Skip to content
CrowdStrike Developer Center

Sample Uploads

The Sample Uploads service collection provides operations for uploading and managing sample files for cloud analysis. Upload archives and individual samples, manage extraction operations, retrieve uploaded samples, and delete files when no longer needed.

LanguageLast Update
Pythonv1.5.0
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

This service collection has code examples posted to the repository.

Table of Contents

Section titled “Table of Contents”
OperationDescription
ArchiveListV1
list_archive		Retrieves the archives files in chunks.
ArchiveGetV1
get_archive		Retrieves the archives upload operation statuses. Status done means that archive was processed successfully. Status error means that archive was not processed successfully.
ArchiveUploadV1
archive_upload_v1		Uploads an archive and extracts files list from it. Operation is asynchronous.
deprecated
ArchiveDeleteV1
delete_archive		Delete an archive that was uploaded previously.
ArchiveUploadV2
upload_archive		Uploads an archive and extracts files list from it. Operation is asynchronous.
ExtractionListV1
list_extraction		Retrieves the files extractions in chunks.
ExtractionGetV1
get_extraction		Retrieves the files extraction operation statuses.
ExtractionCreateV1
create_extraction		Extracts files from an uploaded archive and copies them to internal storage making it available for content analysis.
GetSampleV3
get_sample		Retrieves the file associated with the given ID (SHA256).
UploadSampleV3
upload_sample		Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint.
DeleteSampleV3
delete_sample		Removes a sample, including file, meta and submissions from the collection.

ArchiveListV1

Section titled “ArchiveListV1”

Retrieves the archives files in chunks.

GET /archives/entities/archive-files/v1
Scope Sample Uploads: READ Consumes · Produces application/json
PEP 8 list_archive

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idquerystringThe archive SHA256.
parametersquerydictionaryFull query string parameters payload in JSON format.
limitqueryintegerMaximum number of files to retrieve. (Default: 100)
offsetquerystringOffset from where to retrieve files.

Code Examples

Section titled “Code Examples”
from falconpy import SampleUploads


falcon = SampleUploads(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.list_archive(id="string", limit=integer, offset="string")
print(response)

ArchiveGetV1

Section titled “ArchiveGetV1”

Retrieves the archives upload operation statuses. Status done means that archive was processed successfully. Status error means that archive was not processed successfully.

GET /archives/entities/archives/v1
Scope Sample Uploads: READ Consumes · Produces application/json
PEP 8 get_archive

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idquerystringThe archive SHA256.
parametersquerydictionaryFull query string parameters payload in JSON format.
include_filesquerybooleanIf true includes processed archive files in response.

Code Examples

Section titled “Code Examples”
from falconpy import SampleUploads


falcon = SampleUploads(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.get_archive(id="string", include_files=boolean)
print(response)

ArchiveUploadV1

Section titled “ArchiveUploadV1”

Uploads an archive and extracts files list from it. Operation is asynchronous use ArchiveGetV1 to check the status. After uploading, use ExtractionCreateV1 to copy the file to internal storage making it available for content analysis.

deprecated This method is deprecated in favor of ArchiveUploadV2.

POST /archives/entities/archives/v1
Scope Sample Uploads: WRITE Consumes application/octet-stream Produces application/json
PEP 8 archive_upload_v1

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryContent of the uploaded archive in binary format. The keywords file_data, sample, and upfile will also be accepted for this argument. Max file size: 100 MB. Accepted file formats: zip, 7z.
commentquerystringA descriptive comment to identify the file for other users.
is_confidentialquerybooleanDefines visibility of this file, either via the API or the Falcon console. true: File is only show to users within your customer account. false: File can be seen by other CrowdStrike customers. Defaults to true.
namequerystringName of the archive.
parametersquerydictionaryFull query string parameters payload in JSON format.
passwordquerystringArchive password.

Code Examples

Section titled “Code Examples”
from falconpy import SampleUploads


falcon = SampleUploads(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.upload_archive_v1(comment="string",
                                    name="string",
                                    file_type="string",
                                    is_confidential="string",
                                    password="string")
print(response)

ArchiveDeleteV1

Section titled “ArchiveDeleteV1”

Delete an archive that was uploaded previously

DELETE /archives/entities/archives/v1
Scope Sample Uploads: WRITE Consumes · Produces application/json
PEP 8 delete_archive

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idquerystringThe archive SHA256.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import SampleUploads


falcon = SampleUploads(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.delete_archive(id="string")
print(response)

ArchiveUploadV2

Section titled “ArchiveUploadV2”

Uploads an archive and extracts files list from it. Operation is asynchronous use ArchiveGetV1 to check the status. After uploading, use ExtractionCreateV1 to copy the file to internal storage making it available for content analysis.

POST /archives/entities/archives/v2
Scope Sample Uploads: WRITE Consumes multipart/form-data Produces application/json
PEP 8 upload_archive

Parameters

Section titled “Parameters”
NameTypeData typeDescription
file_dataformDatadictionaryContent of the uploaded archive in binary format. The keywords archive and file will also be accepted for this argument. Max file size: 100 MB. Accepted file formats: zip, 7z.
commentformDatastringA descriptive comment to identify the file for other users.
is_confidentialformDatabooleanDefines visibility of this file, either via the API or the Falcon console. true: File is only show to users within your customer account. false: File can be seen by other CrowdStrike customers. Defaults to true.
file_typequerystringArchive format, either zip or 7zip. Defaults to zip.
nameformDatastringName of the archive.
parametersquerydictionaryFull query string parameters payload in JSON format.
passwordformDatastringArchive password.

Code Examples

Section titled “Code Examples”
from falconpy import SampleUploads


falcon = SampleUploads(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.upload_archive(comment="string",
                                 file_data="string",
                                 name="string",
                                 file_type="string",
                                 is_confidential="string",
                                 password="string")
print(response)

ExtractionListV1

Section titled “ExtractionListV1”

Retrieves the files extractions in chunks. Status done means that all files were processed successfully. Status error means that at least one of the file could not be processed.

GET /archives/entities/extraction-files/v1
Scope Sample Uploads: READ Consumes · Produces application/json
PEP 8 list_extraction

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idquerystringThe extraction operation ID.
parametersquerydictionaryFull query string parameters payload in JSON format.
limitqueryintegerMaximum number of files to retrieve. (Default: 100)
offsetquerystringOffset from where to retrieve files.

Code Examples

Section titled “Code Examples”
from falconpy import SampleUploads


falcon = SampleUploads(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.list_extraction(id="string", limit=integer, offset="string")
print(response)

ExtractionGetV1

Section titled “ExtractionGetV1”

Retrieves the files extraction operation statuses. Status done means that all files were processed successfully. Status error means that at least one of the file could not be processed.

GET /archives/entities/extractions/v1
Scope Sample Uploads: READ Consumes · Produces application/json
PEP 8 get_extraction

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idquerystringThe extraction operation ID.
include_filesquerybooleanIf true, includes processed archive files in response.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import SampleUploads


falcon = SampleUploads(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.get_extraction(id="string", include_files=boolean)
print(response)

ExtractionCreateV1

Section titled “ExtractionCreateV1”

Extracts files from an uploaded archive and copies them to internal storage making it available for content analysis.

POST /archives/entities/extractions/v1
Scope Sample Uploads: WRITE Consumes · Produces application/json
PEP 8 create_extraction

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format.
extract_allbodybooleanFlag indicating if all files should be extracted.
filesbodylist of dictionariesList of files to be extracted from the archive. Each dictionary will contain three keys: comment (string), is_confidential (boolean), and name (string).
sha256bodystringSHA256 of the archive.

Code Examples

Section titled “Code Examples”
from falconpy import SampleUploads


falcon = SampleUploads(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


files = [
    {
        "comment": "string",
        "is_confidential": true,
        "name": "string"
    }
]


response = falcon.create_extraction(extract_all=boolean,
                                    files=files,
                                    sha256="string")
print(response)

GetSampleV3

Section titled “GetSampleV3”

Retrieves the file associated with the given ID (SHA256).

GET /samples/entities/samples/v3
Scope Sample Uploads: READ Consumes · Produces application/octet-stream
PEP 8 get_sample

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystringThe file SHA256.
parametersquerydictionaryFull query string parameters payload in JSON format.
password_protectedquerybooleanFlag whether the sample should be zipped and password protected with the password infected.
streamquerybooleanEnable streaming download of the returned file.

Code Examples

Section titled “Code Examples”
from falconpy import SampleUploads


falcon = SampleUploads(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


with open("output_file", "wb") as save_file:
    response = falcon.get_sample(ids=id_list,
                                 password_protected="string",
                                 stream=boolean,
                                 stream=boolean)
    save_file.write(response)

UploadSampleV3

Section titled “UploadSampleV3”

Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint.

POST /samples/entities/samples/v3
Scope Sample Uploads: WRITE Consumes · Produces multipart/form-data
PEP 8 upload_sample

Parameters

Section titled “Parameters”
NameTypeData typeDescription
commentformDatastringA descriptive comment to identify the file for other users.
dataformDatafileContent of the uploaded sample in binary format (Uber class). Max file size: 256 MB. Accepted file formats:
  • Portable executables: .exe, .scr, .pif, .dll, .com, .cpl, etc.
  • Office documents: .doc, .docx, .ppt, .pps, .pptx, .ppsx, .xls, .xlsx, .rtf, .pub
  • PDF
  • APK
  • Executable JAR
  • Windows script component: .sct
  • Windows shortcut: .lnk
  • Windows help: .chm
  • HTML application: .hta
  • Windows script file: .wsf
  • Javascript: .js
  • Visual Basic: .vbs, .vbe
  • Shockwave Flash: .swf
  • Perl: .pl
  • Powershell: .ps1, .psd1, .psm1
  • Scalable vector graphics: .svg
  • Python: .py
  • Linux ELF executables
  • Email files: MIME RFC 822 .eml, Outlook .msg.
is_confidentialformDatabooleanDefines visibility of this file in Falcon MalQuery. true: File is only shown to users within your customer account. false: File can be seen by other CrowdStrike customers. Default: true.
file_data or sample or upfileformDatafileContent of the uploaded sample in binary format (Service class). Max file size: 256 MB. Accepted file formats:
  • Portable executables: .exe, .scr, .pif, .dll, .com, .cpl, etc.
  • Office documents: .doc, .docx, .ppt, .pps, .pptx, .ppsx, .xls, .xlsx, .rtf, .pub
  • PDF
  • APK
  • Executable JAR
  • Windows script component: .sct
  • Windows shortcut: .lnk
  • Windows help: .chm
  • HTML application: .hta
  • Windows script file: .wsf
  • Javascript: .js
  • Visual Basic: .vbs, .vbe
  • Shockwave Flash: .swf
  • Perl: .pl
  • Powershell: .ps1, .psd1, .psm1
  • Scalable vector graphics: .svg
  • Python: .py
  • Linux ELF executables
  • Email files: MIME RFC 822 .eml, Outlook .msg.
file_nameformDatastringName to use for the file. Uses current file name if not specified.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import SampleUploads


falcon = SampleUploads(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


response = falcon.upload_sample(comment="string",
                                file_data="string",
                                file_name="string",
                                is_confidential="string")
print(response)

DeleteSampleV3

Section titled “DeleteSampleV3”

Removes a sample, including file, meta and submissions from the collection.

DELETE /samples/entities/samples/v3
Scope Sample Uploads: WRITE Consumes · Produces application/json
PEP 8 delete_sample

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystringThe file SHA256 of the file to delete.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import SampleUploads


falcon = SampleUploads(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_sample(ids=id_list)
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use