Skip to content
CrowdStrike Developer Center

Getting Started

Installation

Section titled “Installation”
Terminal window
go get github.com/crowdstrike/gofalcon/falcon

goFalcon follows semantic versioning in the v0.x.x stage. Pin to specific patch versions in your go.mod for stability and review release notes before updating.

Authentication

Section titled “Authentication”

All authentication uses the falcon.ApiConfig struct with credentials from environment variables.

package main


import (
    "context"
    "fmt"
    "os"


    "github.com/crowdstrike/gofalcon/falcon"
    "github.com/crowdstrike/gofalcon/falcon/client/sensor_download"
)


func main() {
    client, err := falcon.NewClient(&falcon.ApiConfig{
        ClientId:     os.Getenv("FALCON_CLIENT_ID"),
        ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
        Context:      context.Background(),
    })
    if err != nil {
        panic(err)
    }


    res, err := client.SensorDownload.GetSensorInstallersCCIDByQuery(
        &sensor_download.GetSensorInstallersCCIDByQueryParams{
            Context: context.Background(),
        },
    )
    if err != nil {
        panic(err)
    }
    fmt.Println(res.Payload.Resources)
}

Cloud Region

Section titled “Cloud Region”

For non-US1 environments, set the Cloud field:

client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Cloud:        falcon.CloudUs2(),
    Context:      context.Background(),
})

MSSP (Flight Control)

Section titled “MSSP (Flight Control)”

For child tenant operations, set the MemberCID field:

client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    MemberCID:    "child-cid-here",
    Context:      context.Background(),
})

Error Handling

Section titled “Error Handling”

Use falcon.ErrorExplain(err) for detailed error messages from the API:

if err != nil {
    panic(falcon.ErrorExplain(err))
}

Examples

Section titled “Examples”

The goFalcon examples directory contains 27 standalone programs covering:

  • Host details and cleanup (falcon_host_details, falcon_cleanup_hosts)
  • Detection management (falcon_detection_details)
  • Real-Time Response (falcon_rtr_admin_create_and_run_script, falcon_rtr_batch_read_only_command)
  • Event streaming (falcon_event_stream, stream_new_detections)
  • Sensor downloads (falcon_sensor_download)
  • Intel indicators (falcon_intel_indicators)
  • Vulnerability management (falcon_vulnerabilities)
  • CSPM (falcon_cspm_aws_accounts, falcon_cspm_ioms)
  • IOCs, custom IOAs, Zero Trust Assessment, and more

Page Updated: v0.20.0

© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use