Environment Configuration
The following keywords can be provided to Service Classes and the Uber Class during instantiation to customize behavior to meet your specific environment requirements.
These keywords may be mixed in any order or combination when creating an instance of the class. You will still need to provide authentication details based upon your selected authentication method. For most scenarios, none of the keywords listed below are required in order to create an instance of a class.
| Name | Data type | Description |
|---|---|---|
base_url |
String | The CrowdStrike base address target for API operations performed using this class. Defaults to https://api.crowdstrike.com. |
proxy |
Dictionary | A dictionary containing a list of proxy servers to utilize for making requests to the CrowdStrike API. |
ssl_verify |
Boolean | Boolean flag used to specify SSL verification configuration. Defaults to True |
timeout |
Float or Tuple | Connect / Read or Total timeout for requests made to the CrowdStrike API. |
user_agent |
String | Custom User-Agent string to use for requests to the API. Recommended format: vendor-productname/version. |
renew_window |
Integer | Amount of buffer time allotted before token expiration where a token is refreshed automatically. Minimum: 120 seconds Maximum: 1,200 seconds Default: 120 |
ext_headers |
String | Extended headers that are pre-pended to the default headers dictionary for the newly created Service Class. Service Classes only |
Simple examples of these keywords being used to configure an environment.
The base_url keyword allows you to point your requests to the CrowdStrike cloud where your environment resides.
You may specify your base URL by using the address or the short name. Short names are not case-sensitive.
When not provided, the
base_urlkeyword defaults to https://api.crowdstrike.com (US1) when creating an instance of any class using v0.8.5 or below.
Starting in v0.8.6, developers using the US1, US2 or EU1 regions no
longer need to specify their base_url as this value is auto-discovered as part of the authentication process.
Please note:
USGOV1users will still need to provide this value.
| Short name | Base URL | Auto discovery support? |
|---|---|---|
| US1 | https://api.crowdstrike.com |  |
| US2 | https://api.us-2.crowdstrike.com | |
| EU1 | https://api.eu-1.crowdstrike.com | |
| USGOV1 | https://api.laggar.gcw.crowdstrike.com |  |
You may provide your base URL with or without the
https://protocol specification.
Specifying EU1 using the full Base URL.
from falconpy import Recon
falcon = Recon(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE",
base_url="https://api.eu-1.crowdstrike.com"
)
response = falcon.query_rules(limit=100, q="search-string")
print(response)Specifying US2 using the short name.
from falconpy import Recon
falcon = Recon(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE",
base_url="us2"
)
response = falcon.query_rules(limit=100, q="search-string")
print(response)Specifying EU1 using the full Base URL.
from falconpy import APIHarness
falcon = APIHarness(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
base_url="https://api.eu-1.crowdstrike.com"
)
PARAMS = {
"limit": 100,
"q": "search-string"
}
result = falcon.command("QueryRulesV1", parameters=PARAMS)
print(result)Specifying US2 using the short name.
from falconpy import APIHarness
falcon = APIHarness(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
base_url="us2"
)
# This example also demonstrates Parameter Abstraction within the Uber Class (v0.8.0+)
result = falcon.command("QueryRulesV1", limit=100, q="search-string")
print(result)For scenarios where you wish to route API request traffic through a proxy, or list of proxies, the proxy keyword may be utilized.
from falconpy import Detects
falcon = Detects(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
proxy={"http": "http://myproxy:8888",
"https": "https://myotherproxy:8080"
}
)
# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_detects()
print(result)from falconpy import APIHarness
falcon = APIHarness(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
proxy={"http": "http://myproxy:8888",
"https": "https://myotherproxy:8080"
}
)
result = falcon.command("QueryDetects")
print(result)For environments where SSL verification cannot be performed at the application layer, you may disable SSL verification when creating your instance of the class using the ssl_verify keyword.
When not specifically disabled, SSL Verification defaults to True when creating an instance of any class.
from falconpy import Hosts
falcon = Hosts(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
ssl_verify=False
)
# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_devices_by_filter()
print(result)from falconpy import APIHarness
falcon = APIHarness(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
ssl_verify=False
)
result = falcon.command("QueryDevicesByFilter")
print(result)The timeout keyword can be used to specify timeouts for connect and read, or the entire operation.
Specifying a global timeout for the entire operation.
# Times out after thirty seconds for the entire operation
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
timeout=30
)
# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_aws_accounts()
print(result)Specifying individual timeouts for connect and read operations.
# Times out after 3 seconds for connect and 27 seconds for read
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
timeout=(3.05,26.95)
)
# You can use PEP8 or Operation ID syntax for this call
result = falcon.QueryAWSAccounts()
print(result)Specifying a global timeout for the entire operation.
# Times out after thirty seconds for the entire operation
from falconpy import APIHarness
falcon = APIHarness(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
timeout=30
)
result = falcon.command("QueryAWSAccounts")
print(result)Specifying individual timeouts for connect and read operations.
# Times out after 3 seconds for connect and 27 seconds for read
from falconpy import APIHarness
falcon = APIHarness(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
timeout=(3.05,26.95)
)
result = falcon.command("QueryAWSAccounts")
print(result)Using the user_agent keyword, a custom string may be specified for the User-Agent HTTP request header.
This allows developers to properly identify their integrations as per CrowdStrike documented best practice.
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
user_agent="company-productname/1.0"
)
# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_aws_accounts()
print(result)from falconpy import APIHarness
falcon = APIHarness(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
user_agent="company-productname/1.0"
)
result = falcon.command("QueryAWSAccounts")
print(result)The token renewal window is designed to allow developers to specify the amount of time to use for a buffer between token expiration and automatic token renewal. This value is represented by an integer and expressed in seconds. The minimum allowed value is 120 and the maximum allowed value is 1200 with 120 being the default.
from falconpy import CloudConnectAWS
falcon = CloudConnectAWS(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
renew_window=180
)
# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_aws_accounts()
print(result)from falconpy import APIHarness
falcon = APIHarness(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
renew_window=300
)
result = falcon.command("QueryAWSAccounts")
print(result)You can provided additional headers that will be included in all requests made to the API by providing the ext_headers keyword. Values should be provided to the Service Class constructor as a dictionary.
This keyword is not supported in the Uber Class as the Uber Class already supports providing custom headers using the
headerskeyword within thecommandmethod.
from falconpy import Hosts
falcon = Hosts(client_id="CLIENT_ID_HERE",
client_secret="CLIENT_SECRET_HERE",
ext_headers={"X-SOME-HEADER", "Value"}
)
result = falcon.query_devices_by_filter_scroll()
print(result)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- CAO Hunting
- Certificate Based Exclusions
- Cloud AWS Registration
- Cloud Azure Registration
- Cloud OCI Registration
- Cloud Connect AWS (deprecated)
- Cloud Security Assets
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Image Compliance
- Container Images
- Container Packages
- Container Vulnerabilities
- Content Update Policies
- Correlation Rules
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner (deprecated)
- Delivery Settings
- Deployments
- Detects
- Device Content
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- FaaS Execution
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- Intelligence Feeds
- Intelligence Indicator Graph
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- NGSIEM
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Serverless Vulnerabilities
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
