Falcon::ExposureManagementApi

All URIs are relative to https://api.us-2.crowdstrike.com

Method	HTTP request	Description
aggregate_external_assets	POST /fem/aggregates/external-assets/v1	Returns external assets aggregates.
blob_download_external_assets	GET /fem/entities/blobs-download/v1	Download the entire contents of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.
blob_preview_external_assets	GET /fem/entities/blobs-preview/v1	Download a preview of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.
combined_ecosystem_subsidiaries	GET /fem/combined/ecosystem-subsidiaries/v1	Retrieves a list of ecosystem subsidiaries with their detailed information.
delete_external_assets	DELETE /fem/entities/external-assets/v1	Delete multiple external assets.
get_ecosystem_subsidiaries	GET /fem/entities/ecosystem-subsidiaries/v1	Retrieves detailed information about ecosystem subsidiaries by ID.
get_external_assets	GET /fem/entities/external-assets/v1	Get details on external assets by providing one or more IDs.
patch_external_assets	PATCH /fem/entities/external-assets/v1	Update the details of external assets.
query_ecosystem_subsidiaries	GET /fem/queries/ecosystem-subsidiaries/v1	Retrieves a list of IDs for ecosystem subsidiaries. Use these IDs with the /entities/ecosystem-subsidiaries/v1 endpoints.
query_external_assets	GET /fem/queries/external-assets/v1	Get a list of external asset IDs that match the provided filter conditions. Use these IDs with the /entities/external-assets/v1 endpoints

aggregate_external_assets

aggregate_external_assets(body)

Returns external assets aggregates.

Returns external assets aggregates as specified via JSON in request body.

Examples

require 'time'
require 'crimson-falcon'

# Setup authorization
Falcon.configure do |config|
  config.client_id = "Your_Client_ID"
  config.client_secret = "Your_Client_Secret"
  config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end

api_instance = Falcon::ExposureManagementApi.new
body = [Falcon::MsaAggregateQueryRequest.new({date_ranges: [Falcon::MsaDateRangeSpec.new({from: 'from_example', to: 'to_example'})], exclude: 'exclude_example', field: 'field_example', filter: 'filter_example', from: 37, include: 'include_example', interval: 'interval_example', missing: 'missing_example', name: 'name_example', q: 'q_example', ranges: [Falcon::MsaRangeSpec.new({from: 3.56, to: 3.56})], size: 37, sort: 'sort_example', sub_aggregates: [Falcon::MsaAggregateQueryRequest.new({date_ranges: [Falcon::MsaDateRangeSpec.new({from: 'from_example', to: 'to_example'})], exclude: 'exclude_example', field: 'field_example', filter: 'filter_example', from: 37, include: 'include_example', interval: 'interval_example', missing: 'missing_example', name: 'name_example', q: 'q_example', ranges: [Falcon::MsaRangeSpec.new({from: 3.56, to: 3.56})], size: 37, sort: 'sort_example', sub_aggregates: [], time_zone: 'time_zone_example', type: 'type_example'})], time_zone: 'time_zone_example', type: 'type_example'})] # Array<MsaAggregateQueryRequest> | Aggregation specification.

begin
  # Returns external assets aggregates.
  result = api_instance.aggregate_external_assets(body)
  p result
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->aggregate_external_assets: #{e}"
end

Using the aggregate_external_assets_with_http_info variant

This returns an Array which contains the response data, status code and headers.

<Array(, Integer, Hash)> aggregate_external_assets_with_http_info(body)

begin
  # Returns external assets aggregates.
  data, status_code, headers = api_instance.aggregate_external_assets_with_http_info(body)
  p status_code # => 2xx
  p headers # => { ... }
  p data # => <MsaAggregatesResponse>
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->aggregate_external_assets_with_http_info: #{e}"
end

Parameters

Name	Type	Description	Notes
body	Array<MsaAggregateQueryRequest>	Aggregation specification.

Return type

MsaAggregatesResponse

Authorization

oauth2

HTTP request headers

Content-Type: application/json
Accept: application/json

blob_download_external_assets

Array<Integer> blob_download_external_assets(asset_id, hash)

Download the entire contents of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.

Download the entire contents of the blob.

Examples

require 'time'
require 'crimson-falcon'

# Setup authorization
Falcon.configure do |config|
  config.client_id = "Your_Client_ID"
  config.client_secret = "Your_Client_Secret"
  config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end

api_instance = Falcon::ExposureManagementApi.new
asset_id = 'asset_id_example' # String | The Asset ID
hash = 'hash_example' # String | The File Hash

begin
  # Download the entire contents of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.
  result = api_instance.blob_download_external_assets(asset_id, hash)
  p result
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->blob_download_external_assets: #{e}"
end

Using the blob_download_external_assets_with_http_info variant

This returns an Array which contains the response data, status code and headers.

<Array(Array<Integer>, Integer, Hash)> blob_download_external_assets_with_http_info(asset_id, hash)

begin
  # Download the entire contents of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.
  data, status_code, headers = api_instance.blob_download_external_assets_with_http_info(asset_id, hash)
  p status_code # => 2xx
  p headers # => { ... }
  p data # => Array&lt;Integer&gt;
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->blob_download_external_assets_with_http_info: #{e}"
end

Parameters

Name	Type	Description	Notes
asset_id	String	The Asset ID
hash	String	The File Hash

Return type

Array<Integer>

Authorization

oauth2

HTTP request headers

Content-Type: Not defined
Accept: application/octet-stream, application/json

blob_preview_external_assets

blob_preview_external_assets(asset_id, hash)

Download a preview of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.

Download a preview of the blob.

Examples

require 'time'
require 'crimson-falcon'

# Setup authorization
Falcon.configure do |config|
  config.client_id = "Your_Client_ID"
  config.client_secret = "Your_Client_Secret"
  config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end

api_instance = Falcon::ExposureManagementApi.new
asset_id = 'asset_id_example' # String | The Asset ID
hash = 'hash_example' # String | The File Hash

begin
  # Download a preview of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.
  result = api_instance.blob_preview_external_assets(asset_id, hash)
  p result
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->blob_preview_external_assets: #{e}"
end

Using the blob_preview_external_assets_with_http_info variant

This returns an Array which contains the response data, status code and headers.

<Array(, Integer, Hash)> blob_preview_external_assets_with_http_info(asset_id, hash)

begin
  # Download a preview of the blob. The relative link to this endpoint is returned in the GET /entities/external-assets/v1 request.
  data, status_code, headers = api_instance.blob_preview_external_assets_with_http_info(asset_id, hash)
  p status_code # => 2xx
  p headers # => { ... }
  p data # => <DomainExternalAssetsBlobAPITypeV1>
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->blob_preview_external_assets_with_http_info: #{e}"
end

Parameters

Name	Type	Description	Notes
asset_id	String	The Asset ID
hash	String	The File Hash

Return type

DomainExternalAssetsBlobAPITypeV1

Authorization

oauth2

HTTP request headers

Content-Type: Not defined
Accept: application/json

combined_ecosystem_subsidiaries

combined_ecosystem_subsidiaries(opts)

Retrieves a list of ecosystem subsidiaries with their detailed information.

Examples

require 'time'
require 'crimson-falcon'

# Setup authorization
Falcon.configure do |config|
  config.client_id = "Your_Client_ID"
  config.client_secret = "Your_Client_Secret"
  config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end

api_instance = Falcon::ExposureManagementApi.new
opts = {
  offset: 56, # Integer | Starting index of result set from which to return subsidiaries
  limit: 56, # Integer | The maximum number of subsidiaries to return in the response.
  sort: 'sort_example', # String | The field by which to sort the list of subsidiaries. Possible values:<ul><li>name</li><li>primary_domain</li></ul></br>Sort order can be specified by appending \"asc\" or \"desc\" to the field name (e.g. \"name|asc\" or \"primary_domain|desc\").
  version_id: 'version_id_example' # String | The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter is required to ensure data consistency and prevent stale data. If a new version of the ecosystem subsidiaries data is written, the version ID will be updated. By including this parameter in the request, the client can ensure that the response will be invalidated if a new version is written.
}

begin
  # Retrieves a list of ecosystem subsidiaries with their detailed information.
  result = api_instance.combined_ecosystem_subsidiaries(opts)
  p result
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->combined_ecosystem_subsidiaries: #{e}"
end

Using the combined_ecosystem_subsidiaries_with_http_info variant

This returns an Array which contains the response data, status code and headers.

<Array(, Integer, Hash)> combined_ecosystem_subsidiaries_with_http_info(opts)

begin
  # Retrieves a list of ecosystem subsidiaries with their detailed information.
  data, status_code, headers = api_instance.combined_ecosystem_subsidiaries_with_http_info(opts)
  p status_code # => 2xx
  p headers # => { ... }
  p data # => <DomainFemEcosystemSubsidiariesEntitiesResponse>
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->combined_ecosystem_subsidiaries_with_http_info: #{e}"
end

Parameters

Name	Type	Description	Notes
offset	Integer	Starting index of result set from which to return subsidiaries	[optional][default to 0]
limit	Integer	The maximum number of subsidiaries to return in the response.	[optional][default to 100]
sort	String	The field by which to sort the list of subsidiaries. Possible values:<ul><li>name</li><li>primary_domain</li></ul></br>Sort order can be specified by appending "asc" or "desc" to the field name (e.g. "name	asc" or "primary_domain
version_id	String	The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter is required to ensure data consistency and prevent stale data. If a new version of the ecosystem subsidiaries data is written, the version ID will be updated. By including this parameter in the request, the client can ensure that the response will be invalidated if a new version is written.	[optional]

Return type

DomainFemEcosystemSubsidiariesEntitiesResponse

Authorization

oauth2

HTTP request headers

Content-Type: Not defined
Accept: application/json

delete_external_assets

delete_external_assets(ids, body)

Delete multiple external assets.

Examples

require 'time'
require 'crimson-falcon'

# Setup authorization
Falcon.configure do |config|
  config.client_id = "Your_Client_ID"
  config.client_secret = "Your_Client_Secret"
  config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end

api_instance = Falcon::ExposureManagementApi.new
ids = ['inner_example'] # Array<String> | One or more asset IDs (max: 100).
body = Falcon::DomainExternalAssetAPIDeleteRequestV1.new # DomainExternalAssetAPIDeleteRequestV1 | 

begin
  # Delete multiple external assets.
  result = api_instance.delete_external_assets(ids, body)
  p result
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->delete_external_assets: #{e}"
end

Using the delete_external_assets_with_http_info variant

This returns an Array which contains the response data, status code and headers.

<Array(, Integer, Hash)> delete_external_assets_with_http_info(ids, body)

begin
  # Delete multiple external assets.
  data, status_code, headers = api_instance.delete_external_assets_with_http_info(ids, body)
  p status_code # => 2xx
  p headers # => { ... }
  p data # => <MsaspecQueryResponse>
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->delete_external_assets_with_http_info: #{e}"
end

Parameters

Name	Type	Description	Notes
ids	Array<String>	One or more asset IDs (max: 100).
body	DomainExternalAssetAPIDeleteRequestV1

Return type

MsaspecQueryResponse

Authorization

oauth2

HTTP request headers

Content-Type: application/json
Accept: application/json

get_ecosystem_subsidiaries

get_ecosystem_subsidiaries(ids, opts)

Retrieves detailed information about ecosystem subsidiaries by ID.

Examples

require 'time'
require 'crimson-falcon'

# Setup authorization
Falcon.configure do |config|
  config.client_id = "Your_Client_ID"
  config.client_secret = "Your_Client_Secret"
  config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end

api_instance = Falcon::ExposureManagementApi.new
ids = ['inner_example'] # Array<String> | One or more asset IDs (max: 100). Find ecosystem subsidiary IDs with GET `/fem/entities/ecosystem-subsidiaries/v1`
opts = {
  version_id: 'version_id_example' # String | The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter is required to ensure data consistency and prevent stale data. If a new version of the ecosystem subsidiaries data is written, the version ID will be updated. By including this parameter in the request, the client can ensure that the response will be invalidated if a new version is written.
}

begin
  # Retrieves detailed information about ecosystem subsidiaries by ID.
  result = api_instance.get_ecosystem_subsidiaries(ids, opts)
  p result
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->get_ecosystem_subsidiaries: #{e}"
end

Using the get_ecosystem_subsidiaries_with_http_info variant

This returns an Array which contains the response data, status code and headers.

<Array(, Integer, Hash)> get_ecosystem_subsidiaries_with_http_info(ids, opts)

begin
  # Retrieves detailed information about ecosystem subsidiaries by ID.
  data, status_code, headers = api_instance.get_ecosystem_subsidiaries_with_http_info(ids, opts)
  p status_code # => 2xx
  p headers # => { ... }
  p data # => <DomainFemEcosystemSubsidiariesEntitiesResponse>
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->get_ecosystem_subsidiaries_with_http_info: #{e}"
end

Parameters

Name	Type	Description	Notes
ids	Array<String>	One or more asset IDs (max: 100). Find ecosystem subsidiary IDs with GET `/fem/entities/ecosystem-subsidiaries/v1`
version_id	String	The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter is required to ensure data consistency and prevent stale data. If a new version of the ecosystem subsidiaries data is written, the version ID will be updated. By including this parameter in the request, the client can ensure that the response will be invalidated if a new version is written.	[optional]

Return type

DomainFemEcosystemSubsidiariesEntitiesResponse

Authorization

oauth2

HTTP request headers

Content-Type: Not defined
Accept: application/json

get_external_assets

get_external_assets(ids)

Get details on external assets by providing one or more IDs.

Examples

require 'time'
require 'crimson-falcon'

# Setup authorization
Falcon.configure do |config|
  config.client_id = "Your_Client_ID"
  config.client_secret = "Your_Client_Secret"
  config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end

api_instance = Falcon::ExposureManagementApi.new
ids = ['inner_example'] # Array<String> | One or more asset IDs (max: 100). Find asset IDs with GET `/fem/queries/external-assets/v1`

begin
  # Get details on external assets by providing one or more IDs.
  result = api_instance.get_external_assets(ids)
  p result
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->get_external_assets: #{e}"
end

Using the get_external_assets_with_http_info variant

This returns an Array which contains the response data, status code and headers.

<Array(, Integer, Hash)> get_external_assets_with_http_info(ids)

begin
  # Get details on external assets by providing one or more IDs.
  data, status_code, headers = api_instance.get_external_assets_with_http_info(ids)
  p status_code # => 2xx
  p headers # => { ... }
  p data # => <DomainExternalAssetsAPITypeV1>
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->get_external_assets_with_http_info: #{e}"
end

Parameters

Name	Type	Description	Notes
ids	Array<String>	One or more asset IDs (max: 100). Find asset IDs with GET `/fem/queries/external-assets/v1`

Return type

DomainExternalAssetsAPITypeV1

Authorization

oauth2

HTTP request headers

Content-Type: Not defined
Accept: application/json

patch_external_assets

patch_external_assets(body)

Update the details of external assets.

Examples

require 'time'
require 'crimson-falcon'

# Setup authorization
Falcon.configure do |config|
  config.client_id = "Your_Client_ID"
  config.client_secret = "Your_Client_Secret"
  config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end

api_instance = Falcon::ExposureManagementApi.new
body = Falcon::DomainExternalAssetAPIPatchRequestV1.new({assets: [Falcon::DomainExternalAssetsAPIPatch.new({id: 'id_example'})]}) # DomainExternalAssetAPIPatchRequestV1 | 

begin
  # Update the details of external assets.
  result = api_instance.patch_external_assets(body)
  p result
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->patch_external_assets: #{e}"
end

Using the patch_external_assets_with_http_info variant

This returns an Array which contains the response data, status code and headers.

<Array(, Integer, Hash)> patch_external_assets_with_http_info(body)

begin
  # Update the details of external assets.
  data, status_code, headers = api_instance.patch_external_assets_with_http_info(body)
  p status_code # => 2xx
  p headers # => { ... }
  p data # => <DomainExternalAssetsAPITypeV1>
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->patch_external_assets_with_http_info: #{e}"
end

Parameters

Name	Type	Description	Notes
body	DomainExternalAssetAPIPatchRequestV1

Return type

DomainExternalAssetsAPITypeV1

Authorization

oauth2

HTTP request headers

Content-Type: application/json
Accept: application/json

query_ecosystem_subsidiaries

query_ecosystem_subsidiaries(opts)

Retrieves a list of IDs for ecosystem subsidiaries. Use these IDs with the /entities/ecosystem-subsidiaries/v1 endpoints.

Examples

require 'time'
require 'crimson-falcon'

# Setup authorization
Falcon.configure do |config|
  config.client_id = "Your_Client_ID"
  config.client_secret = "Your_Client_Secret"
  config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end

api_instance = Falcon::ExposureManagementApi.new
opts = {
  offset: 56, # Integer | Starting index of result set from which to return subsidiaries
  limit: 56, # Integer | The maximum number of IDs to return in the response.
  sort: 'sort_example', # String | The field by which to sort the list of IDs. Possible values:<ul><li>name</li><li>primary_domain</li></ul></br>Sort order can be specified by appending \"asc\" or \"desc\" to the field name (e.g. \"name|asc\" or \"primary_domain|desc\").
  version_id: 'version_id_example' # String | The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter is required to ensure data consistency and prevent stale data. If a new version of the ecosystem subsidiaries data is written, the version ID will be updated. By including this parameter in the request, the client can ensure that the response will be invalidated if a new version is written.
}

begin
  # Retrieves a list of IDs for ecosystem subsidiaries. Use these IDs with the /entities/ecosystem-subsidiaries/v1 endpoints.
  result = api_instance.query_ecosystem_subsidiaries(opts)
  p result
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->query_ecosystem_subsidiaries: #{e}"
end

Using the query_ecosystem_subsidiaries_with_http_info variant

This returns an Array which contains the response data, status code and headers.

<Array(, Integer, Hash)> query_ecosystem_subsidiaries_with_http_info(opts)

begin
  # Retrieves a list of IDs for ecosystem subsidiaries. Use these IDs with the /entities/ecosystem-subsidiaries/v1 endpoints.
  data, status_code, headers = api_instance.query_ecosystem_subsidiaries_with_http_info(opts)
  p status_code # => 2xx
  p headers # => { ... }
  p data # => <DomainFemEcosystemSubsidiariesQueryResponse>
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->query_ecosystem_subsidiaries_with_http_info: #{e}"
end

Parameters

Name	Type	Description	Notes
offset	Integer	Starting index of result set from which to return subsidiaries	[optional][default to 0]
limit	Integer	The maximum number of IDs to return in the response.	[optional][default to 100]
sort	String	The field by which to sort the list of IDs. Possible values:<ul><li>name</li><li>primary_domain</li></ul></br>Sort order can be specified by appending "asc" or "desc" to the field name (e.g. "name	asc" or "primary_domain
version_id	String	The version ID of the ecosystem subsidiaries data, represented as a hash string. This parameter is required to ensure data consistency and prevent stale data. If a new version of the ecosystem subsidiaries data is written, the version ID will be updated. By including this parameter in the request, the client can ensure that the response will be invalidated if a new version is written.	[optional]

Return type

DomainFemEcosystemSubsidiariesQueryResponse

Authorization

oauth2

HTTP request headers

Content-Type: Not defined
Accept: application/json

query_external_assets

query_external_assets(opts)

Get a list of external asset IDs that match the provided filter conditions. Use these IDs with the /entities/external-assets/v1 endpoints

Examples

require 'time'
require 'crimson-falcon'

# Setup authorization
Falcon.configure do |config|
  config.client_id = "Your_Client_ID"
  config.client_secret = "Your_Client_Secret"
  config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end

api_instance = Falcon::ExposureManagementApi.new
opts = {
  offset: 'offset_example', # String | Starting index of result set from which to return IDs.
  limit: 56, # Integer | Number of IDs to return.
  sort: 'sort_example', # String | Order by fields.
  filter: 'filter_example' # String | Filter assets using an FQL query. Common filter options include:<ul><li>asset_type:'ip'</li><li>last_seen_timestamp:>'now-7d'</li></ul>    </br>Available filter fields that support exact match: asset_id, asset_type, confidence, connectivity_status, criticality, criticality_description, criticality_timestamp, criticality_username, data_providers, discovered_by, dns_domain.fqdn, dns_domain.isps, dns_domain.parent_domain, dns_domain.resolved_ips, dns_domain.services.applications.category, dns_domain.services.applications.cpe, dns_domain.services.applications.name, dns_domain.services.applications.vendor, dns_domain.services.applications.version, dns_domain.services.cloud_provider, dns_domain.services.cpes, dns_domain.services.hosting_provider, dns_domain.services.last_seen, dns_domain.services.platform_name, dns_domain.services.port, dns_domain.services.protocol, dns_domain.services.protocol_port, dns_domain.services.status, dns_domain.services.status_code, dns_domain.services.transport, dns_domain.type, first_seen, id, internet_exposure, ip.asn, ip.cloud_provider, ip.cloud_vm.description, ip.cloud_vm.instance_id, ip.cloud_vm.lifecycle, ip.cloud_vm.mac_address, ip.cloud_vm.owner_id, ip.cloud_vm.platform, ip.cloud_vm.private_ip, ip.cloud_vm.public_ip, ip.cloud_vm.region, ip.cloud_vm.security_groups, ip.cloud_vm.source, ip.cloud_vm.status, ip.fqdns, ip.ip_address, ip.isp, ip.location.area_code, ip.location.city, ip.location.country_code, ip.location.country_name, ip.location.postal_code, ip.location.region_code, ip.location.region_name, ip.location.timezone, ip.ptr, ip.aid, ip.services.applications.category, ip.services.applications.cpe, ip.services.applications.name, ip.services.applications.vendor, ip.services.applications.version, ip.services.cloud_provider, ip.services.cpes, ip.services.first_seen, ip.services.last_seen, ip.services.platform_name, ip.services.port, ip.services.protocol, ip.services.protocol_port, ip.services.status, ip.services.status_code, ip.services.transport, last_seen, manual, perimeter, subsidiaries.id, subsidiaries.name, triage.action, triage.assigned_to, triage.status, triage.updated_by, triage.updated_timestamp    </br>Available filter fields that supports wildcard (*): asset_id, asset_type, confidence, connectivity_status, criticality, criticality_username, data_providers, discovered_by, dns_domain.fqdn, dns_domain.isps, dns_domain.parent_domain, dns_domain.resolved_ips, dns_domain.services.applications.category, dns_domain.services.applications.cpe, dns_domain.services.applications.name, dns_domain.services.applications.vendor, dns_domain.services.applications.version, dns_domain.services.cloud_provider, dns_domain.services.cpes, dns_domain.services.hosting_provider, dns_domain.services.id, dns_domain.services.platform_name, dns_domain.services.port, dns_domain.services.protocol, dns_domain.services.protocol_port, dns_domain.services.status, dns_domain.services.status_code, dns_domain.services.transport, dns_domain.type, id, internet_exposure, ip.asn, ip.cloud_vm.instance_id, ip.cloud_vm.lifecycle, ip.cloud_vm.mac_address, ip.cloud_vm.owner_id, ip.cloud_vm.platform, ip.cloud_vm.private_ip, ip.cloud_vm.public_ip, ip.cloud_vm.region, ip.cloud_vm.security_groups, ip.cloud_vm.source, ip.cloud_vm.status, ip.fqdns, ip.ip_address, ip.isp, ip.location.area_code, ip.location.city, ip.location.country_code, ip.location.country_name, ip.location.postal_code, ip.location.region_code, ip.location.region_name, ip.location.timezone, ip.ptr, ip.aid, ip.services.applications.category, ip.services.applications.cpe, ip.services.applications.name, ip.services.applications.vendor, ip.services.applications.version, ip.services.cloud_provider, ip.services.cpes, ip.services.platform_name, ip.services.port, ip.services.protocol, ip.services.protocol_port, ip.services.status, ip.services.status_code, ip.services.transport, manual, perimeter, subsidiaries.id, subsidiaries.name, triage.action, triage.assigned_to, triage.status, triage.updated_by    </br>Available filter fields that supports in ([v1, v2]): asset_id, asset_type, confidence, connectivity_status, criticality, criticality_username, data_providers, discovered_by, dns_domain.fqdn, dns_domain.isps, dns_domain.parent_domain, dns_domain.services.applications.category, dns_domain.services.applications.cpe, dns_domain.services.applications.name, dns_domain.services.applications.vendor, dns_domain.services.applications.version, dns_domain.services.cloud_provider, dns_domain.services.cpes, dns_domain.services.id, dns_domain.services.platform_name, dns_domain.services.port, dns_domain.services.protocol, dns_domain.services.protocol_port, dns_domain.services.status, dns_domain.services.status_code, dns_domain.services.transport, dns_domain.type, id, internet_exposure, ip.asn, ip.cloud_vm.instance_id, ip.cloud_vm.lifecycle, ip.cloud_vm.mac_address, ip.cloud_vm.owner_id, ip.cloud_vm.platform, ip.cloud_vm.region, ip.cloud_vm.security_groups, ip.cloud_vm.source, ip.cloud_vm.status, ip.fqdns, ip.isp, ip.location.area_code, ip.location.city, ip.location.country_code, ip.location.country_name, ip.location.postal_code, ip.location.region_code, ip.location.region_name, ip.location.timezone, ip.ptr, ip.aid, ip.services.applications.category, ip.services.applications.cpe, ip.services.applications.name, ip.services.applications.vendor, ip.services.applications.version, ip.services.cloud_provider, ip.services.cpes, ip.services.platform_name, ip.services.port, ip.services.protocol, ip.services.protocol_port, ip.services.status, ip.services.status_code, ip.services.transport, manual, perimeter, subsidiaries.id, subsidiaries.name, triage.action, triage.assigned_to, triage.status, triage.updated_by    </br>Available filter fields that supports range comparisons (>, <, >=, <=): criticality_timestamp, dns_domain.resolved_ips, dns_domain.services.first_seen, dns_domain.services.last_seen, dns_domain.services.port, dns_domain.services.status_code, first_seen, ip.cloud_vm.private_ip, ip.cloud_vm.public_ip, ip.ip_address, ip.services.first_seen, ip.services.last_seen, ip.services.port, ip.services.status_code, last_seen, triage.updated_timestamp    </br>All filter fields and operations supports negation (!).
}

begin
  # Get a list of external asset IDs that match the provided filter conditions. Use these IDs with the /entities/external-assets/v1 endpoints
  result = api_instance.query_external_assets(opts)
  p result
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->query_external_assets: #{e}"
end

Using the query_external_assets_with_http_info variant

This returns an Array which contains the response data, status code and headers.

<Array(, Integer, Hash)> query_external_assets_with_http_info(opts)

begin
  # Get a list of external asset IDs that match the provided filter conditions. Use these IDs with the /entities/external-assets/v1 endpoints
  data, status_code, headers = api_instance.query_external_assets_with_http_info(opts)
  p status_code # => 2xx
  p headers # => { ... }
  p data # => <MsaspecQueryResponse>
rescue Falcon::ApiError => e
  puts "Error when calling ExposureManagementApi->query_external_assets_with_http_info: #{e}"
end

Parameters

Name	Type	Description	Notes
offset	String	Starting index of result set from which to return IDs.	[optional]
limit	Integer	Number of IDs to return.	[optional]
sort	String	Order by fields.	[optional]
filter	String	Filter assets using an FQL query. Common filter options include:<ul><li>asset_type:'ip'</li><li>last_seen_timestamp:>'now-7d'</li></ul> </br>Available filter fields that support exact match: asset_id, asset_type, confidence, connectivity_status, criticality, criticality_description, criticality_timestamp, criticality_username, data_providers, discovered_by, dns_domain.fqdn, dns_domain.isps, dns_domain.parent_domain, dns_domain.resolved_ips, dns_domain.services.applications.category, dns_domain.services.applications.cpe, dns_domain.services.applications.name, dns_domain.services.applications.vendor, dns_domain.services.applications.version, dns_domain.services.cloud_provider, dns_domain.services.cpes, dns_domain.services.hosting_provider, dns_domain.services.last_seen, dns_domain.services.platform_name, dns_domain.services.port, dns_domain.services.protocol, dns_domain.services.protocol_port, dns_domain.services.status, dns_domain.services.status_code, dns_domain.services.transport, dns_domain.type, first_seen, id, internet_exposure, ip.asn, ip.cloud_provider, ip.cloud_vm.description, ip.cloud_vm.instance_id, ip.cloud_vm.lifecycle, ip.cloud_vm.mac_address, ip.cloud_vm.owner_id, ip.cloud_vm.platform, ip.cloud_vm.private_ip, ip.cloud_vm.public_ip, ip.cloud_vm.region, ip.cloud_vm.security_groups, ip.cloud_vm.source, ip.cloud_vm.status, ip.fqdns, ip.ip_address, ip.isp, ip.location.area_code, ip.location.city, ip.location.country_code, ip.location.country_name, ip.location.postal_code, ip.location.region_code, ip.location.region_name, ip.location.timezone, ip.ptr, ip.aid, ip.services.applications.category, ip.services.applications.cpe, ip.services.applications.name, ip.services.applications.vendor, ip.services.applications.version, ip.services.cloud_provider, ip.services.cpes, ip.services.first_seen, ip.services.last_seen, ip.services.platform_name, ip.services.port, ip.services.protocol, ip.services.protocol_port, ip.services.status, ip.services.status_code, ip.services.transport, last_seen, manual, perimeter, subsidiaries.id, subsidiaries.name, triage.action, triage.assigned_to, triage.status, triage.updated_by, triage.updated_timestamp </br>Available filter fields that supports wildcard (*): asset_id, asset_type, confidence, connectivity_status, criticality, criticality_username, data_providers, discovered_by, dns_domain.fqdn, dns_domain.isps, dns_domain.parent_domain, dns_domain.resolved_ips, dns_domain.services.applications.category, dns_domain.services.applications.cpe, dns_domain.services.applications.name, dns_domain.services.applications.vendor, dns_domain.services.applications.version, dns_domain.services.cloud_provider, dns_domain.services.cpes, dns_domain.services.hosting_provider, dns_domain.services.id, dns_domain.services.platform_name, dns_domain.services.port, dns_domain.services.protocol, dns_domain.services.protocol_port, dns_domain.services.status, dns_domain.services.status_code, dns_domain.services.transport, dns_domain.type, id, internet_exposure, ip.asn, ip.cloud_vm.instance_id, ip.cloud_vm.lifecycle, ip.cloud_vm.mac_address, ip.cloud_vm.owner_id, ip.cloud_vm.platform, ip.cloud_vm.private_ip, ip.cloud_vm.public_ip, ip.cloud_vm.region, ip.cloud_vm.security_groups, ip.cloud_vm.source, ip.cloud_vm.status, ip.fqdns, ip.ip_address, ip.isp, ip.location.area_code, ip.location.city, ip.location.country_code, ip.location.country_name, ip.location.postal_code, ip.location.region_code, ip.location.region_name, ip.location.timezone, ip.ptr, ip.aid, ip.services.applications.category, ip.services.applications.cpe, ip.services.applications.name, ip.services.applications.vendor, ip.services.applications.version, ip.services.cloud_provider, ip.services.cpes, ip.services.platform_name, ip.services.port, ip.services.protocol, ip.services.protocol_port, ip.services.status, ip.services.status_code, ip.services.transport, manual, perimeter, subsidiaries.id, subsidiaries.name, triage.action, triage.assigned_to, triage.status, triage.updated_by </br>Available filter fields that supports in ([v1, v2]): asset_id, asset_type, confidence, connectivity_status, criticality, criticality_username, data_providers, discovered_by, dns_domain.fqdn, dns_domain.isps, dns_domain.parent_domain, dns_domain.services.applications.category, dns_domain.services.applications.cpe, dns_domain.services.applications.name, dns_domain.services.applications.vendor, dns_domain.services.applications.version, dns_domain.services.cloud_provider, dns_domain.services.cpes, dns_domain.services.id, dns_domain.services.platform_name, dns_domain.services.port, dns_domain.services.protocol, dns_domain.services.protocol_port, dns_domain.services.status, dns_domain.services.status_code, dns_domain.services.transport, dns_domain.type, id, internet_exposure, ip.asn, ip.cloud_vm.instance_id, ip.cloud_vm.lifecycle, ip.cloud_vm.mac_address, ip.cloud_vm.owner_id, ip.cloud_vm.platform, ip.cloud_vm.region, ip.cloud_vm.security_groups, ip.cloud_vm.source, ip.cloud_vm.status, ip.fqdns, ip.isp, ip.location.area_code, ip.location.city, ip.location.country_code, ip.location.country_name, ip.location.postal_code, ip.location.region_code, ip.location.region_name, ip.location.timezone, ip.ptr, ip.aid, ip.services.applications.category, ip.services.applications.cpe, ip.services.applications.name, ip.services.applications.vendor, ip.services.applications.version, ip.services.cloud_provider, ip.services.cpes, ip.services.platform_name, ip.services.port, ip.services.protocol, ip.services.protocol_port, ip.services.status, ip.services.status_code, ip.services.transport, manual, perimeter, subsidiaries.id, subsidiaries.name, triage.action, triage.assigned_to, triage.status, triage.updated_by </br>Available filter fields that supports range comparisons (>, <, >=, <=): criticality_timestamp, dns_domain.resolved_ips, dns_domain.services.first_seen, dns_domain.services.last_seen, dns_domain.services.port, dns_domain.services.status_code, first_seen, ip.cloud_vm.private_ip, ip.cloud_vm.public_ip, ip.ip_address, ip.services.first_seen, ip.services.last_seen, ip.services.port, ip.services.status_code, last_seen, triage.updated_timestamp </br>All filter fields and operations supports negation (!).	[optional]

Return type

MsaspecQueryResponse

Authorization

oauth2

HTTP request headers

Content-Type: Not defined
Accept: application/json

Files

ExposureManagementApi.md

Latest commit

History

ExposureManagementApi.md

File metadata and controls

Falcon::ExposureManagementApi

aggregate_external_assets

Examples

Using the aggregate_external_assets_with_http_info variant

Parameters

Return type

Authorization

HTTP request headers

blob_download_external_assets

Examples

Using the blob_download_external_assets_with_http_info variant

Parameters

Return type

Authorization

HTTP request headers

blob_preview_external_assets

Examples

Using the blob_preview_external_assets_with_http_info variant

Parameters

Return type

Authorization

HTTP request headers

combined_ecosystem_subsidiaries

Examples

Using the combined_ecosystem_subsidiaries_with_http_info variant

Parameters

Return type

Authorization

HTTP request headers

delete_external_assets

Examples

Using the delete_external_assets_with_http_info variant

Parameters

Return type

Authorization

HTTP request headers

get_ecosystem_subsidiaries

Examples

Using the get_ecosystem_subsidiaries_with_http_info variant

Parameters

Return type

Authorization

HTTP request headers

get_external_assets

Examples

Using the get_external_assets_with_http_info variant

Parameters

Return type

Authorization

HTTP request headers

patch_external_assets

Examples

Using the patch_external_assets_with_http_info variant

Parameters

Return type

Authorization

HTTP request headers

query_ecosystem_subsidiaries

Examples

Using the query_ecosystem_subsidiaries_with_http_info variant

Parameters

Return type

Authorization

HTTP request headers

query_external_assets

Examples

Using the query_external_assets_with_http_info variant

Parameters

Return type

Authorization

HTTP request headers