All URIs are relative to https://api.us-2.crowdstrike.com
| Method | HTTP request | Description |
|---|---|---|
| create_rt_response_policies | POST /policy/entities/response/v1 | Create Response Policies by specifying details about the policy to create |
| delete_rt_response_policies | DELETE /policy/entities/response/v1 | Delete a set of Response Policies by specifying their IDs |
| get_rt_response_policies | GET /policy/entities/response/v1 | Retrieve a set of Response Policies by specifying their IDs |
| perform_rt_response_policies_action | POST /policy/entities/response-actions/v1 | Perform the specified action on the Response Policies specified in the request |
| query_combined_rt_response_policies | GET /policy/combined/response/v1 | Search for Response Policies in your environment by providing an FQL filter and paging details. Returns a set of Response Policies which match the filter criteria |
| query_combined_rt_response_policy_members | GET /policy/combined/response-members/v1 | Search for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria |
| query_rt_response_policies | GET /policy/queries/response/v1 | Search for Response Policies in your environment by providing an FQL filter with sort and/or paging details. This returns a set of Response Policy IDs that match the given criteria. |
| query_rt_response_policy_members | GET /policy/queries/response-members/v1 | Search for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria |
| set_rt_response_policies_precedence | POST /policy/entities/response-precedence/v1 | Sets the precedence of Response Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence |
| update_rt_response_policies | PATCH /policy/entities/response/v1 | Update Response Policies by specifying the ID of the policy and details to update |
create_rt_response_policies(body)
Create Response Policies by specifying details about the policy to create
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::ResponsePoliciesApi.new
body = Falcon::RemoteResponseCreatePoliciesV1.new({resources: [Falcon::RemoteResponseCreatePolicyReqV1.new({name: 'name_example', platform_name: 'Windows'})]}) # RemoteResponseCreatePoliciesV1 |
begin
# Create Response Policies by specifying details about the policy to create
result = api_instance.create_rt_response_policies(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->create_rt_response_policies: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> create_rt_response_policies_with_http_info(body)
begin
# Create Response Policies by specifying details about the policy to create
data, status_code, headers = api_instance.create_rt_response_policies_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <RemoteResponseRespV1>
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->create_rt_response_policies_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| body | RemoteResponseCreatePoliciesV1 |
oauth2
- Content-Type: application/json
- Accept: application/json
delete_rt_response_policies(ids)
Delete a set of Response Policies by specifying their IDs
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::ResponsePoliciesApi.new
ids = ['inner_example'] # Array<String> | The IDs of the Response Policies to delete
begin
# Delete a set of Response Policies by specifying their IDs
result = api_instance.delete_rt_response_policies(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->delete_rt_response_policies: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> delete_rt_response_policies_with_http_info(ids)
begin
# Delete a set of Response Policies by specifying their IDs
data, status_code, headers = api_instance.delete_rt_response_policies_with_http_info(ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->delete_rt_response_policies_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| ids | Array<String> | The IDs of the Response Policies to delete |
oauth2
- Content-Type: Not defined
- Accept: application/json
get_rt_response_policies(ids)
Retrieve a set of Response Policies by specifying their IDs
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::ResponsePoliciesApi.new
ids = ['inner_example'] # Array<String> | The IDs of the RTR Policies to return
begin
# Retrieve a set of Response Policies by specifying their IDs
result = api_instance.get_rt_response_policies(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->get_rt_response_policies: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> get_rt_response_policies_with_http_info(ids)
begin
# Retrieve a set of Response Policies by specifying their IDs
data, status_code, headers = api_instance.get_rt_response_policies_with_http_info(ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <RemoteResponseRespV1>
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->get_rt_response_policies_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| ids | Array<String> | The IDs of the RTR Policies to return |
oauth2
- Content-Type: Not defined
- Accept: application/json
perform_rt_response_policies_action(action_name, body)
Perform the specified action on the Response Policies specified in the request
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::ResponsePoliciesApi.new
action_name = 'add-host-group' # String | The action to perform
body = Falcon::MsaEntityActionRequestV2.new({ids: ['ids_example']}) # MsaEntityActionRequestV2 |
begin
# Perform the specified action on the Response Policies specified in the request
result = api_instance.perform_rt_response_policies_action(action_name, body)
p result
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->perform_rt_response_policies_action: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> perform_rt_response_policies_action_with_http_info(action_name, body)
begin
# Perform the specified action on the Response Policies specified in the request
data, status_code, headers = api_instance.perform_rt_response_policies_action_with_http_info(action_name, body)
p status_code # => 2xx
p headers # => { ... }
p data # => <RemoteResponseRespV1>
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->perform_rt_response_policies_action_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| action_name | String | The action to perform | |
| body | MsaEntityActionRequestV2 |
oauth2
- Content-Type: application/json
- Accept: application/json
query_combined_rt_response_policies(opts)
Search for Response Policies in your environment by providing an FQL filter and paging details. Returns a set of Response Policies which match the filter criteria
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::ResponsePoliciesApi.new
opts = {
filter: 'filter_example', # String | The filter expression that should be used to limit the results
offset: 56, # Integer | The offset to start retrieving records from
limit: 56, # Integer | The maximum records to return. [1-5000]
sort: 'created_by.asc' # String | The property to sort by
}
begin
# Search for Response Policies in your environment by providing an FQL filter and paging details. Returns a set of Response Policies which match the filter criteria
result = api_instance.query_combined_rt_response_policies(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->query_combined_rt_response_policies: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_combined_rt_response_policies_with_http_info(opts)
begin
# Search for Response Policies in your environment by providing an FQL filter and paging details. Returns a set of Response Policies which match the filter criteria
data, status_code, headers = api_instance.query_combined_rt_response_policies_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <RemoteResponseRespV1>
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->query_combined_rt_response_policies_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| filter | String | The filter expression that should be used to limit the results | [optional] |
| offset | Integer | The offset to start retrieving records from | [optional] |
| limit | Integer | The maximum records to return. [1-5000] | [optional] |
| sort | String | The property to sort by | [optional] |
oauth2
- Content-Type: Not defined
- Accept: application/json
query_combined_rt_response_policy_members(opts)
Search for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::ResponsePoliciesApi.new
opts = {
id: 'id_example', # String | The ID of the Response policy to search for members of
filter: 'filter_example', # String | The filter expression that should be used to limit the results
offset: 56, # Integer | The offset to start retrieving records from
limit: 56, # Integer | The maximum records to return. [1-5000]
sort: 'sort_example' # String | The property to sort by
}
begin
# Search for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria
result = api_instance.query_combined_rt_response_policy_members(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->query_combined_rt_response_policy_members: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_combined_rt_response_policy_members_with_http_info(opts)
begin
# Search for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria
data, status_code, headers = api_instance.query_combined_rt_response_policy_members_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <BasePolicyMembersRespV1>
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->query_combined_rt_response_policy_members_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| id | String | The ID of the Response policy to search for members of | [optional] |
| filter | String | The filter expression that should be used to limit the results | [optional] |
| offset | Integer | The offset to start retrieving records from | [optional] |
| limit | Integer | The maximum records to return. [1-5000] | [optional] |
| sort | String | The property to sort by | [optional] |
oauth2
- Content-Type: Not defined
- Accept: application/json
query_rt_response_policies(opts)
Search for Response Policies in your environment by providing an FQL filter with sort and/or paging details. This returns a set of Response Policy IDs that match the given criteria.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::ResponsePoliciesApi.new
opts = {
filter: 'filter_example', # String | The filter expression that should be used to determine the results.
offset: 56, # Integer | The offset of the first record to retrieve from
limit: 56, # Integer | The maximum number of records to return [1-5000]
sort: 'created_by.asc' # String | The property to sort results by
}
begin
# Search for Response Policies in your environment by providing an FQL filter with sort and/or paging details. This returns a set of Response Policy IDs that match the given criteria.
result = api_instance.query_rt_response_policies(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->query_rt_response_policies: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_rt_response_policies_with_http_info(opts)
begin
# Search for Response Policies in your environment by providing an FQL filter with sort and/or paging details. This returns a set of Response Policy IDs that match the given criteria.
data, status_code, headers = api_instance.query_rt_response_policies_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->query_rt_response_policies_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| filter | String | The filter expression that should be used to determine the results. | [optional] |
| offset | Integer | The offset of the first record to retrieve from | [optional] |
| limit | Integer | The maximum number of records to return [1-5000] | [optional] |
| sort | String | The property to sort results by | [optional] |
oauth2
- Content-Type: Not defined
- Accept: application/json
query_rt_response_policy_members(opts)
Search for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::ResponsePoliciesApi.new
opts = {
id: 'id_example', # String | The ID of the Response policy to search for members of
filter: 'filter_example', # String | The filter expression that should be used to limit the results
offset: 56, # Integer | The offset to start retrieving records from
limit: 56, # Integer | The maximum records to return. [1-5000]
sort: 'sort_example' # String | The property to sort by
}
begin
# Search for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
result = api_instance.query_rt_response_policy_members(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->query_rt_response_policy_members: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_rt_response_policy_members_with_http_info(opts)
begin
# Search for members of a Response policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
data, status_code, headers = api_instance.query_rt_response_policy_members_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->query_rt_response_policy_members_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| id | String | The ID of the Response policy to search for members of | [optional] |
| filter | String | The filter expression that should be used to limit the results | [optional] |
| offset | Integer | The offset to start retrieving records from | [optional] |
| limit | Integer | The maximum records to return. [1-5000] | [optional] |
| sort | String | The property to sort by | [optional] |
oauth2
- Content-Type: Not defined
- Accept: application/json
set_rt_response_policies_precedence(body)
Sets the precedence of Response Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::ResponsePoliciesApi.new
body = Falcon::BaseSetPolicyPrecedenceReqV1.new({ids: ['ids_example'], platform_name: 'Windows'}) # BaseSetPolicyPrecedenceReqV1 |
begin
# Sets the precedence of Response Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
result = api_instance.set_rt_response_policies_precedence(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->set_rt_response_policies_precedence: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> set_rt_response_policies_precedence_with_http_info(body)
begin
# Sets the precedence of Response Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
data, status_code, headers = api_instance.set_rt_response_policies_precedence_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->set_rt_response_policies_precedence_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| body | BaseSetPolicyPrecedenceReqV1 |
oauth2
- Content-Type: application/json
- Accept: application/json
update_rt_response_policies(body)
Update Response Policies by specifying the ID of the policy and details to update
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::ResponsePoliciesApi.new
body = Falcon::RemoteResponseUpdatePoliciesReqV1.new({resources: [Falcon::RemoteResponseUpdatePolicyReqV1.new({id: 'id_example', settings: [Falcon::PreventionSettingReqV1.new({id: 'id_example', value: 3.56})]})]}) # RemoteResponseUpdatePoliciesReqV1 |
begin
# Update Response Policies by specifying the ID of the policy and details to update
result = api_instance.update_rt_response_policies(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->update_rt_response_policies: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> update_rt_response_policies_with_http_info(body)
begin
# Update Response Policies by specifying the ID of the policy and details to update
data, status_code, headers = api_instance.update_rt_response_policies_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <RemoteResponseRespV1>
rescue Falcon::ApiError => e
puts "Error when calling ResponsePoliciesApi->update_rt_response_policies_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| body | RemoteResponseUpdatePoliciesReqV1 |
oauth2
- Content-Type: application/json
- Accept: application/json