Using the SaaS Security service collection
Table of Contents
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
DismissAffectedEntityV3
Dismiss affected entity for a security check.
PEP8 method name
dismiss_affected_entity
Endpoint
| Method | Route |
|---|---|
 | /saas-security/entities/check-dismiss-affected/v3 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |  |  | body | dictionary | Full body payload in JSON format. Not required if using other keywords. |
| entities | |  | body | string | Entities. |
| id | | | query | string | Security Check ID. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
| reason | | | body | string | Reason for dismiss. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.dismiss_affected_entity(entities="string",
id="string",
reason="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DismissAffectedEntityV3(entities="string",
id="string",
reason="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"entities": "string",
"reason": "string"
}
response = falcon.command("DismissAffectedEntityV3",
body=body_payload,
id="string"
)
print(response)
Back to Table of Contents
DismissSecurityCheckV3
Dismiss security check by ID.
PEP8 method name
dismiss_security_check
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/check-dismiss/v3 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. Not required if using other keywords. |
| id | | | query | string | Security Check ID. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
| reason | | | body | string | Reason for dismissal. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.dismiss_security_check(id="string",
reason="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DismissSecurityCheckV3(id="string",
reason="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"reason": "string"
}
response = falcon.command("DismissSecurityCheckV3",
body=body_payload,
id="string"
)
print(response)
Back to Table of Contents
GetActivityMonitorV3
Get activity monitor data for SaaS security monitoring.
PEP8 method name
get_activity_monitor
Endpoint
| Method | Route |
|---|---|
 | /saas-security/entities/monitor/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| actor | | | query | string | Actor. |
| category | | | query | string | Comma separated list of categories. |
| from_date | | | query | string | From Date. |
| integration_id | | | query | string | Integration ID. |
| limit | | | query | integer | Max number of logs to fetch. |
| projection | | | query | string | Comma separated list of projections. |
| skip | | | query | integer | Number of logs to skip. |
| to_date | | | query | string | To Date. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_activity_monitor(integration_id="string",
actor="string",
category="string",
projection="string",
from_date="2023-01-01T00:00:00Z",
to_date="2023-01-31T23:59:59Z",
limit=integer,
skip=0
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetActivityMonitorV3(integration_id="string",
actor="string",
category="string",
projection="string",
from_date="2023-01-01T00:00:00Z",
to_date="2023-01-31T23:59:59Z",
limit=integer,
skip=0
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetActivityMonitorV3",
integration_id="string",
actor="string",
category="string",
projection="string",
from_date="2023-01-01T00:00:00Z",
to_date="2023-01-31T23:59:59Z",
limit=integer,
skip=0
)
print(response)
Back to Table of Contents
GetAlertsV3
Get alerts for SaaS security monitoring.
PEP8 method name
get_alerts
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/alerts/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ascending | | | query | boolean | Sort in ascending order. |
| from_date | | | query | string | The start date of the alert you want to get (in YYYY-MM-DD format). |
| id | | | query | string | Alert ID. |
| integration_id | | | query | string | Comma separated list of integration ID's of the alert you want to get. |
| last_id | | | query | string | The last id of the alert you want to get. |
| limit | | | query | integer | The maximum number of objects to return. |
| offset | | | query | integer | The starting index of the results. |
| to_date | | | query | string | The end date of the alert you want to get (in YYYY-MM-DD format). |
| type | | | query | string | The type of alert you want to get. Allowed values: configuration_drift, check_degraded, integration_failure, Threat. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_alerts(id="string",
limit=integer,
offset=integer,
last_id="string",
type="configuration_drift",
integration_id="string",
from_date="2023-01-01",
to_date="2023-01-31",
ascending=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetAlertsV3(id="string",
limit=integer,
offset=integer,
last_id="string",
type="configuration_drift",
integration_id="string",
from_date="2023-01-01",
to_date="2023-01-31",
ascending=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetAlertsV3",
id="string",
limit=integer,
offset=integer,
last_id="string",
type="configuration_drift",
integration_id="string",
from_date="2023-01-01",
to_date="2023-01-31",
ascending=boolean
)
print(response)
Back to Table of Contents
GetAppInventory
Get application inventory data.
PEP8 method name
get_application_inventory
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/apps/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| access_level | | | query | string | Comma separated list of access levels. |
| groups | | | query | string | Comma separated list of groups. |
| integration_id | | | query | string | Comma separated list of integration IDs. |
| last_activity | | | query | string | Last activity was within or was not within the last 'value' days. Format: 'was value' or 'was not value' or 'value' (implies 'was value'). 'value' is an integer. |
| limit | | | query | integer | The maximum number of objects to return. |
| offset | | | query | integer | The starting index of the results. |
| scopes | | | query | string | Comma separated list of scopes. |
| status | | | query | string | Comma separated list of application statuses. Allowed values: approved, in review, rejected, unclassified. |
| type | | | query | string | Comma separated list of app types. |
| users | | | query | string | Users. Format: 'is equal value' or 'contains value' or 'value' (implies 'is equal value'). |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_application_inventory(type="string",
limit=integer,
offset=integer,
status="approved,in review",
access_level="string",
scopes="string",
users="string",
groups="string",
last_activity="was 30",
integration_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetAppInventory(type="string",
limit=integer,
offset=integer,
status="approved,in review",
access_level="string",
scopes="string",
users="string",
groups="string",
last_activity="was 30",
integration_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetAppInventory",
type="string",
limit=integer,
offset=integer,
status="approved,in review",
access_level="string",
scopes="string",
users="string",
groups="string",
last_activity="was 30",
integration_id="string"
)
print(response)
Back to Table of Contents
GetAppInventoryUsers
Get application inventory users for a specific application.
PEP8 method name
get_application_users
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/app-users/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| item_id | | | query | string | Item ID in format: 'integration_id|||app_id' (item_id). |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_application_users(item_id="integration_id|||app_id")
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetAppInventoryUsers(item_id="integration_id|||app_id")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetAppInventoryUsers",
item_id="integration_id|||app_id"
)
print(response)
Back to Table of Contents
GetAssetInventoryV3
Get data inventory from SaaS security monitoring.
PEP8 method name
get_asset_inventory
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/data/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| access_level | | | query | string | Comma separated list of access levels. |
| integration_id | | | query | string | Comma separated list of integration IDs. |
| last_accessed | | | query | string | Last accessed date was within or was not within the last 'value' days. Format: 'was value' or 'was not value' or 'value' (implies 'was value'). 'value' is an integer. |
| last_modified | | | query | string | Last modified date was within or was not within the last 'value' days. Format: 'was value' or 'was not value' or 'value' (implies 'was value'). 'value' is an integer. |
| limit | | | query | integer | The maximum number of objects to return. |
| offset | | | query | integer | The starting index of the results. |
| password_protected | | | query | boolean | Password protected. |
| resource_name | | | query | string | Resource name contains 'value' (case insensitive). |
| resource_owner | | | query | string | Resource owner contains 'value' (case insensitive). |
| resource_owner_enabled | | | query | boolean | Resource owner enabled. |
| resource_type | | | query | string | Comma separated list of resource types. |
| unmanaged_domain | | | query | string | Comma separated list of unmanaged domains. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_asset_inventory(integration_id="string",
limit=integer,
offset=integer,
resource_type="string",
access_level="string",
last_accessed="was 30",
last_modified="was 30",
resource_name="string",
password_protected=boolean,
resource_owner="string",
resource_owner_enabled=boolean,
unmanaged_domain="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetAssetInventoryV3(integration_id="string",
limit=integer,
offset=integer,
resource_type="string",
access_level="string",
last_accessed="was 30",
last_modified="was 30",
resource_name="string",
password_protected=boolean,
resource_owner="string",
resource_owner_enabled=boolean,
unmanaged_domain="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetAssetInventoryV3",
integration_id="string",
limit=integer,
offset=integer,
resource_type="string",
access_level="string",
last_accessed="was 30",
last_modified="was 30",
resource_name="string",
password_protected=boolean,
resource_owner="string",
resource_owner_enabled=boolean,
unmanaged_domain="string"
)
print(response)
Back to Table of Contents
GetDeviceInventoryV3
Get device inventory from SaaS security monitoring.
PEP8 method name
get_device_inventory
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/devices/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| | query | string | Email. | |
| integration_id | | | query | string | Comma separated integration ID's. |
| limit | | | query | integer | The maximum number of objects to return. |
| offset | | | query | integer | The starting index of the results. |
| privileged_only | | | query | boolean | Privileged Only. |
| unassociated_devices | | | query | boolean | Unassociated Devices. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_device_inventory(integration_id="string",
limit=integer,
offset=integer,
email="user@example.com",
privileged_only=boolean,
unassociated_devices=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetDeviceInventoryV3(integration_id="string",
limit=integer,
offset=integer,
email="user@example.com",
privileged_only=boolean,
unassociated_devices=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetDeviceInventoryV3",
integration_id="string",
limit=integer,
offset=integer,
email="user@example.com",
privileged_only=boolean,
unassociated_devices=boolean
)
print(response)
Back to Table of Contents
GetIntegrationsV3
Get integrations configured for SaaS security monitoring.
PEP8 method name
get_integrations
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/integrations/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| saas_id | | | query | string | Comma separated SaaS ID's. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_integrations(saas_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetIntegrationsV3(saas_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetIntegrationsV3",
saas_id="string"
)
print(response)
Back to Table of Contents
GetMetricsV3
Get metrics for SaaS security checks and exposures.
PEP8 method name
get_metrics
Endpoint
| Method | Route |
|---|---|
| /saas-security/aggregates/check-metrics/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| check_type | | | query | string | Check Type. Allowed values: apps, devices, users, assets, permissions, Falcon Shield Security Check, custom. |
| compliance | | | query | boolean | Compliance. |
| impact | | | query | string | Impact. Allowed values: 1, 2, 3. |
| integration_id | | | query | string | Comma separated list of integration IDs. |
| limit | | | query | integer | The maximum number of objects to return. |
| offset | | | query | integer | The starting index of the results. |
| status | | | query | string | Exposure status. Allowed values: Passed, Failed, Dismissed, Pending, Can't Run, Stale. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_metrics(status="Failed",
limit=integer,
offset=integer,
integration_id="string",
impact="1",
compliance=boolean,
check_type="apps"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetMetricsV3(status="Failed",
limit=integer,
offset=integer,
integration_id="string",
impact="1",
compliance=boolean,
check_type="apps"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetMetricsV3",
status="Failed",
limit=integer,
offset=integer,
integration_id="string",
impact="1",
compliance=boolean,
check_type="apps"
)
print(response)
Back to Table of Contents
GetSecurityCheckAffectedV3
Get affected resources for security checks.
PEP8 method name
get_security_check
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/check-affected/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | | | query | string | Security Check ID. |
| limit | | | query | integer | The maximum number of objects to return. |
| offset | | | query | integer | The starting index of the results. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_security_check(id="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSecurityCheckAffectedV3(id="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSecurityCheckAffectedV3",
id="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
GetSecurityCheckComplianceV3
Get security check compliance information.
PEP8 method name
get_security_check_compliance
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/compliance/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | | | query | string | Security Check ID. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_security_check_compliance(id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSecurityCheckComplianceV3(id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSecurityCheckComplianceV3",
id="string"
)
print(response)
Back to Table of Contents
GetSecurityChecksV3
Get security checks from SaaS security monitoring.
PEP8 method name
get_security_checks
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/checks/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| check_tags | | | query | string | Comma separated list of check tags names or ids. |
| check_type | | | query | string | Check Type. Allowed values: apps, devices, users, assets, permissions, Falcon Shield Security Check, custom. |
| compliance | | | query | boolean | Compliance. |
| id | | | query | string | Security Check ID. |
| impact | | | query | string | Impact. Allowed values: Low, Medium, High. |
| integration_id | | | query | string | Comma separated list of integration IDs. |
| limit | | | query | integer | The maximum number of objects to return. |
| offset | | | query | integer | The starting index of the results. |
| status | | | query | string | Exposure status. Allowed values: Passed, Failed, Dismissed, Pending, Can't Run, Stale. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_security_checks(id="string",
limit=integer,
offset=integer,
status="Failed",
integration_id="string",
impact="High",
compliance=boolean,
check_type="apps",
check_tags="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSecurityChecksV3(id="string",
limit=integer,
offset=integer,
status="Failed",
integration_id="string",
impact="High",
compliance=boolean,
check_type="apps",
check_tags="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSecurityChecksV3",
id="string",
limit=integer,
offset=integer,
status="Failed",
integration_id="string",
impact="High",
compliance=boolean,
check_type="apps",
check_tags="string"
)
print(response)
Back to Table of Contents
GetSupportedSaasV3
Get supported SaaS applications for security monitoring.
PEP8 method name
get_supported_saas
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/supported-saas/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_supported_saas()
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSupportedSaasV3()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSupportedSaasV3")
print(response)
Back to Table of Contents
GetSystemLogsV3
Get system logs from SaaS security monitoring.
PEP8 method name
get_system_logs
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/system-logs/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| from_date | | | query | string | From Date (in YYYY-MM-DD format). |
| limit | | | query | integer | The maximum number of objects to return. |
| offset | | | query | integer | The starting index of the results. |
| to_date | | | query | string | To Date (in YYYY-MM-DD format). |
| total_count | | | query | boolean | Fetch Total Count? |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_system_logs(from_date="2023-01-01",
limit=integer,
offset=integer,
to_date="2023-01-31",
total_count=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSystemLogsV3(from_date="2023-01-01",
limit=integer,
offset=integer,
to_date="2023-01-31",
total_count=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSystemLogsV3",
from_date="2023-01-01",
limit=integer,
offset=integer,
to_date="2023-01-31",
total_count=boolean
)
print(response)
Back to Table of Contents
GetSystemUsersV3
Get system users from SaaS security monitoring.
PEP8 method name
get_system_users
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/system-users/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_system_users()
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetSystemUsersV3()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetSystemUsersV3")
print(response)
Back to Table of Contents
GetUserInventoryV3
Get user inventory from SaaS security monitoring.
PEP8 method name
get_user_inventory
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/users/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| | query | string | Email. | |
| integration_id | | | query | string | Comma separated integration ID's. |
| limit | | | query | integer | The maximum number of objects to return. |
| offset | | | query | integer | The starting index of the results. |
| privileged_only | | | query | boolean | Privileged Only. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_user_inventory(integration_id="string",
limit=integer,
offset=integer,
email="user@example.com",
privileged_only=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetUserInventoryV3(integration_id="string",
limit=integer,
offset=integer,
email="user@example.com",
privileged_only=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetUserInventoryV3",
integration_id="string",
limit=integer,
offset=integer,
email="user@example.com",
privileged_only=boolean
)
print(response)
Back to Table of Contents
IntegrationBuilderEndTransactionV3
End data upload transaction for custom integration.
PEP8 method name
complete_integration_upload
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/custom-integration-close/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | | | query | string | Integration ID. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.complete_integration_upload(id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.IntegrationBuilderEndTransactionV3(id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("IntegrationBuilderEndTransactionV3",
id="string"
)
print(response)
Back to Table of Contents
IntegrationBuilderGetStatusV3
Get status of custom integration builder.
PEP8 method name
get_integration_builder_status
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/custom-integration-status/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | | | query | string | Integration ID. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_integration_builder_status(id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.IntegrationBuilderGetStatusV3(id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("IntegrationBuilderGetStatusV3",
id="string"
)
print(response)
Back to Table of Contents
IntegrationBuilderResetV3
Reset custom integration builder.
PEP8 method name
reset_integration_builder
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/custom-integration-reset/v3 |
Required Scope
Content-Type
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | | | query | string | Integration ID. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.reset_integration_builder(id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.IntegrationBuilderResetV3(id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("IntegrationBuilderResetV3",
id="string"
)
print(response)
Back to Table of Contents
IntegrationBuilderUploadV3
Upload data for custom integration builder.
PEP8 method name
upload_integration_builder
Endpoint
| Method | Route |
|---|---|
| /saas-security/entities/custom-integration-upload/v3 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Parameters
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| data | | | body | string | Data. |
| id | | | query | string | Integration ID. |
| source_id | | | query | string | Source ID. |
| parameters | | | query | dictionary | Full parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.upload_integration_builder(data="string",
id="string",
source_id="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SaasSecurity
# Do not hardcode API credentials!
falcon = SaasSecurity(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.IntegrationBuilderUploadV3(data="string",
id="string",
source_id="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"data": "string"
}
response = falcon.command("IntegrationBuilderUploadV3",
body=body_payload,
id="string",
source_id="string"
)
print(response)
Back to Table of Contents