NGSIEM
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Upload a lookup file to NGSIEM. | ||||
|
Download lookup file from NGSIEM. | ||||
|
Download lookup file in namespaced package from NGSIEM. | ||||
|
Download lookup file in package from NGSIEM. | ||||
|
Initiate a NGSIEM search. | ||||
|
Get status of a NGSIEM search. | ||||
|
Stop a NGSIEM search. | ||||
Upload a lookup file to NGSIEM.
upload_file
| Method | Route |
|---|---|
 |
/humio/api/v1/repositories/{repository}/files |
- Consumes: multipart/form-data
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| repository |  |
|
path | string | Name of the repository. |
from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.upload_file(repository="string")
print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UploadLookupV1(repository="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UploadLookupV1", repository="string")
print(response)Download lookup file from NGSIEM.
get_file
| Method | Route |
|---|---|
 |
/humio/api/v1/repositories/{repository}/files/{filename} |
- Produces: application/octet-stream
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| repository | |
|
path | string | Name of the repository. |
| filename | |
|
path | string | Name of the lookup file. |
from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
save_file.write(falcon.get_file(repository="string", name="string"))from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
save_file.write(falcon.GetLookupV1(repository="string", name="string"))from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
save_file.write(falcon.command("GetLookupV1", repository="string", name="string"))Download lookup file in namespaced package from NGSIEM.
get_file_from_package_with_namespace
| Method | Route |
|---|---|
|
/humio/api/v1/repositories/{repository}/files/{namespace}/{package}/{filename} |
- Produces: application/octet-stream
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| repository | |
|
path | string | Name of the repository. |
| namespace | |
|
path | string | Name of the namespace. |
| package | |
|
path | string | Name of the package. |
| filename | |
|
path | string | Name of the lookup file. |
from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.get_file_from_package_with_namespace(repository="string",
namespace="string",
package="string",
filename="string"
)
save_file.write(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.GetLookupFromPackageWithNamespaceV1()
save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.command("GetLookupFromPackageWithNamespaceV1",
repository="string",
namespace="string",
package="string",
filename="string"
)
save_file.write(response)Download lookup file in package from NGSIEM.
get_file_from_package
| Method | Route |
|---|---|
|
/humio/api/v1/repositories/{repository}/files/{package}/{filename} |
- Produces: application/octet-stream
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| repository | |
|
path | string | Name of the repository. |
| package | |
|
path | string | Name of the package. |
| filename | |
|
path | string | Name of the lookup file. |
from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.get_file_from_package(repository="string",
package="string",
filename="string"
)
save_file.write(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.GetLookupFromPackageV1(repository="string",
package="string",
filename="string"
)
save_file.write(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.command("GetLookupFromPackageV1",
repository="string",
package="string",
filename="string"
)
save_file.write(response)Initiate a NGSIEM search.
start_search
| Method | Route |
|---|---|
|
/humio/api/v1/repositories/{repository}/queryjobs |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| repository | |
|
path | string | Name of the repository. |
from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.start_search(repository="string")
print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.StartSearchV1(repository="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("StartSearchV1", repository="string")
print(response)Get status of a NGSIEM search.
get_search_status
| Method | Route |
|---|---|
|
/humio/api/v1/repositories/{repository}/queryjobs/{id} |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| repository | |
|
path | string | Name of the repository. |
| id | |
|
path | string | ID of the query. |
from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_search_status(repository="string", id="string")
print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSearchStatusV1(repository="string", id="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSearchStatusV1", repository="string", id="string")
print(response)Stop a NGSIEM search.
stop_search
| Method | Route |
|---|---|
 |
/humio/api/v1/repositories/{repository}/queryjobs/{id} |
- Consumes: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| repository | |
|
path | string | Name of the repository. |
| id | |
|
path | string | ID of the query. |
from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.stop_search(repository="string", id="string")
print(response)from falconpy import NGSIEM
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.StopSearchV1(repository="string", id="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("StopSearchV1", repository="string", id="string")
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- Correlation Rules
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- Intelligence Feeds
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- NGSIEM
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
