SaaS Security

The SaaS Security service collection provides operations for monitoring and managing security across connected SaaS applications. Dismiss security checks and affected entities, retrieve activity monitors, alerts, application inventory, asset and device data, integration status, security check results, system logs, and user inventories. Manage custom integration builder transactions.

Language	Last Update
Python	v1.6.1
PowerShell	v2.2.9
Go	v0.20.0
TypeScript	v0.6.0
Rust	v0.7.0
Ruby	v1.2.0

Operation	Description
DismissAffectedEntityV3 `dismiss_affected_entity`	Dismiss affected entity.
DismissSecurityCheckV3 `dismiss_security_check`	Dismiss security check.
GetActivityMonitorV3 `get_activity_monitor`	Get activity monitor.
GetAlertsV3 `get_alerts`	Get alerts.
GetAppInventory `get_application_inventory`	Get application inventory.
GetAppInventoryUsers `get_application_users`	Get application inventory users.
GetAssetInventoryV3 `get_asset_inventory`	Get asset inventory.
GetDeviceInventoryV3 `get_device_inventory`	Get device inventory.
GetIntegrationsV3 `get_integrations`	Get integrations.
GetMetricsV3 `get_metrics`	Get metrics.
GetSecurityCheckAffectedV3 `get_security_check`	Get affected resources for security checks.
GetSecurityCheckComplianceV3 `get_security_check_compliance`	Get security check compliance.
GetSecurityChecksV3 `get_security_checks`	Get security checks.
GetSupportedSaasV3 `get_supported_saas`	Get supported SaaS applications.
GetSystemLogsV3 `get_system_logs`	Get system logs.
GetSystemUsersV3 `get_system_users`	Get system users.
GetUserInventoryV3 `get_user_inventory`	Get user inventory.
IntegrationBuilderEndTransactionV3 `complete_integration_upload`	End integration builder transaction.
IntegrationBuilderGetStatusV3 `get_integration_builder_status`	Get integration builder status.
IntegrationBuilderResetV3 `reset_integration_builder`	Reset integration builder.
IntegrationBuilderUploadV3 `upload_integration_builder`	Upload integration builder.

DismissAffectedEntityV3

Dismiss affected entity for a security check.

POST /saas-security/entities/check-dismiss-affected/v3

Scope SaaS Security: WRITE Consumes · Produces application/json

PEP 8 dismiss_affected_entity

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format. Not required if using other keywords.
entities	body	string	Entities.
id	query	string	Security Check ID.
parameters	query	dictionary	Full parameters payload in JSON format.
reason	body	string	Reason for dismiss.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.dismiss_affected_entity(entities="string",
                                          reason="string",
                                          id="string")
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.DismissAffectedEntityV3(entities="string",
                                          reason="string",
                                          id="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "entities": "string",
    "reason": "string"
}

response = falcon.command("DismissAffectedEntityV3",
                          id="string",
                          body=body_payload)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.SaasSecurity.DismissAffectedEntityV3(
    &saas_security.DismissAffectedEntityV3Params{
      Body: DismissAffectedEntityV3Body{},
      ID: "string",
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.dismissAffectedEntityV3(
  "string",  // id
  {  // body
      entities: "string",
      reason: "string"
  }
);

console.log(response);

use rusty_falcon::apis::saas_security_api::dismiss_affected_entity_v3;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::DismissAffectedEntityV3Request;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = DismissAffectedEntityV3Request {
        ..Default::default()
    };

    let response = dismiss_affected_entity_v3(
        &falcon.cfg,  // configuration
        "string",  // id
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

body = Falcon::DismissAffectedEntityV3Request.new(
  entities: 'string',
  reason: 'string'
)

response = api.dismiss_affected_entity_v3(body, 'string')

puts response

DismissSecurityCheckV3

Dismiss security check by ID.

POST /saas-security/entities/check-dismiss/v3

Scope SaaS Security: WRITE Consumes · Produces application/json

PEP 8 dismiss_security_check

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format. Not required if using other keywords.
id	query	string	Security Check ID.
parameters	query	dictionary	Full parameters payload in JSON format.
reason	body	string	Reason for dismissal.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.dismiss_security_check(reason="string", id="string")
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.DismissSecurityCheckV3(reason="string", id="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "reason": "string"
}

response = falcon.command("DismissSecurityCheckV3",
                          id="string",
                          body=body_payload)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.SaasSecurity.DismissSecurityCheckV3(
    &saas_security.DismissSecurityCheckV3Params{
      Body: DismissSecurityCheckV3Body{},
      ID: "string",
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.dismissSecurityCheckV3(
  "string",  // id
  {  // body
      reason: "string"
  }
);

console.log(response);

use rusty_falcon::apis::saas_security_api::dismiss_security_check_v3;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::DismissSecurityCheckV3Request;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = DismissSecurityCheckV3Request {
        ..Default::default()
    };

    let response = dismiss_security_check_v3(
        &falcon.cfg,  // configuration
        "string",  // id
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

body = Falcon::DismissSecurityCheckV3Request.new(
  reason: 'string'
)

response = api.dismiss_security_check_v3(body, 'string')

puts response

GetActivityMonitorV3

Get activity monitor data for SaaS security monitoring.

GET /saas-security/entities/monitor/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_activity_monitor

Parameters

Name	Type	Data type	Description
actor	query	string	Actor.
category	query	string	Comma separated list of categories.
from_date	query	string	From Date.
integration_id	query	string	Integration ID.
limit	query	integer	Max number of logs to fetch.
projection	query	string	Comma separated list of projections.
skip	query	integer	Number of logs to skip.
to_date	query	string	To Date.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_activity_monitor(integration_id="string",
                                       actor="string",
                                       category=["string"],
                                       projection=["string"],
                                       from_date="string",
                                       to_date="string",
                                       limit=integer,
                                       skip=integer)
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.GetActivityMonitorV3(integration_id="string",
                                       actor="string",
                                       category=["string"],
                                       projection=["string"],
                                       from_date="string",
                                       to_date="string",
                                       limit=integer,
                                       skip=integer)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetActivityMonitorV3",
                          integration_id="string",
                          actor="string",
                          category="string",
                          projection="string",
                          from_date="string",
                          to_date="string",
                          limit=integer,
                          skip=integer)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  integrationID := "string"
  actor := "string"
  category := "string"
  projection := "string"
  fromDate := "string"
  toDate := "string"
  limit := int64(0)
  skip := int64(0)

  response, err := client.SaasSecurity.GetActivityMonitorV3(
    &saas_security.GetActivityMonitorV3Params{
      IntegrationID: &integrationID,
      Actor: &actor,
      Category: &category,
      Projection: &projection,
      FromDate: &fromDate,
      ToDate: &toDate,
      Limit: &limit,
      Skip: &skip,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getActivityMonitorV3(
  "string",  // integrationId
  "string",  // actor
  "string",  // category
  "string",  // projection
  "string",  // fromDate
  "string",  // toDate
  integer,  // limit
  integer  // skip
);

console.log(response);

use rusty_falcon::apis::saas_security_api::get_activity_monitor_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_activity_monitor_v3(
        &falcon.cfg,  // configuration
        Some("string"),  // integration_id
        Some("string"),  // actor
        Some("string"),  // category
        Some("string"),  // projection
        Some("string".to_string()),  // from_date
        Some("string".to_string()),  // to_date
        Some(integer),  // limit
        Some(integer),  // skip
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_activity_monitor_v3(integration_id: 'string',
                                       actor: 'string',
                                       category: 'string',
                                       projection: 'string',
                                       from_date: 'string',
                                       to_date: 'string',
                                       limit: integer,
                                       skip: integer)

puts response

GetAlertsV3

Get alerts for SaaS security monitoring.

GET /saas-security/entities/alerts/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_alerts

Parameters

Name	Type	Data type	Description
ascending	query	boolean	Sort in ascending order.
from_date	query	string	The start date of the alert you want to get (in YYYY-MM-DD format).
id	query	string	Alert ID.
integration_id	query	string	Comma separated list of integration ID’s of the alert you want to get.
last_id	query	string	The last id of the alert you want to get.
limit	query	integer	The maximum number of objects to return.
offset	query	integer	The starting index of the results.
to_date	query	string	The end date of the alert you want to get (in YYYY-MM-DD format).
type	query	string	The type of alert you want to get. Allowed values: `configuration_drift`, `check_degraded`, `integration_failure`, `Threat`.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_alerts(id="string",
                             limit=integer,
                             offset=integer,
                             last_id="string",
                             type="string",
                             integration_id=id_list,
                             from_date="string",
                             to_date="string",
                             ascending=boolean)
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAlertsV3(id="string",
                              limit=integer,
                              offset=integer,
                              last_id="string",
                              type="string",
                              integration_id=id_list,
                              from_date="string",
                              to_date="string",
                              ascending=boolean)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAlertsV3",
                          id="string",
                          limit=integer,
                          offset=integer,
                          last_id="string",
                          type="string",
                          integration_id="string",
                          from_date="string",
                          to_date="string",
                          ascending=boolean)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  iD := "string"
  limit := int64(0)
  offset := int64(0)
  lastID := "string"
  type := "string"
  integrationID := "string"
  fromDate := "string"
  toDate := "string"
  ascending := boolean

  response, err := client.SaasSecurity.GetAlertsV3(
    &saas_security.GetAlertsV3Params{
      ID: &iD,
      Limit: &limit,
      Offset: &offset,
      LastID: &lastID,
      Type: &type,
      IntegrationID: &integrationID,
      FromDate: &fromDate,
      ToDate: &toDate,
      Ascending: &ascending,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getAlertsV3(
  "string",  // id
  integer,  // limit
  integer,  // offset
  "string",  // lastId
  "string",  // type
  "string",  // integrationId
  "string",  // fromDate
  "string",  // toDate
  boolean  // ascending
);

console.log(response);

use rusty_falcon::apis::saas_security_api::get_alerts_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_alerts_v3(
        &falcon.cfg,  // configuration
        Some("string"),  // id
        Some(integer),  // limit
        Some(integer),  // offset
        Some("string"),  // last_id
        Some("string"),  // integration_id
        Some("string".to_string()),  // from_date
        Some("string".to_string()),  // to_date
        Some(boolean),  // ascending
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_alerts_v3(id: 'string',
                             limit: integer,
                             offset: integer,
                             last_id: 'string',
                             type: 'string',
                             integration_id: 'string',
                             from_date: 'string',
                             to_date: 'string',
                             ascending: boolean)

puts response

GetAppInventory

Get application inventory data.

GET /saas-security/entities/apps/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_application_inventory

Parameters

Name	Type	Data type	Description
access_level	query	string	Comma separated list of access levels.
groups	query	string	Comma separated list of groups.
integration_id	query	string	Comma separated list of integration IDs.
last_activity	query	string	Last activity was within or was not within the last ‘value’ days. Format: ‘was value’ or ‘was not value’ or ‘value’ (implies ‘was value’). ‘value’ is an integer.
limit	query	integer	The maximum number of objects to return.
offset	query	integer	The starting index of the results.
scopes	query	string	Comma separated list of scopes.
status	query	string	Comma separated list of application statuses. Allowed values: `approved`, `in review`, `rejected`, `unclassified`.
type	query	string	Comma separated list of app types.
users	query	string	Users. Format: ‘is equal value’ or ‘contains value’ or ‘value’ (implies ‘is equal value’).
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_application_inventory(type=["string"],
                                            limit=integer,
                                            offset=integer,
                                            status=["string"],
                                            access_level=["string"],
                                            scopes=["string"],
                                            users="string",
                                            groups=["string"],
                                            last_activity="string",
                                            integration_id=id_list)
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAppInventory(type=["string"],
                                  limit=integer,
                                  offset=integer,
                                  status=["string"],
                                  access_level=["string"],
                                  scopes=["string"],
                                  users="string",
                                  groups=["string"],
                                  last_activity="string",
                                  integration_id=id_list)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAppInventory",
                          type="string",
                          limit=integer,
                          offset=integer,
                          status="string",
                          access_level="string",
                          scopes="string",
                          users="string",
                          groups="string",
                          last_activity="string",
                          integration_id="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  type := "string"
  limit := int64(0)
  offset := int64(0)
  status := "string"
  accessLevel := "string"
  scopes := "string"
  users := "string"
  groups := "string"
  lastActivity := "string"
  integrationID := "string"

  response, err := client.SaasSecurity.GetAppInventory(
    &saas_security.GetAppInventoryParams{
      Type: &type,
      Limit: &limit,
      Offset: &offset,
      Status: &status,
      AccessLevel: &accessLevel,
      Scopes: &scopes,
      Users: &users,
      Groups: &groups,
      LastActivity: &lastActivity,
      IntegrationID: &integrationID,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getAppInventory(
  "string",  // type
  integer,  // limit
  integer,  // offset
  "string",  // status
  "string",  // accessLevel
  "string",  // scopes
  "string",  // users
  "string",  // groups
  "string",  // lastActivity
  "string"  // integrationId
);

console.log(response);

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_app_inventory(type: 'string',
                                 limit: integer,
                                 offset: integer,
                                 status: 'string',
                                 access_level: 'string',
                                 scopes: 'string',
                                 users: 'string',
                                 groups: 'string',
                                 last_activity: 'string',
                                 integration_id: 'string')

puts response

GetAppInventoryUsers

Get application inventory users for a specific application.

GET /saas-security/entities/app-users/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_application_users

Parameters

Name	Type	Data type	Description
item_id	query	string	Item ID in format: ‘integration_id\|\|\|app_id’ (item_id).

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_application_users(item_id="string")
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.GetAppInventoryUsers(item_id="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetAppInventoryUsers",
                          item_id="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.SaasSecurity.GetAppInventoryUsers(
    &saas_security.GetAppInventoryUsersParams{
      ItemID: "string",
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getAppInventoryUsers("string");  // itemId

console.log(response);

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_app_inventory_users('string')

puts response

GetAssetInventoryV3

Get data inventory from SaaS security monitoring.

GET /saas-security/entities/data/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_asset_inventory

Parameters

Name	Type	Data type	Description
access_level	query	string	Comma separated list of access levels.
integration_id	query	string	Comma separated list of integration IDs.
last_accessed	query	string	Last accessed date was within or was not within the last ‘value’ days. Format: ‘was value’ or ‘was not value’ or ‘value’ (implies ‘was value’). ‘value’ is an integer.
last_modified	query	string	Last modified date was within or was not within the last ‘value’ days. Format: ‘was value’ or ‘was not value’ or ‘value’ (implies ‘was value’). ‘value’ is an integer.
limit	query	integer	The maximum number of objects to return.
offset	query	integer	The starting index of the results.
password_protected	query	boolean	Password protected.
resource_name	query	string	Resource name contains ‘value’ (case insensitive).
resource_owner	query	string	Resource owner contains ‘value’ (case insensitive).
resource_owner_enabled	query	boolean	Resource owner enabled.
resource_type	query	string	Comma separated list of resource types.
unmanaged_domain	query	string	Comma separated list of unmanaged domains.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_asset_inventory(integration_id=id_list,
                                      limit=integer,
                                      offset=integer,
                                      resource_type=["string"],
                                      access_level=["string"],
                                      last_accessed="string",
                                      last_modified="string",
                                      resource_name="string",
                                      password_protected=boolean,
                                      resource_owner="string",
                                      resource_owner_enabled=boolean,
                                      unmanaged_domain=["string"])
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAssetInventoryV3(integration_id=id_list,
                                      limit=integer,
                                      offset=integer,
                                      resource_type=["string"],
                                      access_level=["string"],
                                      last_accessed="string",
                                      last_modified="string",
                                      resource_name="string",
                                      password_protected=boolean,
                                      resource_owner="string",
                                      resource_owner_enabled=boolean,
                                      unmanaged_domain=["string"])
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAssetInventoryV3",
                          integration_id="string",
                          limit=integer,
                          offset=integer,
                          resource_type="string",
                          access_level="string",
                          last_accessed="string",
                          last_modified="string",
                          resource_name="string",
                          password_protected=boolean,
                          resource_owner="string",
                          resource_owner_enabled=boolean,
                          unmanaged_domain="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  integrationID := "string"
  limit := int64(0)
  offset := int64(0)
  resourceType := "string"
  accessLevel := "string"
  lastAccessed := "string"
  lastModified := "string"
  resourceName := "string"
  passwordProtected := boolean
  resourceOwner := "string"
  resourceOwnerEnabled := boolean
  unmanagedDomain := "string"

  response, err := client.SaasSecurity.GetAssetInventoryV3(
    &saas_security.GetAssetInventoryV3Params{
      IntegrationID: &integrationID,
      Limit: &limit,
      Offset: &offset,
      ResourceType: &resourceType,
      AccessLevel: &accessLevel,
      LastAccessed: &lastAccessed,
      LastModified: &lastModified,
      ResourceName: &resourceName,
      PasswordProtected: &passwordProtected,
      ResourceOwner: &resourceOwner,
      ResourceOwnerEnabled: &resourceOwnerEnabled,
      UnmanagedDomain: &unmanagedDomain,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getAssetInventoryV3(
  "string",  // integrationId
  integer,  // limit
  integer,  // offset
  "string",  // resourceType
  "string",  // accessLevel
  "string",  // lastAccessed
  "string",  // lastModified
  "string",  // resourceName
  boolean,  // passwordProtected
  "string",  // resourceOwner
  boolean,  // resourceOwnerEnabled
  "string"  // unmanagedDomain
);

console.log(response);

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_asset_inventory_v3(integration_id: 'string',
                                      limit: integer,
                                      offset: integer,
                                      resource_type: 'string',
                                      access_level: 'string',
                                      last_accessed: 'string',
                                      last_modified: 'string',
                                      resource_name: 'string',
                                      password_protected: boolean,
                                      resource_owner: 'string',
                                      resource_owner_enabled: boolean,
                                      unmanaged_domain: 'string')

puts response

GetDeviceInventoryV3

Get device inventory from SaaS security monitoring.

GET /saas-security/entities/devices/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_device_inventory

Parameters

Name	Type	Data type	Description
email	query	string	Email.
integration_id	query	string	Comma separated integration ID’s.
limit	query	integer	The maximum number of objects to return.
offset	query	integer	The starting index of the results.
privileged_only	query	boolean	Privileged Only.
unassociated_devices	query	boolean	Unassociated Devices.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_device_inventory(integration_id="string",
                                       limit=integer,
                                       offset=integer,
                                       email="string",
                                       privileged_only=boolean,
                                       unassociated_devices=boolean)
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.GetDeviceInventoryV3(integration_id="string",
                                       limit=integer,
                                       offset=integer,
                                       email="string",
                                       privileged_only=boolean,
                                       unassociated_devices=boolean)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetDeviceInventoryV3",
                          integration_id="string",
                          limit=integer,
                          offset=integer,
                          email="string",
                          privileged_only=boolean,
                          unassociated_devices=boolean)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  integrationID := "string"
  limit := int64(0)
  offset := int64(0)
  email := "string"
  privilegedOnly := boolean
  unassociatedDevices := boolean

  response, err := client.SaasSecurity.GetDeviceInventoryV3(
    &saas_security.GetDeviceInventoryV3Params{
      IntegrationID: &integrationID,
      Limit: &limit,
      Offset: &offset,
      Email: &email,
      PrivilegedOnly: &privilegedOnly,
      UnassociatedDevices: &unassociatedDevices,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getDeviceInventoryV3(
  "string",  // integrationId
  integer,  // limit
  integer,  // offset
  "string",  // email
  boolean,  // privilegedOnly
  boolean  // unassociatedDevices
);

console.log(response);

use rusty_falcon::apis::saas_security_api::get_device_inventory_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_device_inventory_v3(
        &falcon.cfg,  // configuration
        Some("string"),  // integration_id
        Some(integer),  // limit
        Some(integer),  // offset
        Some("string"),  // email
        Some(boolean),  // privileged_only
        Some(boolean),  // unassociated_devices
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_device_inventory_v3(integration_id: 'string',
                                       limit: integer,
                                       offset: integer,
                                       email: 'string',
                                       privileged_only: boolean,
                                       unassociated_devices: boolean)

puts response

GetIntegrationsV3

Get integrations configured for SaaS security monitoring.

GET /saas-security/entities/integrations/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_integrations

Parameters

Name	Type	Data type	Description
saas_id	query	string	Comma separated SaaS ID’s.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_integrations(saas_id="string")
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.GetIntegrationsV3(saas_id="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetIntegrationsV3",
                          saas_id="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  saasID := "string"

  response, err := client.SaasSecurity.GetIntegrationsV3(
    &saas_security.GetIntegrationsV3Params{
      SaasID: &saasID,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getIntegrationsV3("string");  // saasId

console.log(response);

use rusty_falcon::apis::saas_security_api::get_integrations_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_integrations_v3(
        &falcon.cfg,  // configuration
        Some("string"),  // saas_id
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_integrations_v3(saas_id: 'string')

puts response

GetMetricsV3

Get metrics for SaaS security checks and exposures.

GET /saas-security/aggregates/check-metrics/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_metrics

Parameters

Name	Type	Data type	Description
check_type	query	string	Check Type. Allowed values: `apps`, `devices`, `users`, `assets`, `permissions`, `Falcon Shield Security Check`, `custom`.
compliance	query	boolean	Compliance.
impact	query	string	Impact. Allowed values: `1`, `2`, `3`.
integration_id	query	string	Comma separated list of integration IDs.
limit	query	integer	The maximum number of objects to return.
offset	query	integer	The starting index of the results.
status	query	string	Exposure status. Allowed values: `Passed`, `Failed`, `Dismissed`, `Pending`, `Can't Run`, `Stale`.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_metrics(status="string",
                              limit=integer,
                              offset=integer,
                              integration_id=id_list,
                              impact="string",
                              compliance=boolean,
                              check_type="string")
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetMetricsV3(status="string",
                               limit=integer,
                               offset=integer,
                               integration_id=id_list,
                               impact="string",
                               compliance=boolean,
                               check_type="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetMetricsV3",
                          status="string",
                          limit=integer,
                          offset=integer,
                          integration_id="string",
                          impact="string",
                          compliance=boolean,
                          check_type="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  status := "string"
  limit := int64(0)
  offset := int64(0)
  integrationID := "string"
  impact := "string"
  compliance := boolean
  checkType := "string"

  response, err := client.SaasSecurity.GetMetricsV3(
    &saas_security.GetMetricsV3Params{
      Status: &status,
      Limit: &limit,
      Offset: &offset,
      IntegrationID: &integrationID,
      Impact: &impact,
      Compliance: &compliance,
      CheckType: &checkType,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getMetricsV3(
  "string",  // status
  integer,  // limit
  integer,  // offset
  "string",  // integrationId
  "string",  // impact
  boolean,  // compliance
  "string"  // checkType
);

console.log(response);

use rusty_falcon::apis::saas_security_api::get_metrics_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_metrics_v3(
        &falcon.cfg,  // configuration
        Some("string"),  // status
        Some(integer),  // limit
        Some(integer),  // offset
        Some("string"),  // integration_id
        Some("string"),  // impact
        Some(boolean),  // compliance
        Some("string"),  // check_type
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_metrics_v3(status: 'string',
                              limit: integer,
                              offset: integer,
                              integration_id: 'string',
                              impact: 'string',
                              compliance: boolean,
                              check_type: 'string')

puts response

GetSecurityCheckAffectedV3

Get affected resources for security checks.

GET /saas-security/entities/check-affected/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_security_check

Parameters

Name	Type	Data type	Description
id	query	string	Security Check ID.
limit	query	integer	The maximum number of objects to return.
offset	query	integer	The starting index of the results.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_security_check(id="string", limit=integer, offset=integer)
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.GetSecurityCheckAffectedV3(id="string",
                                             limit=integer,
                                             offset=integer)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetSecurityCheckAffectedV3",
                          id="string",
                          limit=integer,
                          offset=integer)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  limit := int64(0)
  offset := int64(0)

  response, err := client.SaasSecurity.GetSecurityCheckAffectedV3(
    &saas_security.GetSecurityCheckAffectedV3Params{
      ID: "string",
      Limit: &limit,
      Offset: &offset,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getSecurityCheckAffectedV3(
  "string",  // id
  integer,  // limit
  integer  // offset
);

console.log(response);

use rusty_falcon::apis::saas_security_api::get_security_check_affected_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_security_check_affected_v3(
        &falcon.cfg,  // configuration
        "string",  // id
        Some(integer),  // limit
        Some(integer),  // offset
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_security_check_affected_v3('string')

puts response

GetSecurityCheckComplianceV3

Get security check compliance information.

GET /saas-security/entities/compliance/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_security_check_compliance

Parameters

Name	Type	Data type	Description
id	query	string	Security Check ID.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_security_check_compliance(id="string")
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.GetSecurityCheckComplianceV3(id="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetSecurityCheckComplianceV3",
                          id="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.SaasSecurity.GetSecurityCheckComplianceV3(
    &saas_security.GetSecurityCheckComplianceV3Params{
      ID: "string",
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getSecurityCheckComplianceV3("string");  // id

console.log(response);

use rusty_falcon::apis::saas_security_api::get_security_check_compliance_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_security_check_compliance_v3(
        &falcon.cfg,  // configuration
        "string",  // id
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_security_check_compliance_v3('string')

puts response

GetSecurityChecksV3

Get security checks from SaaS security monitoring.

GET /saas-security/entities/checks/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_security_checks

Parameters

Name	Type	Data type	Description
check_tags	query	string	Comma separated list of check tags names or ids.
check_type	query	string	Check Type. Allowed values: `apps`, `devices`, `users`, `assets`, `permissions`, `Falcon Shield Security Check`, `custom`.
compliance	query	boolean	Compliance.
id	query	string	Security Check ID.
impact	query	string	Impact. Allowed values: `Low`, `Medium`, `High`.
integration_id	query	string	Comma separated list of integration IDs.
limit	query	integer	The maximum number of objects to return.
offset	query	integer	The starting index of the results.
status	query	string	Exposure status. Allowed values: `Passed`, `Failed`, `Dismissed`, `Pending`, `Can't Run`, `Stale`.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_security_checks(id="string",
                                      limit=integer,
                                      offset=integer,
                                      status="string",
                                      integration_id=id_list,
                                      impact="string",
                                      compliance=boolean,
                                      check_type="string",
                                      check_tags=id_list)
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetSecurityChecksV3(id="string",
                                      limit=integer,
                                      offset=integer,
                                      status="string",
                                      integration_id=id_list,
                                      impact="string",
                                      compliance=boolean,
                                      check_type="string",
                                      check_tags=id_list)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetSecurityChecksV3",
                          id="string",
                          limit=integer,
                          offset=integer,
                          status="string",
                          integration_id="string",
                          impact="string",
                          compliance=boolean,
                          check_type="string",
                          check_tags="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  iD := "string"
  limit := int64(0)
  offset := int64(0)
  status := "string"
  integrationID := "string"
  impact := "string"
  compliance := boolean
  checkType := "string"
  checkTags := "string"

  response, err := client.SaasSecurity.GetSecurityChecksV3(
    &saas_security.GetSecurityChecksV3Params{
      ID: &iD,
      Limit: &limit,
      Offset: &offset,
      Status: &status,
      IntegrationID: &integrationID,
      Impact: &impact,
      Compliance: &compliance,
      CheckType: &checkType,
      CheckTags: &checkTags,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getSecurityChecksV3(
  "string",  // id
  integer,  // limit
  integer,  // offset
  "string",  // status
  "string",  // integrationId
  "string",  // impact
  boolean,  // compliance
  "string",  // checkType
  "string"  // checkTags
);

console.log(response);

use rusty_falcon::apis::saas_security_api::get_security_checks_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_security_checks_v3(
        &falcon.cfg,  // configuration
        Some("string"),  // id
        Some(integer),  // limit
        Some(integer),  // offset
        Some("string"),  // status
        Some("string"),  // integration_id
        Some("string"),  // impact
        Some(boolean),  // compliance
        Some("string"),  // check_type
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_security_checks_v3(id: 'string',
                                      limit: integer,
                                      offset: integer,
                                      status: 'string',
                                      integration_id: 'string',
                                      impact: 'string',
                                      compliance: boolean,
                                      check_type: 'string',
                                      check_tags: 'string')

puts response

GetSupportedSaasV3

Get supported SaaS applications for security monitoring.

GET /saas-security/entities/supported-saas/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_supported_saas

Parameters

Name	Type	Data type	Description
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_supported_saas()
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.GetSupportedSaasV3()
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetSupportedSaasV3")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.SaasSecurity.GetSupportedSaasV3(
    &saas_security.GetSupportedSaasV3Params{
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getSupportedSaasV3();

console.log(response);

use rusty_falcon::apis::saas_security_api::get_supported_saas_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_supported_saas_v3(&falcon.cfg).await.expect("API call failed");  // configuration

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_supported_saas_v3

puts response

GetSystemLogsV3

Get system logs from SaaS security monitoring.

GET /saas-security/entities/system-logs/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_system_logs

Parameters

Name	Type	Data type	Description
from_date	query	string	From Date (in YYYY-MM-DD format).
limit	query	integer	The maximum number of objects to return.
offset	query	integer	The starting index of the results.
to_date	query	string	To Date (in YYYY-MM-DD format).
total_count	query	boolean	Fetch Total Count?
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_system_logs(from_date="string",
                                  limit=integer,
                                  offset=integer,
                                  to_date="string",
                                  total_count=boolean)
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.GetSystemLogsV3(from_date="string",
                                  limit=integer,
                                  offset=integer,
                                  to_date="string",
                                  total_count=boolean)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetSystemLogsV3",
                          from_date="string",
                          limit=integer,
                          offset=integer,
                          to_date="string",
                          total_count=boolean)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  fromDate := "string"
  limit := int64(0)
  offset := int64(0)
  toDate := "string"
  totalCount := boolean

  response, err := client.SaasSecurity.GetSystemLogsV3(
    &saas_security.GetSystemLogsV3Params{
      FromDate: &fromDate,
      Limit: &limit,
      Offset: &offset,
      ToDate: &toDate,
      TotalCount: &totalCount,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getSystemLogsV3(
  "string",  // fromDate
  integer,  // limit
  integer,  // offset
  "string",  // toDate
  boolean  // totalCount
);

console.log(response);

use rusty_falcon::apis::saas_security_api::get_system_logs_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_system_logs_v3(
        &falcon.cfg,  // configuration
        Some("string".to_string()),  // from_date
        Some(integer),  // limit
        Some(integer),  // offset
        Some("string".to_string()),  // to_date
        Some(boolean),  // total_count
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_system_logs_v3(from_date: 'string',
                                  limit: integer,
                                  offset: integer,
                                  to_date: 'string',
                                  total_count: boolean)

puts response

GetSystemUsersV3

Get system users from SaaS security monitoring.

GET /saas-security/entities/system-users/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_system_users

Parameters

Name	Type	Data type	Description
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_system_users()
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.GetSystemUsersV3()
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetSystemUsersV3")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.SaasSecurity.GetSystemUsersV3(
    &saas_security.GetSystemUsersV3Params{
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getSystemUsersV3();

console.log(response);

use rusty_falcon::apis::saas_security_api::get_system_users_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_system_users_v3(&falcon.cfg).await.expect("API call failed");  // configuration

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_system_users_v3

puts response

GetUserInventoryV3

Get user inventory from SaaS security monitoring.

GET /saas-security/entities/users/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_user_inventory

Parameters

Name	Type	Data type	Description
email	query	string	Email.
integration_id	query	string	Comma separated integration ID’s.
limit	query	integer	The maximum number of objects to return.
offset	query	integer	The starting index of the results.
privileged_only	query	boolean	Privileged Only.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_user_inventory(integration_id="string",
                                     limit=integer,
                                     offset=integer,
                                     email="string",
                                     privileged_only=boolean)
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.GetUserInventoryV3(integration_id="string",
                                     limit=integer,
                                     offset=integer,
                                     email="string",
                                     privileged_only=boolean)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetUserInventoryV3",
                          integration_id="string",
                          limit=integer,
                          offset=integer,
                          email="string",
                          privileged_only=boolean)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  integrationID := "string"
  limit := int64(0)
  offset := int64(0)
  email := "string"
  privilegedOnly := boolean

  response, err := client.SaasSecurity.GetUserInventoryV3(
    &saas_security.GetUserInventoryV3Params{
      IntegrationID: &integrationID,
      Limit: &limit,
      Offset: &offset,
      Email: &email,
      PrivilegedOnly: &privilegedOnly,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.getUserInventoryV3(
  "string",  // integrationId
  integer,  // limit
  integer,  // offset
  "string",  // email
  boolean  // privilegedOnly
);

console.log(response);

use rusty_falcon::apis::saas_security_api::get_user_inventory_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_user_inventory_v3(
        &falcon.cfg,  // configuration
        Some("string"),  // integration_id
        Some(integer),  // limit
        Some(integer),  // offset
        Some("string"),  // email
        Some(boolean),  // privileged_only
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.get_user_inventory_v3(integration_id: 'string',
                                     limit: integer,
                                     offset: integer,
                                     email: 'string',
                                     privileged_only: boolean)

puts response

IntegrationBuilderEndTransactionV3

End data upload transaction for custom integration.

POST /saas-security/entities/custom-integration-close/v3

Scope SaaS Security: WRITE Consumes · Produces application/json

PEP 8 complete_integration_upload

Parameters

Name	Type	Data type	Description
id	query	string	Integration ID.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.complete_integration_upload(id="string")
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.IntegrationBuilderEndTransactionV3(id="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("IntegrationBuilderEndTransactionV3",
                          id="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.SaasSecurity.IntegrationBuilderEndTransactionV3(
    &saas_security.IntegrationBuilderEndTransactionV3Params{
      ID: "string",
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.integrationBuilderEndTransactionV3("string");  // id

console.log(response);

use rusty_falcon::apis::saas_security_api::integration_builder_end_transaction_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = integration_builder_end_transaction_v3(
        &falcon.cfg,  // configuration
        "string",  // id
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.integration_builder_end_transaction_v3('string')

puts response

IntegrationBuilderGetStatusV3

Get status of custom integration builder.

GET /saas-security/entities/custom-integration-status/v3

Scope SaaS Security: READ Consumes · Produces application/json

PEP 8 get_integration_builder_status

Parameters

Name	Type	Data type	Description
id	query	string	Integration ID.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.get_integration_builder_status(id="string")
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.IntegrationBuilderGetStatusV3(id="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("IntegrationBuilderGetStatusV3",
                          id="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.SaasSecurity.IntegrationBuilderGetStatusV3(
    &saas_security.IntegrationBuilderGetStatusV3Params{
      ID: "string",
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.integrationBuilderGetStatusV3("string");  // id

console.log(response);

use rusty_falcon::apis::saas_security_api::integration_builder_get_status_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = integration_builder_get_status_v3(
        &falcon.cfg,  // configuration
        "string",  // id
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.integration_builder_get_status_v3('string')

puts response

IntegrationBuilderResetV3

Reset custom integration builder.

POST /saas-security/entities/custom-integration-reset/v3

Scope SaaS Security: WRITE Consumes · Produces application/json

PEP 8 reset_integration_builder

Parameters

Name	Type	Data type	Description
id	query	string	Integration ID.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.reset_integration_builder(id="string")
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.IntegrationBuilderResetV3(id="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("IntegrationBuilderResetV3",
                          id="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.SaasSecurity.IntegrationBuilderResetV3(
    &saas_security.IntegrationBuilderResetV3Params{
      ID: "string",
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.integrationBuilderResetV3("string");  // id

console.log(response);

use rusty_falcon::apis::saas_security_api::integration_builder_reset_v3;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = integration_builder_reset_v3(
        &falcon.cfg,  // configuration
        "string",  // id
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

response = api.integration_builder_reset_v3('string')

puts response

IntegrationBuilderUploadV3

Upload data for custom integration builder.

POST /saas-security/entities/custom-integration-upload/v3

Scope SaaS Security: WRITE Consumes · Produces application/json

PEP 8 upload_integration_builder

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format.
data	body	string	Data.
id	query	string	Integration ID.
source_id	query	string	Source ID.
parameters	query	dictionary	Full parameters payload in JSON format.

Code Examples

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.upload_integration_builder(data="string",
                                             id="string",
                                             source_id="string")
print(response)

from falconpy import SaasSecurity

falcon = SaasSecurity(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.IntegrationBuilderUploadV3(data="string",
                                             id="string",
                                             source_id="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "data": "string"
}

response = falcon.command("IntegrationBuilderUploadV3",
                          id="string",
                          source_id="string",
                          body=body_payload)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/saas_security"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  data := "string"

  response, err := client.SaasSecurity.IntegrationBuilderUploadV3(
    &saas_security.IntegrationBuilderUploadV3Params{
      Body: &models.UploadDataRequest{
        Data: &data,
      },
      ID: "string",
      SourceID: "string",
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.saasSecurity.integrationBuilderUploadV3(
  "string",  // id
  "string",  // sourceId
  {  // body
      data: "string"
  }
);

console.log(response);

use rusty_falcon::apis::saas_security_api::integration_builder_upload_v3;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::UploadDataRequest;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = UploadDataRequest {
        data: Some("string".to_string()),
        ..Default::default()
    };

    let response = integration_builder_upload_v3(
        &falcon.cfg,  // configuration
        "string",  // id
        "string",  // source_id
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SaasSecurity.new

body = Falcon::UploadDataRequest.new(
  data: 'string'
)

response = api.integration_builder_upload_v3(body, 'string', 'string')

puts response

SaaS Security

Table of Contents

DismissAffectedEntityV3

Parameters

Code Examples

DismissSecurityCheckV3

Parameters

Code Examples

GetActivityMonitorV3

Parameters

Code Examples

GetAlertsV3

Parameters

Code Examples

GetAppInventory

Parameters

Code Examples

GetAppInventoryUsers

Parameters

Code Examples

GetAssetInventoryV3

Parameters

Code Examples

GetDeviceInventoryV3

Parameters

Code Examples

GetIntegrationsV3

Parameters

Code Examples

GetMetricsV3

Parameters

Code Examples

GetSecurityCheckAffectedV3

Parameters

Code Examples

GetSecurityCheckComplianceV3

Parameters

Code Examples

GetSecurityChecksV3

Parameters

Code Examples

GetSupportedSaasV3

Parameters

Code Examples

GetSystemLogsV3

Parameters

Code Examples

GetSystemUsersV3

Parameters

Code Examples

GetUserInventoryV3

Parameters

Code Examples

IntegrationBuilderEndTransactionV3

Parameters

Code Examples

IntegrationBuilderGetStatusV3

Parameters

Code Examples

IntegrationBuilderResetV3

Parameters

Code Examples

IntegrationBuilderUploadV3

Parameters

Code Examples