Firewall Management
| API Function | Description |
|---|---|
| aggregate_events | Aggregate events for customer |
| aggregate_policy_rules | Aggregate rules within a policy for customer |
| aggregate_rule_groups | Aggregate rule groups for customer |
| aggregate_rules | Aggregate rules for customer |
| get_events | Get events entities by ID and optionally version |
| get_firewall_fields | Get the firewall field specifications by ID |
| get_platforms | Get platforms by ID, e.g., windows or mac or droid |
| get_policy_containers | Get policy container entities by policy ID |
| update_policy_container | Update an identified policy container |
| get_rule_groups | Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order. |
| create_rule_group | Create new rule group on a platform for a customer with a name and description, and return the ID |
| delete_rule_groups | Delete rule group entities by ID |
| update_rule_group | Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules |
| get_rules | Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string) |
| query_events | Find all event IDs matching the query with filter |
| query_firewall_fields | Get the firewall field specification IDs for the provided platform |
| query_platforms | Get the list of platform names |
| query_policy_rules | Find all firewall rule IDs matching the query with filter, and return them in precedence order |
| query_rule_groups | Find all rule group IDs matching the query with filter |
| query_rules | Find all rule IDs matching the query with filter |
Aggregate events for customer
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | body | body | string | Query criteria and settings |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
BODY = {
'Body Payload': 'See body description above'
}
response = falcon.aggregate_events(body=BODY)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
BODY = {
'Body Payload': 'See body description above'
}
response = falcon.command('aggregate-events', body=BODY)
print(response)
falcon.deauthenticate()Aggregate rules within a policy for customer
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | body | body | string | Query criteria and settings |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
BODY = {
'Body Payload': 'See body description above'
}
response = falcon.aggregate_policy_rules(body=BODY)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
BODY = {
'Body Payload': 'See body description above'
}
response = falcon.command('aggregate-policy-rules', body=BODY)
print(response)
falcon.deauthenticate()Aggregate rule groups for customer
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | body | body | string | Query criteria and settings |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
BODY = {
'Body Payload': 'See body description above'
}
response = falcon.aggregate_rule_groups(body=BODY)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
BODY = {
'Body Payload': 'See body description above'
}
response = falcon.command('aggregate-rule-groups', body=BODY)
print(response)
falcon.deauthenticate()Aggregate rules for customer
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | body | body | string | Query criteria and settings |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
BODY = {
'Body Payload': 'See body description above'
}
response = falcon.aggregate_rules(body=BODY)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
BODY = {
'Body Payload': 'See body description above'
}
response = falcon.command('aggregate-rules', body=BODY)
print(response)
falcon.deauthenticate()Get events entities by ID and optionally version
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | The events to retrieve, identified by ID |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
IDS = 'ID1,ID2,ID3'
response = falcon.get_events(ids=IDS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
IDS = 'ID1,ID2,ID3'
response = falcon.command('get-events', ids=IDS)
print(response)
falcon.deauthenticate()Get the firewall field specifications by ID
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | The IDs of the rule types to retrieve |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
IDS = 'ID1,ID2,ID3'
response = falcon.get_firewall_fields(ids=IDS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
IDS = 'ID1,ID2,ID3'
response = falcon.command('get-firewall-fields', ids=IDS)
print(response)
falcon.deauthenticate()Get platforms by ID, e.g., windows or mac or droid
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | The IDs of the platforms to retrieve |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
IDS = 'ID1,ID2,ID3'
response = falcon.get_platforms(ids=IDS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
IDS = 'ID1,ID2,ID3'
response = falcon.command('get-platforms', ids=IDS)
print(response)
falcon.deauthenticate()Get policy container entities by policy ID
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | The policy container(s) to retrieve, identified by policy ID |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
IDS = 'ID1,ID2,ID3'
response = falcon.get_policy_containers(ids=IDS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
IDS = 'ID1,ID2,ID3'
response = falcon.command('get-policy-containers', ids=IDS)
print(response)
falcon.deauthenticate()Update an identified policy container
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | X-CS-USERNAME | header | string | The user id |
| ✅ | body | body | string |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
BODY = {
'Body Payload': 'See body description above'
}
HEADERS = {
'X-CS-USERNAME': 'string'
}
response = falcon.update_policy_container(body=BODY, headers=HEADERS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
BODY = {
'Body Payload': 'See body description above'
}
HEADERS = {
'X-CS-USERNAME': 'string'
}
response = falcon.command('update-policy-container', body=BODY, headers=HEADERS)
print(response)
falcon.deauthenticate()Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order.
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | The IDs of the rule groups to retrieve |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
IDS = 'ID1,ID2,ID3'
response = falcon.get_rule_groups(ids=IDS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
IDS = 'ID1,ID2,ID3'
response = falcon.command('get-rule-groups', ids=IDS)
print(response)
falcon.deauthenticate()Create new rule group on a platform for a customer with a name and description, and return the ID
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | X-CS-USERNAME | header | string | The user id |
| clone_id | query | string | A rule group ID from which to copy rules. If this is provided then the 'rules' property of the body is ignored. | |
| library | query | string | If this flag is set to true then the rules will be cloned from the clone_id from the CrowdStrike Firewal Rule Groups Library. | |
| comment | query | string | Audit log comment for this action | |
| ✅ | body | body | string |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
PARAMS = {
'clone_id': 'string',
'library': 'string',
'comment': 'string'
}
BODY = {
'Body Payload': 'See body description above'
}
HEADERS = {
'X-CS-USERNAME': 'string'
}
response = falcon.create_rule_group(parameters=PARAMS, body=BODY, headers=HEADERS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
PARAMS = {
'clone_id': 'string',
'library': 'string',
'comment': 'string'
}
BODY = {
'Body Payload': 'See body description above'
}
HEADERS = {
'X-CS-USERNAME': 'string'
}
response = falcon.command('create-rule-group', parameters=PARAMS, body=BODY, headers=HEADERS)
print(response)
falcon.deauthenticate()Delete rule group entities by ID
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | X-CS-USERNAME | header | string | The user id |
| ✅ | ids | query | array (string) | The IDs of the rule groups to be deleted |
| comment | query | string | Audit log comment for this action |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
PARAMS = {
'comment': 'string'
}
HEADERS = {
'X-CS-USERNAME': 'string'
}
IDS = 'ID1,ID2,ID3'
response = falcon.delete_rule_groups(parameters=PARAMS, headers=HEADERS, ids=IDS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
PARAMS = {
'comment': 'string'
}
HEADERS = {
'X-CS-USERNAME': 'string'
}
IDS = 'ID1,ID2,ID3'
response = falcon.command('delete-rule-groups', parameters=PARAMS, headers=HEADERS, ids=IDS)
print(response)
falcon.deauthenticate()Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | X-CS-USERNAME | header | string | The user id |
| comment | query | string | Audit log comment for this action | |
| ✅ | body | body | string |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
PARAMS = {
'comment': 'string'
}
BODY = {
'Body Payload': 'See body description above'
}
HEADERS = {
'X-CS-USERNAME': 'string'
}
response = falcon.update_rule_group(parameters=PARAMS, body=BODY, headers=HEADERS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
PARAMS = {
'comment': 'string'
}
BODY = {
'Body Payload': 'See body description above'
}
HEADERS = {
'X-CS-USERNAME': 'string'
}
response = falcon.command('update-rule-group', parameters=PARAMS, body=BODY, headers=HEADERS)
print(response)
falcon.deauthenticate()Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string)
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | The rules to retrieve, identified by ID |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
IDS = 'ID1,ID2,ID3'
response = falcon.get_rules(ids=IDS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
IDS = 'ID1,ID2,ID3'
response = falcon.command('get-rules', ids=IDS)
print(response)
falcon.deauthenticate()Find all event IDs matching the query with filter
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| sort | query | string | Possible order by fields: | |
| filter | query | string | FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | |
| q | query | string | Match query criteria, which includes all the filter string fields, plus TODO | |
| offset | query | string | Starting index of overall result set from which to return ids. | |
| after | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
|
| limit | query | integer | Number of ids to return. |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
PARAMS = {
'sort': 'string',
'filter': 'string',
'q': 'string',
'offset': 'string',
'after': 'string',
'limit': integer
}
response = falcon.query_events(parameters=PARAMS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
PARAMS = {
'sort': 'string',
'filter': 'string',
'q': 'string',
'offset': 'string',
'after': 'string',
'limit': integer
}
response = falcon.command('query-events', parameters=PARAMS)
print(response)
falcon.deauthenticate()Get the firewall field specification IDs for the provided platform
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| platform_id | query | string | Get fields configuration for this platform | |
| offset | query | string | Starting index of overall result set from which to return ids. | |
| limit | query | integer | Number of ids to return. |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
PARAMS = {
'platform_id': 'string',
'offset': 'string',
'limit': integer
}
response = falcon.query_firewall_fields(parameters=PARAMS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
PARAMS = {
'platform_id': 'string',
'offset': 'string',
'limit': integer
}
response = falcon.command('query-firewall-fields', parameters=PARAMS)
print(response)
falcon.deauthenticate()Get the list of platform names
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| offset | query | string | Starting index of overall result set from which to return ids. | |
| limit | query | integer | Number of ids to return. |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
PARAMS = {
'offset': 'string',
'limit': integer
}
response = falcon.query_platforms(parameters=PARAMS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
PARAMS = {
'offset': 'string',
'limit': integer
}
response = falcon.command('query-platforms', parameters=PARAMS)
print(response)
falcon.deauthenticate()Find all firewall rule IDs matching the query with filter, and return them in precedence order
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| id | query | string | The ID of the policy container within which to query | |
| sort | query | string | Possible order by fields: | |
| filter | query | string | FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | |
| q | query | string | Match query criteria, which includes all the filter string fields, plus TODO | |
| offset | query | string | Starting index of overall result set from which to return ids. | |
| limit | query | integer | Number of ids to return. |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
PARAMS = {
'id': 'string',
'sort': 'string',
'filter': 'string',
'q': 'string',
'offset': 'string',
'limit': integer
}
response = falcon.query_policy_rules(parameters=PARAMS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
PARAMS = {
'id': 'string',
'sort': 'string',
'filter': 'string',
'q': 'string',
'offset': 'string',
'limit': integer
}
response = falcon.command('query-policy-rules', parameters=PARAMS)
print(response)
falcon.deauthenticate()Find all rule group IDs matching the query with filter
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| sort | query | string | Possible order by fields: | |
| filter | query | string | FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | |
| q | query | string | Match query criteria, which includes all the filter string fields, plus TODO | |
| offset | query | string | Starting index of overall result set from which to return ids. | |
| after | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
|
| limit | query | integer | Number of ids to return. |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
PARAMS = {
'sort': 'string',
'filter': 'string',
'q': 'string',
'offset': 'string',
'after': 'string',
'limit': integer
}
response = falcon.query_rule_groups(parameters=PARAMS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
PARAMS = {
'sort': 'string',
'filter': 'string',
'q': 'string',
'offset': 'string',
'after': 'string',
'limit': integer
}
response = falcon.command('query-rule-groups', parameters=PARAMS)
print(response)
falcon.deauthenticate()Find all rule IDs matching the query with filter
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| sort | query | string | Possible order by fields: | |
| filter | query | string | FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, description, etc TODO. Filter range criteria: created_on, modified_on; use any common date format, such as '2010-05-15T14:55:21.892315096Z'. | |
| q | query | string | Match query criteria, which includes all the filter string fields, plus TODO | |
| offset | query | string | Starting index of overall result set from which to return ids. | |
| after | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
|
| limit | query | integer | Number of ids to return. |
from falconpy import firewall_management as FalconFM
falcon = FalconFM.Firewall_Management(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
PARAMS = {
'sort': 'string',
'filter': 'string',
'q': 'string',
'offset': 'string',
'after': 'string',
'limit': integer
}
response = falcon.query_rules(parameters=PARAMS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
PARAMS = {
'sort': 'string',
'filter': 'string',
'q': 'string',
'offset': 'string',
'after': 'string',
'limit': integer
}
response = falcon.command('query-rules', parameters=PARAMS)
print(response)
falcon.deauthenticate()
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- CAO Hunting
- Certificate Based Exclusions
- Cloud AWS Registration
- Cloud Azure Registration
- Cloud OCI Registration
- Cloud Connect AWS (deprecated)
- Cloud Security Assets
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Image Compliance
- Container Images
- Container Packages
- Container Vulnerabilities
- Content Update Policies
- Correlation Rules
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner (deprecated)
- Delivery Settings
- Deployments
- Detects
- Device Content
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- FaaS Execution
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- Intelligence Feeds
- Intelligence Indicator Graph
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- NGSIEM
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Serverless Vulnerabilities
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
