Home
This wiki provides documentation for FalconPy, the CrowdStrike Falcon API Software Development Kit.
The FalconPy SDK contains a collection of Python classes that abstract CrowdStrike Falcon OAuth2 API interaction, removing duplicative code and allowing developers to focus on just the logic of their solution requirements.
This SDK provides two distinct methods for interacting with the CrowdStrike Falcon OAuth2 API.
| Service Classes | The Uber Class |
|---|---|
 |
 |
| Representing a single service collection, Service Classes have methods defined for every available operation within that specific service collection. | A single harness for interacting with the entire API, the Uber Class can interact with every available operation within every service collection. |
There are currently 66 Service Classes defined that provide an interface to individual service collections within the CrowdStrike Falcon OAuth2 API.
| Service Collection | Service Class Name | Functional API Scope |
|---|---|---|
| Alerts | Alerts | CrowdStrike Falcon Alerts |
Cloud Connect AWS 
|
CloudConnectAWS
|
CrowdStrike Falcon Discover for Cloud and Containers (AWS) |
| Cloud Snapshots | Cloud Snapshots | CrowdStrike Falcon Horizon Cloud Snapshots |
| Configuration Assessment | ConfigurationAssessment | CrowdStrike Falcon Configuration Assessment |
| Configuration Assessment Evaluation Logic | ConfigurationAssessmentEvaluationLogic | CrowdStrike Falcon Configuration Assessment Evaluation Logic |
| Container Alerts | ContainerAlerts | CrowdStrike Falcon Container Alerts |
| Container Detections | ContainerDetections | CrowdStrike Falcon Container Detections |
| Container Images | ContainerImages | CrowdStrike Falcon Container Images |
| Container Packages | ContainerPackages | CrowdStrike Falcon Container Packages |
| Container Vulnerabilities | ContainerVulnerabilities | CrowdStrike Falcon Container Vulnerabilities |
| CSPM Registration | CSPMRegistration | CrowdStrike Falcon Horizon |
| Custom IOA | CustomIOA | CrowdStrike Falcon Custom Indicators of Attack |
| Custom Storage | CustomStorage | CrowdStrike Falcon Custom Storage |
| D4C Registration
|
D4CRegistration
|
CrowdStrike Falcon Discover for Cloud and Containers (Azure / GCP) |
| Detects | Detects | CrowdStrike Falcon Detections |
| Device Control Policies | DeviceControlPolicies | CrowdStrike Falcon Device Control |
| Discover | Discover | CrowdStrike Falcon Discover |
| Drift Indicators | DriftIndicators | CrowdStrike Falcon Drift Indicators |
| Event Streams | EventStreams | CrowdStrike Falcon Event Streams |
| Falcon Complete Dashboard | FalconCompleteDashboard | CrowdStrike Falcon Complete Dashboard |
| Falcon Container | FalconContainer | CrowdStrike Falcon Container |
| Falcon Intelligence Sandbox | FalconXSandbox | CrowdStrike Falcon Intelligence Sandbox |
| FDR | FDR | CrowdStrike Falcon Data Replicator |
| FileVantage | FileVantage | CrowdStrike Falcon FileVantage |
| Firewall Management | FirewallManagement | CrowdStrike Falcon Firewall Management |
| Firewall Policies | FirewallPolicies | CrowdStrike Falcon Firewall Policy Management |
| Flight Control | FlightControl | CrowdStrike Falcon Flight Control |
| Foundry LogScale | FoundryLogScale | CrowdStrike Falcon Foundry LogScale |
| Host Group | HostGroup | CrowdStrike Falcon Host Groups |
| Hosts | Hosts | CrowdStrike Falcon Hosts |
| Identity Protection | IdentityProtection | CrowdStrike Falcon Identity Protection |
| Image Assessment Policies | ImageAssessmentPolicies | CrowdStrike Image Assessment Policies |
| Incidents | Incidents | CrowdStrike Falcon Incidents and Detection Monitoring |
| Installation Tokens | InstallationTokens | CrowdStrike Falcon Installation Tokens |
| Intel | Intel | CrowdStrike Falcon Threat Intel |
| IOA Exclusions | IOAExclusions | CrowdStrike Falcon Indicators of Attack Exclusions |
| IOC | IOC | CrowdStrike Falcon Custom Indicators of Compromise v2 |
| IOCs
|
IOCs
|
CrowdStrike Falcon Custom Indicators of Compromise |
| Kubernetes Protection | KubernetesProtection | CrowdStrike Falcon Kubernetes Protection |
| MalQuery | MalQuery | CrowdStrike Falcon Malquery |
| Message Center | MessageCenter | CrowdStrike Message Center |
| ML Exclusions | MLExclusions | CrowdStrike Falcon ML Exclusions |
| Mobile Enrollment | MobileEnrollment | CrowdStrike Falcon Mobile Enrollment |
| OAuth2 | OAuth2 | CrowdStrike Falcon OAuth2 Token |
| On Demand Scan | ODS | CrowdStrike Falcon On Demand Scan |
| Overwatch Dashboard | OverwatchDashboard | CrowdStrike Falcon Overwatch Dashboard |
| Prevention Policy | PreventionPolicy | CrowdStrike Falcon Prevention Policy |
| Quarantine | Quarantine | CrowdStrike Falcon Quarantine |
| Quick Scan | QuickScan | CrowdStrike Falcon Quick Scan |
| Real Time Response Admin | RealTimeResponseAdmin | CrowdStrike Falcon Real Time Response (RTR) Administration |
| Real Time Response | RealTimeResponse | CrowdStrike Falcon Real Time Response (RTR) |
| Real Time Response Audit | RealTimeResponseAudit | CrowdStrike Real Time Response Audit |
| Recon | Recon | CrowdStrike Falcon Recon |
| Report Executions | ReportExecutions | CrowdStrike Falcon Report Executions |
| Response Policies | ResponsePolicies | CrowdStrike Falcon Real Time Response Policies |
| Sample Uploads | SampleUploads | CrowdStrike Falcon Sample Uploads |
| Scheduled Reports | ScheduledReports | CrowdStrike Falcon Scheduled Reports |
| Sensor Download | SensorDownload | CrowdStrike Falcon Sensor Download |
| Sensor Update Policy | SensorUpdatePolicy | CrowdStrike Falcon Sensor Policy Management |
| Sensor Visibility Exclusions | SensorVisibilityExclusions | CrowdStrike Falcon Sensor Visibility Exclusions |
| Spotlight Evaluation Logic | SpotlightEvaluationLogic | CrowdStrike Falcon Spotlight Evaluation Logic |
| Spotlight Vulnerabilities | SpotlightVulnerabilities | CrowdStrike Falcon Spotlight |
| Tailored Intelligence | TailoredIntelligence | CrowdStrike Falcon Tailored Intelligence |
| Unidentified Containers | UnidentifiedContainers | CrowdStrike Falcon Unidentified Containers |
| User Management | UserManagement | CrowdStrike Falcon User and Roles |
| Workflows | Workflows | CrowdStrike Falcon Workflows |
| Zero Trust Assessment | ZeroTrustAssessment | CrowdStrike Falcon Zero Trust Assessment |
More details regarding installation can be found at Installation, Upgrades and Removal.
While both solutions provide equivalent functionality, the usage patterns between Service Classes and the Uber Class differ slightly. Review the detail provided by the following links for examples of these syntactic differences. You can also find more detailed examples within the service collection wiki pages and the Samples Collection.
If you still have questions, please reach out to us on the discussion board.
FalconPy supports multiple configuration options to customize functionality to meet your specific requirements.
More advanced details regarding FalconPy usage and functionality can be found in the following pages.
- API Operations Overview
- Authentication
- Extensibility
- Falcon Query Language (FQL)
- Glossary of Terms
- Debug Logging
- Payload Handling
- Response Handling
This is free and unencumbered software released into the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.
In jurisdictions that recognize copyright laws, the author or authors of this software dedicate any and all copyright interest in the software to the public domain. We make this dedication for the benefit of the public at large and to the detriment of our heirs and successors. We intend this dedication to be an overt act of relinquishment in perpetuity of all present and future rights to this software under copyright law.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
For more information, please refer to https://unlicense.org
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
