Getting Started

Installation

Add to your Cargo.toml:

[dependencies]
rusty_falcon = "0.3"
tokio = { version = "1", features = ["full"] }

Authentication

Rusty Falcon reads credentials from environment variables via FalconHandle::from_env():

Variable	Purpose
`FALCON_CLIENT_ID`	CrowdStrike API Client ID
`FALCON_CLIENT_SECRET`	CrowdStrike API Client Secret
`FALCON_CLOUD`	Cloud region (`us-1`, `us-2`, `eu-1`, `us-gov-1`)

export FALCON_CLIENT_ID="your-client-id"
export FALCON_CLIENT_SECRET="your-client-secret"
export FALCON_CLOUD="us-1"

Quick Start

use rusty_falcon::easy::client::FalconHandle;
use rusty_falcon::apis::sensor_download_api;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env()
        .await
        .expect("Could not authenticate");

    let response = sensor_download_api::get_sensor_installers_ccidby_query(
        &falcon.cfg
    ).await.expect("API call failed");

    println!("{:?}", response);
}

Function Names

Rusty Falcon uses snake_case function names matching the API Operation IDs:

API Operation	Rust Function
CombinedDevicesByFilter	`combined_devices_by_filter`
GetDeviceDetailsV2	`get_device_details_v2`
PerformActionV2	`perform_action_v2`
QueryDevicesByFilterScroll	`query_devices_by_filter_scroll`

Running Examples

The repository includes a helper script:

./scripts/run-examples.sh falcon_host_details

Or run individual examples with cargo:

cargo run --example falcon_host_details

Available Examples

simple — Basic authentication and client initialization
falcon_get_cid — Retrieve Customer ID
falcon_host_details — Query host information
falcon_spotlight_vulnerabilities — Retrieve vulnerabilities
intel_indicators — Query threat indicators
falcon_supported_kernels — List supported Linux kernels
falcon_custom_ioas — Display custom IOAs
falcon_discover_hosts — Display all tenant hosts
falcon_zta — Zero Trust Assessment data

Resources

Page Updated: v0.7.0