Sensor Visibility Exclusions

The Sensor Visibility Exclusions service collection provides operations for managing sensor visibility exclusions. Retrieve, create, delete, update, and query exclusions that control which processes are excluded from sensor visibility monitoring.

Language	Last Update
Python	v1.4.6
PowerShell	v2.2.9
Go	v0.20.0
TypeScript	v0.6.0
Rust	v0.7.0
Ruby	v1.2.0

Operation	Description
getSensorVisibilityExclusionsV1 `get_exclusions`	Get a set of Sensor Visibility Exclusions by specifying their IDs.
createSVExclusionsV1 `create_exclusions`	Create a sensor visibility exclusion.
deleteSensorVisibilityExclusionsV1 `delete_exclusions`	Delete the sensor visibility exclusions by ID.
updateSensorVisibilityExclusionsV1 `update_exclusions`	Update a sensor visibility exclusion.
querySensorVisibilityExclusionsV1 `query_exclusions`	Search for sensor visibility exclusions.

getSensorVisibilityExclusionsV1

Get a set of Sensor Visibility Exclusions by specifying their IDs

GET /policy/entities/sv-exclusions/v1

Scope Sensor Visibility Exclusions: READ Consumes · Produces application/json

PEP 8 get_exclusions

Parameters

Name	Type	Data type	Description
ids	query	string or list of strings	The IDs of the exclusions to retrieve.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import SensorVisibilityExclusions

falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_exclusions(ids=id_list)
print(response)

from falconpy import SensorVisibilityExclusions

falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getSensorVisibilityExclusionsV1(ids=id_list)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getSensorVisibilityExclusionsV1",
                          ids=id_list)
print(response)

Get-FalconSvExclusion -Id @("ID1", "ID2")

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/sensor_visibility_exclusions"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  response, err := client.SensorVisibilityExclusions.GetSensorVisibilityExclusionsV1(
    &sensor_visibility_exclusions.GetSensorVisibilityExclusionsV1Params{
      Ids: []string{"ID1", "ID2", "ID3"},
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.sensorVisibilityExclusions.getSensorVisibilityExclusionsV1(["ID1", "ID2", "ID3"]);  // ids

console.log(response);

use rusty_falcon::apis::sensor_visibility_exclusions_api::get_sensor_visibility_exclusions_v1;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = get_sensor_visibility_exclusions_v1(
        &falcon.cfg,  // configuration
        vec!["string".to_string()],  // ids
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SensorVisibilityExclusions.new

response = api.get_sensor_visibility_exclusions_v1(['ID1', 'ID2', 'ID3'])

puts response

createSVExclusionsV1

Create the sensor visibility exclusions

POST /policy/entities/sv-exclusions/v1

Scope Sensor Visibility Exclusions: WRITE Consumes · Produces application/json

PEP 8 create_exclusions

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format.
comment	body	string	String comment describing why the exclusions was created.
groups	body	list of strings	Group ID(s) impacted by the exclusion.
value	body	string	Value to match for the exclusion.

Code Examples

from falconpy import SensorVisibilityExclusions

falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.create_exclusions(comment="string",
                                    groups=["string"],
                                    value="string")
print(response)

from falconpy import SensorVisibilityExclusions

falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.createSVExclusionsV1(comment="string",
                                       groups=["string"],
                                       value="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "comment": "string",
    "groups": ["string"],
    "is_descendant_process": boolean,
    "value": "string"
}

response = falcon.command("createSVExclusionsV1", body=body_payload)
print(response)

New-FalconSvExclusion -Value "string" -DescendantProcess $boolean

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/sensor_visibility_exclusions"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  comment := "string"
  is_descendant_process := boolean
  value := "string"

  response, err := client.SensorVisibilityExclusions.CreateSVExclusionsV1(
    &sensor_visibility_exclusions.CreateSVExclusionsV1Params{
      Body: &models.SvExclusionsCreateReqV1{
        Comment: &comment,
        Groups: []string{"string"},
        IsDescendantProcess: &is_descendant_process,
        Value: &value,
      },
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.sensorVisibilityExclusions.createSVExclusionsV1(
  {
    comment: "string",
    groups: [],
    isDescendantProcess: boolean,
    value: "string"
}  // body
);

console.log(response);

use rusty_falcon::apis::sensor_visibility_exclusions_api::create_sv_exclusions_v1;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::SvExclusionsCreateReqV1;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = SvExclusionsCreateReqV1 {
        ..Default::default()
    };

    let response = create_sv_exclusions_v1(
        &falcon.cfg,  // configuration
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SensorVisibilityExclusions.new

body = Falcon::SvExclusionsCreateReqV1.new(
  comment: 'string',
  groups: [],
  is_descendant_process: boolean,
  value: 'string'
)

response = api.create_sv_exclusions_v1(body)

puts response

deleteSensorVisibilityExclusionsV1

Delete the sensor visibility exclusions by id

DELETE /policy/entities/sv-exclusions/v1

Scope Sensor Visibility Exclusions: WRITE Consumes · Produces application/json

PEP 8 delete_exclusions

Parameters

Name	Type	Data type	Description
comment	query	string	Explains why this exclusion was deleted.
ids	query	string or list of strings	The IDs of the exclusions to retrieve.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import SensorVisibilityExclusions

falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_exclusions(comment="string", ids=id_list)
print(response)

from falconpy import SensorVisibilityExclusions

falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.deleteSensorVisibilityExclusionsV1(comment="string",
                                                     ids=id_list)
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("deleteSensorVisibilityExclusionsV1",
                          ids=id_list,
                          comment="string")
print(response)

Remove-FalconSvExclusion -Id @("ID1", "ID2")

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/sensor_visibility_exclusions"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  comment := "string"

  response, err := client.SensorVisibilityExclusions.DeleteSensorVisibilityExclusionsV1(
    &sensor_visibility_exclusions.DeleteSensorVisibilityExclusionsV1Params{
      Ids: []string{"ID1", "ID2", "ID3"},
      Comment: &comment,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.sensorVisibilityExclusions.deleteSensorVisibilityExclusionsV1(
  ["ID1", "ID2", "ID3"],  // ids
  "string"  // comment
);

console.log(response);

use rusty_falcon::apis::sensor_visibility_exclusions_api::delete_sensor_visibility_exclusions_v1;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = delete_sensor_visibility_exclusions_v1(
        &falcon.cfg,  // configuration
        vec!["string".to_string()],  // ids
        Some("string"),  // comment
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SensorVisibilityExclusions.new

response = api.delete_sensor_visibility_exclusions_v1(['ID1', 'ID2', 'ID3'])

puts response

updateSensorVisibilityExclusionsV1

Update the sensor visibility exclusions

PATCH /policy/entities/sv-exclusions/v1

Scope Sensor Visibility Exclusions: WRITE Consumes · Produces application/json

PEP 8 update_exclusions

Parameters

Name	Type	Data type	Description
body	body	dictionary	Full body payload in JSON format.
comment	body	string	String comment describing why the exclusions was created.
groups	body	list of strings	Group ID(s) impacted by the exclusion.
id	body	string	The ID of the exclusion to update.
is_descendent_process	body	boolean	Flag to determine if an exclusion should apply to all descendant processes.
value	body	string	Value to match for the exclusion.

Code Examples

from falconpy import SensorVisibilityExclusions

falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.update_exclusions(comment="string",
                                    groups=["string"],
                                    id="string",
                                    is_descendant_process="string",
                                    value="string")
print(response)

from falconpy import SensorVisibilityExclusions

falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.updateSensorVisibilityExclusionsV1(comment="string",
                                                     groups=["string"],
                                                     id="string",
                                                     is_descendant_process="string",
                                                     value="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "comment": "string",
    "groups": ["string"],
    "id": "string",
    "is_descendant_process": boolean,
    "value": "string"
}

response = falcon.command("updateSensorVisibilityExclusionsV1", body=body_payload)
print(response)

Edit-FalconSvExclusion -Id "string"

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/sensor_visibility_exclusions"
  "github.com/crowdstrike/gofalcon/falcon/models"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  comment := "string"
  id := "string"
  is_descendant_process := boolean
  value := "string"

  response, err := client.SensorVisibilityExclusions.UpdateSensorVisibilityExclusionsV1(
    &sensor_visibility_exclusions.UpdateSensorVisibilityExclusionsV1Params{
      Body: &models.SvExclusionsUpdateReqV1{
        Comment: &comment,
        Groups: []string{"string"},
        ID: &id,
        IsDescendantProcess: &is_descendant_process,
        Value: &value,
      },
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.sensorVisibilityExclusions.updateSensorVisibilityExclusionsV1(
  {
    comment: "string",
    groups: [],
    id: "string",
    isDescendantProcess: boolean,
    value: "string"
}  // body
);

console.log(response);

use rusty_falcon::apis::sensor_visibility_exclusions_api::update_sensor_visibility_exclusions_v1;
use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::models::SvExclusionsUpdateReqV1;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let body = SvExclusionsUpdateReqV1 {
        id: Some("string".to_string()),
        ..Default::default()
    };

    let response = update_sensor_visibility_exclusions_v1(
        &falcon.cfg,  // configuration
        body,  // body
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SensorVisibilityExclusions.new

body = Falcon::SvExclusionsUpdateReqV1.new(
  comment: 'string',
  groups: [],
  id: 'string',
  is_descendant_process: boolean,
  value: 'string'
)

response = api.update_sensor_visibility_exclusions_v1(body)

puts response

querySensorVisibilityExclusionsV1

Search for sensor visibility exclusions.

GET /policy/queries/sv-exclusions/v1

Scope Sensor Visibility Exclusions: READ Consumes · Produces application/json

PEP 8 query_exclusions

Parameters

Name	Type	Data type	Description
filter	query	string	The filter expression that should be used to limit the results. FQL syntax. Available filters: `applied_globally`, `created_by`, `created_on`, `last_modified`, `modified_by`, `value`
limit	query	integer	The maximum number of records to return. [1-500]
offset	query	integer	The offset to start retrieving records from.
parameters	query	dictionary	Full query string parameters payload in JSON format.
sort	query	string	The property to sort by. FQL syntax. (e.g. last_behavior\|asc) Available sort fields: `applied_globally`, `created_by`, `created_on`, `last_modified`, `modified_by`, `value`

Code Examples

from falconpy import SensorVisibilityExclusions

falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.query_exclusions(filter="string",
                                   limit="string",
                                   offset="string",
                                   sort="string")
print(response)

from falconpy import SensorVisibilityExclusions

falcon = SensorVisibilityExclusions(client_id=CLIENT_ID,
                                    client_secret=CLIENT_SECRET
                                    )

response = falcon.querySensorVisibilityExclusionsV1(filter="string",
                                                    limit="string",
                                                    offset="string",
                                                    sort="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("querySensorVisibilityExclusionsV1",
                          filter="string",
                          offset=integer,
                          limit=integer,
                          sort="string")
print(response)

Get-FalconSvExclusion -Filter "string" `
  -Sort "string" `
  -Limit integer `
  -Offset integer

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/sensor_visibility_exclusions"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  filter := "string"
  offset := int64(0)
  limit := int64(0)
  sort := "string"

  response, err := client.SensorVisibilityExclusions.QuerySensorVisibilityExclusionsV1(
    &sensor_visibility_exclusions.QuerySensorVisibilityExclusionsV1Params{
      Filter: &filter,
      Offset: &offset,
      Limit: &limit,
      Sort: &sort,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.sensorVisibilityExclusions.querySensorVisibilityExclusionsV1(
  "string",  // filter
  integer,  // offset
  integer,  // limit
  "string"  // sort
);

console.log(response);

use rusty_falcon::apis::sensor_visibility_exclusions_api::query_sensor_visibility_exclusions_v1;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = query_sensor_visibility_exclusions_v1(
        &falcon.cfg,  // configuration
        Some("string"),  // filter
        Some(integer),  // offset
        Some(integer),  // limit
        Some("string"),  // sort
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::SensorVisibilityExclusions.new

response = api.query_sensor_visibility_exclusions_v1(filter: 'string',
                                                     offset: integer,
                                                     limit: integer,
                                                     sort: 'string')

puts response

Sensor Visibility Exclusions

Table of Contents

getSensorVisibilityExclusionsV1

Parameters

Code Examples

createSVExclusionsV1

Parameters

Code Examples

deleteSensorVisibilityExclusionsV1

Parameters

Code Examples

updateSensorVisibilityExclusionsV1

Parameters

Code Examples

querySensorVisibilityExclusionsV1

Parameters

Code Examples