Using the NGSIEM service collection
Table of Contents
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
UploadLookupV1
Upload a lookup file to NGSIEM.
PEP8 method name
upload_file
Endpoint
| Method | Route |
|---|---|
 | /humio/api/v1/repositories/{repository}/files |
Required Scope
Content-Type
- Consumes: multipart/form-data
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| lookup_file |  |  | formData | string | Location of the file object to be uploaded. Service class will also accept file for this argument. |
| repository | | | path | string | Name of the repository. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.upload_file(lookup_file="string", repository="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UploadLookupV1(lookup_file="string", repository="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
lookup_file = "string"
with open(lookup_file, "rb") as upload_file:
file_extended = {"file": upload_file}
response = falcon.command("UploadLookupV1", repository="string", files=file_extended)
print(response)
Back to Table of Contents
GetLookupV1
Download lookup file from NGSIEM.
PEP8 method name
get_file
Endpoint
| Method | Route |
|---|---|
 | /humio/api/v1/repositories/{repository}/files/{filename} |
Required Scope
Content-Type
- Produces: application/octet-stream
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filename | | | path | string | Name of the lookup file. |
| repository | | | path | string | Name of the repository. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
save_file.write(falcon.get_file(repository="string", filename="string"))
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
save_file.write(falcon.GetLookupV1(repository="string", filename="string"))
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
save_file.write(falcon.command("GetLookupV1", repository="string", filename="string"))
Back to Table of Contents
GetLookupFromPackageWithNamespaceV1
Download lookup file in namespaced package from NGSIEM.
PEP8 method name
get_file_from_package_with_namespace
Endpoint
| Method | Route |
|---|---|
| /humio/api/v1/repositories/{repository}/files/{namespace}/{package}/{filename} |
Required Scope
Content-Type
- Produces: application/octet-stream
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filename | | | path | string | Name of the lookup file. |
| namespace | | | path | string | Name of the namespace. |
| package | | | path | string | Name of the package. |
| repository | | | path | string | Name of the repository. |
| stream | | | query | boolean | Enable streaming download of the returned file. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.get_file_from_package_with_namespace(repository="string",
namespace="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.GetLookupFromPackageWithNamespaceV1(repository="string",
namespace="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.command("GetLookupFromPackageWithNamespaceV1",
repository="string",
namespace="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
Back to Table of Contents
GetLookupFromPackageV1
Download lookup file in package from NGSIEM.
PEP8 method name
get_file_from_package
Endpoint
| Method | Route |
|---|---|
| /humio/api/v1/repositories/{repository}/files/{package}/{filename} |
Required Scope
Content-Type
- Produces: application/octet-stream
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filename | | | path | string | Name of the lookup file. |
| package | | | path | string | Name of the package. |
| repository | | | path | string | Name of the repository. |
| stream | | | query | boolean | Enable streaming download of the returned file. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.get_file_from_package(repository="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.GetLookupFromPackageV1(repository="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("some_file.ext", "wb") as save_file:
response = falcon.command("GetLookupFromPackageV1",
repository="string",
package="string",
filename="string",
stream=boolean
)
save_file.write(response)
Back to Table of Contents
StartSearchV1
Initiate a NGSIEM search.
PEP8 method name
start_search
Endpoint
| Method | Route |
|---|---|
| /humio/api/v1/repositories/{repository}/queryjobs |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| allow_event_skipping | | | body | boolean | Flag indicating if event skipping is allowed. |
| arguments | | | body | dictionary | Search arguments in JSON format. |
| around | | | body | dictionary | Search proximity arguments. |
| autobucket_count | | | body | integer | Number of events per bucket. |
| body | |  | body | dictionary | Full body payload provided as a dictionary. |
| end | | | body | string | Last event limit. |
| ingest_end | | | body | integer | Ingest maximum. |
| ingest_start | | | body | integer | Ingest start. |
| is_live | | | body | boolean | Flag indicating if this is a live search. |
| query_string | | | body | string | Search query string. |
| repository | | | path | string | Name of the repository. |
| search | | | body | dictionary | Search query to perform. Can be used in replace of other keywords. |
| start | | | body | string | Search starting time range. |
| timezone | | | body | string | Timezone applied to the search. |
| timezone_offset_minutes | | | body | integer | Timezone offset. |
| use_ingest_time | | | body | boolean | Flag indicating if ingest time should be used. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.start_search(repository="string",
is_live=boolean,
start="1d",
query_string="#event_simpleName=*"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.StartSearchV1(repository="string",
is_live=boolean,
start="1d",
query_string="#event_simpleName=*"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
search_query = {
"isLive" : False,
"start" : "1d",
"queryString" : "#event_simpleName=*"
}
response = falcon.command("StartSearchV1", repository="string", body=search_query)
print(response)
Back to Table of Contents
GetSearchStatusV1
Get status of a NGSIEM search.
PEP8 method name
get_search_status
Endpoint
| Method | Route |
|---|---|
| /humio/api/v1/repositories/{repository}/queryjobs/{id} |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| repository | | | path | string | Name of the repository. |
| search_id | | | path | string | ID of the query. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_search_status(repository="string", search_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSearchStatusV1(repository="string", search_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSearchStatusV1", repository="string", search_id="string")
print(response)
Back to Table of Contents
StopSearchV1
Stop a NGSIEM search.
PEP8 method name
stop_search
Endpoint
| Method | Route |
|---|---|
 | /humio/api/v1/repositories/{repository}/queryjobs/{id} |
Required Scope
Content-Type
- Consumes: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| repository | | | path | string | Name of the repository. |
| id | | | path | string | ID of the query. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.stop_search(repository="string", id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.StopSearchV1(repository="string", id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("StopSearchV1", repository="string", id="string")
print(response)
Back to Table of Contents
GetDashboardTemplate
Get dashboard template by ID.
PEP8 method name
get_dashboard_template
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/dashboards-template/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Dashboard ID value. |
| search_domain | | | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_dashboard_template(ids="string", search_domain="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDashboardTemplate(ids="string", search_domain="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDashboardTemplate", ids="string", search_domain="string")
print(response)
Back to Table of Contents
CreateDashboardFromTemplate
Create Dashboard from LogScale YAML Template in NGSIEM.
PEP8 method name
create_dashboard_from_template
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/dashboards-template/v1 |
Required Scope
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| search_domain | | | formData | string | Name of search domain (view or repo), options; all, falcon, third-party. |
| name | | | formData | string | Name of the dashboard. |
| yaml_template | | | formData | string | LogScale dashboard YAML template content, see schema at https://schemas.humio.com/. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
yaml_content = """
name: Sample Dashboard
description: A sample dashboard for testing
widgets:
- query: "source=falcon | stats count"
type: chart
"""
response = falcon.create_dashboard_from_template(search_domain="falcon",
name="My Dashboard",
yaml_template=yaml_content
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
yaml_content = """
name: Sample Dashboard
description: A sample dashboard for testing
widgets:
- query: "source=falcon | stats count"
type: chart
"""
response = falcon.CreateDashboardFromTemplate(search_domain="falcon",
name="My Dashboard",
yaml_template=yaml_content
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
yaml_content = """
name: Sample Dashboard
description: A sample dashboard for testing
widgets:
- query: "source=falcon | stats count"
type: chart
"""
response = falcon.command("CreateDashboardFromTemplate",
search_domain="falcon",
name="My Dashboard",
yaml_template=yaml_content
)
print(response)
Back to Table of Contents
UpdateDashboardFromTemplate
Update Dashboard from LogScale YAML Template in NGSIEM. Please note a successful update will result in a new ID value being returned.
PEP8 method name
update_dashboard_from_template
Endpoint
| Method | Route |
|---|---|
 | /ngsiem-content/entities/dashboards-template/v1 |
Required Scope
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| search_domain | | | formData | string | Name of search domain (view or repo), options; all, falcon, third-party. |
| ids | | | formData | string | ID of the dashboard. |
| yaml_template | | | formData | string | LogScale dashboard YAML template content, see schema at https://schemas.humio.com/. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_dashboard_from_template(search_domain="string",
name="string",
yaml_template="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateDashboardFromTemplate(search_domain="string",
name="string",
yaml_template="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UpdateDashboardFromTemplate",
search_domain="string",
name="string",
yaml_template="string"
)
print(response)
Back to Table of Contents
DeleteDashboard
Delete Dashboard in NGSIEM.
PEP8 method name
delete_dashboard
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/dashboards/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Dashboard ID value. |
| search_domain | | | query | string | Name of search domain (view or repo), options; all, falcon, third-party. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_dashboard(ids="string",
search_domain="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DeleteDashboard(ids="string",
search_domain="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DeleteDashboard",
ids="string",
search_domain="string"
)
print(response)
Back to Table of Contents
GetLookupFile
Retrieve Lookup File in NGSIEM.
PEP8 method name
get_lookup_file
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/lookupfiles/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filename | | | query | string | Lookup file filename. |
| search_domain | | | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards, parsers-repository. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_lookup_file(filename="string",
search_domain="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetLookupFile(filename="string",
search_domain="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetLookupFile",
filename="string",
search_domain="string"
)
print(response)
Back to Table of Contents
CreateLookupFile
Create Lookup File in NGSIEM.
PEP8 method name
create_lookup_file
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/lookupfiles/v1 |
Required Scope
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| search_domain | | | formData | string | Name of search domain (view or repo), options; all, falcon, third-party, parsers-repository. |
| filename | | | formData | string | Filename of the lookup file to create. |
| file | | | formData | string | File content to upload. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("file", "rb") as file:
binary_data = file.read()
response = falcon.create_lookup_file(search_domain="string",
filename="file",
file=binary_data
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("file", "rb") as file:
binary_data = file.read()
response = falcon.CreateLookupFile(search_domain="string",
filename="file",
file=binary_data
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
with open("file", "rb") as file:
binary_data = file.read()
response = falcon.command("CreateLookupFile",
search_domain="string",
filename="file",
file=binary_data
)
print(response)
Back to Table of Contents
UpdateLookupFile
Update Lookup File in NGSIEM.
PEP8 method name
update_lookup_file
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/lookupfiles/v1 |
Required Scope
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| search_domain | | | formData | string | Name of search domain (view or repo), options; all, falcon, third-party, parsers-repository. |
| filename | | | formData | string | Filename of the lookup file to update. |
| file | | | formData | string | File content to upload. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_lookup_file(search_domain="string",
filename="string",
file="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateLookupFile(search_domain="string",
filename="string",
file="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"search_domain": "string",
"filename": "string",
"file": "string"
}
response = falcon.command("UpdateLookupFile", data=body_payload)
print(response)
Back to Table of Contents
DeleteLookupFile
Delete Lookup File in NGSIEM.
PEP8 method name
delete_lookup_file
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/lookupfiles/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filename | | | query | string | Lookup file filename. |
| search_domain | | | query | string | Name of search domain (view or repo), options; all, falcon, third-party, parsers-repository. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_lookup_file(filename="string",
search_domain="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DeleteLookupFile(filename="string",
search_domain="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DeleteLookupFile",
filename="string",
search_domain="string"
)
print(response)
Back to Table of Contents
GetParserTemplate
Retrieve Parser in NGSIEM as LogScale YAML Template.
PEP8 method name
get_parser_template
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/parsers-template/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Parser ID value |
| repository | | | query | string | Name of repository, options; parsers-repository |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_parser_template(ids="string",
repository="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetParserTemplate(ids="string",
repository="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetParserTemplate",
ids="string",
repository="string"
)
print(response)
Back to Table of Contents
CreateParserFromTemplate
Create Parser from LogScale YAML Template in NGSIEM.
PEP8 method name
create_parser_from_template
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/parsers-template/v1 |
Required Scope
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| repository | | | formData | string | Name of repository, options; parsers-repository. |
| name | | | formData | string | Name of the parser. |
| yaml_template | | | formData | string | LogScale Parser YAML template content, see schema at https://schemas.humio.com/. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_parser_from_template(repository="string",
name="string",
yaml_template="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateParserFromTemplate(repository="string",
name="string",
yaml_template="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"repository": "string",
"name": "string",
"yaml_template": "string"
}
response = falcon.command("CreateParserFromTemplate", data=body_payload)
print(response)
Back to Table of Contents
GetParser
Retrieve Parser in NGSIEM.
PEP8 method name
get_parser
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/parsers/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Parser ID value |
| repository | | | query | string | Name of repository, options; parsers-repository |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_parser(ids="string",
repository="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetParser(ids="string",
repository="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetParser",
ids="string",
repository="string"
)
print(response)
Back to Table of Contents
CreateParser
Create Parser in NGSIEM.
PEP8 method name
create_parser
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/parsers/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| fields_to_be_removed_before_parsing | | | body | string or list | List of fields to remove before parsing. String or list of strings. |
| fields_to_tag | | | body | string or list | List of fields to tag. String or list of strings. |
| name | | | body | string | Parser name. |
| repository | | | body | string | Parser repository. |
| script | | | body | string | Parser script. |
| test_cases | | | body | list | List of test cases to apply to the parser. List of dictionaries. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_parser(name="MyParser",
repository="parsers-repository",
script="parseJson()",
fields_to_tag=["field1", "field2"]
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateParser(name="MyParser",
repository="parsers-repository",
script="parseJson()",
fields_to_tag=["field1", "field2"]
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"name": "MyParser",
"repository": "parsers-repository",
"script": "parseJson()",
"fields_to_tag": ["field1", "field2"]
}
response = falcon.command("CreateParser", body=body_payload)
print(response)
Back to Table of Contents
UpdateParser
Update Parser in NGSIEM. Please note that name changes are not supported, but rather should be created as a new parser.
PEP8 method name
update_parser
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/parsers/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| fields_to_be_removed_before_parsing | | | body | string or list | List of fields to remove before parsing. String or list of strings. |
| fields_to_tag | | | body | string or list | List of fields to tag. String or list of strings. |
| id | | | body | string | ID of the parser to be updated. |
| name | | | body | string | Parser name. |
| repository | | | body | string | Parser repository. |
| script | | | body | string | Parser script. |
| test_cases | | | body | list | List of test cases to apply to the parser. List of dictionaries. |
| parameters |  | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_parser(id="parser_id_string",
script="parseJson() | updated script",
fields_to_tag=["field1", "field2", "field3"]
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateParser(id="parser_id_string",
script="parseJson() | updated script",
fields_to_tag=["field1", "field2", "field3"]
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"id": "parser_id_string",
"script": "parseJson() | updated script",
"fields_to_tag": ["field1", "field2", "field3"]
}
response = falcon.command("UpdateParser", body=body_payload)
print(response)
Back to Table of Contents
DeleteParser
Delete Parser in NGSIEM.
PEP8 method name
delete_parser
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/parsers/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Parser ID value |
| repository | | | query | string | Name of repository, options; parsers-repository |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_parser(ids="string",
repository="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DeleteParser(ids="string",
repository="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DeleteParser",
ids="string",
repository="string"
)
print(response)
Back to Table of Contents
UpdateParserAutoUpdatePolicy
Update a parser auto update policy.
Enables or disables auto-updates for parsers.
PEP8 method name
update_parser_auto_update_policy
Endpoint
| Method | Route |
|---|---|
 | /ngsiem-content/entities/parsers/autoupdate/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| autoupdate_policy | | | body | string | The auto update policy setting ('on' or 'off'). |
| reason | | | body | string | Reason for changing the auto update policy. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_parser_auto_update_policy(autoupdate_policy="on",
reason="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateParserAutoUpdatePolicy(autoupdate_policy="on",
reason="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"autoupdate_policy": "on",
"reason": "string"
}
response = falcon.command("UpdateParserAutoUpdatePolicy", body=body_payload)
print(response)
Back to Table of Contents
InstallParser
Install a CrowdStrike-managed out-of-the-box (OOTB) parser.
Provisions a pre-built parser with a specific version for the requesting customer ID (CID). The parser is installed as-is and cannot be modified by the customer.
PEP8 method name
install_parser
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/parsers/install/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| parser_id | | | body | string | The unique identifier of the parser to install. |
| version | | | body | string | The version of the parser to install. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.install_parser(parser_id="string",
version="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.InstallParser(parser_id="string",
version="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"parser_id": "string",
"version": "string"
}
response = falcon.command("InstallParser", body=body_payload)
print(response)
Back to Table of Contents
BulkInstallParsers
Install multiple CrowdStrike-managed out-of-the-box (OOTB) parsers.
Provisions multiple pre-built parsers with their specific versions for the requesting customer ID (CID). The parsers are installed as-is and cannot be modified by the customer. Maximum 100 parsers per request.
PEP8 method name
bulk_install_parsers
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/parsers/bulk-install/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| parsers | | | body | list | List of parser objects containing parser_id and version. List of dictionaries. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.bulk_install_parsers(parsers=[
{
"parser_id": "string",
"version": "string"
}
])
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.BulkInstallParsers(parsers=[
{
"parser_id": "string",
"version": "string"
}
])
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"parsers": [
{
"parser_id": "string",
"version": "string"
}
]
}
response = falcon.command("BulkInstallParsers", body=body_payload)
print(response)
Back to Table of Contents
GetSavedQueryTemplate
Retrieve Saved Query in NGSIEM as LogScale YAML Template by ID.
PEP8 method name
get_saved_query_template
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/savedqueries-template/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Saved query ID value |
| search_domain | | | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_saved_query_template(ids="string",
search_domain="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSavedQueryTemplate(ids="string",
search_domain="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSavedQueryTemplate",
ids="string",
search_domain="string"
)
print(response)
Back to Table of Contents
CreateSavedQuery
Create Saved Query from LogScale YAML Template in NGSIEM.
PEP8 method name
create_saved_query
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/savedqueries-template/v1 |
Required Scope
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| search_domain | | | formData | string | Name of search domain (view or repo), options; all, falcon, third-party |
| yaml_template | | | formData | string | LogScale Saved Query YAML template content, see schema at https://schemas.humio.com/ |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_saved_query(search_domain="string",
yaml_template="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateSavedQuery(search_domain="string",
yaml_template="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CreateSavedQuery",
search_domain="string",
yaml_template="string"
)
print(response)
Back to Table of Contents
UpdateSavedQueryFromTemplate
Update Saved Query from LogScale YAML Template in NGSIEM.
PEP8 method name
update_saved_query_from_template
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/savedqueries-template/v1 |
Required Scope
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| search_domain | | | formData | string | Name of search domain (view or repo), options; all, falcon, third-party |
| ids | | | formData | string | ID of the saved query |
| yaml_template | | | formData | string | LogScale Saved Query YAML template content, see schema at https://schemas.humio.com/ |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_saved_query_from_template(search_domain="string",
ids="string",
yaml_template="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateSavedQueryFromTemplate(search_domain="string",
ids="string",
yaml_template="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("UpdateSavedQueryFromTemplate",
search_domain="string",
ids="string",
yaml_template="string"
)
print(response)
Back to Table of Contents
DeleteSavedQuery
Delete Saved Query in NGSIEM.
PEP8 method name
delete_saved_query
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/savedqueries/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Saved query ID value |
| search_domain | | | query | string | Name of search domain (view or repo), options; all, falcon, third-party |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_saved_query(ids="string",
search_domain="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DeleteSavedQuery(ids="string",
search_domain="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DeleteSavedQuery",
ids="string",
search_domain="string"
)
print(response)
Back to Table of Contents
ListDashboards
List dashboards.
PEP8 method name
list_dashboards
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/queries/dashboards/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | string | Maximum number of results to return (default: 50, max: 9999) |
| offset | | | query | string | Number of results to offset the returned results by (default: 0, max: 9999) |
| filter | | | query | string | FQL filter to apply to the name of the content, only currently support text match on name field: name:~'value' |
| search_domain | | | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_dashboards(limit="string",
offset="string",
filter="string",
search_domain="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ListDashboards(limit="string",
offset="string",
filter="string",
search_domain="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ListDashboards",
limit="string",
offset="string",
filter="string",
search_domain="string"
)
print(response)
Back to Table of Contents
ListLookupFiles
List lookup files.
PEP8 method name
list_lookup_files
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/queries/lookupfiles/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | string | Maximum number of results to return (default: 50, max: 9999) |
| offset | | | query | string | Number of results to offset the returned results by (default: 0, max: 9999) |
| filter | | | query | string | FQL filter to apply to the name of the content, only currently support text match on name field: name:~'value' |
| search_domain | | | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards, parsers-repository |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_lookup_files(limit="string",
offset="string",
filter="string",
search_domain="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ListLookupFiles(limit="string",
offset="string",
filter="string",
search_domain="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ListLookupFiles",
limit="string",
offset="string",
filter="string",
search_domain="string"
)
print(response)
Back to Table of Contents
ListParsers
List parsers.
PEP8 method name
list_parsers
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/queries/parsers/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | string | Maximum number of results to return (default: 50, max: 9999) |
| offset | | | query | string | Number of results to offset the returned results by (default: 0, max: 9999) |
| filter | | | query | string | FQL filter to apply to the name of the content, only currently support text match on name field: name:~'value' |
| repository | | | query | string | Name of repository, options; parsers-repository |
| update_available | | | query | string | Filter parsers by update availability. Allowed values: true, false |
| parser_type | | | query | string | Filter parsers by type. Allowed values: ootb, custom |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_parsers(limit="string",
offset="string",
filter="string",
repository="string",
update_available="string",
parser_type="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ListParsers(limit="string",
offset="string",
filter="string",
repository="string",
update_available="string",
parser_type="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ListParsers",
limit="string",
offset="string",
filter="string",
repository="string",
update_available="string",
parser_type="string"
)
print(response)
Back to Table of Contents
ListSavedQueries
List saved queries.
PEP8 method name
list_saved_queries
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/queries/savedqueries/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | string | Maximum number of results to return (default: 50, max: 9999) |
| offset | | | query | string | Number of results to offset the returned results by (default: 0, max: 9999) |
| filter | | | query | string | FQL filter to apply to the name of the content, only currently support text match on name field: name:~'value' |
| search_domain | | | query | string | Name of search domain (view or repo), options; all, falcon, third-party, dashboards |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_saved_queries(limit="string",
offset="string",
filter="string",
search_domain="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ListSavedQueries(limit="string",
offset="string",
filter="string",
search_domain="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ListSavedQueries",
limit="string",
offset="string",
filter="string",
search_domain="string"
)
print(response)
Back to Table of Contents
UpdateLookupFileEntries
Update entries in an existing Lookup File in NGSIEM.
PEP8 method name
update_lookup_file_entries
Endpoint
| Method | Route |
|---|---|
| /ngsiem-content/entities/lookupfiles-entries/v1 |
Required Scope
Content-Type
- Consumes: multipart/form-data
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| search_domain | | | formData | string | Name of search domain (view or repo), options; all, falcon, third-party, parsers-repository. |
| filename | | | formData | string | Filename of the lookup file to update. |
| file | | | formData | string | The file content for updating or appending the entries. |
| update_mode | | | formData | string | How to update the file entries, options; append, update. |
| key_columns | | | formData | string | For update mode, the comma separated list of key columns to use when matching entries (REQUIRED when update_mode=update). |
| ignore_case | | | formData | string | For update mode, whether to ignore case when matching keys (REQUIRED when update_mode=update), options; true, false. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_lookup_file_entries(search_domain="string",
filename="string",
file="string",
update_mode="string",
key_columns="string",
ignore_case="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.UpdateLookupFileEntries(search_domain="string",
filename="string",
file="string",
update_mode="string",
key_columns="string",
ignore_case="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"search_domain": "string",
"filename": "string",
"file": "string",
"update_mode": "string",
"key_columns": "string",
"ignore_case": "string"
}
response = falcon.command("UpdateLookupFileEntries", data=body_payload)
print(response)
Back to Table of Contents
ExternalListDataConnections
List and search data connections.
PEP8 method name
list_data_connections
Endpoint
| Method | Route |
|---|---|
| /ngsiem/combined/connections/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Optional filter criteria in FQL format. |
| offset | | | query | integer | Starting position for pagination. |
| limit | | | query | integer | Maximum number of items to return. |
| sort | | | query | string | Sort field and direction. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_data_connections(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExternalListDataConnections(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ExternalListDataConnections",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Back to Table of Contents
ExternalListDataConnectors
List available data connectors.
PEP8 method name
list_data_connectors
Endpoint
| Method | Route |
|---|---|
| /ngsiem/combined/connectors/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Optional filter criteria in FQL format. |
| offset | | | query | integer | Starting position for pagination. |
| limit | | | query | integer | Maximum number of items to return. |
| sort | | | query | string | Sort field and direction. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_data_connectors(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExternalListDataConnectors(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ExternalListDataConnectors",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
Back to Table of Contents
ExternalGetDataConnectionStatus
Get data connection provisioning status.
PEP8 method name
get_provisioning_status
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connections/status/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list | Unique identifier of the data connection. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_provisioning_status(ids="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExternalGetDataConnectionStatus(ids="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ExternalGetDataConnectionStatus", ids="string")
print(response)
Back to Table of Contents
ExternalUpdateDataConnectionStatus
Update data connection status.
PEP8 method name
update_connection_status
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connections/status/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Unique identifier of the data connection. |
| body | | | body | dictionary | Full body payload in JSON format. |
| status | | | body | string | Status value. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_connection_status(ids="string",
status="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExternalUpdateDataConnectionStatus(ids="string",
status="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"status": "string"
}
response = falcon.command("ExternalUpdateDataConnectionStatus",
ids="string",
body=body_payload
)
print(response)
Back to Table of Contents
ExternalGetDataConnectionToken
Get Ingest token for data connection.
PEP8 method name
get_ingest_token
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connections/token/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Unique identifier of the data connection. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_ingest_token(ids="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExternalGetDataConnectionToken(ids="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ExternalGetDataConnectionToken", ids="string")
print(response)
Back to Table of Contents
ExternalRegenerateDataConnectionToken
Regenerate Ingest token for data connection.
PEP8 method name
regenerate_ingest_token
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connections/token/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Unique identifier of the data connection. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.regenerate_ingest_token(ids="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExternalRegenerateDataConnectionToken(ids="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ExternalRegenerateDataConnectionToken", ids="string")
print(response)
Back to Table of Contents
ExternalGetDataConnectionByID
Get data connection by ID.
PEP8 method name
get_connection_by_id
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connections/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list | Unique identifier of the data connection. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_connection_by_id(ids="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExternalGetDataConnectionByID(ids="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ExternalGetDataConnectionByID", ids="string")
print(response)
Back to Table of Contents
ExternalCreateDataConnection
Create a new data connection.
PEP8 method name
create_data_connection
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connections/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| config | | | body | dictionary | Configuration dictionary. |
| config_id | | | body | string | Configuration ID. |
| connector_id | | | body | string | Connector ID. |
| connector_type | | | body | string | Connector type. |
| description | | | body | string | Connection description. |
| enable_host_enrichment | | | body | boolean | Enable host enrichment. |
| enable_user_enrichment | | | body | boolean | Enable user enrichment. |
| name | | | body | string | Connection name. |
| parser | | | body | string | Parser. |
| vendor_name | | | body | string | Vendor name. |
| vendor_product_name | | | body | string | Vendor product name. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
config = {
"auth": {},
"name": "string",
"params": {}
}
response = falcon.create_data_connection(config=config,
config_id="string",
connector_id="string",
connector_type="string",
description="string",
enable_host_enrichment=boolean,
enable_user_enrichment=boolean,
name="string",
parser="string",
vendor_name="string",
vendor_product_name="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
config = {
"auth": {},
"name": "string",
"params": {}
}
response = falcon.ExternalCreateDataConnection(config=config,
config_id="string",
connector_id="string",
connector_type="string",
description="string",
enable_host_enrichment=boolean,
enable_user_enrichment=boolean,
name="string",
parser="string",
vendor_name="string",
vendor_product_name="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"config": {
"auth": {},
"name": "string",
"params": {}
},
"config_id": "string",
"connector_id": "string",
"connector_type": "string",
"description": "string",
"enable_host_enrichment": boolean,
"enable_user_enrichment": boolean,
"name": "string",
"parser": "string",
"vendor_name": "string",
"vendor_product_name": "string"
}
response = falcon.command("ExternalCreateDataConnection", body=body_payload)
print(response)
Back to Table of Contents
ExternalUpdateDataConnection
Update a data connection.
PEP8 method name
update_data_connection
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connections/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Unique identifier of the data connection. |
| body | | | body | dictionary | Full body payload in JSON format. |
| config | | | body | dictionary | Configuration dictionary. |
| config_id | | | body | string | Configuration ID. |
| description | | | body | string | Connection description. |
| enable_host_enrichment | | | body | boolean | Enable host enrichment. |
| enable_user_enrichment | | | body | boolean | Enable user enrichment. |
| name | | | body | string | Connection name. |
| parser | | | body | string | Parser. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
config = {
"auth": {},
"name": "string",
"params": {}
}
response = falcon.update_data_connection(ids="string",
config=config,
config_id="string",
description="string",
enable_host_enrichment=boolean,
enable_user_enrichment=boolean,
name="string",
parser="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
config = {
"auth": {},
"name": "string",
"params": {}
}
response = falcon.ExternalUpdateDataConnection(ids="string",
config=config,
config_id="string",
description="string",
enable_host_enrichment=boolean,
enable_user_enrichment=boolean,
name="string",
parser="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"config": {
"auth": {},
"name": "string",
"params": {}
},
"config_id": "string",
"description": "string",
"enable_host_enrichment": boolean,
"enable_user_enrichment": boolean,
"name": "string",
"parser": "string"
}
response = falcon.command("ExternalUpdateDataConnection",
ids="string",
body=body_payload
)
print(response)
Back to Table of Contents
ExternalDeleteDataConnection
Delete a data connection.
PEP8 method name
delete_data_connection
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connections/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Unique identifier of the data connection. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_data_connection(ids="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExternalDeleteDataConnection(ids="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ExternalDeleteDataConnection", ids="string")
print(response)
Back to Table of Contents
ExternalListConnectorConfigs
List configurations for a data connector.
PEP8 method name
list_connector_configs
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connectors/configs/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Unique identifier of the data connector. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.list_connector_configs(ids="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExternalListConnectorConfigs(ids="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ExternalListConnectorConfigs", ids="string")
print(response)
Back to Table of Contents
ExternalCreateConnectorConfig
Create a new configuration for a data connector.
PEP8 method name
create_connector_config
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connectors/configs/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| config | | | body | dictionary | Configuration details for the connector including authentication and parameters. |
| connector_id | | | body | string | Unique identifier of the data connector. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
config = {
"auth": {},
"name": "string",
"params": {}
}
response = falcon.create_connector_config(config=config,
connector_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
config = {
"auth": {},
"name": "string",
"params": {}
}
response = falcon.ExternalCreateConnectorConfig(config=config,
connector_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"config": {
"auth": {},
"name": "string",
"params": {}
},
"connector_id": "string"
}
response = falcon.command("ExternalCreateConnectorConfig", body=body_payload)
print(response)
Back to Table of Contents
ExternalPatchConnectorConfig
Patch configurations for a data connector.
PEP8 method name
patch_connector_config
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connectors/configs/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string | Unique id of the config to update. |
| body | | | body | dictionary | Full body payload in JSON format. |
| config | | | body | dictionary | Configuration details for the connector including authentication and parameters. |
| connector_id | | | body | string | Unique identifier of the data connector. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
config = {
"auth": {},
"name": "string",
"params": {}
}
response = falcon.patch_connector_config(ids="string",
config=config,
connector_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
config = {
"auth": {},
"name": "string",
"params": {}
}
response = falcon.ExternalPatchConnectorConfig(ids="string",
config=config,
connector_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"config": {
"auth": {},
"name": "string",
"params": {}
},
"connector_id": "string"
}
response = falcon.command("ExternalPatchConnectorConfig",
ids="string",
body=body_payload
)
print(response)
Back to Table of Contents
ExternalDeleteConnectorConfigs
Delete data connection config.
PEP8 method name
delete_connector_configs
Endpoint
| Method | Route |
|---|---|
| /ngsiem/entities/connectors/configs/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| connector_id | | | query | string | Unique identifier of the connector. |
| ids | | | query | string or list of strings | Unique identifiers of the config(s) to delete. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_connector_configs(connector_id="string",
ids="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import NGSIEM
# Do not hardcode API credentials!
falcon = NGSIEM(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ExternalDeleteConnectorConfigs(connector_id="string",
ids="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ExternalDeleteConnectorConfigs",
connector_id="string",
ids="string"
)
print(response)
Back to Table of Contents