Sensor Usage

The Sensor Usage service collection provides operations for retrieving sensor usage statistics. Fetch hourly or weekly averages representing how many unique AIDs were active over the previous 28 days, with support for FQL filters to narrow results by date, period, and CID selection.

Language	Last Update
Python	v1.6.1
PowerShell	v2.2.9
Go	v0.20.0
TypeScript	v0.6.0
Rust	v0.7.0
Ruby	v1.2.0

Operation	Description
GetSensorUsageHourly `get_hourly_usage`	Fetches hourly average. Each data point represents the average of how many unique AIDs were seen per hour for the previous 28 days.
GetSensorUsageWeekly `get_weekly_usage`	Fetches weekly average. Each data point represents the average of how many unique AIDs were seen per week for the previous 28 days.

GetSensorUsageHourly

Fetches hourly average. Each data point represents the average of how many unique AIDs were seen per hour for the previous 28 days.

GET /billing-dashboards-usage/aggregates/hourly-average/v1

Scope Sensor Usage: READ Consumes · Produces application/json

PEP 8 get_hourly_usage

Parameters

Name	Type	Data type	Description
filter	query	string	The FQL search filter.
parameters	query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Allowed filters

Filter	Description
`event_date`	A specified date that will be final date of the results returned. Specified date cannot be after the default. Format: `2024-06-11`, Default: the current date, minus 2 days, in UTC
`period`	An integer surrounded by single quotes representing the number of days to return. Format: `30`, Default: `28`, Minimum: `1`, Maximum: `395`
`selected_cids`	A comma delimited list of CIDs to return data for. Caller must be a parent CID or have special access enabled. Format: `cid_1,cid_2,cid_3`, Default: for parent CIDs the default is the parent and all children, otherwise the current CID

Code Examples

from falconpy import SensorUsage

falcon = SensorUsage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.get_hourly_usage(filter="string")
print(response)

from falconpy import SensorUsage

falcon = SensorUsage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.GetSensorUsageHourly(filter="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetSensorUsageHourly",
                          filter="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/sensor_usage_api"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  filter := "string"

  response, err := client.SensorUsageApi.GetSensorUsageHourly(
    &sensor_usage_api.GetSensorUsageHourlyParams{
      Filter: &filter,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.sensorUsageApi.getSensorUsageHourly("string");  // filter

console.log(response);

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SensorUsageApi.new

response = api.get_sensor_usage_hourly(filter: 'string')

puts response

GetSensorUsageWeekly

Fetches weekly average. Each data point represents the average of how many unique AIDs were seen per week for the previous 28 days.

GET /billing-dashboards-usage/aggregates/weekly-average/v1

Scope Sensor Usage: READ Consumes · Produces application/json

PEP 8 get_weekly_usage

Parameters

Name	Type	Data type	Description
filter	query	string	The FQL search filter.
parameters	query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Allowed filters

Filter	Description
`event_date`	A specified date that will be final date of the results returned. Specified date cannot be after the default. Format: `2024-06-11`, Default: the current date, minus 2 days, in UTC
`period`	An integer surrounded by single quotes representing the number of days to return. Format: `30`, Default: `28`, Minimum: `1`, Maximum: `395`
`selected_cids`	A comma delimited list of CIDs to return data for. Caller must be a parent CID or have special access enabled. Format: `cid_1,cid_2,cid_3`, Default: for parent CIDs the default is the parent and all children, otherwise the current CID

Code Examples

from falconpy import SensorUsage

falcon = SensorUsage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.get_weekly_usage(filter="string")
print(response)

from falconpy import SensorUsage

falcon = SensorUsage(client_id=CLIENT_ID,
                     client_secret=CLIENT_SECRET
                     )

response = falcon.GetSensorUsageWeekly(filter="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetSensorUsageWeekly",
                          filter="string")
print(response)

Get-FalconHostAverage

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/sensor_usage_api"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  filter := "string"

  response, err := client.SensorUsageApi.GetSensorUsageWeekly(
    &sensor_usage_api.GetSensorUsageWeeklyParams{
      Filter: &filter,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.sensorUsageApi.getSensorUsageWeekly("string");  // filter

console.log(response);

use rusty_falcon::apis::sensor_usage_api_api::get_sensor_usage_weekly;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_sensor_usage_weekly(
        &falcon.cfg,  // configuration
        Some("string"),  // filter
    ).await.expect("API call failed");

    println!("{:?}", response);
}

Sensor Usage

Table of Contents

GetSensorUsageHourly

Parameters

Allowed filters

Code Examples

GetSensorUsageWeekly

Parameters

Allowed filters

Code Examples