IOA Exclusions
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Get a set of IOA Exclusions by specifying their IDs. | ||||
|
Create the IOA exclusions. | ||||
|
Delete the IOA exclusions by ID. | ||||
|
Update the IOA exclusions. | ||||
|
Search for IOA exclusions. | ||||
Get a set of IOA Exclusions by specifying their IDs
get_exclusions
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
 |
|
query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import IOAExclusions
falcon = IOAExclusions(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_exclusions(ids=id_list)
print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getIOAExclusionsV1(ids=id_list)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getIOAExclusionsV1", ids=id_list)
print(response)Create the IOA exclusions
create_exclusions
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
 |
body | string | Full body payload in JSON format. |
| cl_regex |
|
 |
body | string | Command line regular expression. |
| comment |
|
|
body | string | String comment describing why the exclusions was created. |
| description |
|
|
body | string | Exclusion description. |
| detection_json |
|
|
body | string | JSON formatted detection template. |
| groups |
|
|
body | list of strings | Group ID(s) impacted by the exclusion. |
| ifn_regex |
|
|
body | string | Indicator file name regular expression. |
| name |
|
|
body | string | Name of the exclusion. |
| pattern_id |
|
|
body | string | ID of the pattern to use for the exclusion. |
| pattern_name |
|
|
body | string | Name of the pattern to use for the exclusion. |
from falconpy import IOAExclusions
falcon = IOAExclusions(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.create_exclusions(cl_regex="string",
comment="string",
description="string",
detection_json="string",
groups=group_list,
ifn_regex="string",
name="string",
pattern_id="string",
pattern_name="string"
)
print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.createIOAExclusionsV1(cl_regex="string",
comment="string",
description="string",
detection_json="string",
groups=group_list,
ifn_regex="string",
name="string",
pattern_id="string",
pattern_name="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
group_list = ['ID1', 'ID2', 'ID3']
BODY = {
"cl_regex": "string",
"comment": "string",
"description": "string",
"detection_json": "string",
"groups": group_list,
"ifn_regex": "string",
"name": "string",
"pattern_id": "string",
"pattern_name": "string"
}
response = falcon.command("createIOAExclusionsV1", body=BODY)
print(response)Delete the IOA exclusions by id
delete_exclusions
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| comment |
|
|
query | string | Explains why this exclusion was deleted. |
| ids |
|
|
query | string or list of strings | The IDs of the exclusions to retrieve. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
from falconpy import IOAExclusions
falcon = IOAExclusions(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_exclusions(comment="string", ids=id_list)
print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.deleteIOAExclusionsV1(comment="string", ids=id_list)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("deleteIOAExclusionsV1", comment="string", ids=id_list)
print(response)Update the IOA exclusions
update_exclusions
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | string | Full body payload in JSON format. |
| cl_regex |
|
|
body | string | Command line regular expression. |
| comment |
|
|
body | string | String comment describing why the exclusions was created. |
| description |
|
|
body | string | Exclusion description. |
| detection_json |
|
|
body | string | JSON formatted detection template. |
| groups |
|
|
body | list of strings | Group ID(s) impacted by the exclusion. |
| id |
|
|
body | string | ID of the exclusion to update. |
| ifn_regex |
|
|
body | string | Indicator file name regular expression. |
| name |
|
|
body | string | Name of the exclusion. |
| pattern_id |
|
|
body | string | ID of the pattern to use for the exclusion. |
| pattern_name |
|
|
body | string | Name of the pattern to use for the exclusion. |
from falconpy import IOAExclusions
falcon = IOAExclusions(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.update_exclusions(cl_regex="string",
comment="string",
description="string",
detection_json="string",
groups=group_list,
ifn_regex="string",
name="string",
pattern_id="string",
pattern_name="string"
)
print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
group_list = ['ID1', 'ID2', 'ID3']
response = falcon.updateIOAExclusionsV1(cl_regex="string",
comment="string",
description="string",
detection_json="string",
groups=group_list,
ifn_regex="string",
name="string",
pattern_id="string",
pattern_name="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
group_list = ['ID1', 'ID2', 'ID3']
BODY = {
"cl_regex": "string",
"comment": "string",
"description": "string",
"detection_json": "string",
"groups": group_list,
"id": "string",
"ifn_regex": "string",
"name": "string",
"pattern_id": "string",
"pattern_name": "string"
}
response = falcon.command("updateIOAExclusionsV1", body=BODY)
print(response)Search for IOA exclusions.
query_exclusions
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | The filter expression that should be used to limit the results. FQL syntax. Available filters:
|
| limit |
|
|
query | integer | The maximum number of records to return. [1-500] |
| offset |
|
|
query | integer | The offset to start retrieving records from. |
| parameters |
|
|
query | string | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | The property to sort by. FQL syntax. (e.g. last_behavior|asc) Available sort fields:
|
from falconpy import IOAExclusions
falcon = IOAExclusions(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.query_exclusions(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import IOAExclusions
falcon = IOAExclusions(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.queryIOAExclusionsV1(filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)from falconpy import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("queryIOAExclusionsV1",
filter="string",
offset=integer,
limit=integer,
sort="string"
)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- CAO Hunting
- Certificate Based Exclusions
- Cloud AWS Registration
- Cloud Azure Registration
- Cloud OCI Registration
- Cloud Connect AWS (deprecated)
- Cloud Security Assets
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Image Compliance
- Container Images
- Container Packages
- Container Vulnerabilities
- Content Update Policies
- Correlation Rules
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner (deprecated)
- Delivery Settings
- Deployments
- Detects
- Device Content
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- FaaS Execution
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- Intelligence Feeds
- Intelligence Indicator Graph
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- NGSIEM
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Serverless Vulnerabilities
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
