Environment Configuration

Environment Configuration

The following keywords can be provided to Service Classes and the Uber Class during instantiation to customize behavior to meet your specific environment requirements.

These keywords may be mixed in any order or combination when creating an instance of the class. You will still need to provide authentication details based upon your selected authentication method.

Name	Data type	Description
base_url	String	The CrowdStrike base address target for API operations performed using this class. Defaults to https://api.crowdstrike.com.
proxy	Dictionary	A dictionary containing a list of proxy servers to utilize for making requests to the CrowdStrike API.
ssl_verify	Boolean	Boolean flag used to specify SSL verification configuration. Defaults to True
timeout	Float or Tuple	Connect / Read or Total timeout for requests made to the CrowdStrike API.
user_agent	String	Custom User-Agent string to use for requests to the API. Recommended format: vendor-productname/version.

Usage examples

Simple examples of these keywords being used to configure an environment.

Base URL

The base_url keyword allows you to point your requests to the CrowdStrike cloud where your environment resides. You may specify your base URL by using the address or the short name. Short names are not case-sensitive.

When not provided, the base_url keyword defaults to https://api.crowdstrike.com (US1) when creating an instance of any class using v0.8.5 or below.

Cloud region auto-discovery

Starting in v0.8.6, developers using the US1, US2 or EU1 regions no longer need to specify their base_url as this value is auto-discovered as part of the authentication process.

Please note: USGOV1 users will still need to provide this value.

Short name	Base URL	Auto discovery support?
US1	https://api.crowdstrike.com
US2	https://api.us-2.crowdstrike.com
EU1	https://api.eu-1.crowdstrike.com
USGOV1	https://api.laggar.gcw.crowdstrike.com

You may provide your base URL with or without the https:// protocol specification.

Service Class examples

Specifying EU1 using the full Base URL.

from falconpy import Recon

falcon = Recon(client_id="API_CLIENT_ID_HERE",
               client_secret="API_CLIENT_SECRET_HERE",
               base_url="https://api.eu-1.crowdstrike.com"
               )

response = falcon.query_rules(limit=100, q="search-string")
print(response)

Specifying US2 using the short name.

from falconpy import Recon

falcon = Recon(client_id="API_CLIENT_ID_HERE",
               client_secret="API_CLIENT_SECRET_HERE",
               base_url="us2"
               )

response = falcon.query_rules(limit=100, q="search-string")
print(response)

Uber Class examples

Specifying EU1 using the full Base URL.

from falconpy import APIHarness

falcon = APIHarness(client_id="CLIENT_ID_HERE",
                    client_secret="CLIENT_SECRET_HERE",
                    base_url="https://api.eu-1.crowdstrike.com"
                    )
PARAMS = {
    "limit": 100,
    "q": "search-string"
}

result = falcon.command("QueryRulesV1", parameters=PARAMS)
print(result)

Specifying US2 using the short name.

from falconpy import APIHarness

falcon = APIHarness(client_id="CLIENT_ID_HERE",
                    client_secret="CLIENT_SECRET_HERE",
                    base_url="us2"
                    )

# This example also demonstrates Parameter Abstraction within the Uber Class (v0.8.0+)
result = falcon.command("QueryRulesV1", limit=100, q="search-string")
print(result)

Proxy

For scenarios where you wish to route API request traffic through a proxy, or list of proxies, the proxy keyword may be utilized.

Service Class example

from falconpy import Detects

falcon = Detects(client_id="CLIENT_ID_HERE",
                 client_secret="CLIENT_SECRET_HERE",
                 proxy={"http": "http://myproxy:8888",
                        "https": "https://myotherproxy:8080"
                        }
                 )

# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_detects()
print(result)

Uber Class example

from falconpy import APIHarness

falcon = APIHarness(client_id="CLIENT_ID_HERE",
                    client_secret="CLIENT_SECRET_HERE",
                    proxy={"http": "http://myproxy:8888",
                           "https": "https://myotherproxy:8080"
                           }
                    )

result = falcon.command("QueryDetects")
print(result)

SSL Verify

For environments where SSL verification cannot be performed at the application layer, you may disable SSL verification when creating your instance of the class using the ssl_verify keyword.

When not specifically disabled, SSL Verification defaults to True when creating an instance of any class.

Service Class example

from falconpy import Hosts

falcon = Hosts(client_id="CLIENT_ID_HERE",
               client_secret="CLIENT_SECRET_HERE",
               ssl_verify=False
               )

# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_devices_by_filter()
print(result)

Uber Class example

from falconpy import APIHarness

falcon = APIHarness(client_id="CLIENT_ID_HERE",
                    client_secret="CLIENT_SECRET_HERE",
                    ssl_verify=False
                    )

result = falcon.command("QueryDevicesByFilter")
print(result)

Timeout

The timeout keyword can be used to specify timeouts for connect and read, or the entire operation.

Service Class examples

Specifying a global timeout for the entire operation.

# Times out after thirty seconds for the entire operation
from falconpy import CloudConnectAWS

falcon = CloudConnectAWS(client_id="CLIENT_ID_HERE",
                         client_secret="CLIENT_SECRET_HERE",
                         timeout=30
                         )

# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_aws_accounts()
print(result)

Specifying individual timeouts for connect and read operations.

# Times out after 3 seconds for connect and 27 seconds for read
from falconpy import CloudConnectAWS

falcon = CloudConnectAWS(client_id="CLIENT_ID_HERE",
                   client_secret="CLIENT_SECRET_HERE",
                   timeout=(3.05,26.95)
                   )

# You can use PEP8 or Operation ID syntax for this call
result = falcon.QueryAWSAccounts()
print(result)

Uber Class examples

Specifying a global timeout for the entire operation.

# Times out after thirty seconds for the entire operation
from falconpy import APIHarness

falcon = APIHarness(client_id="CLIENT_ID_HERE",
                    client_secret="CLIENT_SECRET_HERE",
                    timeout=30
                    )

result = falcon.command("QueryAWSAccounts")
print(result)

Specifying individual timeouts for connect and read operations.

# Times out after 3 seconds for connect and 27 seconds for read
from falconpy import APIHarness

falcon = APIHarness(client_id="CLIENT_ID_HERE",
                    client_secret="CLIENT_SECRET_HERE",
                    timeout=(3.05,26.95)
                    )

result = falcon.command("QueryAWSAccounts")
print(result)

User-Agent

Using the user_agent keyword, a custom string may be specified for the User-Agent HTTP request header. This allows developers to properly identify their integrations as per CrowdStrike documented best practice.

Service Class example

from falconpy import CloudConnectAWS

falcon = CloudConnectAWS(client_id="CLIENT_ID_HERE",
                         client_secret="CLIENT_SECRET_HERE",
                         user_agent="company-productname/1.0"
                         )

# You can use PEP8 or Operation ID syntax for this call
result = falcon.query_aws_accounts()
print(result)

Uber Class example

from falconpy import APIHarness

falcon = APIHarness(client_id="CLIENT_ID_HERE",
                    client_secret="CLIENT_SECRET_HERE",
                    user_agent="company-productname/1.0"
                    )

result = falcon.command("QueryAWSAccounts")
print(result)