Sample Uploads

Using the Sample Uploads service collection

Uber class support Service class support Documentation Version

from falconpy import SampleUploads

falcon = SampleUploads(client_id="API_CLIENT_ID_HERE",
                       client_secret="API_CLIENT_SECRET_HERE"
                       )

file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"

save_file = "some_file.ext"

response = falcon.get_sample(password_protected=boolean, ids=file_sha)
open(save_file, 'wb').write(response)

Service class example (Operation ID syntax)

from falconpy import SampleUploads

falcon = SampleUploads(client_id="API_CLIENT_ID_HERE",
                       client_secret="API_CLIENT_SECRET_HERE"
                       )

file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"

save_file = "some_file.ext"

response = falcon.GetSampleV3(password_protected=boolean, ids=file_sha)
open(save_file, 'wb').write(response)

Uber class example

from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"

save_file = "some_file.ext"

response = falcon.command("GetSampleV3", password_protected=boolean, ids=file_sha)
open(save_file, 'wb').write(response)

UploadSampleV3

Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint.

PEP8 method name

upload_sample

Content-Type

Consumes: multipart/form-data
Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
comment	formData	string	A descriptive comment to identify the file for other users.
data	formData	file	Content of the uploaded sample in binary format. Max file size: 256 MB. Accepted file formats: Portable executables: `.exe`, `.scr`, `.pif`, `.dll`, `.com`, `.cpl`, etc. Office documents: `.doc`, `.docx`, `.ppt`, `.pps`, `.pptx`, `.ppsx`, `.xls`, `.xlsx`, `.rtf`, `.pub` PDF APK Executable JAR Windows script component: `.sct` Windows shortcut: `.lnk` Windows help: `.chm` HTML application: `.hta` Windows script file: `.wsf` Javascript: `.js` Visual Basic: `.vbs`, `.vbe` Shockwave Flash: `.swf` Perl: `.pl` Powershell: `.ps1`, `.psd1`, `.psm1` Scalable vector graphics: `.svg` Python: `.py` Linux ELF executables Email files: MIME RFC 822 `.eml`, Outlook `.msg`.
is_confidential	formData	boolean	Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console. `true`: File is only shown to users within your customer account `false`: File can be seen by other CrowdStrike customers Default: `true`.
file_data or sample or upfile	formData	file	Content of the uploaded sample in binary format. Max file size: 256 MB. Accepted file formats: Portable executables: `.exe`, `.scr`, `.pif`, `.dll`, `.com`, `.cpl`, etc. Office documents: `.doc`, `.docx`, `.ppt`, `.pps`, `.pptx`, `.ppsx`, `.xls`, `.xlsx`, `.rtf`, `.pub` PDF APK Executable JAR Windows script component: `.sct` Windows shortcut: `.lnk` Windows help: `.chm` HTML application: `.hta` Windows script file: `.wsf` Javascript: `.js` Visual Basic: `.vbs`, `.vbe` Shockwave Flash: `.swf` Perl: `.pl` Powershell: `.ps1`, `.psd1`, `.psm1` Scalable vector graphics: `.svg` Python: `.py` Linux ELF executables Email files: MIME RFC 822 `.eml`, Outlook `.msg`.
file_name	formData	string	Name to use for the file. Uses current file name if not specified.
parameters	query	string	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import SampleUploads

falcon = SampleUploads(client_id="API_CLIENT_ID_HERE",
                       client_secret="API_CLIENT_SECRET_HERE"
                       )

FILENAME = 'test_file.ext'
PAYLOAD = open(FILENAME, 'rb').read()

response = falcon.upload_sample(sample=PAYLOAD,
                                file_name="string",
                                comment='string',
                                is_confidential=boolean
                                )
print(response)

Service class example (Operation ID syntax)

from falconpy import SampleUploads

falcon = SampleUploads(client_id="API_CLIENT_ID_HERE",
                       client_secret="API_CLIENT_SECRET_HERE"
                       )

FILENAME = 'test_file.ext'
PAYLOAD = open(FILENAME, 'rb').read()

response = falcon.UploadSampleV3(file_data=PAYLOAD,
                                 file_name="string",
                                 comment='string',
                                 is_confidential=boolean
                                 )
print(response)

Uber class example

from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

FILENAME = 'test_file.ext'
PAYLOAD = open(FILENAME, 'rb').read()

response = falcon.command("UploadSampleV3",
                          data=PAYLOAD,
                          file_name="string",
                          comment="string",
                          is_confidential=boolean,
                          content_type="application/octet-stream"
                          )
print(response)

DeleteSampleV3

Removes a sample, including file, meta and submissions from the collection

PEP8 method name

delete_sample

Content-Type

Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string	The file SHA256 of the file to delete.
parameters			query	string	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import SampleUploads

falcon = SampleUploads(client_id="API_CLIENT_ID_HERE",
                       client_secret="API_CLIENT_SECRET_HERE"
                       )

file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"

response = falcon.delete_sample(ids=file_sha)
print(response)

Service class example (Operation ID syntax)

from falconpy import SampleUploads

falcon = SampleUploads(client_id="API_CLIENT_ID_HERE",
                       client_secret="API_CLIENT_SECRET_HERE"
                       )

file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"

response = falcon.DeleteSampleV3(ids=file_sha)
print(response)

Uber class example

from falconpy import APIHarness

falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
                    client_secret="API_CLIENT_SECRET_HERE"
                    )

file_sha = "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c"

response = falcon.command("DeleteSampleV3", ids=file_sha)
print(response)

Home
Discussions Board
Glossary of Terms
Installation, Upgrades and Removal
Samples Collection
Using FalconPy
API Operations
Service Collections
Documentation Support
- Report broken link
- Report documentation error
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust

CrowdStrike Falcon

Sample Uploads

Using the Sample Uploads service collection

Table of Contents

GetSampleV3

PEP8 method name

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

UploadSampleV3

PEP8 method name

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

DeleteSampleV3

PEP8 method name

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!