Skip to content
CrowdStrike Developer Center

ODS (On Demand Scan)

The ODS (On Demand Scan) service collection provides operations for managing on-demand malware scans across your environment. Retrieve aggregate data on scans and scan hosts, cancel active scans, get and create scans and scheduled scans, query malicious files, and manage scheduled scan configurations.

LanguageLast Update
Pythonv1.4.6
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
aggregate_query_scan_host_metadata
aggregate_query_scan_host_metadata		Get aggregates on ODS scan-hosts data.
aggregate_scans
aggregate_scans		Get aggregates on ODS scan data.
aggregate_scheduled_scans
aggregate_scheduled_scans		Get aggregates on ODS scheduled-scan data.
get_malicious_files_by_ids
get_malicious_files		Get malicious files by ids.
cancel_scans
cancel_scans		Cancel ODS scans for the given scan ids.
get_scan_host_metadata_by_ids
get_scan_hosts		Get scan hosts by ids.
get_scans_by_scan_ids_v1
get_scans_by_scan_ids_v1		Get Scans by IDs.
get_scans_by_scan_ids_v2
get_scans_by_scan_ids_v2		Get Scans by IDs.
create_scan
create_scan		Create ODS scan and start or schedule scan for the given scan request.
get_scheduled_scans_by_scan_ids
get_scheduled_scans		Get ScheduledScans by IDs.
schedule_scan
schedule_scan		Create ODS scan and start or schedule scan for the given scan request.
delete_scheduled_scans
delete_scheduled_scans		Delete ODS scheduled-scans for the given scheduled-scan ids.
query_malicious_files
query_malicious_files		Query malicious files.
query_scan_host_metadata
query_scan_hosts		Query scan hosts.
query_scans
query_scans		Query Scans.
query_scheduled_scans
query_scheduled_scans		Query ScheduledScans.

aggregate_query_scan_host_metadata

Section titled “aggregate_query_scan_host_metadata”

Get aggregates on ODS scan-hosts data.

POST /ods/aggregates/scan-hosts/v1
Scope On Demand Scans (ODS): WRITE Consumes · Produces application/json
PEP 8 aggregate_scan_hosts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodylist of dictionariesFull body payload in JSON format.
date_rangesbodylist of dictionariesApplies to date_range aggregations. Example: [{“from”: “2016-05-28T09:00:31Z”, “to”: “2016-05-30T09:00:31Z”}, {“from”: “2016-06-01T09:00:31Z”, “to”: “2016-06-10T09:00:31Z”}]
excludebodystringElements to exclude.
fieldbodystringThe field on which to compute the aggregation.
filterbodystringFQL syntax formatted string to use to filter the results.
frombodyintegerStarting position.
includebodystringElements to include.
intervalbodystringTime interval for date histogram aggregations. Valid values include: year, month, week, day, hour, minute.
max_doc_countbodyintegerOnly return buckets if values are less than or equal to the value here.
min_doc_countbodyintegerOnly return buckets if values are greater than or equal to the value here.
missingbodystringMissing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value.
namebodystringName of the aggregate query, as chosen by the user. Used to identify the results returned to you.
qbodystringFull text search across all metadata fields.
rangesbodylist of dictionariesApplies to range aggregations. Ranges values will depend on field. For example, if max_severity is used, ranges might look like: [{“From”: 0, “To”: 70}, {“From”: 70, “To”: 100}]
sizebodyintegerThe max number of term buckets to be returned.
sub_aggregatesbodylist of dictionariesA nested aggregation, such as: [{“name”: “max_first_behavior”, “type”: “max”, “field”: “first_behavior”}]. There is a maximum of 3 nested aggregations per request.
sortbodystringFQL syntax string to sort bucket results. _count - sort by document count. _term - sort by the string value alphabetically. Supports asc and desc using \| format. Example: _count\|desc
time_zonebodystringTime zone for bucket results.
typebodystringType of aggregation. Valid values include: date_histogram, date_range, terms, range, cardinality, max, min, avg, sum, percentiles.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


ranges = [
    {
        "From": 0,
        "To": 0
    }
]


response = falcon.aggregate_scan_hosts(date_ranges="string",
                                       exclude="string",
                                       field="string",
                                       filter="string",
                                       from=integer,
                                       include="string",
                                       interval="string",
                                       max_doc_count=integer,
                                       min_doc_count=integer,
                                       missing="string",
                                       name="string",
                                       q="string",
                                       ranges=ranges,
                                       size=integer,
                                       sort="string",
                                       sub_aggregates=["string"],
                                       time_zone="string",
                                       type="string")
print(response)

aggregate_scans

Section titled “aggregate_scans”

Get aggregates on ODS scan data.

POST /ods/aggregates/scans/v1
Scope On Demand Scans (ODS): WRITE Consumes · Produces application/json
PEP 8 aggregate_scans

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodylist of dictionariesFull body payload in JSON format.
date_rangesbodylist of dictionariesApplies to date_range aggregations. Example: [{“from”: “2016-05-28T09:00:31Z”, “to”: “2016-05-30T09:00:31Z”}, {“from”: “2016-06-01T09:00:31Z”, “to”: “2016-06-10T09:00:31Z”}]
excludebodystringElements to exclude.
fieldbodystringThe field on which to compute the aggregation.
filterbodystringFQL syntax formatted string to use to filter the results.
frombodyintegerStarting position.
includebodystringElements to include.
intervalbodystringTime interval for date histogram aggregations. Valid values include: year, month, week, day, hour, minute.
max_doc_countbodyintegerOnly return buckets if values are less than or equal to the value here.
min_doc_countbodyintegerOnly return buckets if values are greater than or equal to the value here.
missingbodystringMissing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value.
namebodystringName of the aggregate query, as chosen by the user. Used to identify the results returned to you.
qbodystringFull text search across all metadata fields.
rangesbodylist of dictionariesApplies to range aggregations. Ranges values will depend on field. For example, if max_severity is used, ranges might look like: [{“From”: 0, “To”: 70}, {“From”: 70, “To”: 100}]
sizebodyintegerThe max number of term buckets to be returned.
sub_aggregatesbodylist of dictionariesA nested aggregation, such as: [{“name”: “max_first_behavior”, “type”: “max”, “field”: “first_behavior”}]. There is a maximum of 3 nested aggregations per request.
sortbodystringFQL syntax string to sort bucket results. _count - sort by document count. _term - sort by the string value alphabetically. Supports asc and desc using \| format. Example: _count\|desc
time_zonebodystringTime zone for bucket results.
typebodystringType of aggregation. Valid values include: date_histogram, date_range, terms, range, cardinality, max, min, avg, sum, percentiles.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


ranges = [
    {
        "From": 0,
        "To": 0
    }
]


response = falcon.aggregate_scans(date_ranges="string",
                                  exclude="string",
                                  field="string",
                                  filter="string",
                                  from=integer,
                                  include="string",
                                  interval="string",
                                  max_doc_count=integer,
                                  min_doc_count=integer,
                                  missing="string",
                                  name="string",
                                  q="string",
                                  ranges=ranges,
                                  size=integer,
                                  sort="string",
                                  sub_aggregates=["string"],
                                  time_zone="string",
                                  type="string")
print(response)

aggregate_scheduled_scans

Section titled “aggregate_scheduled_scans”

Get aggregates on ODS scheduled-scan data.

POST /ods/aggregates/scheduled-scans/v1
Scope On Demand Scans (ODS): WRITE Consumes · Produces application/json
PEP 8 aggregate_scheduled_scans

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodylist of dictionariesFull body payload in JSON format.
date_rangesbodylist of dictionariesApplies to date_range aggregations. Example: [{“from”: “2016-05-28T09:00:31Z”, “to”: “2016-05-30T09:00:31Z”}, {“from”: “2016-06-01T09:00:31Z”, “to”: “2016-06-10T09:00:31Z”}]
excludebodystringElements to exclude.
fieldbodystringThe field on which to compute the aggregation.
filterbodystringFQL syntax formatted string to use to filter the results.
frombodyintegerStarting position.
includebodystringElements to include.
intervalbodystringTime interval for date histogram aggregations. Valid values include: year, month, week, day, hour, minute.
max_doc_countbodyintegerOnly return buckets if values are less than or equal to the value here.
min_doc_countbodyintegerOnly return buckets if values are greater than or equal to the value here.
missingbodystringMissing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value.
namebodystringName of the aggregate query, as chosen by the user. Used to identify the results returned to you.
qbodystringFull text search across all metadata fields.
rangesbodylist of dictionariesApplies to range aggregations. Ranges values will depend on field. For example, if max_severity is used, ranges might look like: [{“From”: 0, “To”: 70}, {“From”: 70, “To”: 100}]
sizebodyintegerThe max number of term buckets to be returned.
sub_aggregatesbodylist of dictionariesA nested aggregation, such as: [{“name”: “max_first_behavior”, “type”: “max”, “field”: “first_behavior”}]. There is a maximum of 3 nested aggregations per request.
sortbodystringFQL syntax string to sort bucket results. _count - sort by document count. _term - sort by the string value alphabetically. Supports asc and desc using \| format. Example: _count\|desc
time_zonebodystringTime zone for bucket results.
typebodystringType of aggregation. Valid values include: date_histogram, date_range, terms, range, cardinality, max, min, avg, sum, percentiles.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


ranges = [
    {
        "From": 0,
        "To": 0
    }
]


response = falcon.aggregate_scheduled_scans(date_ranges="string",
                                            exclude="string",
                                            field="string",
                                            filter="string",
                                            from=integer,
                                            include="string",
                                            interval="string",
                                            max_doc_count=integer,
                                            min_doc_count=integer,
                                            missing="string",
                                            name="string",
                                            q="string",
                                            ranges=ranges,
                                            size=integer,
                                            sort="string",
                                            sub_aggregates=["string"],
                                            time_zone="string",
                                            type="string")
print(response)

get_malicious_files_by_ids

Section titled “get_malicious_files_by_ids”

Get malicious files by ids.

GET /ods/entities/malicious-files/v1
Scope On Demand Scans (ODS): READ Consumes · Produces application/json
PEP 8 get_malicious_files

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsMalicious file IDs to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_malicious_files(ids=id_list)
print(response)

cancel_scans

Section titled “cancel_scans”

Cancel ODS scans for the given scan ids.

POST /ods/entities/scan-control-actions/cancel/v1
Scope On Demand Scans (ODS): WRITE Consumes · Produces application/json
PEP 8 cancel_scans

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsMalicious file IDs to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.cancel_scans(ids=id_list)
print(response)

get_scan_host_metadata_by_ids

Section titled “get_scan_host_metadata_by_ids”

Get scan hosts by ids.

GET /ods/entities/scan-hosts/v1
Scope On Demand Scans (ODS): READ Consumes · Produces application/json
PEP 8 get_scan_hosts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsScan IDs to retrieve hosts for.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_scan_hosts(ids=id_list)
print(response)

get_scans_by_scan_ids_v1

Section titled “get_scans_by_scan_ids_v1”

Get Scans by IDs.

GET /ods/entities/scans/v1
Scope On Demand Scans (ODS): READ Consumes · Produces application/json
PEP 8 get_scans_by_scan_ids_v1

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsScan IDs to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”

Examples coming soon.

get_scans_by_scan_ids_v2

Section titled “get_scans_by_scan_ids_v2”

Get Scans by IDs.

GET /ods/entities/scans/v2
Scope On Demand Scans (ODS): READ Consumes · Produces application/json
PEP 8 get_scans_by_scan_ids_v2

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsScan IDs to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_scans(ids=id_list)
print(response)

create_scan

Section titled “create_scan”

Create ODS scan and start or schedule scan for the given scan request.

POST /ods/entities/scans/v1
Scope On Demand Scans (ODS): WRITE Consumes · Produces application/json
PEP 8 create_scan

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format.
cloud_ml_level_detectionbodyinteger ML Detection level for the scan.
cloud_ml_level_preventionbodyinteger ML Prevention level for the scan.
cpu_prioritybodyintegerSet the scan CPU priority.
descriptionbodystring Scan description.
endpoint_notificationbodybooleanFlag indicating if the endpoint should be notified of the results.
file_pathsbodylist of stringsList of file paths to be scanned.
host_groupsbodylist of stringsList of host groups to be scanned.
initiated_frombodystring Scan origination.
max_durationbodyintegerMaximum time (in seconds) the scan is allowed to execute.
max_file_sizebodyintegerMaximum file size (in bytes) to be scanned.
pause_durationbodyintegerAmount of time (in seconds) for scan pauses.
quarantinebodybooleanFlag indicating if identified threats should be quarantined.
scan_exclusionsbodylist of stringsList of excuded files or locations for this scan.
sensor_ml_level_detectionbodyintegerSensor ML detection level.
sensor_ml_level_preventionbodyintegerSensor ML prevention level.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


response = falcon.create_scan(cloud_ml_level_detection=integer,
                              cloud_ml_level_prevention=integer,
                              cpu_priority=integer,
                              description="string",
                              endpoint_notification=boolean,
                              file_paths=["string"],
                              host_groups=["string"],
                              hosts=["string"],
                              ignored_by_channelfile=boolean,
                              initiated_from="string",
                              interval=integer,
                              max_duration=integer,
                              max_file_size=integer,
                              pause_duration=integer,
                              quarantine=boolean,
                              scan_exclusions=["string"],
                              start_timestamp="string",
                              sensor_ml_level_detection=integer,
                              sensor_ml_level_prevention=integer)
print(response)

get_scheduled_scans_by_scan_ids

Section titled “get_scheduled_scans_by_scan_ids”

Get ScheduledScans by IDs.

GET /ods/entities/scheduled-scans/v1
Scope On Demand Scans (ODS): READ Consumes · Produces application/json
PEP 8 get_scheduled_scans

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsScan IDs to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_scheduled_scans(ids=id_list)
print(response)

schedule_scan

Section titled “schedule_scan”

Create ODS scan and start or schedule scan for the given scan request.

POST /ods/entities/scheduled-scans/v1
Scope On Demand Scans (ODS): WRITE Consumes · Produces application/json
PEP 8 schedule_scan

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format.
cloud_ml_level_detectionbodyinteger ML Detection level for the scan.
cloud_ml_level_preventionbodyinteger ML Prevention level for the scan.
cpu_prioritybodyintegerSet the scan CPU priority.
descriptionbodystring Scan description.
endpoint_notificationbodybooleanFlag indicating if the endpoint should be notified of the results.
file_pathsbodylist of stringsList of file paths to be scanned.
host_groupsbodylist of stringsList of host groups to be scanned.
initiated_frombodystring Scan origination.
max_durationbodyintegerMaximum time (in seconds) the scan is allowed to execute.
max_file_sizebodyintegerMaximum file size (in bytes) to be scanned.
pause_durationbodyintegerAmount of time (in seconds) for scan pauses.
quarantinebodybooleanFlag indicating if identified threats should be quarantined.
scan_exclusionsbodylist of stringsList of excluded files or locations for this scan.
scan_inclusionsbodylist of stringsList of included files or locations for this scan.
schedulebodydictionaryDictionary container the schedule for the scan. This dictionary will contain the ignored_by_channelfile (boolean), interval (integer) and start_timestamp (string) keys.
sensor_ml_level_detectionbodyintegerSensor ML detection level.
sensor_ml_level_preventionbodyintegerSensor ML prevention level.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


schedule = {
    "ignored_by_channelfile": true,
    "interval": 0,
    "start_timestamp": "string"
}


response = falcon.schedule_scan(cloud_ml_level_detection=integer,
                                cloud_ml_level_prevention=integer,
                                cpu_priority=integer,
                                description="string",
                                endpoint_notification=boolean,
                                file_paths=["string"],
                                host_groups=["string"],
                                ignored_by_channelfile=boolean,
                                initiated_from="string",
                                interval=integer,
                                max_duration=integer,
                                max_file_size=integer,
                                pause_duration=integer,
                                quarantine=boolean,
                                scan_exclusions=["string"],
                                scan_inclusions=["string"],
                                schedule=schedule,
                                start_timestamp="string",
                                sensor_ml_level_detection=integer,
                                sensor_ml_level_prevention=integer)
print(response)

delete_scheduled_scans

Section titled “delete_scheduled_scans”

Delete ODS scheduled-scans for the given scheduled-scan ids.

DELETE /ods/entities/scheduled-scans/v1
Scope On Demand Scans (ODS): WRITE Consumes · Produces application/json
PEP 8 delete_scheduled_scans

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystring or list of stringsFQL compatible filter to use for selecting scan IDs.
idsquerystring or list of stringsScan IDs to delete.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_scheduled_scans(filter="string", ids=id_list)
print(response)

query_malicious_files

Section titled “query_malicious_files”

Query malicious files.

GET /ods/queries/malicious-files/v1
Scope On Demand Scans (ODS): READ Consumes · Produces application/json
PEP 8 query_malicious_files

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL Syntax formatted string used to limit the results. Available filters: id, cid, host_id, scan_id, host_scan_id, filepath, filename, hash, pattern_id, severity, quarantined, last_updated.
limitqueryintegerMaximum number of resources to return.
offsetqueryintegerStarting index of overall result set from which to return ids.
sortquerystringThe property to sort by. (Ex: created_timestamp.desc)
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


response = falcon.query_malicious_files(filter="string",
                                        limit=integer,
                                        offset=integer,
                                        sort="string")
print(response)

query_scan_host_metadata

Section titled “query_scan_host_metadata”

Query scan hosts.

GET /ods/queries/scan-hosts/v1
Scope On Demand Scans (ODS): READ Consumes · Produces application/json
PEP 8 query_scan_hosts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL Syntax formatted string used to limit the results. Available filters: id, cid, profile_id, host_id, scan_id, host_scan_id, filecount.scanned, filecount.malicious, filecount.quarantined, filecount.skipped, affected_hosts_count, status, severity, started_on, completed_on, last_updated.
limitqueryintegerMaximum number of resources to return.
offsetqueryintegerStarting index of overall result set from which to return ids.
sortquerystringThe property to sort by. (Ex: created_timestamp.desc)
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


response = falcon.query_scan_hosts(filter="string",
                                   limit=integer,
                                   offset=integer,
                                   sort="string")
print(response)

query_scans

Section titled “query_scans”

Query Scans.

GET /ods/queries/scans/v1
Scope On Demand Scans (ODS): READ Consumes · Produces application/json
PEP 8 query_scans

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL Syntax formatted string used to limit the results. Available filters: id, cid, profile_id, description, description.keyword, aspm.description.keyword, initiated_from, filecount.scanned, filecount.malicious, filecount.quarantined, filecount.skipped, affected_hosts_count, status, severity, scan_started_on, scan_completed_on, created_on, created_by, last_updated.
limitqueryintegerMaximum number of resources to return.
offsetqueryintegerStarting index of overall result set from which to return ids.
sortquerystringThe property to sort by. (Ex: created_timestamp.desc)
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


response = falcon.query_scans(filter="string",
                              limit=integer,
                              offset=integer,
                              sort="string")
print(response)

query_scheduled_scans

Section titled “query_scheduled_scans”

Query ScheduledScans.

GET /ods/queries/scheduled-scans/v1
Scope On Demand Scans (ODS): READ Consumes · Produces application/json
PEP 8 query_scheduled_scans

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL Syntax formatted string used to limit the results. Available filters: id, cid, description, aspm.description.keyword, initiated_from, status, schedule.start_timestamp, schedule.Interval, created_on, created_by, last_updated, deleted.
limitqueryintegerMaximum number of resources to return.
offsetqueryintegerStarting index of overall result set from which to return ids.
sortquerystringThe property to sort by. (Ex: created_timestamp.desc)
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import ODS


falcon = ODS(client_id=CLIENT_ID,
             client_secret=CLIENT_SECRET
             )


response = falcon.query_scheduled_scans(filter="string",
                                        limit=integer,
                                        offset=integer,
                                        sort="string")
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use