User Management
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Get info about a role | ||||
|
Assign one or more roles to a user | ||||
|
Revoke one or more roles from a user | ||||
|
Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to /customer/entities/roles/v1. |
||||
|
Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to /customer/entities/roles/v1. |
||||
|
Get info about a user | ||||
|
Create a new user. After creating a user, assign one or more roles with POST /user-roles/entities/user-roles/v1 | ||||
|
Delete a user permanently | ||||
|
Modify an existing user's first or last name | ||||
|
List the usernames (usually an email address) for all users in your customer account | ||||
|
List user IDs for all users in your customer account. For more information on each user, provide the user ID to /users/entities/user/v1. |
||||
|
Get a user's ID by providing a username (usually an email address) | ||||
Get info about a role
get_roles
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | ID of a role. Find a role ID from /customer/queries/roles/v1 or /users/queries/roles/v1. |
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_roles(ids=id_list)
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetRoles(ids=id_list)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetRoles", ids=id_list)
print(response)Assign one or more roles to a user
grant_user_role_ids
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | user_uuid | query | string | ID of a user. Find a user's ID from /users/entities/user/v1. |
| ✅ | body | body | string | Role ID(s) of the role you want to assign |
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.grant_user_role_ids(user_uuid="string", body=BODY)
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.GrantUserRoleIds(user_uuid="string", body=BODY)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"user_uuid": "string"
}
BODY = {
"Body Payload": "See body description above"
}
response = falcon.command("GrantUserRoleIds", parameters=PARAMS, body=BODY)
print(response)Revoke one or more roles from a user
revoke_user_role_ids
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | user_uuid | query | string | ID of a user. Find a user's ID from /users/entities/user/v1. |
| ✅ | ids | query | array (string) | One or more role IDs to revoke. Find a role's ID from /users/queries/roles/v1. |
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.revoke_user_role_ids(user_uuid="string", ids=id_list)
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.RevokeUserRoleIds(user_uuid="string", ids=id_list)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"user_uuid": "string"
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("RevokeUserRoleIds", parameters=PARAMS, ids=id_list)
print(response)Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to /customer/entities/roles/v1.
get_available_role_ids
- Consumes: application/json
- Produces: application/json
No parameters
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_available_role_ids()
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetAvailableRoleIds()
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("GetAvailableRoleIds")
print(response)Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to /customer/entities/roles/v1.
get_user_role_ids
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | user_uuid | query | string | ID of a user. Find a user's ID from /users/entities/user/v1. |
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_user_role_ids(user_uuid="string")
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetUserRoleIds(user_uuid="string")
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"user_uuid": "string"
}
response = falcon.command("GetUserRoleIds", parameters=PARAMS)
print(response)Get info about a user
retrieve_user
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | ID of a user. Find a user's ID from /users/entities/user/v1. |
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.retrieve_user(ids=id_list)
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.RetrieveUser(ids=id_list)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("RetrieveUser", ids=id_list)
print(response)Create a new user. After creating a user, assign one or more roles with POST /user-roles/entities/user-roles/v1
create_user
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | body | body | string | Attributes for this user. uid (required) is the user's email address, which is their username in Falcon. Optional attributes:
password. If single sign-on is enabled for your customer account, the password attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no password. The user should use the activation email to set their own password. |
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.create_user(body=BODY)
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.CreateUser(body=BODY)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.command("CreateUser", body=BODY)
print(response)Delete a user permanently
delete_user
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | user_uuid | query | string | ID of a user. Find a user's ID from /users/entities/user/v1. |
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.delete_user(user_uuid="string")
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.DeleteUser(user_uuid="string")
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"user_uuid": "string"
}
response = falcon.command("DeleteUser", parameters=PARAMS)
print(response)Modify an existing user's first or last name
update_user
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | user_uuid | query | string | ID of a user. Find a user's ID from /users/entities/user/v1. |
| ✅ | body | body | string | Attributes for this user. All attributes (shown below) are optional. |
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.update_user(user_uuid="string", body=BODY)
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.UpdateUser(user_uuid="string", body=BODY)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"user_uuid": "string"
}
BODY = {
"Body Payload": "See body description above"
}
response = falcon.command("UpdateUser", parameters=PARAMS, body=BODY)
print(response)List the usernames (usually an email address) for all users in your customer account
retrieve_emails_by_cid
- Consumes: application/json
- Produces: application/json
No parameters
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.retrieve_emails_by_cid()
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.RetrieveEmailsByCID()
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("RetrieveEmailsByCID")
print(response)List user IDs for all users in your customer account. For more information on each user, provide the user ID to /users/entities/user/v1.
retrieve_user_uuids_by_cid
- Consumes: application/json
- Produces: application/json
No parameters
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.retrieve_user_uuids_by_cid()
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.RetrieveUserUUIDsByCID()
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("RetrieveUserUUIDsByCID")
print(response)Get a user's ID by providing a username (usually an email address)
retrieve_user_uuid
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | uid | query | array (string) | A username. This is usually the user's email address, but may vary based on your configuration. |
from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.retrieve_user_uuid(uid=["string", "string"])
print(response)from falconpy.user_management import UserManagement
falcon = UserManagement(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.RetrieveUserUUID(uid=["string", "string"])
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"uid": [
"string",
"string"
]
}
response = falcon.command("RetrieveUserUUID", parameters=PARAMS)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- CAO Hunting
- Certificate Based Exclusions
- Cloud AWS Registration
- Cloud Azure Registration
- Cloud OCI Registration
- Cloud Connect AWS (deprecated)
- Cloud Security Assets
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Image Compliance
- Container Images
- Container Packages
- Container Vulnerabilities
- Content Update Policies
- Correlation Rules
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner (deprecated)
- Delivery Settings
- Deployments
- Detects
- Device Content
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- FaaS Execution
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- Intelligence Feeds
- Intelligence Indicator Graph
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- NGSIEM
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Serverless Vulnerabilities
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
