Skip to content
CrowdStrike Developer Center

Quick Scan Pro

The Quick Scan Pro service collection provides operations for uploading files for analysis and managing scan results. Upload files for deep analysis, launch scans, retrieve results, and query scan jobs using FQL filters.

LanguageLast Update
Pythonv1.6.1
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
UploadFileQuickScanPro
upload_file		Uploads a file to be further analyzed with QuickScan Pro. The samples expire after 90 days.
DeleteFile
delete_file		Deletes file by its sha256 identifier.
GetScanResult
get_scan_result		Gets the result of an QuickScan Pro scan.
LaunchScan
launch_scan		Starts scanning a file uploaded through UploadFileQuickScanPro.
DeleteScanResult
delete_scan_result		Deletes the result of an QuickScan Pro scan.
QueryScanResults
query_scan_results		Gets QuickScan Pro scan jobs for a given FQL filter.

UploadFileQuickScanPro

Section titled “UploadFileQuickScanPro”

Uploads a file to be further analyzed with QuickScan Pro. The samples expire after 90 days.

POST /quickscanpro/entities/files/v1
Scope Quick Scan Pro: WRITE Consumes multipart/form-data Produces application/json
PEP 8 upload_file

Parameters

Section titled “Parameters”
NameTypeData typeDescription
fileformDatafileBinary file to be uploaded. Max file size: 256 MB.
file_namequerystringName of the file being uploaded.
scanformDatabooleanIf True, after upload, it starts scanning immediately. Default scan mode is False.
passwordformDatastringMULTIPART ONLY - Password for encrypted archives (use for multipart/form-data uploads). If scan is true, the value is used for the scan just starting.
x_file_passwordheaderstringOCTET-STREAM ONLY - Password for encrypted archives (use for octet-stream uploads). If scan is true, the value is used for the scan just starting.

Code Examples

Section titled “Code Examples”
from falconpy import QuickScanPro


falcon = QuickScanPro(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )


response = falcon.upload_file(file="string",
                              scan="string",
                              file_name="string",
                              password="string",
                              x_file_password="string")
print(response)

DeleteFile

Section titled “DeleteFile”

Deletes file by its SHA256 identifier.

DELETE /quickscanpro/entities/files/v1
Scope Quick Scan Pro: WRITE Consumes · Produces application/json
PEP 8 delete_file

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsFile’s SHA256.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import QuickScanPro


falcon = QuickScanPro(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_file(ids=id_list)
print(response)

GetScanResult

Section titled “GetScanResult”

Gets the result of an QuickScan Pro scan.

GET /quickscanpro/entities/scans/v1
Scope Quick Scan Pro: READ Consumes · Produces application/json
PEP 8 get_scan_result

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsScan job IDs previously created by LaunchScan.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import QuickScanPro


falcon = QuickScanPro(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_scan_result(ids=id_list)
print(response)

LaunchScan

Section titled “LaunchScan”

Starts scanning a file uploaded through ‘/quickscanpro/entities/files/v1’.

POST /quickscanpro/entities/scans/v1
Scope Quick Scan Pro: WRITE Consumes · Produces application/json
PEP 8 launch_scan

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format.
sha256bodystringFull body payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import QuickScanPro


falcon = QuickScanPro(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )


response = falcon.launch_scan(sha256="string")
print(response)

DeleteScanResult

Section titled “DeleteScanResult”

Deletes the result of an QuickScan Pro scan.

DELETE /quickscanpro/entities/scans/v1
Scope Quick Scan Pro: WRITE Consumes · Produces application/json
PEP 8 delete_scan_result

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsScan job IDs previously created by LaunchScan.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import QuickScanPro


falcon = QuickScanPro(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_scan_result(ids=id_list)
print(response)

QueryScanResults

Section titled “QueryScanResults”

Gets QuickScan Pro scan jobs for a given FQL filter.

GET /quickscanpro/queries/scans/v1
Scope Quick Scan Pro: READ Consumes · Produces application/json
PEP 8 query_scan_results

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRequired. FQL query which mentions the SHA256 field. Empty value means to not filter on anything. Available filter fields that support match (~): _all, mitre_attacks.description. Available filter fields that support exact match: cid, sha256, id, status, type, entity, executor, verdict, verdict_reason, verdict_source, file_size, file_type_short, artifacts.file_artifacts.sha256, artifacts.file_artifacts.filename, artifacts.file_artifacts.verdict, artifacts.file_artifacts.verdict_reasons, artifacts.url_artifacts.url, artifacts.url_artifacts.verdict, artifacts.url_artifacts.verdict_reasons, mitre_attacks.attack_id, mitre_attacks.attack_id_wiki, mitre_attacks.tactic, mitre_attacks.technique, mitre_attacks.capec_id, mitre_attacks.parent.attack_id, mitre_attacks.parent.attack_id_wiki, mitre_attacks.parent.technique. Available filter fields that support wildcard (*): mitre_attacks.description. Available filter fields that support range comparisons (>, <, >=, <=): created_timestamp, updated_timestamp, file_size. All filter fields and operations support negation (!). _all field is used to search between all fields.
offsetqueryintegerThe offset to start retrieving ids from.
limitqueryintegerMaximum number of IDs to return. Max: 5000. Default: 50.
sortquerystringSort order: asc or desc. Sort supported fields created_timestamp.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import QuickScanPro


falcon = QuickScanPro(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )


response = falcon.query_scan_results(filter="string",
                                     offset=integer,
                                     limit=integer,
                                     sort="string")
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use