Sensor Update Policy
This service collection has code examples posted to the repository.
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id' | ||||
|
Retrieve available builds for use with Sensor Update Policies | ||||
|
Retrieve kernel compatibility info for Sensor Update Builds | ||||
|
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria | ||||
|
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria | ||||
|
Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria | ||||
|
Perform the specified action on the Sensor Update Policies specified in the request | ||||
|
Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence | ||||
|
Retrieve a set of Sensor Update Policies by specifying their IDs | ||||
|
Create Sensor Update Policies by specifying details about the policy to create | ||||
|
Delete a set of Sensor Update Policies by specifying their IDs | ||||
|
Update Sensor Update Policies by specifying the ID of the policy and details to update | ||||
|
Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs | ||||
|
Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection | ||||
|
Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection | ||||
|
Retrieve kernel compatibility info for Sensor Update Builds | ||||
|
Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria | ||||
|
Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Reveals an uninstall token for a specific device or the bulk maintenace token.
To retrieve the bulk maintenance token pass the value MAINTENANCE as the value for device_id.
reveal_uninstall_token
| Method | Route |
|---|---|
 |
/policy/combined/reveal-uninstall-token/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| audit_message |
 |
 |
body | string | Message to list in the audit log for this action. |
| body |
|
 |
body | dictionary | Full body payload in JSON format. |
| device_id |
|
|
body | string | Device ID to retrieve the uninstall token for. Pass the value MAINTENANCE here to retrieve the bulk maintenance token. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.reveal_uninstall_token(audit_message="string",
device_id="string"
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.revealUninstallToken(audit_message="string",
device_id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"audit_message": "string",
"device_id": "string"
}
response = falcon.command("revealUninstallToken", body=BODY)
print(response)Retrieve available builds for use with Sensor Update Policies
query_combined_builds
| Method | Route |
|---|---|
 |
/policy/combined/sensor-update-builds/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| platform |
|
|
query | string | The platform to return builds for. Allowed values:
|
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| stage |
|
|
query | string or list of strings | The stages to return builds for. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
stages = 'STAGE1,STAGE2,STAGE3' # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']
response = falcon.query_combined_builds(platform="string", stage=stages)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
stages = 'STAGE1,STAGE2,STAGE3' # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']
response = falcon.queryCombinedSensorUpdateBuilds(platform="string", stage=stages)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
stages = 'STAGE1,STAGE2,STAGE3' # Can also pass a list here: ['STAGE1', 'STAGE2', 'STAGE3']
response = falcon.command("queryCombinedSensorUpdateBuilds", platform="string", stage=stages)
print(response)Retrieve kernel compatibility info for Sensor Update Builds
query_combined_kernels
| Method | Route |
|---|---|
|
/policy/combined/sensor-update-kernels/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. |
| limit |
|
|
query | integer | The maximum number of records to return. [1-500] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_kernels(filter="string",
offset=integer,
limit=integer,
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdateKernels(filter="string",
offset=integer,
limit=integer,
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdateKernels",
filter="string",
offset=integer,
limit=integer,
)
print(response)Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria
query_combined_policy_members
| Method | Route |
|---|---|
|
/policy/combined/sensor-update-members/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |
|
|
query | string | The ID of the Sensor Update Policy to search for members of. |
| filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. |
| limit |
|
|
query | integer | The maximum number of records to return. [1-5000] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | The property to sort by in FQL syntax. Supports asc or desc.Available sort options:
|
The following fields can be used to filter results retrieved from the API.
| Name | Description |
|---|---|
| created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
| created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
|
| description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy'
|
| enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true'
|
| groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe'
|
| modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
| modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
| name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an &.filter=name:'test'
|
| name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy'
|
| platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows'
|
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_policy_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdatePolicyMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdatePolicyMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
query_combined_policies
| Method | Route |
|---|---|
|
/policy/combined/sensor-update/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. |
| limit |
|
|
query | integer | The maximum number of records to return. [1-5000] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | The property to sort by in FQL syntax. Supports asc or desc.Available sort options:
|
The following fields can be used to filter results retrieved from the API.
| Name | Description |
|---|---|
| created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
| created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
|
| description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy'
|
| enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true'
|
| groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe'
|
| modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
| modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
| name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an &.filter=name:'test'
|
| name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy'
|
| platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows'
|
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_policies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdatePolicies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdatePolicies",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
query_combined_policies_v2
| Method | Route |
|---|---|
|
/policy/combined/sensor-update/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. |
| limit |
|
|
query | integer | The maximum number of records to return. [1-5000] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | The property to sort by in FQL syntax. Supports asc or desc.Available sort options:
|
The following fields can be used to filter results retrieved from the API.
| Name | Description |
|---|---|
| created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
| created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
|
| description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy'
|
| enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true'
|
| groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe'
|
| modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
| modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
| name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an &.filter=name:'test'
|
| name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy'
|
| platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows'
|
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_combined_policies_v2(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryCombinedSensorUpdatePoliciesV2(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryCombinedSensorUpdatePoliciesV2",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)Perform the specified action on the Sensor Update Policies specified in the request
perform_policies_action
| Method | Route |
|---|---|
|
/policy/entities/sensor-update-actions/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| action_name |
|
|
query | string | Specify one of these actions:
|
| action_parameters |
|
|
body | list of dictionaries | Action specific parameter options. { "name": "string", "value": "string" } |
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| group_id |
|
|
body action_parameters |
string | Host Group ID to apply the policy to. String. Overridden if action_parameters is specified. |
| ids |
|
|
body | string or list of strings | The ID of the Sensor Update Policy you want to impact. If you provide IDs to the method using this keyword, you do not have to provide a body payload. (Service class usage only) |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.perform_policies_action(action_name="string",
group_id="HOST_GROUP_ID",
ids="ID_TO_UPDATE"
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Can also be provided as the keyword `group_id`
act_params = [{
"name": "group_id",
"value": "HOST_GROUP_ID"
}]
response = falcon.performSensorUpdatePoliciesAction(action_name="string",
action_parameters=act_params,
ids="ID_TO_UPDATE"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Only one ID may be updated at a time
BODY = {
"action_parameters": [
{
"name": "group_id",
"value": "HOST_GROUP_ID"
}
],
"ids": ["ID_TO_UPDATE"]
}
response = falcon.command("performSensorUpdatePoliciesAction", action_name="string", body=BODY)
print(response)
# Can also use the following syntax
response = falcon.command("performSensorUpdatePoliciesAction",
action_name="string",
parameters=PARAMS,
body=BODY
)
print(response)Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
set_policies_precedence
| Method | Route |
|---|---|
|
/policy/entities/sensor-update-precedence/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| ids |
|
|
body | string or list of strings | The ID of the Sensor Update Policy you want to impact. If you provide IDs to the method using this keyword, you do not have to provide a body payload. (Service class usage only) |
| platform_name |
|
|
body | string | Operating System platform name. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.set_policies_precedence(ids=id_list, platform_name="string")
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.setSensorUpdatePoliciesPrecedence(ids=id_list, platform_name="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = ['ID1', 'ID2', 'ID3']
BODY = {
"ids": id_list,
"platform_name": "Windows"
}
response = falcon.command("setSensorUpdatePoliciesPrecedence", body=BODY)
print(response)Retrieve a set of Sensor Update Policies by specifying their IDs
get_policies
| Method | Route |
|---|---|
|
/policy/entities/sensor-update/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | The IDs of the Sensor Update Policy to retrieve. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policies(ids=id_list)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getSensorUpdatePolicies(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getSensorUpdatePolicies", ids=id_list)
print(response)Create Sensor Update Policies by specifying details about the policy to create
create_policies
| Method | Route |
|---|---|
|
/policy/entities/sensor-update/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| build |
|
|
body | string | Build this Sensor update policy applies to. |
| description |
|
|
body | string | Sensor update policy description. |
| name |
|
|
body | string | Name of the Sensor Update policy. |
| platform_name |
|
|
body | string | Name of the OS platform the Sensor Update policy applies to. |
| settings |
|
|
body | dictionary | Sensor Update policy specific settings. Overrides the value of build if present.{ "build": "string" } |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_policies(build="string",
description="string",
name="string",
platform_name="string"
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.createSensorUpdatePolicies(build="string",
description="string",
name="string",
platform_name="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"name": "string",
"platform_name": "string",
"settings": {
"build": "string"
}
}
]
}
response = falcon.command("createSensorUpdatePolicies", body=BODY)
print(response)Delete a set of Sensor Update Policies by specifying their IDs
delete_policies
| Method | Route |
|---|---|
 |
/policy/entities/sensor-update/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | The IDs of the Sensor Update policies to delete. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_policies(ids=id_list)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteSensorUpdatePolicies(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteSensorUpdatePolicies", ids=id_list)
print(response)Update Sensor Update Policies by specifying the ID of the policy and details to update
update_policies
| Method | Route |
|---|---|
 |
/policy/entities/sensor-update/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| build |
|
|
body | string | Build this Sensor update policy applies to. |
| description |
|
|
body | string | Sensor update policy description. |
| id |
|
|
body | string | ID the Sensor Update policy to update. |
| name |
|
|
body | string | Name of the Sensor Update policy. |
| settings |
|
|
body | dictionary | Sensor Update policy specific settings. Overrides the value of build if present.{ "build": "string" } |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_policies(build="string",
description="string",
name="string",
id="string"
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.updateSensorUpdatePolicies(build="string",
description="string",
name="string",
id="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"id": "string",
"name": "string",
"settings": {
"build": "string"
}
}
]
}
response = falcon.command("updateSensorUpdatePolicies", body=BODY)
print(response)Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs
get_policies_v2
| Method | Route |
|---|---|
|
/policy/entities/sensor-update/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | The IDs of the Sensor Update policies to retrieve. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policies_v2(ids=id_list)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getSensorUpdatePoliciesV2(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getSensorUpdatePoliciesV2", ids=id_list)
print(response)Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection
create_policies_v2
| Method | Route |
|---|---|
|
/policy/entities/sensor-update/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| build |
|
|
body | string | Build this Sensor update policy applies to. Ignored if settings is provided. |
| description |
|
|
body | string | Sensor update policy description. |
| name |
|
|
body | string | Name of the Sensor Update policy. |
| platform_name |
|
|
body | string | Name of the OS platform the Sensor Update policy applies to. |
| scheduler |
|
|
body | dictionary | Dictionary containing details for the schedule. Ignored if settings is provided. |
| settings |
|
|
body | dictionary | Sensor Update policy specific settings. Overrides the value of build, scheduler, show_early_adopter_builds, uninstall_protection, and variants if present. |
| show_early_adopter_builds |
|
|
body | boolean | Flag indicating if early adopter builds should be shown as part of this policy. Ignored if settings is provided. |
| uninstall_protection |
|
|
body | string | Boolean indicating if uninstall protection should be enabled. Ignored if settings is provided.Allowed values:
|
| variants |
|
|
body | list of dictionaries | List of dictionaries containing details for variants to include in the policy. Ignored if settings is provided.[{ "build": "string", "platform": "string" }] |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.create_policies_v2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.createSensorUpdatePoliciesV2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule,
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"name": "string",
"platform_name": "string",
"settings": {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
}
]
}
response = falcon.command("createSensorUpdatePoliciesV2", body=BODY)
print(response)Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection
update_policies_v2
| Method | Route |
|---|---|
|
/policy/entities/sensor-update/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| build |
|
|
body | string | Build this Sensor update policy applies to. Ignored if settings is provided. |
| description |
|
|
body | string | Sensor update policy description. |
| id |
|
|
body | string | ID of the Sensor Update policy to update. |
| name |
|
|
body | string | Name of the Sensor Update policy. |
| scheduler |
|
|
body | dictionary | Dictionary containing details for the schedule. Ignored if settings is provided. |
| settings |
|
|
body | dictionary | Sensor Update policy specific settings. Overrides the value of build, scheduler, show_early_adopter_builds, uninstall_protection, and variants if present. |
| show_early_adopter_builds |
|
|
body | boolean | Flag indicating if early adopter builds should be shown as part of this policy. Ignored if settings is provided. |
| uninstall_protection |
|
|
body | string | Boolean indicating if uninstall protection should be enabled. Ignored if settings is provided.Allowed values:
|
| variants |
|
|
body | list of dictionaries | List of dictionaries containing details for variants to include in the policy. Ignored if settings is provided.[{ "build": "string", "platform": "string" }] |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.update_policies_v2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule,
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
schedule = {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
}
settings = {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
variants = [
{
"build": "string",
"platform": "string"
}
]
response = falcon.updateSensorUpdatePoliciesV2(build="string",
description="string",
name="string",
platform_name="string",
scheduler=schedule,
settings=settings,
show_early_adopter_builds=boolean,
uninstall_protection="ENABLED",
variants=variants
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"description": "string",
"name": "string",
"platform_name": "string",
"settings": {
"build": "string",
"scheduler": {
"enabled": boolean,
"schedules": [
{
"days": [
integer
],
"end": "string",
"start": "string"
}
],
"timezone": "string"
},
"show_early_adopter_builds": boolean,
"uninstall_protection": "ENABLED",
"variants": [
{
"build": "string",
"platform": "string"
}
]
}
}
]
}
response = falcon.command("updateSensorUpdatePoliciesV2", body=BODY)
print(response)Retrieve kernel compatibility info for Sensor Update Builds
query_kernels
| Method | Route |
|---|---|
|
/policy/queries/sensor-update-kernels/{}/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| distinct_field |
|
|
path | string | The field name to get distinct values for. Default: id. |
| filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. |
| limit |
|
|
query | integer | The maximum number of records to return. [1-500] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_kernels(distinct_field="string",
filter="string",
offset=integer,
limit=integer,
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.querySensorUpdateKernelsDistinct(distinct_field="string",
filter="string",
offset=integer,
limit=integer,
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("querySensorUpdateKernelsDistinct",
distinct_field="string",
filter="string",
offset=integer,
limit=integer,
)
print(response)Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
query_policy_members
| Method | Route |
|---|---|
|
/policy/queries/sensor-update-members/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |
|
|
query | string | The ID of the Sensor Update Policy to search for members of. |
| filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. |
| limit |
|
|
query | integer | The maximum number of records to return. [1-5000] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | The property to sort by in FQL syntax. Supports asc or desc.Available sort options:
|
The following fields can be used to filter results retrieved from the API.
| Name | Description |
|---|---|
| created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
| created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
|
| description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy'
|
| enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true'
|
| groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe'
|
| modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
| modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
| name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an &.filter=name:'test'
|
| name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy'
|
| platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows'
|
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_policy_members(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.querySensorUpdatePolicyMembers(id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("querySensorUpdatePolicyMembers",
id="string",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)Search for Sensor Update Policies in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria
query_policies
| Method | Route |
|---|---|
|
/policy/queries/sensor-update/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | The filter expression that should be used to limit the results using FQL syntax. Review the available filters table for more detail. |
| limit |
|
|
query | integer | The maximum number of records to return. [1-5000] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | The property to sort by in FQL syntax. Supports asc or desc.Available sort options:
|
The following fields can be used to filter results retrieved from the API.
| Name | Description |
|---|---|
| created_by | The username, email, or API client ID of the person who created the policy, as identified in the policy object. When specifying an email address, use a letter p as an operator so that the @ sign is accepted. You can also search by using the email username or the domain as the value. For example, to filter on policies created by the email address [email protected]: filter=created_by:p'[email protected]' (correct)filter=created_by:'diana.hudson' (correct)filter=created_by:'email.com' (correct)filter=created_by:'diana' (incorrect)Enter only the alphanumeric value when providing an API client ID. For example, to filter on api-client-id:7a1284d634af196bff5988fb1775721b: filter=created_by:'7a12....721b' (correct)filter=created_by:'api-client-id:7a12....721b' (incorrect)filter=created_by:'api-client-id' (incorrect) |
| created_timestamp | The full timestamp of when the policy was created in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss.sssZ) The timezone is always UTC as denoted by the suffix "Z". filter=created_timestamp:'2020-11-23T19:36:24.129652084Z'
|
| description | Search for a term found in the policy description. The value must be entered in lowercase.filter=description:'policy'
|
| enabled | Find policies by their enabled status. Specify true to find enabled policies or false to find disabled policies.filter=enabled:'true'
|
| groups | Enter a host group ID to find the policy it's been assigned to.filter=groups:'1ef3....b0fe'
|
| modified_by | The username, email, or API client ID of the person who modified the policy, as identified in the policy object. Values for this field follow the same rules as the created_by filter. |
| modified_timestamp | The full timestamp of when the policy was modified in ISO 8601 format. (YYYY-MM-DDTHH:mm:ss. sssZ) The timezone is always UTC as denoted by the suffix "Z". Values for this field follow the same rules as the created_timestamp filter. |
| name | Performs a free text search on single words found in a policy name. Values must be entered as lowercase and enclosed in single quotes. You can provide multiple name values separated by an &.filter=name:'test'
|
| name.raw | Filters on exact matches to the full policy name. Searches on this field are case-sensitive and require the correct input of uppercase and lowercase letters. filter=name.raw:'Test sensor update Policy'
|
| platform_name | The name of the operating system listed in the policy. One of:
filter=platform_name:'Windows'
|
from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_policies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import SensorUpdatePolicy
# Do not hardcode API credentials!
falcon = SensorUpdatePolicy(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.querySensorUpdatePolicies(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("querySensorUpdatePolicies",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
