Skip to content

Zero Trust Assessment

Jump to bottom
Joshua Hiller edited this page Dec 17, 2022 · 22 revisions

CrowdStrike Falcon Twitter URL

Using the Zero Trust Assessment service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
getAssessmentV1
PEP 8 get_assessment
Get Zero Trust Assessment data for one or more hosts by providing agent IDs (AID) and a customer ID (CID).
getComplianceV1
PEP 8 get_compliance
Get the Zero Trust Assessment compliance report for one customer ID (CID).

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

getAssessmentV1

Get Zero Trust Assessment data for one or more hosts by providing agent IDs (AID) and a customer ID (CID).

PEP8 method name

get_assessment

Endpoint

Method Route
GET /zero-trust-assessment/entities/assessments/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support
Uber Class Support
 query string or list of strings One or more agent IDs, which you can find in the data.zta file, or the Falcon console.
parameters
Service Class Support
Uber Class Support
 query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import ZeroTrustAssessment

# Do not hardcode API credentials!
falcon = ZeroTrustAssessment(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_assessment(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import ZeroTrustAssessment

# Do not hardcode API credentials!
falcon = ZeroTrustAssessment(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getAssessmentV1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getAssessmentV1", ids=id_list)
print(response)

getComplianceV1

Get the Zero Trust Assessment compliance report for one customer ID (CID).

PEP8 method name

get_compliance

Endpoint

Method Route
GET /zero-trust-assessment/entities/audit/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import ZeroTrustAssessment

# Do not hardcode API credentials!
falcon = ZeroTrustAssessment(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.get_compliance()
print(response)
Service class example (Operation ID syntax)
from falconpy import ZeroTrustAssessment

# Do not hardcode API credentials!
falcon = ZeroTrustAssessment(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.getComplianceV1()
print(response)
Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("getComplianceV1")
print(response)

CrowdStrike Falcon

Clone this wiki locally