Sample Uploads
| API Function | Description |
|---|---|
| GetSampleV3 | Retrieves the file associated with the given ID (SHA256) |
| UploadSampleV3 | Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. |
| DeleteSampleV3 | Removes a sample, including file, meta and submissions from the collection |
Retrieves the file associated with the given ID (SHA256)
- Produces: application/octet-stream
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| X-CS-USERUUID | header | string | User UUID | |
| ✅ | ids | query | string | The file SHA256. |
| password_protected | query | string | Flag whether the sample should be zipped and password protected with pass='infected' |
from falconpy import sample_uploads as FalconSamples
falcon = FalconSamples.Sample_Uploads(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
PARAMS = {
'password_protected': 'string'
}
HEADERS = {
'X-CS-USERUUID': 'string'
}
IDS = 'ID1,ID2,ID3'
response = falcon.GetSampleV3(parameters=PARAMS, headers=HEADERS, ids=IDS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
PARAMS = {
'password_protected': 'string'
}
HEADERS = {
'X-CS-USERUUID': 'string'
}
IDS = 'ID1,ID2,ID3'
response = falcon.command('GetSampleV3', parameters=PARAMS, headers=HEADERS, ids=IDS)
print(response)
falcon.deauthenticate()Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint.
- Consumes: application/octet-stream
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| X-CS-USERUUID | header | string | User UUID | |
| ✅ | body | body | string | Content of the uploaded sample in binary format. For example, use --data-binary @$FILE_PATH when using cURL. Max file size: 100 MB. Accepted file formats: - Portable executables: .exe, .scr, .pif, .dll, .com, .cpl, etc. - Office documents: .doc, .docx, .ppt, .pps, .pptx, .ppsx, .xls, .xlsx, .rtf, .pub - PDF - APK - Executable JAR - Windows script component: .sct - Windows shortcut: .lnk - Windows help: .chm - HTML application: .hta - Windows script file: .wsf - Javascript: .js - Visual Basic: .vbs, .vbe - Shockwave Flash: .swf - Perl: .pl - Powershell: .ps1, .psd1, .psm1 - Scalable vector graphics: .svg - Python: .py - Linux ELF executables - Email files: MIME RFC 822 .eml, Outlook .msg. |
| ✅ | upfile | formData | file | The binary file. |
| ✅ | file_name | query | string | Name of the file. |
| comment | query | string | A descriptive comment to identify the file for other users. | |
| is_confidential | query | boolean | Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console. - true: File is only shown to users within your customer account - false: File can be seen by other CrowdStrike customers Default: true. |
from falconpy import sample_uploads as FalconSamples
falcon = FalconSamples.Sample_Uploads(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
PARAMS = {
'file_name': 'string',
'comment': 'string',
'is_confidential': boolean
}
BODY = {
'Body Payload': 'See body description above'
}
FILENAME = 'testfile.jpg'
PAYLOAD = open(FILENAME, 'rb').read()
HEADERS = {
'X-CS-USERUUID': 'string'
}
response = falcon.UploadSampleV3(parameters=PARAMS, body=BODY, data=PAYLOAD, file_name=FILENAME, content_type='application/octet-stream', headers=HEADERS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
PARAMS = {
'file_name': 'string',
'comment': 'string',
'is_confidential': boolean
}
BODY = {
'Body Payload': 'See body description above'
}
FILENAME = 'testfile.jpg'
PAYLOAD = open(FILENAME, 'rb').read()
HEADERS = {
'X-CS-USERUUID': 'string'
}
response = falcon.command('UploadSampleV3', parameters=PARAMS, body=BODY, data=PAYLOAD, file_name=FILENAME, content_type='application/octet-stream', headers=HEADERS)
print(response)
falcon.deauthenticate()Removes a sample, including file, meta and submissions from the collection
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| X-CS-USERUUID | header | string | User UUID | |
| ✅ | ids | query | string | The file SHA256. |
from falconpy import sample_uploads as FalconSamples
falcon = FalconSamples.Sample_Uploads(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
})
HEADERS = {
'X-CS-USERUUID': 'string'
}
IDS = 'ID1,ID2,ID3'
response = falcon.DeleteSampleV3(headers=HEADERS, ids=IDS)
print(response)from falconpy import api_complete as FalconSDK
falcon = FalconSDK.APIHarness(creds={
'client_id': falcon_client_id,
'client_secret': falcon_client_secret
}
)
HEADERS = {
'X-CS-USERUUID': 'string'
}
IDS = 'ID1,ID2,ID3'
response = falcon.command('DeleteSampleV3', headers=HEADERS, ids=IDS)
print(response)
falcon.deauthenticate()
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- CAO Hunting
- Certificate Based Exclusions
- Cloud AWS Registration
- Cloud Azure Registration
- Cloud OCI Registration
- Cloud Connect AWS (deprecated)
- Cloud Security Assets
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Image Compliance
- Container Images
- Container Packages
- Container Vulnerabilities
- Content Update Policies
- Correlation Rules
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner (deprecated)
- Delivery Settings
- Deployments
- Detects
- Device Content
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- FaaS Execution
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- Intelligence Feeds
- Intelligence Indicator Graph
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- NGSIEM
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Serverless Vulnerabilities
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
