendorProductName: "string"} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
body = Falcon::DataconnectionmanagementCreateDataConnectionRequest.new( config: { auth: {}, name: 'string', params: {} }, config_id: 'string', connector_id: 'string', connector_type: 'string', custom: {}, description: 'string', enable_host_enrichment: boolean, enable_user_enrichment: boolean, log_sources: [], name: 'string', parser: 'string', vendor_name: 'string', vendor_product_name: 'string')
response = api.external_create_data_connection(body)
puts responseExternalUpdateDataConnection
Section titled “ExternalUpdateDataConnection”Update a data connection.
PATCH /ngsiem/entities/connections/v1
PEP 8
update_data_connectionParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Unique identifier of the data connection. |
| body | body | dictionary | Full body payload in JSON format. |
| config | body | dictionary | Configuration dictionary. |
| config_id | body | string | Configuration ID. |
| description | body | string | Connection description. |
| enable_host_enrichment | body | boolean | Enable host enrichment. |
| enable_user_enrichment | body | boolean | Enable user enrichment. |
| name | body | string | Connection name. |
| parser | body | string | Parser. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
config = { "auth": {}, "name": "string", "params": {}}
response = falcon.update_data_connection(ids=id_list, config=config, config_id="string", description="string", enable_host_enrichment=boolean, enable_user_enrichment=boolean, name="string", parser="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
config = { "auth": {}, "name": "string", "params": {}}
response = falcon.ExternalUpdateDataConnection(ids=id_list, config=config, config_id="string", description="string", enable_host_enrichment=boolean, enable_user_enrichment=boolean, name="string", parser="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "config": { "auth": {}, "name": "string", "params": {} }, "config_id": "string", "description": "string", "enable_host_enrichment": boolean, "enable_user_enrichment": boolean, "name": "string", "parser": "string"}
response = falcon.command("ExternalUpdateDataConnection", ids="string", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
config_id := "string" description := "string" enable_host_enrichment := boolean enable_user_enrichment := boolean name := "string" parser := "string"
response, err := client.Ngsiem.ExternalUpdateDataConnection( &ngsiem.ExternalUpdateDataConnectionParams{ Body: &models.DataconnectionmanagementUpdateDataConnectionRequest{ Config: &struct{}{}, ConfigID: &config_id, Description: &description, EnableHostEnrichment: &enable_host_enrichment, EnableUserEnrichment: &enable_user_enrichment, Name: &name, Parser: &parser, }, Ids: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalUpdateDataConnection( "string", // ids { // body config: { auth: {}, name: "string", params: {} }, configId: "string", description: "string", enableHostEnrichment: boolean, enableUserEnrichment: boolean, name: "string", parser: "string" });
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
body = Falcon::DataconnectionmanagementUpdateDataConnectionRequest.new( config: { auth: {}, name: 'string', params: {} }, config_id: 'string', description: 'string', enable_host_enrichment: boolean, enable_user_enrichment: boolean, name: 'string', parser: 'string')
response = api.external_update_data_connection(body, 'string')
puts responseExternalDeleteDataConnection
Section titled “ExternalDeleteDataConnection”Delete a data connection.
DELETE /ngsiem/entities/connections/v1
PEP 8
delete_data_connectionParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Unique identifier of the data connection. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_data_connection(ids=id_list)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ExternalDeleteDataConnection(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ExternalDeleteDataConnection", ids="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.ExternalDeleteDataConnection( &ngsiem.ExternalDeleteDataConnectionParams{ Ids: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalDeleteDataConnection("string"); // ids
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.external_delete_data_connection('string')
puts responseExternalListConnectorConfigs
Section titled “ExternalListConnectorConfigs”List configurations for a data connector.
GET /ngsiem/entities/connectors/configs/v1
PEP 8
list_connector_configsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Unique identifier of the data connector. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.list_connector_configs(ids=id_list)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ExternalListConnectorConfigs(ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ExternalListConnectorConfigs", ids="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.ExternalListConnectorConfigs( &ngsiem.ExternalListConnectorConfigsParams{ Ids: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalListConnectorConfigs("string"); // ids
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.external_list_connector_configs('string')
puts responseExternalCreateConnectorConfig
Section titled “ExternalCreateConnectorConfig”Create a new configuration for a data connector.
POST /ngsiem/entities/connectors/configs/v1
PEP 8
create_connector_configParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| config | body | dictionary | Configuration details for the connector including authentication and parameters. |
| connector_id | body | string | Unique identifier of the data connector. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
config = { "auth": {}, "name": "string", "params": {}}
response = falcon.create_connector_config(config=config, connector_id="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
config = { "auth": {}, "name": "string", "params": {}}
response = falcon.ExternalCreateConnectorConfig(config=config, connector_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "config": { "auth": {}, "name": "string", "params": {} }, "connector_id": "string"}
response = falcon.command("ExternalCreateConnectorConfig", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
connector_id := "string"
response, err := client.Ngsiem.ExternalCreateConnectorConfig( &ngsiem.ExternalCreateConnectorConfigParams{ Body: &models.DataconnectionmanagementCreateConnectorConfigRequest{ Config: &struct{}{}, ConnectorID: &connector_id, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalCreateConnectorConfig( { config: { auth: {}, name: "string", params: {} }, connectorId: "string"} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
body = Falcon::DataconnectionmanagementCreateConnectorConfigRequest.new( config: { auth: {}, name: 'string', params: {} }, connector_id: 'string')
response = api.external_create_connector_config(body)
puts responseExternalPatchConnectorConfig
Section titled “ExternalPatchConnectorConfig”Patch configurations for a data connector.
PATCH /ngsiem/entities/connectors/configs/v1
PEP 8
patch_connector_configParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Unique id of the config to update. |
| body | body | dictionary | Full body payload in JSON format. |
| config | body | dictionary | Configuration details for the connector including authentication and parameters. |
| connector_id | body | string | Unique identifier of the data connector. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
config = { "auth": {}, "name": "string", "params": {}}
response = falcon.patch_connector_config(ids=id_list, config=config, connector_id="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
config = { "auth": {}, "name": "string", "params": {}}
response = falcon.ExternalPatchConnectorConfig(ids=id_list, config=config, connector_id="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "config": { "auth": {}, "name": "string", "params": {} }, "connector_id": "string"}
response = falcon.command("ExternalPatchConnectorConfig", ids="string", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
connector_id := "string"
response, err := client.Ngsiem.ExternalPatchConnectorConfig( &ngsiem.ExternalPatchConnectorConfigParams{ Body: &models.DataconnectionmanagementCreateConnectorConfigRequest{ Config: &struct{}{}, ConnectorID: &connector_id, }, Ids: "string", Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalPatchConnectorConfig( "string", // ids { // body config: { auth: {}, name: "string", params: {} }, connectorId: "string" });
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
body = Falcon::DataconnectionmanagementCreateConnectorConfigRequest.new( config: { auth: {}, name: 'string', params: {} }, connector_id: 'string')
response = api.external_patch_connector_config(body, 'string')
puts responseExternalDeleteConnectorConfigs
Section titled “ExternalDeleteConnectorConfigs”Delete data connection config.
DELETE /ngsiem/entities/connectors/configs/v1
PEP 8
delete_connector_configsParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| connector_id | query | string | Unique identifier of the connector. |
| ids | query | string or list of strings | Unique identifiers of the config(s) to delete. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_connector_configs(connector_id="string", ids=id_list)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ExternalDeleteConnectorConfigs(connector_id="string", ids=id_list)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ExternalDeleteConnectorConfigs", connector_id="string", ids=id_list)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
response, err := client.Ngsiem.ExternalDeleteConnectorConfigs( &ngsiem.ExternalDeleteConnectorConfigsParams{ ConnectorID: "string", Ids: []string{"ID1", "ID2", "ID3"}, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.externalDeleteConnectorConfigs( "string", // connectorId "string" // ids);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.external_delete_connector_configs('string', ['ID1', 'ID2', 'ID3'])
puts responseUpdateParserFromTemplate
Section titled “UpdateParserFromTemplate”Update Parser in NGSIEM from YAML Template. Please note that name changes are not supported, but rather should be created as a new parser.
PATCH /ngsiem-content/entities/parsers-template/v1
PEP 8
update_parser_from_templateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| repository | formData | string | name of repository |
| ids | formData | string | id of the parser |
| yaml_template | formData | file | LogScale Parser YAML template content, see schema at https://schemas.humio.com/ |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_parser_from_template(repository="string", ids=id_list, yaml_template="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.UpdateParserFromTemplate(repository="string", ids=id_list, yaml_template="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("UpdateParserFromTemplate", repository="string", ids="string", yaml_template="string")print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
repository := "string" ids := "string"
response, err := client.Ngsiem.UpdateParserFromTemplate( &ngsiem.UpdateParserFromTemplateParams{ Repository: &repository, Ids: &ids, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.updateParserFromTemplate( "string", // repository "string", // ids "string" // yamlTemplate);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.update_parser_from_template(repository: 'string', ids: 'string')
puts responseGetParserTemplate
Section titled “GetParserTemplate”Retrieve Parser in NGSIEM as LogScale YAML Template.
GET /ngsiem-content/entities/parsers-template/v1
PEP 8
get_parser_templateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Parser ID value |
| repository | query | string | Name of repository, options; parsers-repository |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_parser_template(ids=id_list, repository="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetParserTemplate(ids=id_list, repository="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetParserTemplate", ids="string", repository="string")print(response)Receive-FalconNgsParser -Id "string" -Repository "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
ids := "string" repository := "string"
response, err := client.Ngsiem.GetParserTemplate( &ngsiem.GetParserTemplateParams{ Ids: &ids, Repository: &repository, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.getParserTemplate( "string", // ids "string" // repository);
console.log(response);use rusty_falcon::apis::ngsiem_api::get_parser_template;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_parser_template( &falcon.cfg, // configuration Some("string"), // ids Some("string"), // repository ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.get_parser_template(ids: 'string', repository: 'string')
puts responseCreateParserFromTemplate
Section titled “CreateParserFromTemplate”Create Parser from LogScale YAML Template in NGSIEM.
POST /ngsiem-content/entities/parsers-template/v1
PEP 8
create_parser_from_templateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| repository | formData | string | Name of repository, options; parsers-repository. |
| name | formData | string | Name of the parser. |
| yaml_template | formData | string | LogScale Parser YAML template content, see schema at https://schemas.humio.com/. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_parser_from_template(repository="string", name="string", yaml_template="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.CreateParserFromTemplate(repository="string", name="string", yaml_template="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("CreateParserFromTemplate", repository="string", yaml_template="string")print(response)Send-FalconNgsParser -Name "string" ` -Repository "string" ` -Path "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
repository := "string"
response, err := client.Ngsiem.CreateParserFromTemplate( &ngsiem.CreateParserFromTemplateParams{ Repository: &repository, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.createParserFromTemplate( "string", // repository "string" // yamlTemplate);
console.log(response);use rusty_falcon::apis::ngsiem_api::create_parser_from_template;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = create_parser_from_template( &falcon.cfg, // configuration Some("string"), // repository Some("string"), // name Some("string"), // yaml_template ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.create_parser_from_template(repository: 'string')
puts responseGetParser
Section titled “GetParser”Retrieve Parser in NGSIEM.
GET /ngsiem-content/entities/parsers/v1
PEP 8
get_parserParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Parser ID value |
| repository | query | string | Name of repository, options; parsers-repository |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_parser(ids=id_list, repository="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetParser(ids=id_list, repository="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetParser", ids="string", repository="string")print(response)Get-FalconNgsParser -Id "string" -Repository "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
ids := "string" repository := "string"
response, err := client.Ngsiem.GetParser( &ngsiem.GetParserParams{ Ids: &ids, Repository: &repository, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.getParser( "string", // ids "string" // repository);
console.log(response);use rusty_falcon::apis::ngsiem_api::get_parser;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_parser( &falcon.cfg, // configuration Some("string"), // ids Some("string"), // repository ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.get_parser(ids: 'string', repository: 'string')
puts responseCreateParser
Section titled “CreateParser”Create Parser in NGSIEM.
POST /ngsiem-content/entities/parsers/v1
PEP 8
create_parserParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| fields_to_be_removed_before_parsing | body | string or list | List of fields to remove before parsing. String or list of strings. |
| fields_to_tag | body | string or list | List of fields to tag. String or list of strings. |
| name | body | string | Parser name. |
| repository | body | string | Parser repository. |
| script | body | string | Parser script. |
| test_cases | body | list | List of test cases to apply to the parser. List of dictionaries. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
test_cases = [ { "event": { "raw_string": "string" }, "output_assertions": [ { "assertions": { "fields_have_values": [ { "expected_value": "string", "field_name": "string" } ], "fields_not_present": [ "string" ] }, "output_event_index": 0 } ] }]
response = falcon.create_parser(fields_to_be_removed_before_parsing=id_list, fields_to_tag=id_list, name="string", repository="string", script="string", test_cases=test_cases)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
test_cases = [ { "event": { "raw_string": "string" }, "output_assertions": [ { "assertions": { "fields_have_values": [ { "expected_value": "string", "field_name": "string" } ], "fields_not_present": [ "string" ] }, "output_event_index": 0 } ] }]
response = falcon.CreateParser(fields_to_be_removed_before_parsing=id_list, fields_to_tag=id_list, name="string", repository="string", script="string", test_cases=test_cases)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "fields_to_be_removed_before_parsing": ["string"], "fields_to_tag": ["string"], "name": "string", "repository": "string", "script": "string", "test_cases": [ { "event": { "raw_string": "string" }, "output_assertions": [ { "assertions": {}, "output_event_index": integer } ] } ]}
response = falcon.command("CreateParser", body=body_payload)print(response)New-FalconNgsParser -Name "string" ` -Repository "string" ` -Script "string" ` -FieldToRemove @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
name := "string" repository := "string" script := "string" output_event_index := integer
response, err := client.Ngsiem.CreateParser( &ngsiem.CreateParserParams{ Body: &models.APICreateParserRequestV1{ FieldsToBeRemovedBeforeParsing: []string{"string"}, FieldsToTag: []string{"string"}, Name: &name, Repository: &repository, Script: &script, TestCases: []interface{}{ { Event: &struct{}{}, OutputAssertions: []interface{}{ { Assertions: &struct{}{}, OutputEventIndex: &output_event_index, }, }, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.createParser( { fieldsToBeRemovedBeforeParsing: [], fieldsToTag: [], name: "string", repository: "string", script: "string", testCases: [{ event: { rawString: "string" }, outputAssertions: [{ assertions: {}, outputEventIndex: integer }] }]} // body);
console.log(response);use rusty_falcon::apis::ngsiem_api::create_parser;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApiCreateParserRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApiCreateParserRequestV1 { fields_to_be_removed_before_parsing: vec!["string".to_string()], fields_to_tag: vec!["string".to_string()], name: Some("string".to_string()), repository: Some("string".to_string()), script: Some("string".to_string()), ..Default::default() };
let response = create_parser( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
body = Falcon::ApiCreateParserRequestV1.new( fields_to_be_removed_before_parsing: [], fields_to_tag: [], name: 'string', repository: 'string', script: 'string', test_cases: [{ event: { raw_string: 'string' }, output_assertions: [{ assertions: {}, output_event_index: integer }] }])
response = api.create_parser(body)
puts responseUpdateParser
Section titled “UpdateParser”Update Parser in NGSIEM. Please note that name changes are not supported, but rather should be created as a new parser.
PATCH /ngsiem-content/entities/parsers/v1
PEP 8
update_parserParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format |
| fields_to_be_removed_before_parsing | body | string or list | List of fields to remove before parsing. String or list of strings. |
| fields_to_tag | body | string or list | List of fields to tag. String or list of strings. |
| id | body | string | ID of the parser to be updated. |
| name | body | string | Parser name. |
| repository | body | string | Parser repository. |
| script | body | string | Parser script. |
| test_cases | body | list | List of test cases to apply to the parser. List of dictionaries. |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
test_cases = [ { "event": { "raw_string": "string" }, "output_assertions": [ { "assertions": { "fields_have_values": [ { "expected_value": "string", "field_name": "string" } ], "fields_not_present": [ "string" ] }, "output_event_index": 0 } ] }]
response = falcon.update_parser(fields_to_be_removed_before_parsing=id_list, fields_to_tag=id_list, id="string", name="string", repository="string", script="string", test_cases=test_cases)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
test_cases = [ { "event": { "raw_string": "string" }, "output_assertions": [ { "assertions": { "fields_have_values": [ { "expected_value": "string", "field_name": "string" } ], "fields_not_present": [ "string" ] }, "output_event_index": 0 } ] }]
response = falcon.UpdateParser(fields_to_be_removed_before_parsing=id_list, fields_to_tag=id_list, id="string", name="string", repository="string", script="string", test_cases=test_cases)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = { "fields_to_be_removed_before_parsing": ["string"], "fields_to_tag": ["string"], "id": "string", "repository": "string", "script": "string", "test_cases": [ { "event": { "raw_string": "string" }, "output_assertions": [ { "assertions": {}, "output_event_index": integer } ] } ]}
response = falcon.command("UpdateParser", body=body_payload)print(response)Edit-FalconNgsParser -Id "string" ` -Repository "string" ` -Script "string" ` -FieldToRemoveParsing @("ID1", "ID2")package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
id := "string" repository := "string" script := "string" output_event_index := integer
response, err := client.Ngsiem.UpdateParser( &ngsiem.UpdateParserParams{ Body: &models.APIUpdateParserRequestV1{ FieldsToBeRemovedBeforeParsing: []string{"string"}, FieldsToTag: []string{"string"}, ID: &id, Repository: &repository, Script: &script, TestCases: []interface{}{ { Event: &struct{}{}, OutputAssertions: []interface{}{ { Assertions: &struct{}{}, OutputEventIndex: &output_event_index, }, }, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.updateParser( { fieldsToBeRemovedBeforeParsing: [], fieldsToTag: [], id: "string", repository: "string", script: "string", testCases: [{ event: { rawString: "string" }, outputAssertions: [{ assertions: {}, outputEventIndex: integer }] }]} // body);
console.log(response);use rusty_falcon::apis::ngsiem_api::update_parser;use rusty_falcon::easy::client::FalconHandle;use rusty_falcon::models::ApiUpdateParserRequestV1;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let body = ApiUpdateParserRequestV1 { fields_to_be_removed_before_parsing: vec!["string".to_string()], fields_to_tag: vec!["string".to_string()], id: Some("string".to_string()), repository: Some("string".to_string()), script: Some("string".to_string()), ..Default::default() };
let response = update_parser( &falcon.cfg, // configuration body, // body ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
body = Falcon::ApiUpdateParserRequestV1.new( fields_to_be_removed_before_parsing: [], fields_to_tag: [], id: 'string', repository: 'string', script: 'string', test_cases: [{ event: { raw_string: 'string' }, output_assertions: [{ assertions: {}, output_event_index: integer }] }])
response = api.update_parser(body)
puts responseDeleteParser
Section titled “DeleteParser”Delete Parser in NGSIEM.
DELETE /ngsiem-content/entities/parsers/v1
PEP 8
delete_parserParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Parser ID value |
| repository | query | string | Name of repository, options; parsers-repository |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_parser(ids=id_list, repository="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteParser(ids=id_list, repository="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteParser", ids="string", repository="string")print(response)Remove-FalconNgsParser -Id "string" -Repository "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
ids := "string" repository := "string"
response, err := client.Ngsiem.DeleteParser( &ngsiem.DeleteParserParams{ Ids: &ids, Repository: &repository, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.deleteParser( "string", // ids "string" // repository);
console.log(response);use rusty_falcon::apis::ngsiem_api::delete_parser;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = delete_parser( &falcon.cfg, // configuration Some("string"), // ids Some("string"), // repository ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.delete_parser(ids: 'string', repository: 'string')
puts responseUpdateParserAutoUpdatePolicy
Section titled “UpdateParserAutoUpdatePolicy”Update a parser auto update policy.
Enables or disables auto-updates for parsers.
PUT /ngsiem-content/entities/parsers/autoupdate/v1
PEP 8
update_parser_auto_update_policyParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| autoupdate_policy | body | string | The auto update policy setting (‘on’ or ‘off’). |
| reason | body | string | Reason for changing the auto update policy. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.update_parser_auto_update_policy(autoupdate_policy="string", reason="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.UpdateParserAutoUpdatePolicy(autoupdate_policy="string", reason="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "autoupdate_policy": "string", "reason": "string"}
response = falcon.command("UpdateParserAutoUpdatePolicy", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
autoupdate_policy := "string" reason := "string"
response, err := client.Ngsiem.UpdateParserAutoUpdatePolicy( &ngsiem.UpdateParserAutoUpdatePolicyParams{ Body: &models.APIUpdateAutoUpdatePolicyRequestV1{ AutoupdatePolicy: &autoupdate_policy, Reason: &reason, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.updateParserAutoUpdatePolicy( { autoupdatePolicy: "string", reason: "string"} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
body = Falcon::ApiUpdateAutoUpdatePolicyRequestV1.new( autoupdate_policy: 'string', reason: 'string')
response = api.update_parser_auto_update_policy(body)
puts responseInstallParser
Section titled “InstallParser”Install a CrowdStrike-managed out-of-the-box (OOTB) parser.
Provisions a pre-built parser with a specific version for the requesting customer ID (CID). The parser is installed as-is and cannot be modified by the customer.
POST /ngsiem-content/entities/parsers/install/v1
PEP 8
install_parserParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| parser_id | body | string | The unique identifier of the parser to install. |
| version | body | string | The version of the parser to install. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.install_parser(parser_id="string", version="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.InstallParser(parser_id="string", version="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "parser_id": "string", "version": "string"}
response = falcon.command("InstallParser", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
parser_id := "string" version := "string"
response, err := client.Ngsiem.InstallParser( &ngsiem.InstallParserParams{ Body: &models.APIParserInstallRequestV1{ ParserID: &parser_id, Version: &version, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.installParser( { parserId: "string", version: "string"} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
body = Falcon::ApiParserInstallRequestV1.new( parser_id: 'string', version: 'string')
response = api.install_parser(body)
puts responseBulkInstallParsers
Section titled “BulkInstallParsers”Install multiple CrowdStrike-managed out-of-the-box (OOTB) parsers.
Provisions multiple pre-built parsers with their specific versions for the requesting customer ID (CID). The parsers are installed as-is and cannot be modified by the customer. Maximum 100 parsers per request.
POST /ngsiem-content/entities/parsers/bulk-install/v1
PEP 8
bulk_install_parsersParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| body | body | dictionary | Full body payload in JSON format. |
| parsers | body | list | List of parser objects containing parser_id and version. List of dictionaries. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
parsers = [ { "parser_id": "string", "version": "string" }]
response = falcon.bulk_install_parsers(parsers=parsers)print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
parsers = [ { "parser_id": "string", "version": "string" }]
response = falcon.BulkInstallParsers(parsers=parsers)print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
body_payload = { "parsers": [ { "parser_id": "string", "version": "string" } ]}
response = falcon.command("BulkInstallParsers", body=body_payload)print(response)Examples coming soon.
package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem" "github.com/crowdstrike/gofalcon/falcon/models")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
parser_id := "string" version := "string"
response, err := client.Ngsiem.BulkInstallParsers( &ngsiem.BulkInstallParsersParams{ Body: &models.APIParserBulkInstallRequestV1{ Parsers: []interface{}{ { ParserID: &parser_id, Version: &version, }, }, }, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.bulkInstallParsers( { parsers: [{ parserId: "string", version: "string" }]} // body);
console.log(response);Examples coming soon.
require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
body = Falcon::ApiParserBulkInstallRequestV1.new( parsers: [{ parser_id: 'string', version: 'string' }])
response = api.bulk_install_parsers(body)
puts responseGetSavedQueryTemplate
Section titled “GetSavedQueryTemplate”Retrieve Saved Query in NGSIEM as LogScale YAML Template by ID.
GET /ngsiem-content/entities/savedqueries-template/v1
PEP 8
get_saved_query_templateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Saved query ID value |
| search_domain | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_saved_query_template(ids=id_list, search_domain="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetSavedQueryTemplate(ids=id_list, search_domain="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetSavedQueryTemplate", ids="string", search_domain="string")print(response)Receive-FalconNgsSavedQuery -Id "string" -Domain "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
ids := "string" searchDomain := "string"
response, err := client.Ngsiem.GetSavedQueryTemplate( &ngsiem.GetSavedQueryTemplateParams{ Ids: &ids, SearchDomain: &searchDomain, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.getSavedQueryTemplate( "string", // ids "string" // searchDomain);
console.log(response);use rusty_falcon::apis::ngsiem_api::get_saved_query_template;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = get_saved_query_template( &falcon.cfg, // configuration Some("string"), // ids Some("string"), // search_domain ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.get_saved_query_template(ids: 'string', search_domain: 'string')
puts responseCreateSavedQuery
Section titled “CreateSavedQuery”Create Saved Query from LogScale YAML Template in NGSIEM.
POST /ngsiem-content/entities/savedqueries-template/v1
PEP 8
create_saved_queryParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| search_domain | formData | string | Name of search domain (view or repo), options; all, falcon, third-party |
| yaml_template | formData | string | LogScale Saved Query YAML template content, see schema at https://schemas.humio.com/ |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.create_saved_query(search_domain="string", yaml_template="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.CreateSavedQuery(search_domain="string", yaml_template="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
response = falcon.command("CreateSavedQuery", search_domain="string", yaml_template="string")print(response)Send-FalconNgsSavedQuery -Domain "string" -Path "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
searchDomain := "string"
response, err := client.Ngsiem.CreateSavedQuery( &ngsiem.CreateSavedQueryParams{ SearchDomain: &searchDomain, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.createSavedQuery( "string", // searchDomain "string" // yamlTemplate);
console.log(response);use rusty_falcon::apis::ngsiem_api::create_saved_query;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = create_saved_query( &falcon.cfg, // configuration Some("string"), // search_domain Some("string"), // yaml_template ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.create_saved_query(search_domain: 'string')
puts responseUpdateSavedQueryFromTemplate
Section titled “UpdateSavedQueryFromTemplate”Update Saved Query from LogScale YAML Template in NGSIEM.
PATCH /ngsiem-content/entities/savedqueries-template/v1
PEP 8
update_saved_query_from_templateParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| search_domain | formData | string | Name of search domain (view or repo), options; all, falcon, third-party |
| ids | formData | string | ID of the saved query |
| yaml_template | formData | string | LogScale Saved Query YAML template content, see schema at https://schemas.humio.com/ |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_saved_query_from_template(ids=id_list, search_domain="string", yaml_template="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.UpdateSavedQueryFromTemplate(ids=id_list, search_domain="string", yaml_template="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("UpdateSavedQueryFromTemplate", search_domain="string", ids="string", yaml_template="string")print(response)Update-FalconNgsSavedQuery -Id "string" ` -Domain "string" ` -Path "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
searchDomain := "string" ids := "string"
response, err := client.Ngsiem.UpdateSavedQueryFromTemplate( &ngsiem.UpdateSavedQueryFromTemplateParams{ SearchDomain: &searchDomain, Ids: &ids, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.updateSavedQueryFromTemplate( "string", // searchDomain "string", // ids "string" // yamlTemplate);
console.log(response);use rusty_falcon::apis::ngsiem_api::update_saved_query_from_template;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = update_saved_query_from_template( &falcon.cfg, // configuration Some("string"), // search_domain Some("string"), // ids Some("string"), // yaml_template ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.update_saved_query_from_template(search_domain: 'string', ids: 'string')
puts responseDeleteSavedQuery
Section titled “DeleteSavedQuery”Delete Saved Query in NGSIEM.
DELETE /ngsiem-content/entities/savedqueries/v1
PEP 8
delete_saved_queryParameters
Section titled “Parameters”| Name | Type | Data type | Description |
|---|---|---|---|
| ids | query | string | Saved query ID value |
| search_domain | query | string | Name of search domain (view or repo), options; all, falcon, third-party |
| parameters | query | dictionary | Full query string parameters payload in JSON format. |
Code Examples
Section titled “Code Examples”from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_saved_query(ids=id_list, search_domain="string")print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteSavedQuery(ids=id_list, search_domain="string")print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID, client_secret=CLIENT_SECRET )
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteSavedQuery", ids="string", search_domain="string")print(response)Remove-FalconNgsSavedQuery -Id "string" -Domain "string"package main
import ( "context" "fmt" "os"
"github.com/crowdstrike/gofalcon/falcon" "github.com/crowdstrike/gofalcon/falcon/client/ngsiem")
func main() { client, err := falcon.NewClient(&falcon.ApiConfig{ ClientId: os.Getenv("FALCON_CLIENT_ID"), ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"), Context: context.Background(), }) if err != nil { panic(err) }
ids := "string" searchDomain := "string"
response, err := client.Ngsiem.DeleteSavedQuery( &ngsiem.DeleteSavedQueryParams{ Ids: &ids, SearchDomain: &searchDomain, Context: context.Background(), }, ) if err != nil { panic(falcon.ErrorExplain(err)) }
fmt.Printf("%+v\n", response.Payload)}import { FalconClient } from "crowdstrike-falcon";
const client = new FalconClient({ cloud: process.env.FALCON_CLOUD!, clientId: process.env.FALCON_CLIENT_ID!, clientSecret: process.env.FALCON_CLIENT_SECRET!,});
const response = await client.ngsiem.deleteSavedQuery( "string", // ids "string" // searchDomain);
console.log(response);use rusty_falcon::apis::ngsiem_api::delete_saved_query;use rusty_falcon::easy::client::FalconHandle;
#[tokio::main]async fn main() { let falcon = FalconHandle::from_env().await.expect("Could not authenticate");
let response = delete_saved_query( &falcon.cfg, // configuration Some("string"), // ids Some("string"), // search_domain ).await.expect("API call failed");
println!("{:?}", response);}require "crimson-falcon"
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"]end
api = Falcon::Ngsiem.new
response = api.delete_saved_query(ids: 'string', search_domain: 'string')
puts response