Getting Started
Installation
Section titled “Installation”From RubyGems (Recommended)
Section titled “From RubyGems (Recommended)”gem install crimson-falconOr add to your Gemfile:
gem 'crimson-falcon', '~> 1.2.0'From Source
Section titled “From Source”gem build crimson-falcon.gemspecgem install ./crimson-falcon-1.2.0.gemFrom Git
Section titled “From Git”gem 'crimson-falcon', :git => 'https://github.com/CrowdStrike/crimson-falcon.git'Authentication
Section titled “Authentication”Configure credentials using a block syntax. Set cloud to your CrowdStrike region.
require 'crimson-falcon'
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = ENV["FALCON_CLOUD"] # "us-1", "us-2", "eu-1", "us-gov-1"endQuick Start
Section titled “Quick Start”require 'crimson-falcon'
Falcon.configure do |config| config.client_id = ENV["FALCON_CLIENT_ID"] config.client_secret = ENV["FALCON_CLIENT_SECRET"] config.cloud = "us-1"end
api = Falcon::SensorDownload.newresult = api.get_sensor_installers_ccidby_queryputs result.resourcesFunction Names
Section titled “Function Names”Crimson Falcon uses snake_case method names matching the API Operation IDs:
| API Operation | Ruby Method |
|---|---|
| CombinedDevicesByFilter | combined_devices_by_filter |
| GetDeviceDetailsV2 | get_device_details_v2 |
| PerformActionV2 | perform_action_v2 |
| QueryDevicesByFilterScroll | query_devices_by_filter_scroll |
Samples
Section titled “Samples”The samples directory includes:
hosts/sensor_versions_by_hostname.rb— Query sensor versions by hostnameincidents/crowd_score.rb— Retrieve CrowdScoreoauth2/get_access_token.rb— OAuth2 authenticationsensor_download/get_ccid.rb— Retrieve CCID
Shared utilities in samples/shared/ provide command line parameter handling and credential prompting.
Resources
Section titled “Resources”Page Updated: v1.2.0