Using the Cloud Security service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Get cloud risks with full details based on filters and sort criteria. | ||||
| Query Cloud Groups and return entities with full details. | ||||
| Retrieve Cloud Groups by their UUIDs. | ||||
| Create a new Cloud Group with specified properties and selectors. | ||||
| Update an existing Cloud Group's properties. | ||||
| Delete Cloud Groups in batch by their UUIDs. | ||||
| Query Cloud Groups and return only their IDs. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
combined_cloud_risks
Get cloud risks with full details based on filters and sort criteria.
PEP8 method name
combined_cloud_risks
Endpoint
| Method | Route |
|---|---|
 | /cloud-security-risks/combined/cloud-risks/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  | | query | string | FQL string to filter results in Falcon Query Language (FQL). Supported fields: account_id, account_name, asset_gcrn, asset_id, asset_name, asset_region, asset_type, cloud_group, cloud_provider, first_seen, last_seen, resolved_at, risk_factor, rule_id, rule_name, service_category, severity, status, suppressed_by, suppressed_reason, tags |
| sort | | | query | string | The field to sort on. Use |asc or |desc suffix to specify sort direction. Supported fields: account_id, account_name, asset_id, asset_name, asset_region, asset_type, cloud_provider, first_seen, last_seen, resolved_at, rule_name, service_category, severity, status |
| limit | | | query | integer | The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used. |
| offset | | | query | integer | Offset returned risks |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combined_cloud_risks(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combined_cloud_risks(filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("combined_cloud_risks",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ListCloudGroupsExternal
Query Cloud Groups and return entities with full details.
PEP8 method name
list_cloud_groups
Endpoint
| Method | Route |
|---|---|
| /cloud-security/combined/cloud-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | A valid FQL filter. Supports filtering groups by: Group properties: name, description, created_at, updated_at. Selector properties: cloud_provider, account_id, region, cloud_provider_tag, image_registry, image_repository, image_tag. Group tags: business_unit, business_impact, environment |
| sort | | | query | string | A valid sort string. |
| offset | | | query | string | The starting position of the list operation. |
| limit | | | query | string | The maximum number of cloud groups to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_cloud_groups(filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ListCloudGroupsExternal(filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ListCloudGroupsExternal",
filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
Back to Table of Contents
ListCloudGroupsByIDExternal
Retrieve Cloud Groups by their UUIDs.
PEP8 method name
list_cloud_groups_by_id
Endpoint
| Method | Route |
|---|---|
| /cloud-security/entities/cloud-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Cloud Groups UUIDs to retrieve |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.list_cloud_groups_by_id(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ListCloudGroupsByIDExternal(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ListCloudGroupsByIDExternal", ids=id_list)
print(response)
Back to Table of Contents
CreateCloudGroupExternal
Create a new Cloud Group with specified properties and selectors.
PEP8 method name
create_cloud_group
Endpoint
| Method | Route |
|---|---|
 | /cloud-security/entities/cloud-groups/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |  | body | dictionary | Full body payload in JSON format. Not required if using other keywords. |
| business_impact | |  | body | string | Business impact. |
| business_unit | | | body | string | Business unit. |
| description | | | body | string | Description. |
| environment | | | body | string | Environment. |
| name | | | body | string | Name. |
| owners | | | body | list of strings | Owners. |
| selectors | | | body | dictionary | Selectors. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
selectors = {
"cloud_resources": [
{
"account_ids": ["string"],
"cloud_provider": "aws",
"filters": {
"region": ["string"],
"tags": ["string"]
}
}
],
"images": [
{
"filters": {
"repository": ["string"],
"tag": ["string"]
},
"registry": "string"
}
]
}
response = falcon.create_cloud_group(business_impact="high",
business_unit="string",
description="string",
environment="dev",
name="string",
owners=["string"],
selectors=selectors
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
selectors = {
"cloud_resources": [
{
"account_ids": ["string"],
"cloud_provider": "aws",
"filters": {
"region": ["string"],
"tags": ["string"]
}
}
],
"images": [
{
"filters": {
"repository": ["string"],
"tag": ["string"]
},
"registry": "string"
}
]
}
response = falcon.CreateCloudGroupExternal(business_impact="high",
business_unit="string",
description="string",
environment="dev",
name="string",
owners=["string"],
selectors=selectors
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"business_impact": "high",
"business_unit": "string",
"description": "string",
"environment": "dev",
"name": "string",
"owners": [
"string"
],
"selectors": {
"cloud_resources": [
{
"account_ids": [
"string"
],
"cloud_provider": "aws",
"filters": {
"region": [
"string"
],
"tags": [
"string"
]
}
}
],
"images": [
{
"filters": {
"repository": [
"string"
],
"tag": [
"string"
]
},
"registry": "string"
}
]
}
}
response = falcon.command("CreateCloudGroupExternal", body=body_payload)
print(response)
Back to Table of Contents
UpdateCloudGroupExternal
Update an existing Cloud Group's properties.
PEP8 method name
update_cloud_group
Endpoint
| Method | Route |
|---|---|
 | /cloud-security/entities/cloud-groups/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| group | | | body | dictionary | Complete group payload to update. |
| business_impact | | | body | string | Business impact. |
| business_unit | | | body | string | Business unit. |
| description | | | body | string | Description. |
| environment | | | body | string | Environment. |
| name | | | body | string | Name. |
| owners | | | body | list of strings | Owners. |
| selectors | | | body | dictionary | Selectors. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_payload = {
"business_impact": "high",
"business_unit": "string",
"description": "string",
"environment": "dev",
"name": "string",
"owners": [
"string"
],
"selectors": {
"cloud_resources": [
{
"account_ids": [
"string"
],
"cloud_provider": "aws",
"filters": {
"region": [
"string"
],
"tags": [
"string"
]
}
}
],
"images": [
{
"filters": {
"repository": [
"string"
],
"tag": [
"string"
]
},
"registry": "string"
}
]
}
}
response = falcon.update_cloud_group(group=group_payload)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_payload = {
"business_impact": "high",
"business_unit": "string",
"description": "string",
"environment": "dev",
"name": "string",
"owners": [
"string"
],
"selectors": {
"cloud_resources": [
{
"account_ids": [
"string"
],
"cloud_provider": "aws",
"filters": {
"region": [
"string"
],
"tags": [
"string"
]
}
}
],
"images": [
{
"filters": {
"repository": [
"string"
],
"tag": [
"string"
]
},
"registry": "string"
}
]
}
}
response = falcon.UpdateCloudGroupExternal(group=group_payload)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
group_payload = {
"business_impact": "high",
"business_unit": "string",
"description": "string",
"environment": "dev",
"name": "string",
"owners": [
"string"
],
"selectors": {
"cloud_resources": [
{
"account_ids": [
"string"
],
"cloud_provider": "aws",
"filters": {
"region": [
"string"
],
"tags": [
"string"
]
}
}
],
"images": [
{
"filters": {
"repository": [
"string"
],
"tag": [
"string"
]
},
"registry": "string"
}
]
}
}
response = falcon.command("UpdateCloudGroupExternal", group=group_payload)
print(response)
Back to Table of Contents
DeleteCloudGroupsExternal
Delete Cloud Groups in batch by their UUIDs.
PEP8 method name
delete_cloud_groups
Endpoint
| Method | Route |
|---|---|
 | /cloud-security/entities/cloud-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Cloud Groups UUIDs to delete |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_cloud_groups(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteCloudGroupsExternal(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteCloudGroupsExternal", ids=id_list)
print(response)
Back to Table of Contents
ListCloudGroupIDsExternal
Query Cloud Groups and return only their IDs.
PEP8 method name
list_group_ids
Endpoint
| Method | Route |
|---|---|
| /cloud-security/queries/cloud-groups/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | A valid FQL filter. Supports filtering groups by: Group properties: name, description, created_at, updated_at. Selector properties: cloud_provider, account_id, region, cloud_provider_tag, image_registry, image_repository, image_tag. Group tags: business_unit, business_impact, environment |
| sort | | | query | string | A valid sort string. |
| offset | | | query | string | The starting position of the list operation. |
| limit | | | query | string | The maximum number of cloud groups to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_group_ids(filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSecurity
# Do not hardcode API credentials!
falcon = CloudSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ListCloudGroupIDsExternal(filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ListCloudGroupIDsExternal",
filter="string",
sort="string",
offset="string",
limit="string"
)
print(response)
Back to Table of Contents