Skip to content

Installation Tokens

Joshua Hiller edited this page Nov 2, 2021 · 18 revisions

CrowdStrike Falcon Twitter URL

Using the Installation Tokens service collection

Uber class support Service class support Documentation Version

Table of Contents

Operation ID Description
audit_events_read
PEP 8 audit_events_read
Gets the details of one or more audit events by id.
customer_settings_read
PEP 8 customer_settings_read
Check current installation token settings.
tokens_read
PEP 8 tokens_read
Gets the details of one or more tokens by id.
tokens_create
PEP 8 tokens_create
Creates a token.
tokens_delete
PEP 8 tokens_delete
Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead.
tokens_update
PEP 8 tokens_update
Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.
audit_events_query
PEP 8 audit_events_query
Search for audit events by providing an FQL filter and paging details.
tokens_query
PEP 8 tokens_query
Search for tokens by providing an FQL filter and paging details.

audit_events_read

Gets the details of one or more audit events by id.

PEP8 method name

audit_events_read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Datatype Description
ids
Service Class Support

Uber Class Support
query string or list of strings ID(s) of the audit events to retrieve details for.
parameters
Service Class Support

Uber Class Support
query string Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
                            client_secret="API_CLIENT_SECRET_HERE"
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.audit_events_read(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("audit_events_read", ids=id_list)
print(response)

customer_settings_read

Check current installation token settings.

PEP8 method name

customer_settings_read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
                            client_secret="API_CLIENT_SECRET_HERE"
                            )

response = falcon.customer_settings_read()
print(response)
Uber class example
from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

response = falcon.command("customer_settings_read")
print(response)

tokens_read

Gets the details of one or more tokens by id.

PEP8 method name

tokens_read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Datatype Description
ids
Service Class Support

Uber Class Support
query string or list of strings ID(s) of the tokens to retrieve details for.
parameters
Service Class Support

Uber Class Support
query string Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
                            client_secret="API_CLIENT_SECRET_HERE"
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.tokens_read(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("tokens_read", ids=id_list)
print(response)

tokens_create

Creates a token.

PEP8 method name

tokens_create

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Datatype Description
body
Service Class Support

Uber Class Support
body string Full body payload in JSON format.
expires_timestamp
Service Class Support

Uber Class Support
body string Expiration timestamp. UTC format.
label
Service Class Support

Uber Class Support
body string Installation token label.
revoked
Service Class Support

Uber Class Support
body boolean Flag indicating if the token is revoked.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
                            client_secret="API_CLIENT_SECRET_HERE"
                            )

response = falcon.tokens_create(expires_timestamp="string",
                                label="string",
                                revoked=boolean
                                )
print(response)
Uber class example
from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

BODY = {
    "expires_timestamp": "2021-09-22T02:28:11.762Z",
    "label": "string",
    "revoked": boolean
}

response = falcon.command("tokens_create", body=BODY)
print(response)

tokens_delete

Deletes a token immediately. To revoke a token, use tokens_update instead.

PEP8 method name

tokens_delete

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Datatype Description
ids
Service Class Support

Uber Class Support
query string or list of strings ID(s) of the tokens to delete.
parameters
Service Class Support

Uber Class Support
query string Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
                            client_secret="API_CLIENT_SECRET_HERE"
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.tokens_delete(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("tokens_delete", ids=id_list)
print(response)

tokens_update

Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.

PEP8 method name

tokens_update

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Datatype Description
body
Service Class Support

Uber Class Support
body string Full body payload in JSON format.
expires_timestamp
Service Class Support

Uber Class Support
body string Expiration timestamp. UTC format.
label
Service Class Support

Uber Class Support
body string Installation token label.
ids
Service Class Support

Uber Class Support
query string or list of strings ID(s) of the tokens to update.
parameters
Service Class Support

Uber Class Support
query string Full query string parameters payload in JSON format.
revoked
Service Class Support

Uber Class Support
body boolean Flag indicating if the token is revoked.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
                            client_secret="API_CLIENT_SECRET_HERE"
                            )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.tokens_update(expires_timestamp="string",
                                label="string",
                                ids=id_list,
                                revoked=boolean
                                )
print(response)
Uber class example
from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

BODY = {
    "expires_timestamp": "2021-09-22T02:28:11.762Z",
    "label": "string",
    "revoked": boolean
}

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("tokens_update", body=BODY, ids=id_list)
print(response)

audit_events_query

Search for audit events by providing an FQL filter and paging details.

PEP8 method name

audit_events_query

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Datatype Description
filter
Service Class Support

Uber Class Support
query string FQL Syntax formatted string used to limit the results.
limit
Service Class Support

Uber Class Support
query integer Maximum number of records to return.

(Max: 1000, Default: 10)
offset
Service Class Support

Uber Class Support
query integer Starting index of overall result set from which to return ids.
sort
Service Class Support

Uber Class Support
query string The property to sort by. (Ex: timestamp.desc)
parameters
Service Class Support

Uber Class Support
query string Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
                            client_secret="API_CLIENT_SECRET_HERE"
                            )

response = falcon.audit_events_query(offset=integer,
                                     limit=integer,
                                     sort="string",
                                     filter="string"
                                     )
print(response)
Uber class example
from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

response = falcon.command("audit_events_query",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

tokens_query

Search for tokens by providing an FQL filter and paging details.

PEP8 method name

tokens_query

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Datatype Description
filter
Service Class Support

Uber Class Support
query string FQL Syntax formatted string used to limit the results.
limit
Service Class Support

Uber Class Support
query integer Maximum number of records to return.

(Max: 1000, Default: 10)
offset
Service Class Support

Uber Class Support
query integer Starting index of overall result set from which to return ids.
sort
Service Class Support

Uber Class Support
query string The property to sort by. (Ex: created_timestamp.desc)
parameters
Service Class Support

Uber Class Support
query string Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import InstallationTokens

falcon = InstallationTokens(client_id="API_CLIENT_ID_HERE",
                            client_secret="API_CLIENT_SECRET_HERE"
                            )

response = falcon.tokens_query(offset=integer,
                               limit=integer,
                               sort="string",
                               filter="string"
                               )
print(response)
Uber class example
from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

response = falcon.command("tokens_query",
                          offset=integer,
                          limit=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

CrowdStrike Falcon

Clone this wiki locally