Using the Cloud Policies service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Get rule input schema for given resource type. | ||||
| Assign rules to a compliance control (full replace). | ||||
| Get compliance controls by ID. | ||||
| Create a new custom compliance control. | ||||
| Update a custom compliance control. | ||||
| Delete custom compliance controls. | ||||
| Query for compliance controls by various parameters. | ||||
| Get a rule by id. | ||||
| Rename a section in a custom compliance framework. | ||||
| Get compliance frameworks by ID. | ||||
| Create a new custom compliance framework. | ||||
| Update a custom compliance framework. | ||||
| Delete a custom compliance framework and all associated controls and rule assignments. | ||||
| Get enriched assets that combine a primary resource with all its related resources. | ||||
| Get evaluation results based on the provided rule. | ||||
| Get a rule override. | ||||
| Create a new rule override. | ||||
| Update a rule override. | ||||
| Delete a rule override. | ||||
| Create a new rule. | ||||
| Update a rule. | ||||
| Delete a rule. | ||||
| Query for compliance frameworks by various parameters. | ||||
| Query for rules by various parameters. | ||||
| Get Suppression Rules by ID. | ||||
| Create a new suppression rule. | ||||
| Update a suppression rule. | ||||
| Delete Suppression Rules by ID. | ||||
| Query suppression rules with filtering, sorting and pagination. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
GetRuleInputSchema
Get rule input schema for given resource type.
PEP8 method name
get_rule_input_schema
Endpoint
| Method | Route |
|---|---|
 | /cloud-policies/combined/rules/input-schema/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| domain |  | | query | string | Domain. |
| subdomain | | | query | string | Subdomain. |
| cloud_provider | | | query | string | Cloud service provider for the resource type. Allowed values: aws, azure, gcp, oci. |
| resource_type | | | query | string | Selects the resource type for which to retrieve the rule input schema. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_rule_input_schema(domain="string",
subdomain="string",
cloud_provider="string",
resource_type="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetRuleInputSchema(domain="string",
subdomain="string",
cloud_provider="string",
resource_type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetRuleInputSchema",
domain="string",
subdomain="string",
cloud_provider="string",
resource_type="string"
)
print(response)
Back to Table of Contents
ReplaceControlRules
Assign rules to a compliance control (full replace).
PEP8 method name
replace_control_rules
Endpoint
| Method | Route |
|---|---|
 | /cloud-policies/entities/compliance/control-rule-assignments/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | The UUID of the compliance control to assign rules to. |
| rule_ids | |  | body | list of strings | The Rule ID. |
| body | |  | body | dictionary | Full body payload in JSON format. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.replace_control_rules(ids="string",
rule_ids=["string"]
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReplaceControlRules(ids="string",
rule_ids=["string"]
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
'rule_ids': [
'string'
]
}
response = falcon.command("ReplaceControlRules",
ids="string",
body=BODY
)
print(response)
Back to Table of Contents
GetComplianceControls
Get compliance controls by ID.
PEP8 method name
get_compliance_controls
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/compliance/controls/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuids of compliance controls to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_compliance_controls(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetComplianceControls(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetComplianceControls", ids=id_list)
print(response)
Back to Table of Contents
CreateComplianceControl
Create a new custom compliance control.
PEP8 method name
create_compliance_control
Endpoint
| Method | Route |
|---|---|
 | /cloud-policies/entities/compliance/controls/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| description | | | body | string | The description of hte custom compliance control. |
| name | | | body | string | The name of the custom compliance control. |
| framework_id | | | body | string | The framework ID of the custom compliance control. |
| section_name | | | body | string | The section name of the custom compliance control. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_compliance_control(description="string",
framework_id="string",
name="string",
section_name="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateComplianceControl(description="string",
framework_id="string",
name="string",
section_name="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "string",
"framework_id": "string",
"name": "string",
"section_name": "string"
}
response = falcon.command("CreateComplianceControl", body=BODY)
print(response)
Back to Table of Contents
UpdateComplianceControl
Update a custom compliance control.
PEP8 method name
update_compliance_control
Endpoint
| Method | Route |
|---|---|
 | /cloud-policies/entities/compliance/controls/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | The uuid of compliance control to update. |
| body | | | body | dictionary | Full body payload in JSON format. |
| description | | | body | string | The description of hte custom compliance control. |
| name | | | body | string | The name of the custom compliance control. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_compliance_control(ids="string",
description="string",
name="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateComplianceControl(ids="string",
description="string",
name="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "string",
"name": "string"
}
response = falcon.command("UpdateComplianceControl",
ids="string",
body=BODY
)
print(response)
Back to Table of Contents
DeleteComplianceControl
Delete custom compliance controls.
PEP8 method name
delete_compliance_control
Endpoint
| Method | Route |
|---|---|
 | /cloud-policies/entities/compliance/controls/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuids of compliance control to delete. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_compliance_control(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteComplianceControl(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteComplianceControl", ids=id_list)
print(response)
Back to Table of Contents
QueryComplianceControls
Query for compliance controls by various parameters.
PEP8 method name
query_compliance_controls
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/queries/compliance/controls/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter, allowed props: compliance_control_name, compliance_control_authority, compliance_control_type, compliance_control_section, compliance_control_requirement, compliance_control_benchmark_name, compliance_control_benchmark_version. |
| limit | | | query | integer | The maximum number of resources to return. The maximum allowed is 500. Default: 100. |
| offset | | | query | integer | The number of results to skip before starting to return results. Default: 0. |
| sort | | | query | string | Field to sort on. Sortable fields: compliance_control_name, compliance_control_authority, compliance_control_type, compliance_control_section, compliance_control_requirement, compliance_control_benchmark_name, compliance_control_benchmark_version. Use the |asc or |desc suffix to specify sort direction. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_compliance_controls(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QueryComplianceControls(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QueryComplianceControls",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
GetRule
Get a rule by id.
PEP8 method name
get_rule
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuids of rules to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetRule(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetRule", ids=id_list)
print(response)
Back to Table of Contents
RenameSectionComplianceFramework
Rename a section in a custom compliance framework.
PEP8 method name
rename_section_compliance_framework
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/compliance/frameworks/section/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuid of compliance framework containing the section to rename. |
| sectionName | | | query | string | The current name of the section to rename. |
| body | | | body | dictionary | Full body payload in JSON format. |
| section_name | | | body | string | The new section name of the custom compliance control. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.rename_section_compliance_framework(ids="framework_uuid",
sectionName="Old Section Name",
section_name="New Section Name"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RenameSectionComplianceFramework(ids="framework_uuid",
sectionName="Old Section Name",
section_name="New Section Name"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"section_name": "New Section Name"
}
response = falcon.command("RenameSectionComplianceFramework",
ids="framework_uuid",
sectionName="Old Section Name",
body=BODY
)
print(response)
Back to Table of Contents
GetComplianceFrameworks
Get compliance frameworks by ID.
PEP8 method name
get_compliance_frameworks
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/compliance/frameworks/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuids of compliance frameworks to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_compliance_frameworks(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetComplianceFrameworks(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetComplianceFrameworks", ids=id_list)
print(response)
Back to Table of Contents
CreateComplianceFramework
Create a new custom compliance framework.
PEP8 method name
create_compliance_framework
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/compliance/frameworks/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| active | | | body | boolean | Value to determine if the compliance framework will be active. |
| description | | | body | string | The description of the new compliance framework. |
| name | | | body | string | The name of the new compliance framework. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_compliance_framework(active=boolean,
description="Custom compliance framework description",
name="My Custom Framework"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateComplianceFramework(active=boolean,
description="Custom compliance framework description",
name="My Custom Framework"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"active": boolean,
"description": "Custom compliance framework description",
"name": "My Custom Framework"
}
response = falcon.command("CreateComplianceFramework", body=BODY)
print(response)
Back to Table of Contents
UpdateComplianceFramework
Update a custom compliance framework.
PEP8 method name
update_compliance_framework
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/compliance/frameworks/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuids of compliance framework to update. |
| body | | | body | dictionary | Full body payload in JSON format. |
| active | | | body | boolean | Value to determine if the compliance framework will be active. |
| description | | | body | string | The description of the new compliance framework. |
| name | | | body | string | The name of the new compliance framework. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_compliance_framework(ids="framework_uuid",
active=boolean,
description="Updated compliance framework description",
name="Updated Framework Name"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateComplianceFramework(ids="framework_uuid",
active=boolean,
description="Updated compliance framework description",
name="Updated Framework Name"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"active": boolean,
"description": "Updated compliance framework description",
"name": "Updated Framework Name"
}
response = falcon.command("UpdateComplianceFramework",
ids="framework_uuid",
body=BODY
)
print(response)
Back to Table of Contents
DeleteComplianceFramework
Delete a custom compliance framework and all associated controls and rule assignments.
PEP8 method name
delete_compliance_framework
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/compliance/frameworks/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuids of compliance framework to delete. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_compliance_framework(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteComplianceFramework(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteComplianceFramework", ids=id_list)
print(response)
Back to Table of Contents
GetEnrichedAsset
Get enriched assets that combine a primary resource with all its related resources.
PEP8 method name
get_enriched_asset
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/enriched-resources/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | List of asset IDs (maximum 100 IDs allowed). |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_enriched_asset(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetEnrichedAsset(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetEnrichedAsset", ids=id_list)
print(response)
Back to Table of Contents
GetEvaluationResult
Get evaluation results based on the provided rule.
PEP8 method name
get_evaluation_result
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/evaluation/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cloud_provider | | | query | string | Cloud Service Provider of the provided IDs. |
| resource_type | | | query | string | Resource Type of the provided IDs. |
| ids | | | query | string or list of strings | List of assets to evaluate (maximum 100 IDs allowed). |
| body | | | body | dictionary | Full body payload in JSON format. |
| input | | | body | dictionary | The input for the provided rule. |
| logic | | | body | string | The logic of the provided rule. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_evaluation_result(cloud_provider="aws",
resource_type="ec2-instance",
ids=["asset_id_1", "asset_id_2"],
input={"key": "value"},
logic="resource.key == 'value'"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetEvaluationResult(cloud_provider="aws",
resource_type="ec2-instance",
ids=["asset_id_1", "asset_id_2"],
input={"key": "value"},
logic="resource.key == 'value'"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"input": {"key": "value"},
"logic": "resource.key == 'value'"
}
response = falcon.command("GetEvaluationResult",
cloud_provider="aws",
resource_type="ec2-instance",
ids=["asset_id_1", "asset_id_2"],
body=BODY
)
print(response)
Back to Table of Contents
GetRuleOverride
Get a rule override by ID.
PEP8 method name
get_rule_override
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/rule-overrides/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuids of rule overrides to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
ids = "random_id"
response = falcon.get_rule_override(ids=ids)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
ids = "random_id"
response = falcon.GetRuleOverride(ids=ids)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
ids = "random_id"
response = falcon.command("GetRuleOverride", ids=ids)
print(response)
Back to Table of Contents
CreateRuleOverride
Create a new rule override.
PEP8 method name
create_rule_override
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/rule-overrides/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| overrides | | | body | list of dictionaries | The new rule override. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_rule_override(overrides=[
{
"comment": "Override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2025-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Override details",
"reason": "Business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
])
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateRuleOverride(overrides=[
{
"comment": "Override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2025-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Override details",
"reason": "Business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
])
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"overrides": [
{
"comment": "Override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2025-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Override details",
"reason": "Business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
]
}
response = falcon.command("CreateRuleOverride", body=BODY)
print(response)
Back to Table of Contents
UpdateRuleOverride
Update a rule override.
PEP8 method name
update_rule_override
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/rule-overrides/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| overrides | | | body | list of dictionaries | The updated rule override. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_rule_override(overrides=[
{
"comment": "Updated override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2026-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Updated override details",
"reason": "Updated business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
])
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateRuleOverride(overrides=[
{
"comment": "Updated override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2026-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Updated override details",
"reason": "Updated business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
])
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"overrides": [
{
"comment": "Updated override comment",
"crn": "aws::us-east-1::ec2::instance/i-1234567890",
"expires_at": "2026-12-31T23:59:59.999Z",
"override_type": "exception",
"overrides_details": "Updated override details",
"reason": "Updated business requirement",
"rule_id": "rule_uuid_here",
"target_region": "us-east-1"
}
]
}
response = falcon.command("UpdateRuleOverride", body=BODY)
print(response)
Back to Table of Contents
DeleteRuleOverride
Delete a rule override.
PEP8 method name
delete_rule_override
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/rule-overrides/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuids of rule overrides to delete. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rule_override(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteRuleOverride(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteRuleOverride", ids=id_list)
print(response)
Back to Table of Contents
CreateRuleMixin0
Create a new rule.
PEP8 method name
create_rule
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| alert_info | | | body | string | The info of the alert. |
| attack_types | | | body | string | The type of attacks. |
| controls | | | body | list of dictionaries | The authority and code of the rule. |
| description | | | body | string | The description of the rule. |
| domain | | | body | string | The domain of the rule. |
| logic | | | body | string | The logic for the rule. |
| name | | | body | string | The name of the rule. |
| parent_rule_id | | | body | string | The id of the parent. |
| platform | | | body | string | The platform covered by the rule. |
| provider | | | body | string | The provider for the rule. |
| remediation_info | | | body | string | The remediation info provided by the rule. |
| remediation_url | | | body | string | The URL providing the remediation. |
| resource_type | | | body | string | The type of the resource. |
| severity | | | body | integer | The severity level. |
| subdomain | | | body | string | The subdomain for the rule. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_rule(alert_info="Alert information",
attack_types="Privilege Escalation",
controls=[
{
"Authority": "NIST",
"Code": "AC-1"
}
],
description="Rule description",
domain="CloudSecurity",
logic="resource.tags.Environment != 'Production'",
name="Custom Rule Name",
platform="aws",
provider="aws",
remediation_info="Add Environment tag",
remediation_url="https://docs.aws.amazon.com/",
resource_type="ec2-instance",
severity=integer,
subdomain="Compute"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateRuleMixin0(alert_info="Alert information",
attack_types="Privilege Escalation",
controls=[
{
"Authority": "NIST",
"Code": "AC-1"
}
],
description="Rule description",
domain="CloudSecurity",
logic="resource.tags.Environment != 'Production'",
name="Custom Rule Name",
platform="aws",
provider="aws",
remediation_info="Add Environment tag",
remediation_url="https://docs.aws.amazon.com/",
resource_type="ec2-instance",
severity=integer,
subdomain="Compute"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"alert_info": "Alert information",
"attack_types": "Privilege Escalation",
"controls": [
{
"Authority": "NIST",
"Code": "AC-1"
}
],
"description": "Rule description",
"domain": "CloudSecurity",
"logic": "resource.tags.Environment != 'Production'",
"name": "Custom Rule Name",
"platform": "aws",
"provider": "aws",
"remediation_info": "Add Environment tag",
"remediation_url": "https://docs.aws.amazon.com/",
"resource_type": "ec2-instance",
"severity": 2,
"subdomain": "Compute"
}
response = falcon.command("CreateRuleMixin0", body=BODY)
print(response)
Back to Table of Contents
UpdateRule
Update a rule.
PEP8 method name
update_rule
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| alert_info | | | body | string | The info of the alert. |
| attack_types | | | body | list of strings | The type of attacks. |
| category | | | body | string | Rule category. |
| controls | | | body | list of dictionaries | The authority and code of the rule. |
| description | | | body | string | The description of the rule. |
| name | | | body | string | The name of the rule. |
| rule_logic_list | | | body | list of dictionaries | The logic list data. |
| severity | | | body | integer | The severity level. |
| uuid | | | body | string | The uuid of the rule to update. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_rule(alert_info="Updated alert information",
attack_types=["Privilege Escalation", "Data Exfiltration"],
category="string",
controls=[
{
"authority": "NIST",
"code": "AC-2"
}
],
description="Updated rule description",
name="Updated Rule Name",
rule_logic_list=[
{
"logic": "resource.tags.Environment == 'Production'",
"platform": "aws",
"remediation_info": "Ensure proper tagging",
"remediation_url": "https://docs.aws.amazon.com/tagging/"
}
],
severity=integer,
uuid="rule_uuid_here"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateRule(alert_info="Updated alert information",
attack_types=["Privilege Escalation", "Data Exfiltration"],
category="string",
controls=[
{
"authority": "NIST",
"code": "AC-2"
}
],
description="Updated rule description",
name="Updated Rule Name",
rule_logic_list=[
{
"logic": "resource.tags.Environment == 'Production'",
"platform": "aws",
"remediation_info": "Ensure proper tagging",
"remediation_url": "https://docs.aws.amazon.com/tagging/"
}
],
severity=integer,
uuid="rule_uuid_here"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"alert_info": "Updated alert information",
"attack_types": ["Privilege Escalation", "Data Exfiltration"],
"category": "string",
"controls": [
{
"authority": "NIST",
"code": "AC-2"
}
],
"description": "Updated rule description",
"name": "Updated Rule Name",
"rule_logic_list": [
{
"logic": "resource.tags.Environment == 'Production'",
"platform": "aws",
"remediation_info": "Ensure proper tagging",
"remediation_url": "https://docs.aws.amazon.com/tagging/"
}
],
"severity": 3,
"uuid": "rule_uuid_here"
}
response = falcon.command("UpdateRule", body=BODY)
print(response)
Back to Table of Contents
DeleteRuleMixin0
Delete a rule.
PEP8 method name
delete_rule
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuids of rules to delete. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_rule(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteRuleMixin0(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteRuleMixin0", ids=id_list)
print(response)
Back to Table of Contents
QueryComplianceFrameworks
Query for compliance frameworks by various parameters.
PEP8 method name
query_compliance_frameworks
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/queries/compliance/frameworks/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter, allowed props: compliance_framework_name, compliance_framework_version, compliance_framework_authority. |
| limit | | | query | integer | The maximum number of resources to return. The maximum allowed is 500. Default: 100. |
| offset | | | query | integer | The number of results to skip before starting to return results. Default: 0. |
| sort | | | query | string | Field to sort on. Sortable fields: compliance_framework_name, compliance_framework_version, compliance_framework_authority. Use the |asc or |desc suffix to specify sort direction. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_compliance_frameworks(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QueryComplianceFrameworks(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QueryComplianceFrameworks",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
QueryRule
Query for rules by various parameters.
PEP8 method name
query_rule
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/queries/rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter, allowed props: rule_auto_remediable, rule_category, rule_cloneable, rule_compliance_benchmark, rule_compliance_benchmark_uuid, rule_compliance_framework, rule_control_requirement, rule_control_section, rule_created_at, rule_description, rule_domain, rule_mitre_tactic, rule_mitre_technique, rule_name, rule_origin, rule_parent_uuid, rule_provider, rule_resource_type, rule_resource_type_name, rule_risk_factor, rule_service, rule_severity, rule_short_code, rule_status, rule_subdomain, rule_updated_at, rule_updated_by. |
| limit | | | query | integer | The maximum number of resources to return. The maximum allowed is 500. Default: 100. |
| offset | | | query | integer | The number of results to skip before starting to return results. Default: 0. |
| sort | | | query | string | Field to sort on. Sortable fields: rule_auto_remediable, rule_category, rule_cloneable, rule_compliance_benchmark, rule_compliance_benchmark_uuid, rule_compliance_framework, rule_control_requirement, rule_control_section, rule_created_at, rule_description, rule_domain, rule_mitre_tactic, rule_mitre_technique, rule_name, rule_origin, rule_parent_uuid, rule_provider, rule_resource_type, rule_resource_type_name, rule_risk_factor, rule_service, rule_severity, rule_short_code, rule_status, rule_subdomain, rule_updated_at, rule_updated_by. Use the |asc or |desc suffix to specify sort direction. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_rule(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QueryRule(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QueryRule",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
GetSuppressionRules
Get Suppression Rules by ID.
PEP8 method name
get_suppression_rules
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/suppression-rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuids of the suppression rules to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_suppression_rules(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetSuppressionRules(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetSuppressionRules", ids=id_list)
print(response)
Back to Table of Contents
CreateSuppressionRule
Create a new suppression rule.
PEP8 method name
create_suppression_rule
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/suppression-rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| description | | | body | string | Description of the suppression rule. |
| id | | | body | string | The ID of the suppression rule. |
| name | | | body | string | Name of the suppression rule. |
| rule_selection_filter | | | body | dictionary | Dictionary of lists defining rule selection criteria. |
| rule_selection_type | | | body | string | Type of rule selection. |
| scope_asset_filter | | | body | dictionary | Dictionary of lists defining scope asset filter criteria. |
| scope_type | | | body | string | Type of scope. |
| suppression_comment | | | body | string | Comment for the suppression. |
| suppression_expiration_date | | | body | string | Expiration date for the suppression. |
| suppression_reason | | | body | string | Reason for the suppression. |
| domain | | | body | string | Domain. |
| subdomain | | | body | string | Subdomain. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_selection_filter = {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
}
scope_asset_filter = {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
}
response = falcon.create_suppression_rule(description="string",
id="string",
name="string",
rule_selection_filter=rule_selection_filter,
rule_selection_type="string",
scope_asset_filter=scope_asset_filter,
scope_type="string",
suppression_comment="string",
suppression_expiration_date="string",
suppression_reason="string",
domain="string",
subdomain="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_selection_filter = {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
}
scope_asset_filter = {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
}
response = falcon.CreateSuppressionRule(description="string",
id="string",
name="string",
rule_selection_filter=rule_selection_filter,
rule_selection_type="string",
scope_asset_filter=scope_asset_filter,
scope_type="string",
suppression_comment="string",
suppression_expiration_date="string",
suppression_reason="string",
domain="string",
subdomain="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "string",
"id": "string",
"name": "string",
"rule_selection_filter": {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
},
"rule_selection_type": "string",
"scope_asset_filter": {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
},
"scope_type": "string",
"suppression_comment": "string",
"suppression_expiration_date": "string",
"suppression_reason": "string"
}
response = falcon.command("CreateSuppressionRule", body=BODY)
print(response)
Back to Table of Contents
UpdateSuppressionRule
Update a suppression rule.
PEP8 method name
update_suppression_rule
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/suppression-rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| description | | | body | string | Description of the suppression rule. |
| id | | | body | string | The ID of the suppression rule. |
| name | | | body | string | Name of the suppression rule. |
| rule_selection_filter | | | body | dictionary | Dictionary of lists defining rule selection criteria. |
| rule_selection_type | | | body | string | Type of rule selection. |
| scope_asset_filter | | | body | dictionary | Dictionary of lists defining scope asset filter criteria. |
| scope_type | | | body | string | Type of scope. |
| suppression_comment | | | body | string | Comment for the suppression. |
| suppression_expiration_date | | | body | string | Expiration date for the suppression. |
| suppression_reason | | | body | string | Reason for the suppression. |
| domain | | | body | string | Domain. |
| subdomain | | | body | string | Subdomain. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_selection_filter = {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
}
scope_asset_filter = {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
}
response = falcon.update_suppression_rule(description="string",
id="string",
name="string",
rule_selection_filter=rule_selection_filter,
rule_selection_type="string",
scope_asset_filter=scope_asset_filter,
scope_type="string",
suppression_comment="string",
suppression_expiration_date="string",
suppression_reason="string",
domain="string",
subdomain="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
rule_selection_filter = {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
}
scope_asset_filter = {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
}
response = falcon.UpdateSuppressionRule(description="string",
id="string",
name="string",
rule_selection_filter=rule_selection_filter,
rule_selection_type="string",
scope_asset_filter=scope_asset_filter,
scope_type="string",
suppression_comment="string",
suppression_expiration_date="string",
suppression_reason="string",
domain="string",
subdomain="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"description": "string",
"id": "string",
"name": "string",
"rule_selection_filter": {
"rule_ids": ["string"],
"rule_names": ["string"],
"rule_origins": ["string"],
"rule_providers": ["string"],
"rule_services": ["string"],
"rule_severities": ["string"]
},
"rule_selection_type": "string",
"scope_asset_filter": {
"account_ids": ["string"],
"cloud_group_ids": ["string"],
"cloud_providers": ["string"],
"regions": ["string"],
"resource_ids": ["string"],
"resource_names": ["string"],
"resource_types": ["string"],
"service_categories": ["string"],
"tags": ["string"]
},
"scope_type": "string",
"suppression_comment": "string",
"suppression_expiration_date": "string",
"suppression_reason": "string"
}
response = falcon.command("UpdateSuppressionRule", body=BODY)
print(response)
Back to Table of Contents
DeleteSuppressionRules
Delete Suppression Rules by ID.
PEP8 method name
delete_suppression_rules
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/entities/suppression-rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | The uuids of the suppression rules to delete. A maximum of 10 IDs can be provided. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_suppression_rules(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteSuppressionRules(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteSuppressionRules", ids=id_list)
print(response)
Back to Table of Contents
QuerySuppressionRules
Query suppression rules with filtering, sorting and pagination.
PEP8 method name
query_suppression_rules
Endpoint
| Method | Route |
|---|---|
| /cloud-policies/queries/suppression-rules/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL expression to filter suppression rules. Allowed properties: name, description, domain, subdomain, suppression_reason, suppression_expiration_date, created_by, created_at, last_modified_at, disabled, groups. |
| limit | | | query | integer | The maximum number of resources to return. The maximum allowed is 50. Default: 20. |
| offset | | | query | integer | The number of results to skip before starting to return results. Default: 0. |
| sort | | | query | string | Field to sort on. Sortable fields: name, description, domain, subdomain, suppression_reason, suppression_expiration_date, created_by, created_at, last_modified_at, disabled, groups. Use the .asc or .desc suffix to specify sort direction. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_suppression_rules(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudPolicies
# Do not hardcode API credentials!
falcon = CloudPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.QuerySuppressionRules(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("QuerySuppressionRules",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents