CSPM Registration
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Returns information about the current status of an AWS account. | ||||
|
Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access. | ||||
|
Deletes an existing AWS account or organization in our system. | ||||
|
Patches a existing account in our system for a customer. | ||||
|
Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment. | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment. | ||||
|
Return information about Azure account registration | ||||
|
Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access. | ||||
|
Deletes an Azure subscription from the system. | ||||
|
Update an Azure service account in our system by with the user-created client_id created with the public key we've provided | ||||
|
Update an Azure default subscription_id in our system for given tenant_id | ||||
|
Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment | ||||
|
Retrieve a list of detected behaviors. | ||||
|
Retrieve a list of active misconfigurations. | ||||
|
For CSPM IOA events, gets list of IOA events. | ||||
|
For CSPM IOA users, gets list of IOA users. | ||||
|
Given a policy ID, returns detailed policy information. | ||||
|
Returns information about current policy settings. | ||||
|
Updates a policy setting - can be used to override policy severity or to disable a policy entirely. | ||||
|
Returns scan schedule configuration for one or more cloud platforms. | ||||
|
Updates scan schedule configuration for one or more cloud platforms. | ||||
Returns information about the current status of an AWS account.
get_aws_account
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| group_by |
 |
|
query | string | The field to group by. |
| ids |
|
|
query | string or list of strings | AWS Account ID(s). |
| limit |
|
|
query | integer | Maximum number of results to return. (Default: 100) |
| offset |
|
|
query | integer | Starting record position. |
| organization_ids |
|
|
query | string or list of strings | AWS Organization ID(s). |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
| scan_type |
|
|
query | string | Type of scan to perform, dry or full. |
| status |
|
|
query | string | Account status to filter results by. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.get_aws_account(scan_type="string",
organization_ids=orgs,
status="string",
limit=integer,
offset=integer,
group_by="string",
ids=id_list
)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.GetCSPMAwsAccount(scan_type="string",
organization_ids=orgs,
status="string",
limit=integer,
offset=integer,
group_by="string",
ids=id_list
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.command("GetCSPMAwsAccount",
scan_type="string",
organization_ids=orgs,
status="string",
limit=integer,
offset=integer,
group_by="string",
ids=id_list
)
print(response)Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
create_aws_account
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_id |
|
 |
body | string | AWS Account ID. |
| body |
|
 |
body | string | Full body payload in JSON format. |
| cloudtrail_region |
|
|
body | string | AWS Cloudtrail Region. |
| organization_id |
|
|
body | string | AWS Organization ID. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.create_aws_account(account_id="string",
cloudtrail_region="string",
organization_id="string"
)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.CreateCSPMAwsAccount(account_id="string",
cloudtrail_region="string",
organization_id="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"resources": [
{
"account_id": "string",
"cloudtrail_region": "string",
"organization_id": "string"
}
]
}
response = falcon.command("CreateCSPMAwsAccount", body=BODY)
print(response)Deletes an existing AWS account or organization in our system.
delete_aws_account
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | The AWS account IDs to remove. |
| organization_ids |
|
|
query | string or list of strings | The AWS organization ID(s) to delete. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.delete_aws_account(organization_ids=orgs, ids=id_list)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.DeleteCSPMAwsAccount(organization_ids=orgs, ids=id_list)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"organization-ids": [
"string",
"string"
]
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
orgs = 'ORG1,ORG2,ORG3' # Can also pass a list here: ['ORG1', 'ORG2', 'ORG3']
response = falcon.command("DeleteCSPMAwsAccount", organization_ids=orgs, ids=id_list)
print(response)Patches a existing account in our system for a customer.
update_aws_account
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_id |
|
|
body | string | AWS Account ID. |
| body |
|
|
body | string | Full body payload in JSON format. |
| cloudtrail_region |
|
|
body | string | AWS Cloudtrail Region. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.update_aws_account(account_id="string", cloudtrail_region="string")
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.PatchCSPMAwsAccount(account_id="string", cloudtrail_region="string")
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"resources": [
{
"account_id": "string",
"cloudtrail_region": "string"
}
]
}
response = falcon.command("PatchCSPMAwsAccount", body=BODY)
print(response)Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
get_aws_console_setup_urls
- Consumes: application/json
- Produces: application/json
No keywords or arguments are accepted.
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_aws_console_setup_urls()
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetCSPMAwsConsoleSetupURLs()
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("GetCSPMAwsConsoleSetupURLs")
print(response)Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
get_aws_account_scripts_attachment
- Produces: application/json
No keywords or arguments are accepted.
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_aws_account_scripts_attachment()
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetCSPMAwsAccountScriptsAttachment()
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("GetCSPMAwsAccountScriptsAttachment")
print(response)Return information about Azure account registration
get_azure_account
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | Subscription ID(s). When empty, all accounts are returned. |
| limit |
|
|
query | integer | Maximum number of results to return. (Default: 100) |
| offset |
|
|
query | integer | Starting record position. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
| scan_type |
|
|
query | string | Type of scan to perform, dry or full. |
| status |
|
|
query | string | Account status to filter results by. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_account(scan_type="string",
status="string",
limit=integer,
offset=integer,
ids=id_list
)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMAzureAccount(scan_type="string",
status="string",
limit=integer,
offset=integer,
ids=id_list
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMAzureAccount",
scan_type="string",
status="string",
limit=integer,
offset=integer,
ids=id_list
)
print(response)Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
create_azure_account
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | string | Full body payload in JSON format. |
| subscription_id |
|
|
body | string | Azure Subscription ID. |
| tenant_id |
|
|
body | string | Azure tenant ID. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.create_azure_account(subscription_id="string", tenant_id="string")
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.CreateCSPMAzureAccount(subscription_id="string", tenant_id="string")
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"resources": [
{
"tenant_id": "string",
"subscription_id": "string"
}
]
}
response = falcon.command("CreateCSPMAzureAccount", body=BODY)
print(response)Deletes an Azure subscription from the system.
delete_azure_account
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | Azure subscription IDs to remove. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_azure_account(ids=id_list)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteCSPMAzureAccount(ids=id_list)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteCSPMAzureAccount", ids=id_list)
print(response)Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
update_azure_account_client_id
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | string | This field is not used. Ignore. |
| id |
|
|
query | string or list of strings | The Azure Client ID to use for the Service Principal associated with the Azure account. |
| tenant_id |
|
|
query | string or list of strings | The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.update_azure_account_client_id(id="string", tenant_id="string", body=BODY)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.UpdateCSPMAzureAccountClientID(id="string", tenant_id="string", body=BODY)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"id": "string",
"tenant-id": "string"
}
BODY = {
"Body Payload": "See body description above"
}
response = falcon.command("UpdateCSPMAzureAccountClientID", parameters=PARAMS, body=BODY)
print(response)Update an Azure default subscription_id in our system for given tenant_id
update_azure_tenant_default_subscription_id
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | string | This field is not used. Ignore. |
| subscription_id |
|
|
query | string or list of strings | The Azure subscription ID to use as a default for all subscriptions within the tenant. |
| tenant_id |
|
|
query | string or list of strings | The Azure tenant ID to update the Client ID for. Required if multiple tenants are registered. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.update_azure_tenant_default_subscription_id(tenant_id="string",
subscription_id="string"
)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.UpdateCSPMAzureTenantDefaultSubscriptionID(tenant_id="string",
subscription_id="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("UpdateCSPMAzureTenantDefaultSubscriptionID",
tenant_id="string",
subscription_id="string"
)
print(response)Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
get_azure_user_scripts_attachment
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| tenant_id |
|
|
query | string or list of strings | The Azure tenant ID. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_azure_user_scripts_attachment(tenant_id="string")
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetCSPMAzureUserScriptsAttachment(tenant_id="string")
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("GetCSPMAzureUserScriptsAttachment", tenant_id="string")
print(response)Retrieve list of detected behaviors.
get_behavior_detections
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_id |
|
|
query | string | Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID). |
| aws_account_id |
|
|
query | string | AWS Account ID. |
| azure_subscription_id |
|
|
query | string | Azure Subscription ID. |
| azure_tenant_id |
|
|
query | string | Azure Tenant ID. |
| cloud_provider |
|
|
query | string | Cloud Provider (azure, aws, gcp). |
| date_time_since |
|
|
query | string | Filter to retrieve all events after specified date. RFC3339 format. Example: 2006-01-01T12:00:01Z07:00. |
| limit |
|
|
query | integer | Maximum number of results to return. (Max: 500) |
| next_token |
|
|
query | string | String to get next page of results, associated with the previous execution. Must include all filters from previous execution. |
| service |
|
|
query | string | Filter by Cloud Service. A list of available services can be found here. |
| severity |
|
|
query | string | Filter by severity. Example: High, Medium or Informational. |
| state |
|
|
query | string | Filter by state. Example: open or closed. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
| ACM | Identity |
| ACR | KMS |
| Any | KeyVault |
| App Engine | Kinesis |
| BigQuery | Kubernetes |
| Cloud Load Balancing | Lambda |
| Cloud Logging | LoadBalancer |
| Cloud SQL | Monitor |
| Cloud Storage | NLB/ALB |
| CloudFormation | NetworkSecurityGroup |
| CloudTrail | PostgreSQL |
| CloudWatch Logs | RDS |
| Cloudfront | Redshift |
| Compute Engine | S3 |
| Config | SES |
| Disk | SNS |
| DynamoDB | SQLDatabase |
| EBS | SQLServer |
| EC2 | SQS |
| ECR | SSM |
| EFS | Serverless Application Repository |
| EKS | StorageAccount |
| ELB | Subscriptions |
| EMR | VPC |
| Elasticache | VirtualMachine |
| GuardDuty | VirtualNetwork |
| IAM |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_behavior_detections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
service="string",
severity="string",
state="string"
)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetBehaviorDetections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
service="string",
severity="string",
state="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("GetBehaviorDetections",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
date_time_since="string",
limit=integer,
next_token="string",
service="string",
severity="string",
state="string"
)
print(response)Retrieve list of detected behaviors.
get_configuration_detections
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_id |
|
|
query | string | Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID). |
| aws_account_id |
|
|
query | string | AWS Account ID. |
| azure_subscription_id |
|
|
query | string | Azure Subscription ID. |
| azure_tenant_id |
|
|
query | string | Azure Tenant ID. |
| cloud_provider |
|
|
query | string | Cloud Provider (azure, aws, gcp). |
| limit |
|
|
query | integer | Maximum number of results to return. (Max: 500) |
| next_token |
|
|
query | string | String to get next page of results, associated with the previous execution. Must include all filters from previous execution. |
| region |
|
|
query | string | Cloud Provider Region. Example: us-east-1. |
| service |
|
|
query | string | Filter by Cloud Service. A list of available services can be found here. |
| severity |
|
|
query | string | Filter by severity. Example: High, Medium or Informational. |
| status |
|
|
query | string | Filter by status. Example: new, recurring or all. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
| ACM | Identity |
| ACR | KMS |
| Any | KeyVault |
| App Engine | Kinesis |
| BigQuery | Kubernetes |
| Cloud Load Balancing | Lambda |
| Cloud Logging | LoadBalancer |
| Cloud SQL | Monitor |
| Cloud Storage | NLB/ALB |
| CloudFormation | NetworkSecurityGroup |
| CloudTrail | PostgreSQL |
| CloudWatch Logs | RDS |
| Cloudfront | Redshift |
| Compute Engine | S3 |
| Config | SES |
| Disk | SNS |
| DynamoDB | SQLDatabase |
| EBS | SQLServer |
| EC2 | SQS |
| ECR | SSM |
| EFS | Serverless Application Repository |
| EKS | StorageAccount |
| ELB | Subscriptions |
| EMR | VPC |
| Elasticache | VirtualMachine |
| GuardDuty | VirtualNetwork |
| IAM |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_configuration_detections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
limit=integer,
next_token="string",
region="string,
service="string",
severity="string",
status="string"
)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetConfigurationDetections(account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
limit=integer,
next_token="string",
region="string",
service="string",
severity="string",
status="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("GetConfigurationDetections",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
cloud_provider="string",
limit=integer,
next_token="string",
region="string",
service="string",
severity="string",
status="string"
)
print(response)For CSPM IOA events, gets list of IOA events.
get_ioa_events
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_id |
|
|
query | string | Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID). |
| aws_account_id |
|
|
query | string | AWS Account ID. |
| azure_subscription_id |
|
|
query | string | Azure Subscription ID. |
| azure_tenant_id |
|
|
query | string | Azure Tenant ID. |
| cloud_provider |
|
|
query | string | Cloud Provider (azure, aws, gcp). |
| limit |
|
|
query | integer | Maximum number of results to return. (Max: 500) |
| offset |
|
|
query | integer | Starting record position. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
| policy_id |
|
|
query | string | IOA Policy ID. |
| state |
|
|
query | string | Filter by account state. |
| user_ids |
|
|
query | string or list of strings | User ID(s). |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_ioa_events(policy_id="string",
cloud_provider="string",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
user_ids=id_list,
state="string",
offset=integer,
limit=integer
)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetIOAEvents(policy_id="string",
cloud_provider="string",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
user_ids=id_list,
state="string",
offset=integer,
limit=integer
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetIOAEvents",
policy_id="string",
cloud_provider="string",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string",
user_ids=id_list,
state="string",
offset=integer,
limit=integer
)
print(response)For CSPM IOA users, gets list of IOA users.
get_ioa_users
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_id |
|
|
query | string | Cloud account ID (e.g.: AWS AccountID, Azure SubscriptionID). |
| aws_account_id |
|
|
query | string | AWS Account ID. |
| azure_subscription_id |
|
|
query | string | Azure Subscription ID. |
| azure_tenant_id |
|
|
query | string | Azure Tenant ID. |
| cloud_provider |
|
|
query | string | Cloud Provider (azure, aws, gcp). |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
| policy_id |
|
|
query | string | IOA Policy ID. |
| state |
|
|
query | string | Filter by account state. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_ioa_users(policy_id="string",
state="string",
cloud_provider="string",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string"
)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetIOAUsers(policy_id="string",
state="string",
cloud_provider="string",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("GetIOAUsers",
policy_id="string",
state="string",
cloud_provider="string",
account_id="string",
aws_account_id="string",
azure_subscription_id="string",
azure_tenant_id="string"
)
print(response)Given a policy ID, returns detailed policy information.
get_policy
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | Policy IDs to retrieve. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_policy(ids=id_list)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMPolicy(ids=id_list)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMPolicy", ids=id_list)
print(response)Returns information about current policy settings.
get_policy_settings
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cloud_platform |
|
|
query | string | Cloud Provider (azure, aws, gcp). |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
| policy_id |
|
|
query | string | IOA Policy ID. |
| service |
|
|
query | string | Filter by Service type. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_policy_settings(service="string",
policy_id="string",
cloud_platform="string"
)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetCSPMPolicySettings(service="string",
policy_id="string",
cloud_platform="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("GetCSPMPolicySettings",
service="string",
policy_id="string",
cloud_platform="string"
)
print(response)Updates a policy setting - can be used to override policy severity or to disable a policy entirely.
update_policy_settings
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_id |
|
|
body | string | Cloud Account ID to impact. |
| body |
|
|
body | string | Full body payload in JSON format. |
| enabled |
|
|
body | boolean | Flag indicating if this policy is enabled. |
| policy_id |
|
|
body | integer | Policy ID to be updated. |
| regions |
|
|
body | string or list of strings | List of regions where this policy is enforced. |
| severity |
|
|
body | string | Policy severity value. |
| tag_excluded |
|
|
body | boolean | Tag exclusion flag. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
region_list = 'REG1,REG2,REG3' # Can also pass a list here: ['REG1', 'REG2', 'REG3']
response = falcon.update_policy_settings(account_id="string",
enabled=boolean,
policy_id=integer,
regions=region_list
severity="string",
tag_excluded=boolean
)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
region_list = 'REG1,REG2,REG3' # Can also pass a list here: ['REG1', 'REG2', 'REG3']
response = falcon.UpdateCSPMPolicySettings(account_id="string",
enabled=boolean,
policy_id=integer,
regions=region_list
severity="string",
tag_excluded=boolean
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"resources": [
{
"account_id": "string",
"enabled": boolean,
"policy_id": integer,
"regions": [
"string"
],
"severity": "string",
"tag_excluded": boolean
}
]
}
response = falcon.command("UpdateCSPMPolicySettings", body=BODY)
print(response)Returns scan schedule configuration for one or more cloud platforms.
get_scan_schedule
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cloud_platform |
|
|
query | string or list of strings | The Cloud Platform. (Azure, AWS, GCP) |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
clouds = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_schedule(cloud_platform=clouds)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
clouds = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetCSPMScanSchedule(cloud_platform=clouds)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
clouds = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetCSPMScanSchedule", cloud_platform=clouds)
print(response)Updates scan schedule configuration for one or more cloud platforms.
update_scan_schedule
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | string | Full body payload in JSON format. |
| cloud_platform |
|
|
body | string | Cloud platform (Azure, AWS, GCP). |
| next_scan_timestamp |
|
|
body | string | UTC formatted string. |
| scan_schedule |
|
|
body | string | Scan schedule type. |
from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.update_scan_schedule(cloud_platform="string",
next_scan_timestampt="string",
scan_schedule="string"
)
print(response)from falconpy import CSPMRegistration
falcon = CSPMRegistration(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.UpdateCSPMScanSchedule(cloud_platform="string",
next_scan_timestampt="string",
scan_schedule="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"resources": [
{
"cloud_platform": "string",
"next_scan_timestamp": "2021-10-25T05:22:27.365Z",
"scan_schedule": "string"
}
]
}
response = falcon.command("UpdateCSPMScanSchedule", body=BODY)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
