Using the Case Management service collection
Table of Contents
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
aggregates_file_details_post_v1
Get file details aggregates as specified via json in the request body.
PEP8 method name
aggregates_file_details_post_v1
Endpoint
| Method | Route |
|---|---|
 | /case-files/aggregates/file-details/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |  |  | body | dictionary | Full body payload in JSON format |
| filter | | | query | string | FQL filter expression. |
| ids | | | query | string or list of strings | Resource IDs. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.aggregates_file_details_post_v1(ids=id_list,
filter="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.aggregates_file_details_post_v1(ids=id_list,
filter="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("aggregates_file_details_post_v1",
ids="string",
filter="string",
body={}
)
print(response)
Back to Table of Contents
combined_file_details_get_v1
Query file details
PEP8 method name
query_file_details
Endpoint
| Method | Route |
|---|---|
 | /case-files/combined/file-details/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression. |
| limit | | | query | integer | Page size. Maximum value is 10. |
| offset | | | query | integer | Page offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_file_details(filter="string",
limit=10,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combined_file_details_get_v1(filter="string",
limit=10,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("combined_file_details_get_v1",
filter="string",
limit=10,
offset=integer
)
print(response)
Back to Table of Contents
entities_files_upload_post_v1
Upload file for case
PEP8 method name
upload_file
Endpoint
| Method | Route |
|---|---|
| /case-files/entities/files/upload/v1 |
Required Scope
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| case_id | | | formData | string | Case ID for the file. |
| description | | | formData | string | Description of the file. |
| file | | | formData | file | Local file to Upload. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.upload_file(file="path/to/file.txt",
case_id="CASE_ID",
description="File description"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_files_upload_post_v1(file="path/to/file.txt",
case_id="CASE_ID",
description="File description"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_files_upload_post_v1",
file="path/to/file.txt",
case_id="CASE_ID",
description="File description"
)
print(response)
Back to Table of Contents
entities_file_details_patch_v1
Update file details
PEP8 method name
update_file_details
Endpoint
| Method | Route |
|---|---|
 | /case-files/entities/file-details/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| description | |  | body | string | File details description. |
| id | | | body | string | File details ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_file_details(id="file_id",
description="Updated file description"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_file_details_patch_v1(id="file_id",
description="Updated file description"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"id": "file_id",
"description": "Updated file description"
}
response = falcon.command("entities_file_details_patch_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_file_details_get_v1
Get file details by id
PEP8 method name
get_file_details
Endpoint
| Method | Route |
|---|---|
| /case-files/entities/file-details/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_file_details(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_file_details_get_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_file_details_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
entities_files_bulk_download_post_v1
Download multiple existing file from case as a ZIP
PEP8 method name
bulk_download_files
Endpoint
| Method | Route |
|---|---|
| /case-files/entities/files/bulk-download/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/octet-stream
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| ids | | | body | string or list of strings | List of files to download. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.bulk_download_files(ids=["file_id_1", "file_id_2", "file_id_3"])
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_files_bulk_download_post_v1(ids=["file_id_1", "file_id_2", "file_id_3"])
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"ids": ["file_id_1", "file_id_2", "file_id_3"]
}
response = falcon.command("entities_files_bulk_download_post_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_files_download_get_v1
Download existing file from case
PEP8 method name
download_existing_files
Endpoint
| Method | Route |
|---|---|
| /case-files/entities/files/download/v1 |
Required Scope
Content-Type
- Produces: application/octet-stream
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | | | query | string | Resource ID. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.download_existing_files(id="FILE_ID")
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_files_download_get_v1(id="FILE_ID")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_files_download_get_v1",
id="FILE_ID"
)
print(response)
Back to Table of Contents
entities_files_delete_v1
Delete file details by id
PEP8 method name
delete_file_details
Endpoint
| Method | Route |
|---|---|
 | /case-files/entities/files/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_file_details(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_files_delete_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_files_delete_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
queries_file_details_get_v1
Query for ids of file details
PEP8 method name
query_file_detail_ids
Endpoint
| Method | Route |
|---|---|
| /case-files/queries/file-details/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression. |
| limit | | | query | integer | Page size. Maximum value is 10. |
| offset | | | query | integer | Page offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_file_detail_ids(filter="string",
limit=10,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_file_details_get_v1(filter="string",
limit=10,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_file_details_get_v1",
filter="string",
limit=10,
offset=integer
)
print(response)
Back to Table of Contents
entities_get_rtr_file_metadata_post_v1
Get metadata for a file via RTR without retrieving it.
PEP8 method name
get_rtr_file_metadata
Endpoint
| Method | Route |
|---|---|
| /case-files/entities/get-rtr-file-metadata/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| aid | | | body | string | The agent ID of the host to retrieve file metadata from. |
| file_path | | | body | string | The path to the file on the host. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_rtr_file_metadata(aid="AGENT_ID",
file_path="/path/to/file"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_get_rtr_file_metadata_post_v1(aid="AGENT_ID",
file_path="/path/to/file"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aid": "AGENT_ID",
"file_path": "/path/to/file"
}
response = falcon.command("entities_get_rtr_file_metadata_post_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_retrieve_rtr_file_post_v1
Retrieve a file from host using RTR and add it to a case.
PEP8 method name
retrieve_rtr_file
Endpoint
| Method | Route |
|---|---|
| /case-files/entities/retrieve-rtr-file/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| aid | | | body | string | The agent ID of the host to retrieve the file from. |
| case_id | | | body | string | The ID of the case to add the file to. |
| description | | | body | string | A description of the file being retrieved. |
| file_path | | | body | string | The path to the file on the host. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.retrieve_rtr_file(aid="AGENT_ID",
case_id="CASE_ID",
description="File description",
file_path="/path/to/file"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_retrieve_rtr_file_post_v1(aid="AGENT_ID",
case_id="CASE_ID",
description="File description",
file_path="/path/to/file"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aid": "AGENT_ID",
"case_id": "CASE_ID",
"description": "File description",
"file_path": "/path/to/file"
}
response = falcon.command("entities_retrieve_rtr_file_post_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_retrieve_rtr_recent_file_post_v1
Retrieve a recently fetched RTR file and add it to a case.
PEP8 method name
retrieve_rtr_recent_file
Endpoint
| Method | Route |
|---|---|
| /case-files/entities/retrieve-rtr-recent-file/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| aid | | | body | string | The agent ID of the host. |
| case_id | | | body | string | The ID of the case to add the file to. |
| description | | | body | string | A description of the file being retrieved. |
| session_id | | | body | string | The RTR session ID for the file retrieval. |
| sha256 | | | body | string | The SHA256 hash of the file to retrieve. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.retrieve_rtr_recent_file(aid="AGENT_ID",
case_id="CASE_ID",
description="File description",
session_id="SESSION_ID",
sha256="SHA256_HASH"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_retrieve_rtr_recent_file_post_v1(aid="AGENT_ID",
case_id="CASE_ID",
description="File description",
session_id="SESSION_ID",
sha256="SHA256_HASH"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aid": "AGENT_ID",
"case_id": "CASE_ID",
"description": "File description",
"session_id": "SESSION_ID",
"sha256": "SHA256_HASH"
}
response = falcon.command("entities_retrieve_rtr_recent_file_post_v1", body=body_payload)
print(response)
Back to Table of Contents
aggregates_notification_groups_post_v1
Get notification groups aggregations
PEP8 method name
get_notification_groups_aggregation
Endpoint
| Method | Route |
|---|---|
| /casemgmt/aggregates/notification-groups/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| date_ranges | | | body | dictionary or list | Date range timeframe. |
| field | | | body | string | Field to retrieve. |
| filter | | | body | string | FQL syntax. |
| from | | | body | integer | |
| name | | | body | string | |
| size | | | body | integer | |
| sort | | | body | string | Field to sort on. |
| type | | | body | string |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_notification_groups_aggregation(date_ranges=[
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
field="status",
filter="string",
name="string",
size=0,
sort="string",
type="terms"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregates_notification_groups_post_v1(date_ranges=[
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
field="status",
filter="string",
name="string",
size=0,
sort="string",
type="terms"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"date_ranges": [
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
"field": "status",
"filter": "string",
"from": integer,
"name": "string",
"size": integer,
"sort": "string",
"type": "terms"
}
response = falcon.command("aggregates_notification_groups_post_v1", body=body_payload)
print(response)
Back to Table of Contents
aggregates_notification_groups_post_v2
Get notification groups aggregations
PEP8 method name
get_notification_groups_aggregation_v2
Endpoint
| Method | Route |
|---|---|
| /casemgmt/aggregates/notification-groups/v2 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| date_ranges | | | body | dictionary or list | Date range timeframe. |
| field | | | body | string | Field to retrieve. |
| filter | | | body | string | FQL syntax. |
| from | | | body | integer | |
| name | | | body | string | |
| size | | | body | integer | |
| sort | | | body | string | Field to sort on. |
| type | | | body | string |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_notification_groups_aggregation_v2(date_ranges=[
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
field="status",
filter="string",
name="string",
size=0,
sort="string",
type="terms"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregates_notification_groups_post_v2(date_ranges=[
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
field="status",
filter="string",
name="string",
size=0,
sort="string",
type="terms"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"date_ranges": [
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
"field": "status",
"filter": "string",
"from": integer,
"name": "string",
"size": integer,
"sort": "string",
"type": "terms"
}
response = falcon.command("aggregates_notification_groups_post_v2", body=body_payload)
print(response)
Back to Table of Contents
aggregates_slas_post_v1
Get SLA aggregations
PEP8 method name
get_sla_aggregations
Endpoint
| Method | Route |
|---|---|
| /casemgmt/aggregates/slas/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| date_ranges | | | body | dictionary or list | Date range timeframe. |
| field | | | body | string | Field to retrieve. |
| filter | | | body | string | FQL syntax. |
| from | | | body | integer | |
| name | | | body | string | |
| size | | | body | integer | |
| sort | | | body | string | Field to sort on. |
| type | | | body | string |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_sla_aggregations(date_ranges=[
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
field="status",
filter="string",
name="string",
size=0,
sort="string",
type="terms"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregates_slas_post_v1(date_ranges=[
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
field="status",
filter="string",
name="string",
size=0,
sort="string",
type="terms"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"date_ranges": [
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
"field": "status",
"filter": "string",
"from": integer,
"name": "string",
"size": integer,
"sort": "string",
"type": "terms"
}
response = falcon.command("aggregates_slas_post_v1", body=body_payload)
print(response)
Back to Table of Contents
aggregates_templates_post_v1
Get templates aggregations
PEP8 method name
get_template_aggregations
Endpoint
| Method | Route |
|---|---|
| /casemgmt/aggregates/templates/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| date_ranges | | | body | dictionary or list | Date range timeframe. |
| field | | | body | string | Field to retrieve. |
| filter | | | body | string | FQL syntax. |
| from | | | body | integer | |
| name | | | body | string | |
| size | | | body | integer | |
| sort | | | body | string | Field to sort on. |
| type | | | body | string |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_template_aggregations(date_ranges=[
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
field="status",
filter="string",
name="string",
size=0,
sort="string",
type="terms"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregates_templates_post_v1(date_ranges=[
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
field="status",
filter="string",
name="string",
size=0,
sort="string",
type="terms"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"date_ranges": [
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
"field": "status",
"filter": "string",
"from": integer,
"name": "string",
"size": integer,
"sort": "string",
"type": "terms"
}
response = falcon.command("aggregates_templates_post_v1", body=body_payload)
print(response)
Back to Table of Contents
aggregates_access_tags_post_v1
Get access tag aggregates.
PEP8 method name
get_access_tag_aggregations
Endpoint
| Method | Route |
|---|---|
| /casemgmt/aggregates/access-tags/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| date_ranges | | | body | dictionary or list | Date range timeframe. |
| field | | | body | string | Field to retrieve. |
| filter | | | body | string | FQL syntax. |
| from | | | body | integer | |
| name | | | body | string | |
| size | | | body | integer | |
| sort | | | body | string | Field to sort on. |
| type | | | body | string |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_access_tag_aggregations(date_ranges=[
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
field="status",
filter="string",
name="string",
size=0,
sort="string",
type="terms"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregates_access_tags_post_v1(date_ranges=[
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
field="status",
filter="string",
name="string",
size=0,
sort="string",
type="terms"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"date_ranges": [
{
"from": "2024-01-01T00:00:00Z",
"to": "2024-12-31T23:59:59Z"
}
],
"field": "status",
"filter": "string",
"from": integer,
"name": "string",
"size": integer,
"sort": "string",
"type": "terms"
}
response = falcon.command("aggregates_access_tags_post_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_access_tags_get_v1
Get access tags.
PEP8 method name
get_access_tags
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/access-tags/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_access_tags(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_access_tags_get_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_access_tags_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
entities_notification_groups_get_v1
Get notification groups by ID
PEP8 method name
get_notification_groups
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/notification-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_notification_groups(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_get_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_notification_groups_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
entities_notification_groups_post_v1
Create notification group
PEP8 method name
create_notification_group
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/notification-groups/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| channels | | | body | list of dictionaries | The notification group channel configuration parameters. |
| description | | | body | string | Notification group description. |
| name | | | body | string | Notification group name. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "email"
}
]
response = falcon.create_notification_group(channels=channels,
description="string",
name="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "email"
}
]
response = falcon.entities_notification_groups_post_v1(channels=channels,
description="string",
name="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"channels": [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "email"
}
],
"description": "string",
"name": "string"
}
response = falcon.command("entities_notification_groups_post_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_notification_groups_patch_v1
Update notification group
PEP8 method name
update_notification_group
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/notification-groups/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| channels | | | body | list of dictionaries | The notification group channel configuration parameters. |
| description | | | body | string | Notification group description. |
| id | | | body | string | The ID of the notification group. |
| name | | | body | string | Notification group name. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "email"
}
]
response = falcon.update_notification_group(channels=channels,
description="string",
id="string",
name="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "email"
}
]
response = falcon.entities_notification_groups_patch_v1(channels=channels,
description="string",
id="string",
name="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"channels": [
{
"config_id": "string",
"config_name": "string",
"recipients": [
"string"
],
"severity": "string",
"type": "email"
}
],
"description": "string",
"id": "string",
"name": "string"
}
response = falcon.command("entities_notification_groups_patch_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_notification_groups_delete_v1
Delete notification groups by ID
PEP8 method name
delete_notification_group
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/notification-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_notification_group(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_delete_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_notification_groups_delete_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
entities_notification_groups_get_v2
Get notification groups by ID
PEP8 method name
get_notification_groups_v2
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/notification-groups/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_notification_groups_v2(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_get_v2(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_notification_groups_get_v2",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
entities_notification_groups_post_v2
Create notification group
PEP8 method name
create_notification_group_v2
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/notification-groups/v2 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| channels | | | body | list of dictionaries | The notification group channel configuration parameters. |
| description | | | body | string | Notification group description. |
| name | | | body | string | Notification group name. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "email"
}
]
response = falcon.create_notification_group_v2(channels=channels,
description="string",
name="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels = [
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "email"
}
]
response = falcon.entities_notification_groups_post_v2(channels=channels,
description="string",
name="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"channels": [
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "email"
}
],
"description": "string",
"name": "string"
}
response = falcon.command("entities_notification_groups_post_v2", body=body_payload)
print(response)
Back to Table of Contents
entities_notification_groups_patch_v2
Update notification group
PEP8 method name
update_notification_group_v2
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/notification-groups/v2 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| channels | | | body | list of dictionaries | The notification group channel configuration parameters. |
| description | | | body | string | Notification group description. |
| name | | | body | string | Notification group name. |
| id | | | body | string | The ID of the notification group. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels=[
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "email"
}
]
response = falcon.update_notification_group_v2(channels=channels,
description="string",
name="string",
id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
channels=[
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "email"
}
]
response = falcon.entities_notification_groups_patch_v2(channels=channels,
description="string",
name="string",
id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"channels": [
{
"config_id": "string",
"config_name": "string",
"params": {},
"type": "email"
}
],
"description": "string",
"name": "string",
"id": "string"
}
response = falcon.command("entities_notification_groups_patch_v2", body=body_payload)
print(response)
Back to Table of Contents
entities_notification_groups_delete_v2
Delete notification groups by ID
PEP8 method name
delete_notification_group_v2
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/notification-groups/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_notification_group_v2(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_notification_groups_delete_v2(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_notification_groups_delete_v2",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
entities_fields_get_v1
Get fields by ID
PEP8 method name
get_fields
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/fields/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_fields(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_fields_get_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_fields_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
entities_slas_get_v1
Get SLAs by ID
PEP8 method name
get_slas
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/slas/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_slas(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_slas_get_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_slas_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
entities_slas_post_v1
Create SLA
PEP8 method name
create_sla
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/slas/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| description | | | body | string | The description of the SLA. |
| goals | | | body | list of dictionaries | The SLA goals. |
| name | | | body | string | The name of the SLA. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
goals = [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
]
response = falcon.create_sla(description="string",
goals=goals,
name="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
goals = [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
]
response = falcon.entities_slas_post_v1(description="string",
goals=goals,
name="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"goals": [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
],
"name": "string"
}
response = falcon.command("entities_slas_post_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_slas_patch_v1
Update SLA
PEP8 method name
update_sla
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/slas/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| description | | | body | string | The description of the SLA. |
| goals | | | body | list of dictionaries | The SLA goals. |
| id | | | body | string | The ID of the SLA to update. |
| name | | | body | string | The name of the SLA. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
goals = [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
]
response = falcon.update_sla(description="string",
goals=goals,
name="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
goals = [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
]
response = falcon.entities_slas_patch_v1(description="string",
goals=goals,
name="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"goals": [
{
"duration_seconds": integer,
"escalation_policy": {
"steps": [
{
"escalate_after_seconds": integer,
"notification_group_id": "string"
}
]
},
"type": "string"
}
],
"name": "string"
}
response = falcon.command("entities_slas_patch_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_slas_delete_v1
Delete SLAs
PEP8 method name
delete_sla
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/slas/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_sla(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_slas_delete_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_slas_delete_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
entities_template_snapshots_get_v1
Get template snapshots
PEP8 method name
get_template_snapshots
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/template-snapshots/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Snapshot IDs. |
| template_ids | | | query | string or list of strings | Retrieves the latest snapshot for all Template IDs. |
| versions | | | query | integer or list of integers | Retrieve a specific version of the template from the parallel array template_ids. A value of zero will return the latest snapshot. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
snapshot_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_template_snapshots(ids=snapshot_ids)
print(response)
template_ids = ['template1', 'template2']
response = falcon.get_template_snapshots(template_ids=template_ids)
print(response)
template_ids = ['template1', 'template2']
versions = [1, 0]
response = falcon.get_template_snapshots(template_ids=template_ids,
versions=versions)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
snapshot_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_template_snapshots_get_v1(ids=snapshot_ids)
print(response)
response = falcon.entities_template_snapshots_get_v1(template_ids=['template1', 'template2'])
print(response)
response = falcon.entities_template_snapshots_get_v1(template_ids=['template1', 'template2'],
versions=[1, 0])
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_template_snapshots_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
response = falcon.command("entities_template_snapshots_get_v1",
template_ids=["template1", "template2"]
)
print(response)
response = falcon.command("entities_template_snapshots_get_v1",
template_ids=["template1", "template2"],
versions=[1, 0]
)
print(response)
Back to Table of Contents
entities_templates_export_get_v1
Export templates to files in a zip archive
PEP8 method name
export_templates
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/templates/export/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Template IDs. |
| filter | | | query | string | FQL filter expression. |
| format | | | query | string | Export file format. Valid values: yaml, json. Default: yaml. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
template_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.export_templates(ids=template_ids, format="yaml")
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
template_ids = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_templates_export_get_v1(ids=template_ids, format="yaml")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_templates_export_get_v1",
ids=["ID1", "ID2", "ID3"],
format="yaml"
)
print(response)
Back to Table of Contents
entities_templates_import_post_v1
Import a template from a file
PEP8 method name
import_template
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/templates/import/v1 |
Required Scope
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| file | | | formData | file | Local file to import. |
| dry_run | | | formData | boolean | Run validation only. |
| data | | | formData | dictionary | Full formData payload as a dictionary. Not required when using other keywords. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.import_template(file=("template.yaml", open("template.yaml", "rb")),
dry_run=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_templates_import_post_v1(file=("template.yaml", open("template.yaml", "rb")),
dry_run=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_templates_import_post_v1",
file=("template.yaml", open("template.yaml", "rb")),
dry_run=boolean
)
print(response)
Back to Table of Contents
entities_templates_get_v1
Get templates by ID
PEP8 method name
get_templates
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/templates/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_templates(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_templates_get_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_templates_get_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
entities_templates_post_v1
Create template
PEP8 method name
create_template
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/templates/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| description | | | body | string | Template description. |
| fields | | | body | list of dictionaries | Template fields configuration. |
| name | | | body | string | Template name. |
| sla_id | | | body | string | SLA ID for the template. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
]
response = falcon.create_template(description="string",
fields=fields,
name="string",
sla_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
]
response = falcon.entities_templates_post_v1(description="string",
fields=fields,
name="string",
sla_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"fields": [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
],
"name": "string",
"sla_id": "string"
}
response = falcon.command("entities_templates_post_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_templates_patch_v1
Update template
PEP8 method name
update_template
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/templates/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| fields | | | body | list of dictionaries | The template fields configuration. |
| description | | | body | string | Template description. |
| id | | | body | string | The ID of the template to update. |
| sla_id | | | body | string | The ID of the SLA. |
| name | | | body | string | Template name. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
]
response = falcon.update_template(description="string",
fields=fields,
id="string",
name="string",
sla_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
]
response = falcon.entities_templates_patch_v1(description="string",
fields=fields,
id="string",
name="string",
sla_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"fields": [
{
"data_type": "string",
"default_value": "string",
"input_type": "string",
"multivalued": boolean,
"name": "string",
"options": [
{
"value": "string"
}
],
"required": boolean
}
],
"id": "string",
"name": "string",
"sla_id": "string"
}
response = falcon.command("entities_templates_patch_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_templates_delete_v1
Delete templates
PEP8 method name
delete_templates
Endpoint
| Method | Route |
|---|---|
| /casemgmt/entities/templates/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Resource IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_templates(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_templates_delete_v1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_templates_delete_v1",
ids=["ID1", "ID2", "ID3"]
)
print(response)
Back to Table of Contents
queries_access_tags_get_v1
Query access tags.
PEP8 method name
query_access_tags
Endpoint
| Method | Route |
|---|---|
| /casemgmt/queries/access-tags/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | | | query | string | Pagination token. |
| filter | | | query | string | FQL filter expression. |
| limit | | | query | integer | Page size. Maximum value is 200. |
| sort | | | query | string | Sort expression. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_access_tags(filter="string",
sort="string",
limit=integer,
after="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_access_tags_get_v1(filter="string",
sort="string",
limit=integer,
after="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_access_tags_get_v1",
filter="string",
sort="string",
limit=integer,
after="string"
)
print(response)
Back to Table of Contents
queries_fields_get_v1
Query fields
PEP8 method name
query_fields
Endpoint
| Method | Route |
|---|---|
| /casemgmt/queries/fields/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression. |
| limit | | | query | integer | Page size. Maximum value is 200. |
| offset | | | query | integer | Page offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_fields(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_fields_get_v1(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_fields_get_v1",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
queries_notification_groups_get_v1
Query notification groups
PEP8 method name
query_notification_groups
Endpoint
| Method | Route |
|---|---|
| /casemgmt/queries/notification-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression. |
| limit | | | query | integer | Page size. Maximum value is 200. |
| offset | | | query | integer | Page offset. |
| sort | | | query | string | Sort expression. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_notification_groups(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_notification_groups_get_v1(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_notification_groups_get_v1",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
queries_notification_groups_get_v2
Query notification groups
PEP8 method name
query_notification_groups_v2
Endpoint
| Method | Route |
|---|---|
| /casemgmt/queries/notification-groups/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression. |
| limit | | | query | integer | Page size. Maximum value is 200. |
| offset | | | query | integer | Page offset. |
| sort | | | query | string | Sort expression. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_notification_groups_v2(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_notification_groups_get_v2(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_notification_groups_get_v2",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
queries_slas_get_v1
Query SLAs
PEP8 method name
query_slas
Endpoint
| Method | Route |
|---|---|
| /casemgmt/queries/slas/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression. |
| limit | | | query | integer | Page size. Maximum value is 200. |
| offset | | | query | integer | Page offset. |
| sort | | | query | string | Sort expression. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_slas(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_slas_get_v1(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_slas_get_v1",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
queries_template_snapshots_get_v1
Query template snapshots
PEP8 method name
query_template_snapshots
Endpoint
| Method | Route |
|---|---|
| /casemgmt/queries/template-snapshots/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression. |
| limit | | | query | integer | Page size. Maximum value is 200. |
| offset | | | query | integer | Page offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_template_snapshots(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_template_snapshots_get_v1(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_template_snapshots_get_v1",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
queries_templates_get_v1
Query templates
PEP8 method name
query_templates
Endpoint
| Method | Route |
|---|---|
| /casemgmt/queries/templates/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression. |
| limit | | | query | integer | Page size. Maximum value is 200. |
| offset | | | query | integer | Page offset. |
| sort | | | query | string | Sort expression. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_templates(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_templates_get_v1(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_templates_get_v1",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
entities_alert_evidence_post_v1
Adds the given list of alert evidence to the specified case.
PEP8 method name
add_case_alert_evidence
Endpoint
| Method | Route |
|---|---|
| /cases/entities/alert-evidence/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| alerts | | | body | list of dictionaries | The alert IDs. |
| id | | | body | string | The specified case ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.add_case_alert_evidence(alerts=[{"id": "string"}],
id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_alert_evidence_post_v1(alerts=[{"id": "string"}],
id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"alerts": [
{
"id": "string"
}
],
"id": "string"
}
response = falcon.command("entities_alert_evidence_post_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_case_tags_post_v1
Adds the given list of tags to the specified case.
PEP8 method name
add_case_tags
Endpoint
| Method | Route |
|---|---|
| /cases/entities/case-tags/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| tags | | | body | array of strings | The given list of tags. |
| id | | | body | string | The specified case ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.add_case_tags(id="string",
tags=["string"]
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_case_tags_post_v1(id="string",
tags=["string"]
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"id": "string",
"tags": [
"string"
]
}
response = falcon.command("entities_case_tags_post_v1", body=body_payload)
print(response)
Back to Table of Contents
entities_case_tags_delete_v1
Removes the specified tags from the specified case.
PEP8 method name
delete_case_tags
Endpoint
| Method | Route |
|---|---|
| /cases/entities/case-tags/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | | | query | string | The ID of the case to remove tags from. |
| tag | | | query | string or list of strings | The tag to remove from the case. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_case_tags(id="case_id_here",
tag=["tag1", "tag2"]
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_case_tags_delete_v1(id="case_id_here",
tag=["tag1", "tag2"]
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("entities_case_tags_delete_v1",
id="case_id_here",
tag=["tag1", "tag2"]
)
print(response)
Back to Table of Contents
entities_cases_put_v2
Creates the given Case
PEP8 method name
create_case
Endpoint
| Method | Route |
|---|---|
 | /cases/entities/cases/v2 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload as a dictionary. Not required if using other keywords. |
| assigned_to_user_uuid | | | body | string | UUID of the user to assign the case to. |
| description | | | body | string | The description of the case. |
| evidence | | | body | dictionary | The case evidence info. |
| name | | | body | string | The name of the case. |
| severity | | | body | integer | The severity level of the case. |
| status | | | body | string | The current status of the case. |
| tags | | | body | list of strings | The tags to be attached to the case. |
| template | | | body | dictionary | The template case to utilize. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
evidence = {
"alerts": [
{
"id": "alert_id_123"
}
],
"events": [
{
"id": "event_id_456"
}
],
"leads": [
{
"id": "lead_id_789"
}
]
}
response = falcon.create_case(assigned_to_user_uuid="12345678-1234-1234-1234-123456789012",
description="Detailed description of the case",
evidence=evidence,
name="New Security Case",
severity=integer,
status="new",
tags=["security", "incident"],
template={"id": "template_id_abc"}
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
evidence = {
"alerts": [
{
"id": "alert_id_123"
}
],
"events": [
{
"id": "event_id_456"
}
],
"leads": [
{
"id": "lead_id_789"
}
]
}
response = falcon.entities_cases_put_v2(assigned_to_user_uuid="12345678-1234-1234-1234-123456789012",
description="Detailed description of the case",
evidence=evidence,
name="New Security Case",
severity=integer,
status="new",
tags=["security", "incident"],
template={"id": "template_id_abc"}
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"assigned_to_user_uuid": "12345678-1234-1234-1234-123456789012",
"description": "Detailed description of the case",
"evidence": {
"alerts": [
{
"id": "alert_id_123"
}
],
"events": [
{
"id": "event_id_456"
}
],
"leads": [
{
"id": "lead_id_789"
}
]
},
"name": "New Security Case",
"severity": 3,
"status": "new",
"tags": [
"security",
"incident"
],
"template": {
"id": "template_id_abc"
}
}
response = falcon.command("entities_cases_put_v2", body=body_payload)
print(response)
Back to Table of Contents
entities_cases_post_v2
Retrieves all Cases given their IDs.
PEP8 method name
get_cases
Endpoint
| Method | Route |
|---|---|
| /cases/entities/cases/v2 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| ids | | | body | string or list of strings | The case IDs. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_cases(ids=["case_id_1", "case_id_2", "case_id_3"])
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_cases_post_v2(ids=["case_id_1", "case_id_2", "case_id_3"])
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"ids": ["case_id_1", "case_id_2", "case_id_3"]
}
response = falcon.command("entities_cases_post_v2", body=body_payload)
print(response)
Back to Table of Contents
entities_cases_patch_v2
Updates given fields on the specified case.
PEP8 method name
update_case_fields
Endpoint
| Method | Route |
|---|---|
| /cases/entities/cases/v2 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload as a dictionary. Not required if using other keywords. |
| expected_consistency_version | | | body | integer | The consistency version. |
| expected_version | | | body | integer | The version. |
| fields | | | body | dictionary | The updated given fields for the specified case. |
| id | | | body | string | The specified case ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = {
"assigned_to_user_uuid": "12345678-1234-1234-1234-123456789012",
"custom_fields": [
{
"id": "custom_field_1",
"values": [
"custom_value_1",
"custom_value_2"
]
}
],
"description": "Updated case description",
"name": "Updated Case Name",
"remove_user_assignment": boolean,
"severity": 2,
"slas_active": boolean,
"status": "in_progress",
"template": {
"id": "template_id_abc"
}
}
response = falcon.update_case_fields(expected_consistency_version=0,
expected_version=1,
fields=fields,
id="case_id_here"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
fields = {
"assigned_to_user_uuid": "12345678-1234-1234-1234-123456789012",
"custom_fields": [
{
"id": "custom_field_1",
"values": [
"custom_value_1",
"custom_value_2"
]
}
],
"description": "Updated case description",
"name": "Updated Case Name",
"remove_user_assignment": boolean,
"severity": 2,
"slas_active": boolean,
"status": "in_progress",
"template": {
"id": "template_id_abc"
}
}
response = falcon.entities_cases_patch_v2(expected_consistency_version=0,
expected_version=1,
fields=fields,
id="case_id_here"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"expected_consistency_version": integer,
"expected_version": 1,
"fields": {
"assigned_to_user_uuid": "12345678-1234-1234-1234-123456789012",
"custom_fields": [
{
"id": "custom_field_1",
"values": [
"custom_value_1",
"custom_value_2"
]
}
],
"description": "Updated case description",
"name": "Updated Case Name",
"remove_user_assignment": boolean,
"severity": 2,
"slas_active": boolean,
"status": "in_progress",
"template": {
"id": "template_id_abc"
}
},
"id": "case_id_here"
}
response = falcon.command("entities_cases_patch_v2", body=body_payload)
print(response)
Back to Table of Contents
entities_event_evidence_post_v1
Adds the given list of event evidence to the specified case.
PEP8 method name
add_case_event_evidence
Endpoint
| Method | Route |
|---|---|
| /cases/entities/event-evidence/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| events | | | body | list of dictionaries | The event evidence field. |
| id | | | body | string | The specified case id. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.add_case_event_evidence(events=[{"id": "string"}],
id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.entities_event_evidence_post_v1(events=[{"id": "string"}],
id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"events": [
{
"id": "string"
}
],
"id": "string"
}
response = falcon.command("entities_event_evidence_post_v1", body=body_payload)
print(response)
Back to Table of Contents
queries_cases_get_v1
Retrieves all Cases IDs that match a given query.
PEP8 method name
query_case_ids
Endpoint
| Method | Route |
|---|---|
| /cases/queries/cases/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter Cases using a query in Falcon Query Language (FQL). Filter fields can be any keyword field that is part of #domain.Case. An asterisk wildcard * includes all results. Empty value means to not filter on anything. Most commonly used filter fields that supports exact match: cid, id. Most commonly used filter fields that supports wildcard (*): assigned_to_name, assigned_to_uuid. Most commonly filter fields that supports range comparisons (>, <, >=, <=): created_timestamp, updated_timestamp. All filter fields and operations support negation (!). The full list of valid filter options is extensive. Review it in our documentation inside the Falcon console. |
| limit | | | query | integer | The maximum number of Cases to return in this response (default: 100; max: 10000). Use this parameter together with the offset parameter to manage pagination of the results. |
| offset | | | query | integer | The first case to return, where 0 is the latest case. Use with the offset parameter to manage pagination of results. |
| q | | | query | string | Search all Case metadata for the provided string. |
| sort | | | query | string | Sort parameter takes the form <field|direction>. Direction can be either asc (ascending) or desc (descending) order. For example: status|asc or status|desc. The sorting fields can be any keyword field that is part of #domain.Case except for the text based fields. Most commonly used fields are status, cid, created_timestamp, updated_timestamp, assigned_to_name, assigned_to_userid, assigned_to_uuid, tags. If the fields are missing from the Cases, the service will fallback to its default ordering. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_case_ids(filter="status:'new'",
limit=integer,
offset=integer,
sort="created_timestamp|desc",
q="search_term"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CaseManagement
# Do not hardcode API credentials!
falcon = CaseManagement(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_cases_get_v1(filter="status:'new'",
limit=integer,
offset=integer,
sort="created_timestamp|desc",
q="search_term"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_cases_get_v1",
filter="status:'new'",
limit=integer,
offset=integer,
sort="created_timestamp|desc",
q="search_term"
)
print(response)
Back to Table of Contents