All URIs are relative to https://api.crowdstrike.com
| Method | HTTP request | Description |
|---|---|---|
| create_policies | POST /filevantage/entities/policies/v1 | Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type. |
| create_rule_groups | POST /filevantage/entities/rule-groups/v1 | Creates a new rule group of the specified type. |
| create_rules | POST /filevantage/entities/rule-groups-rules/v1 | Creates a new rule configuration within the specified rule group. |
| create_scheduled_exclusions | POST /filevantage/entities/policy-scheduled-exclusions/v1 | Creates a new scheduled exclusion configuration for the provided policy id. |
| delete_policies | DELETE /filevantage/entities/policies/v1 | Deletes 1 or more policies. |
| delete_rule_groups | DELETE /filevantage/entities/rule-groups/v1 | Deletes 1 or more rule groups |
| delete_rules | DELETE /filevantage/entities/rule-groups-rules/v1 | Deletes 1 or more rules from the specified rule group. |
| delete_scheduled_exclusions | DELETE /filevantage/entities/policy-scheduled-exclusions/v1 | Deletes 1 or more scheduled exclusions from the provided policy id. |
| get_changes | GET /filevantage/entities/changes/v2 | Retrieve information on changes |
| get_policies | GET /filevantage/entities/policies/v1 | Retrieves the configuration for 1 or more policies. |
| get_rule_groups | GET /filevantage/entities/rule-groups/v1 | Retrieves the rule group details for 1 or more rule groups. |
| get_rules | GET /filevantage/entities/rule-groups-rules/v1 | Retrieves the configuration for 1 or more rules. |
| get_scheduled_exclusions | GET /filevantage/entities/policy-scheduled-exclusions/v1 | Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id. |
| high_volume_query_changes | GET /filevantage/queries/changes/v3 | Returns 1 or more change ids |
| query_changes | GET /filevantage/queries/changes/v2 | Returns 1 or more change ids |
| query_policies | GET /filevantage/queries/policies/v1 | Retrieve the ids of all policies that are assigned the provided policy type. |
| query_rule_groups | GET /filevantage/queries/rule-groups/v1 | Retrieve the ids of all rule groups that are of the provided rule group type. |
| query_scheduled_exclusions | GET /filevantage/queries/policy-scheduled-exclusions/v1 | Retrieve the ids of all scheduled exclusions contained within the provided policy id. |
| update_policies | PATCH /filevantage/entities/policies/v1 | Updates the general information of the provided policy. |
| update_policy_host_groups | PATCH /filevantage/entities/policies-host-groups/v1 | Manage host groups assigned to a policy. |
| update_policy_precedence | PATCH /filevantage/entities/policies-precedence/v1 | Updates the policy precedence for all policies of a specific type. |
| update_policy_rule_groups | PATCH /filevantage/entities/policies-rule-groups/v1 | Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy. |
| update_rule_group_precedence | PATCH /filevantage/entities/rule-groups-rule-precedence/v1 | Updates the rule precedence for all rules in the identified rule group. |
| update_rule_groups | PATCH /filevantage/entities/rule-groups/v1 | Updates the provided rule group. |
| update_rules | PATCH /filevantage/entities/rule-groups-rules/v1 | Updates the provided rule configuration within the specified rule group. |
| update_scheduled_exclusions | PATCH /filevantage/entities/policy-scheduled-exclusions/v1 | Updates the provided scheduled exclusion configuration within the provided policy. |
create_policies(body)
Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.
After they are created, host and rule groups can be assigned, scheduled exclusions can be defined, and policy precedence can be set.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
body = Falcon::PoliciesCreateRequest.new({name: 'name_example'}) # PoliciesCreateRequest | Create a new policy. * `name` must be between 1 and 100 characters. * `description` can be between 0 and 500 characters. * `platform` must be one of `Windows`, `Linux`, or `Mac` Rule and host group assignment and policy precedence setting is performed via their respective patch end-points.
begin
# Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.
result = api_instance.create_policies(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->create_policies: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> create_policies_with_http_info(body)
begin
# Creates a new policy of the specified type. New policies are always added at the end of the precedence list for the provided policy type.
data, status_code, headers = api_instance.create_policies_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <PoliciesResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->create_policies_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| body | PoliciesCreateRequest | Create a new policy. * `name` must be between 1 and 100 characters. * `description` can be between 0 and 500 characters. * `platform` must be one of `Windows`, `Linux`, or `Mac` Rule and host group assignment and policy precedence setting is performed via their respective patch end-points. |
oauth2
- Content-Type: application/json
- Accept: application/json
create_rule_groups(body)
Creates a new rule group of the specified type.
Individual rules can be assigned to a rule group after it has been created.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
body = Falcon::RulegroupsCreateRequest.new({name: 'name_example', type: 'type_example'}) # RulegroupsCreateRequest | Create a new rule group of a specific type. * `name` must be between 1 and 100 characters. * `type` must be one of `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`. * `description` can be between 0 and 500 characters. Note: rules are added/removed from rule groups using their dedicated end-points.
begin
# Creates a new rule group of the specified type.
result = api_instance.create_rule_groups(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->create_rule_groups: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> create_rule_groups_with_http_info(body)
begin
# Creates a new rule group of the specified type.
data, status_code, headers = api_instance.create_rule_groups_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <RulegroupsResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->create_rule_groups_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| body | RulegroupsCreateRequest | Create a new rule group of a specific type. * `name` must be between 1 and 100 characters. * `type` must be one of `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`. * `description` can be between 0 and 500 characters. Note: rules are added/removed from rule groups using their dedicated end-points. |
oauth2
- Content-Type: application/json
- Accept: application/json
create_rules(body)
Creates a new rule configuration within the specified rule group.
Creates a new rule configuration within the specified rule group.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
body = Falcon::RulegroupsRule.new({depth: 'depth_example', id: 'id_example', include: 'include_example', path: 'path_example', rule_group_id: 'rule_group_id_example', severity: 'severity_example', type: 'type_example'}) # RulegroupsRule | Create a new rule configuration for the specified rule group. * `id` is not supported for creation of a rule, the new id of the created rule will be included in the response. * `rule_group_id` to add the new rule configuration. * `description` can be between 0 and 500 characters. * `path` representing the file system or registry path to monitor. * must be between 1 and 250 characters. * All paths must end with the path separator, e.g. c:\\windows\\ /usr/bin/ * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical` * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY` * `precedence` - is not supported for creation of a rule, new rules will be added last in precedence order. Falcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to. * `include` represents the files, directories, registry keys, or registry values that will be monitored. * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored. * `include_users` represents the changes performed by specific users that will be monitored. * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored. * `include_processes` represents the changes performed by specific processes that will be monitored. * `exclude_processes` represents the changes performed by specific processes that will be `NOT` monitored. * `content_files` represents the files whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern * `content_registry_values` represents the registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern * `enable_content_capture` File system directory monitoring: * `watch_delete_directory_changes` * `watch_create_directory_changes` * `watch_rename_directory_changes` * `watch_attributes_directory_changes` (`macOS` is not supported at this time) * `watch_permissions_directory_changes` (`macOS` is not supported at this time) File system file monitoring: * `watch_rename_file_changes` * `watch_write_file_changes` * `watch_create_file_changes` * `watch_delete_file_changes` * `watch_attributes_file_changes` (`macOS` is not supported at this time) * `watch_permissions_file_changes` (`macOS` is not supported at this time) Windows registry key and value monitoring: * `watch_create_key_changes` * `watch_delete_key_changes` * `watch_rename_key_changes` * `watch_set_value_changes` * `watch_delete_value_changes` * `watch_create_file_changes`
begin
# Creates a new rule configuration within the specified rule group.
result = api_instance.create_rules(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->create_rules: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> create_rules_with_http_info(body)
begin
# Creates a new rule configuration within the specified rule group.
data, status_code, headers = api_instance.create_rules_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <RulegroupsRulesResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->create_rules_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| body | RulegroupsRule | Create a new rule configuration for the specified rule group. * `id` is not supported for creation of a rule, the new id of the created rule will be included in the response. * `rule_group_id` to add the new rule configuration. * `description` can be between 0 and 500 characters. * `path` representing the file system or registry path to monitor. * must be between 1 and 250 characters. * All paths must end with the path separator, e.g. c:\windows\ /usr/bin/ * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical` * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY` * `precedence` - is not supported for creation of a rule, new rules will be added last in precedence order. Falcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to. * `include` represents the files, directories, registry keys, or registry values that will be monitored. * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored. * `include_users` represents the changes performed by specific users that will be monitored. * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored. * `include_processes` represents the changes performed by specific processes that will be monitored. * `exclude_processes` represents the changes performed by specific processes that will be `NOT` monitored. * `content_files` represents the files whose content will be monitored. Listed files must match the file include pattern and not match the file exclude pattern * `content_registry_values` represents the registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern * `enable_content_capture` File system directory monitoring: * `watch_delete_directory_changes` * `watch_create_directory_changes` * `watch_rename_directory_changes` * `watch_attributes_directory_changes` (`macOS` is not supported at this time) * `watch_permissions_directory_changes` (`macOS` is not supported at this time) File system file monitoring: * `watch_rename_file_changes` * `watch_write_file_changes` * `watch_create_file_changes` * `watch_delete_file_changes` * `watch_attributes_file_changes` (`macOS` is not supported at this time) * `watch_permissions_file_changes` (`macOS` is not supported at this time) Windows registry key and value monitoring: * `watch_create_key_changes` * `watch_delete_key_changes` * `watch_rename_key_changes` * `watch_set_value_changes` * `watch_delete_value_changes` * `watch_create_file_changes` |
oauth2
- Content-Type: application/json
- Accept: application/json
create_scheduled_exclusions(body)
Creates a new scheduled exclusion configuration for the provided policy id.
Creates a new scheduled exclusion configuration for the provided policy id.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
body = Falcon::ScheduledexclusionsCreateRequest.new({name: 'name_example', timezone: 'timezone_example'}) # ScheduledexclusionsCreateRequest | Create a new scheduled exclusion configuration for the specified policy. * `policy_id` to add the scheduled exclusion to. * `name` must be between 1 and 100 characters. * `description` can be between 0 and 500 characters. * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes. * admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported. * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes. * **\\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location. * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339. * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339. * `timezone` must be provided to indicate the TimeZone Name set for the provided `scheduled_start` and `scheduled_end` values. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. * `repeated` optionally provided to indicate that the exclusion is applied repeatedly within the `scheduled_start` and `scheduled_end` time. * `start_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true` * `end_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true` * `all_day` must be `true` or `false` to indicate the exclusion is applied all day. * `frequency` must be one of `daily`, `weekly` or `monthly`. * `occurrence` must be one of the following when `frequency` is set to `monthly`: * `1st`, `2nd`, `3rd`, `4th` or `Last` represents the week. * `Days` represents specific calendar days. * `weekly_days` must be one or more of `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` or `Sunday` when `frequency` is set to `weekly` or `frequency` is set to `monthly` and `occurrence` is NOT set to `Days`. * `monthly_days` must be set to one or more calendar days, between 1 and 31 when `frequency` is set to `monthly` and `occurrence` is set to `Days`.
begin
# Creates a new scheduled exclusion configuration for the provided policy id.
result = api_instance.create_scheduled_exclusions(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->create_scheduled_exclusions: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> create_scheduled_exclusions_with_http_info(body)
begin
# Creates a new scheduled exclusion configuration for the provided policy id.
data, status_code, headers = api_instance.create_scheduled_exclusions_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <ScheduledexclusionsResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->create_scheduled_exclusions_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| body | ScheduledexclusionsCreateRequest | Create a new scheduled exclusion configuration for the specified policy. * `policy_id` to add the scheduled exclusion to. * `name` must be between 1 and 100 characters. * `description` can be between 0 and 500 characters. * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes. * admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported. * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes. * **\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location. * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339. * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339. * `timezone` must be provided to indicate the TimeZone Name set for the provided `scheduled_start` and `scheduled_end` values. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. * `repeated` optionally provided to indicate that the exclusion is applied repeatedly within the `scheduled_start` and `scheduled_end` time. * `start_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true` * `end_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true` * `all_day` must be `true` or `false` to indicate the exclusion is applied all day. * `frequency` must be one of `daily`, `weekly` or `monthly`. * `occurrence` must be one of the following when `frequency` is set to `monthly`: * `1st`, `2nd`, `3rd`, `4th` or `Last` represents the week. * `Days` represents specific calendar days. * `weekly_days` must be one or more of `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` or `Sunday` when `frequency` is set to `weekly` or `frequency` is set to `monthly` and `occurrence` is NOT set to `Days`. * `monthly_days` must be set to one or more calendar days, between 1 and 31 when `frequency` is set to `monthly` and `occurrence` is set to `Days`. |
oauth2
- Content-Type: application/json
- Accept: application/json
delete_policies(ids)
Deletes 1 or more policies.
Only disabled policies are allowed to be deleted.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
ids = ['inner_example'] # Array<String> | One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2`
begin
# Deletes 1 or more policies.
result = api_instance.delete_policies(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->delete_policies: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> delete_policies_with_http_info(ids)
begin
# Deletes 1 or more policies.
data, status_code, headers = api_instance.delete_policies_with_http_info(ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <PoliciesDeleteResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->delete_policies_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| ids | Array<String> | One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2` |
oauth2
- Content-Type: Not defined
- Accept: application/json
delete_rule_groups(ids)
Deletes 1 or more rule groups
The rule groups represented by the provided ids and all rules that they contain will be deleted. Rule groups can only be deleted if they are not assigned to a policy.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
ids = ['inner_example'] # Array<String> | One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`
begin
# Deletes 1 or more rule groups
result = api_instance.delete_rule_groups(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->delete_rule_groups: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> delete_rule_groups_with_http_info(ids)
begin
# Deletes 1 or more rule groups
data, status_code, headers = api_instance.delete_rule_groups_with_http_info(ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <RulegroupsDeleteResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->delete_rule_groups_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| ids | Array<String> | One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2` |
oauth2
- Content-Type: Not defined
- Accept: application/json
delete_rules(rule_group_id, ids)
Deletes 1 or more rules from the specified rule group.
Rules that match a provided id will be deleted from the provided rule group id.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
rule_group_id = 'rule_group_id_example' # String | The id of the rule group from which the rules will be deleted.
ids = ['inner_example'] # Array<String> | One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2`
begin
# Deletes 1 or more rules from the specified rule group.
result = api_instance.delete_rules(rule_group_id, ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->delete_rules: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> delete_rules_with_http_info(rule_group_id, ids)
begin
# Deletes 1 or more rules from the specified rule group.
data, status_code, headers = api_instance.delete_rules_with_http_info(rule_group_id, ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaspecQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->delete_rules_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| rule_group_id | String | The id of the rule group from which the rules will be deleted. | |
| ids | Array<String> | One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2` |
oauth2
- Content-Type: Not defined
- Accept: application/json
delete_scheduled_exclusions(policy_id, ids)
Deletes 1 or more scheduled exclusions from the provided policy id.
Scheduled exclusions that match a provided id will be deleted from the provided policy id.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
policy_id = 'policy_id_example' # String | ID of the policy to delete the scheduled exclusions from.
ids = ['inner_example'] # Array<String> | One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`.
begin
# Deletes 1 or more scheduled exclusions from the provided policy id.
result = api_instance.delete_scheduled_exclusions(policy_id, ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->delete_scheduled_exclusions: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> delete_scheduled_exclusions_with_http_info(policy_id, ids)
begin
# Deletes 1 or more scheduled exclusions from the provided policy id.
data, status_code, headers = api_instance.delete_scheduled_exclusions_with_http_info(policy_id, ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaspecQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->delete_scheduled_exclusions_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| policy_id | String | ID of the policy to delete the scheduled exclusions from. | |
| ids | Array<String> | One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`. |
oauth2
- Content-Type: Not defined
- Accept: application/json
get_changes(ids)
Retrieve information on changes
Retrieve key attributes of Falcon FileVantage changes for the specified ids.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
ids = ['inner_example'] # Array<String> | One or more change ids in the form of `ids=ID1&ids=ID2`. The maximum number of ids that can be requested at once is `500`.
begin
# Retrieve information on changes
result = api_instance.get_changes(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->get_changes: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> get_changes_with_http_info(ids)
begin
# Retrieve information on changes
data, status_code, headers = api_instance.get_changes_with_http_info(ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <ChangesGetChangesResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->get_changes_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| ids | Array<String> | One or more change ids in the form of `ids=ID1&ids=ID2`. The maximum number of ids that can be requested at once is `500`. |
oauth2
- Content-Type: Not defined
- Accept: application/json
get_policies(ids)
Retrieves the configuration for 1 or more policies.
The configuration of each policy that match the provided id will be returned.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
ids = ['inner_example'] # Array<String> | One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2`
begin
# Retrieves the configuration for 1 or more policies.
result = api_instance.get_policies(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->get_policies: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> get_policies_with_http_info(ids)
begin
# Retrieves the configuration for 1 or more policies.
data, status_code, headers = api_instance.get_policies_with_http_info(ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <PoliciesResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->get_policies_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| ids | Array<String> | One or more (up to 500) policy ids in the form of `ids=ID1&ids=ID2` |
oauth2
- Content-Type: Not defined
- Accept: application/json
get_rule_groups(ids)
Retrieves the rule group details for 1 or more rule groups.
Full details of each rule group that matches a provided id will be returned in the response
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
ids = ['inner_example'] # Array<String> | One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`
begin
# Retrieves the rule group details for 1 or more rule groups.
result = api_instance.get_rule_groups(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->get_rule_groups: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> get_rule_groups_with_http_info(ids)
begin
# Retrieves the rule group details for 1 or more rule groups.
data, status_code, headers = api_instance.get_rule_groups_with_http_info(ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <RulegroupsResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->get_rule_groups_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| ids | Array<String> | One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2` |
oauth2
- Content-Type: Not defined
- Accept: application/json
get_rules(rule_group_id, ids)
Retrieves the configuration for 1 or more rules.
Rules within the provided rule group id that match a provided id will be returned within the response.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
rule_group_id = 'rule_group_id_example' # String | Rule group from which to retrieve the rule configuration.
ids = ['inner_example'] # Array<String> | One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2`.
begin
# Retrieves the configuration for 1 or more rules.
result = api_instance.get_rules(rule_group_id, ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->get_rules: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> get_rules_with_http_info(rule_group_id, ids)
begin
# Retrieves the configuration for 1 or more rules.
data, status_code, headers = api_instance.get_rules_with_http_info(rule_group_id, ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <RulegroupsRulesResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->get_rules_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| rule_group_id | String | Rule group from which to retrieve the rule configuration. | |
| ids | Array<String> | One or more (up to 500) rule ids in the form of `ids=ID1&ids=ID2`. |
oauth2
- Content-Type: Not defined
- Accept: application/json
get_scheduled_exclusions(policy_id, ids)
Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.
Full details of each each scheduled exclusion that match a provided id will be returned in the response.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
policy_id = 'policy_id_example' # String | The id of the policy to retrieve the scheduled exclusion configurations.
ids = ['inner_example'] # Array<String> | One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`.
begin
# Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.
result = api_instance.get_scheduled_exclusions(policy_id, ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->get_scheduled_exclusions: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> get_scheduled_exclusions_with_http_info(policy_id, ids)
begin
# Retrieves the configuration of 1 or more scheduled exclusions from the provided policy id.
data, status_code, headers = api_instance.get_scheduled_exclusions_with_http_info(policy_id, ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <ScheduledexclusionsResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->get_scheduled_exclusions_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| policy_id | String | The id of the policy to retrieve the scheduled exclusion configurations. | |
| ids | Array<String> | One or more (up to 500) scheduled exclusion ids in the form of `ids=ID1&ids=ID2`. |
oauth2
- Content-Type: Not defined
- Accept: application/json
high_volume_query_changes(opts)
Returns 1 or more change ids
Returns a list of Falcon FileVantage change IDs filtered, sorted and limited by the query parameters provided. It can retrieve an unlimited number of results using multiple requests.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
opts = {
after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request don't provide a value for the `after` token. On subsequent requests provide the `after` token value from the previous response to continue pagination from where you left. If the response returns an empty `after` token it means there are no more results to return.
limit: 56, # Integer | The maximum number of ids to return. Defaults to `100` if not specified. The maximum number of results that can be returned in a single call is `5000`.
sort: 'sort_example', # String | Sort results using options like: - `action_timestamp` (timestamp of the change occurrence) Sort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp|asc`. Defaults to `action_timestamp|desc` no value is specified. The full list of allowed sorting options can be reviewed in our API documentation.
filter: 'filter_example' # String | Filter changes using a query in Falcon Query Language (FQL). Common filter options include: - `host.name` - `action_timestamp` The full list of allowed filter parameters can be reviewed in our API documentation.
}
begin
# Returns 1 or more change ids
result = api_instance.high_volume_query_changes(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->high_volume_query_changes: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> high_volume_query_changes_with_http_info(opts)
begin
# Returns 1 or more change ids
data, status_code, headers = api_instance.high_volume_query_changes_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ChangesHighVolumeQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->high_volume_query_changes_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| after | String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request don't provide a value for the `after` token. On subsequent requests provide the `after` token value from the previous response to continue pagination from where you left. If the response returns an empty `after` token it means there are no more results to return. | [optional] |
| limit | Integer | The maximum number of ids to return. Defaults to `100` if not specified. The maximum number of results that can be returned in a single call is `5000`. | [optional][default to 100] |
| sort | String | Sort results using options like: - `action_timestamp` (timestamp of the change occurrence) Sort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp | asc`. Defaults to `action_timestamp |
| filter | String | Filter changes using a query in Falcon Query Language (FQL). Common filter options include: - `host.name` - `action_timestamp` The full list of allowed filter parameters can be reviewed in our API documentation. | [optional] |
ChangesHighVolumeQueryResponse
oauth2
- Content-Type: Not defined
- Accept: application/json
query_changes(opts)
Returns 1 or more change ids
Returns a list of Falcon FileVantage change IDs filtered, sorted and limited by the query parameters provided. Using this endpoint you can retrieve up to 10000 results by using pagination with multiple requests. If you need to retrieve more than 10000 results consider using the /queries/changes/v3 endpoint
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
opts = {
offset: 56, # Integer | The offset to start retrieving records from. Defaults to `0` if not specified.
limit: 56, # Integer | The maximum number of ids to return. Defaults to `100` if not specified. The maximum number of results that can be returned in a single call is `500`.
sort: 'sort_example', # String | Sort results using options like: - `action_timestamp` (timestamp of the change occurrence) Sort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp|asc`. The full list of allowed sorting options can be reviewed in our API documentation.
filter: 'filter_example' # String | Filter changes using a query in Falcon Query Language (FQL). Common filter options include: - `host.name` - `action_timestamp` The full list of allowed filter parameters can be reviewed in our API documentation.
}
begin
# Returns 1 or more change ids
result = api_instance.query_changes(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->query_changes: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_changes_with_http_info(opts)
begin
# Returns 1 or more change ids
data, status_code, headers = api_instance.query_changes_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaspecQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->query_changes_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| offset | Integer | The offset to start retrieving records from. Defaults to `0` if not specified. | [optional][default to 0] |
| limit | Integer | The maximum number of ids to return. Defaults to `100` if not specified. The maximum number of results that can be returned in a single call is `500`. | [optional][default to 100] |
| sort | String | Sort results using options like: - `action_timestamp` (timestamp of the change occurrence) Sort either `asc` (ascending) or `desc` (descending). For example: `action_timestamp | asc`. The full list of allowed sorting options can be reviewed in our API documentation. |
| filter | String | Filter changes using a query in Falcon Query Language (FQL). Common filter options include: - `host.name` - `action_timestamp` The full list of allowed filter parameters can be reviewed in our API documentation. | [optional] |
oauth2
- Content-Type: Not defined
- Accept: application/json
query_policies(type, opts)
Retrieve the ids of all policies that are assigned the provided policy type.
Policy ids will be returned sorted by a precedence order of ascending when a sort parameter is not provided.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
type = 'type_example' # String | The types of policies to retrieve. Allowed values are: `Windows`, `Linux` or `Mac`.
opts = {
offset: 56, # Integer | The offset to start retrieving records from. Defaults to 0 if not specified.
limit: 56, # Integer | The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.
sort: 'sort_example' # String | Sort the returned ids based on one of the following properties: `precedence`, `created_timestamp` or `modified_timestamp` Sort either `asc` (ascending) or `desc` (descending); for example: `precedence|asc`.
}
begin
# Retrieve the ids of all policies that are assigned the provided policy type.
result = api_instance.query_policies(type, opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->query_policies: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_policies_with_http_info(type, opts)
begin
# Retrieve the ids of all policies that are assigned the provided policy type.
data, status_code, headers = api_instance.query_policies_with_http_info(type, opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaspecQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->query_policies_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| type | String | The types of policies to retrieve. Allowed values are: `Windows`, `Linux` or `Mac`. | |
| offset | Integer | The offset to start retrieving records from. Defaults to 0 if not specified. | [optional] |
| limit | Integer | The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500. | [optional] |
| sort | String | Sort the returned ids based on one of the following properties: `precedence`, `created_timestamp` or `modified_timestamp` Sort either `asc` (ascending) or `desc` (descending); for example: `precedence | asc`. |
oauth2
- Content-Type: Not defined
- Accept: application/json
query_rule_groups(type, opts)
Retrieve the ids of all rule groups that are of the provided rule group type.
Rule group ids will be returned sorted by created_timestamp order if a sort parameter is not provided
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
type = 'type_example' # String | The rule group type to retrieve the ids of. Allowed values are: `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`.
opts = {
offset: 56, # Integer | The offset to start retrieving records from. Defaults to 0 if not specified.
limit: 56, # Integer | The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500.
sort: 'sort_example' # String | Sort the returned ids based on one of the following properties: `created_timestamp` or `modified_timestamp` Sort either `asc` (ascending) or `desc` (descending); for example: `created_timestamp|asc`.
}
begin
# Retrieve the ids of all rule groups that are of the provided rule group type.
result = api_instance.query_rule_groups(type, opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->query_rule_groups: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_rule_groups_with_http_info(type, opts)
begin
# Retrieve the ids of all rule groups that are of the provided rule group type.
data, status_code, headers = api_instance.query_rule_groups_with_http_info(type, opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaspecQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->query_rule_groups_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| type | String | The rule group type to retrieve the ids of. Allowed values are: `WindowsFiles`, `WindowsRegistry`, `LinuxFiles` or `MacFiles`. | |
| offset | Integer | The offset to start retrieving records from. Defaults to 0 if not specified. | [optional] |
| limit | Integer | The maximum number of ids to return. Defaults to 100 if not specified. The maximum number of results that can be returned in a single call is 500. | [optional] |
| sort | String | Sort the returned ids based on one of the following properties: `created_timestamp` or `modified_timestamp` Sort either `asc` (ascending) or `desc` (descending); for example: `created_timestamp | asc`. |
oauth2
- Content-Type: Not defined
- Accept: application/json
query_scheduled_exclusions(policy_id)
Retrieve the ids of all scheduled exclusions contained within the provided policy id.
Retrieve the ids of all scheduled exclusions contained within the provided policy id
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
policy_id = 'policy_id_example' # String | The id of the policy from which to retrieve the scheduled exclusion ids.
begin
# Retrieve the ids of all scheduled exclusions contained within the provided policy id.
result = api_instance.query_scheduled_exclusions(policy_id)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->query_scheduled_exclusions: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_scheduled_exclusions_with_http_info(policy_id)
begin
# Retrieve the ids of all scheduled exclusions contained within the provided policy id.
data, status_code, headers = api_instance.query_scheduled_exclusions_with_http_info(policy_id)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaspecQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->query_scheduled_exclusions_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| policy_id | String | The id of the policy from which to retrieve the scheduled exclusion ids. |
oauth2
- Content-Type: Not defined
- Accept: application/json
update_policies(body)
Updates the general information of the provided policy.
Only name, description, and enabled status of the policy is allowed to be update. Rule and host group assignment is performed via their respective patch end points.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
body = Falcon::PoliciesUpdateRequest.new({id: 'id_example'}) # PoliciesUpdateRequest | Enables updates to the following fields for an existing policy. * `id` of the policy to update. * `name` must be between 1 and 100 characters. * `description` can be between 0 and 500 characters. * `platform` may not be modified after the policy is created. * `enabled` must be one of `true` or `false`. Rule and host group assignment and policy precedence setting is performed via their respective patch end-points.
begin
# Updates the general information of the provided policy.
result = api_instance.update_policies(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_policies: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> update_policies_with_http_info(body)
begin
# Updates the general information of the provided policy.
data, status_code, headers = api_instance.update_policies_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <PoliciesResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_policies_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| body | PoliciesUpdateRequest | Enables updates to the following fields for an existing policy. * `id` of the policy to update. * `name` must be between 1 and 100 characters. * `description` can be between 0 and 500 characters. * `platform` may not be modified after the policy is created. * `enabled` must be one of `true` or `false`. Rule and host group assignment and policy precedence setting is performed via their respective patch end-points. |
oauth2
- Content-Type: application/json
- Accept: application/json
update_policy_host_groups(policy_id, action, ids)
Manage host groups assigned to a policy.
Manage host groups assigned to a policy.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
policy_id = 'policy_id_example' # String | The id of the policy for which to perform the action.
action = 'action_example' # String | The action to perform with the provided ids, must be one of: `assign` or `unassign`.
ids = ['inner_example'] # Array<String> | One or more host group ids in the form of `ids=ID1&ids=ID2`
begin
# Manage host groups assigned to a policy.
result = api_instance.update_policy_host_groups(policy_id, action, ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_policy_host_groups: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> update_policy_host_groups_with_http_info(policy_id, action, ids)
begin
# Manage host groups assigned to a policy.
data, status_code, headers = api_instance.update_policy_host_groups_with_http_info(policy_id, action, ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <PoliciesResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_policy_host_groups_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| policy_id | String | The id of the policy for which to perform the action. | |
| action | String | The action to perform with the provided ids, must be one of: `assign` or `unassign`. | |
| ids | Array<String> | One or more host group ids in the form of `ids=ID1&ids=ID2` |
oauth2
- Content-Type: Not defined
- Accept: application/json
update_policy_precedence(ids, type)
Updates the policy precedence for all policies of a specific type.
Requests that do not represent all ids of the provided policy type will not be processed.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
ids = ['inner_example'] # Array<String> | Precedence of the policies for the provided type in the form of `ids=ID1&ids=ID2`
type = 'type_example' # String | The policy type for which to set the precedence order, must be one of `Windows`, `Linux` or `Mac`.
begin
# Updates the policy precedence for all policies of a specific type.
result = api_instance.update_policy_precedence(ids, type)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_policy_precedence: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> update_policy_precedence_with_http_info(ids, type)
begin
# Updates the policy precedence for all policies of a specific type.
data, status_code, headers = api_instance.update_policy_precedence_with_http_info(ids, type)
p status_code # => 2xx
p headers # => { ... }
p data # => <PoliciesPrecedenceResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_policy_precedence_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| ids | Array<String> | Precedence of the policies for the provided type in the form of `ids=ID1&ids=ID2` | |
| type | String | The policy type for which to set the precedence order, must be one of `Windows`, `Linux` or `Mac`. |
oauth2
- Content-Type: Not defined
- Accept: application/json
update_policy_rule_groups(policy_id, action, ids)
Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.
Manage the rule groups assigned to the policy. Rule groups must be of the same type as the policy they are being added: * WindowsRegistry and WindowsFiles groups can only be added to a Windows policy. * LinuxFiles groups can only be added to a Linux policy. * MacFiles groups can only be added to a Mac policy. When setting rule group precedence, the precedence for all rule group ids within the policy must be provided.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
policy_id = 'policy_id_example' # String | The id of the policy for which to perform the action.
action = 'action_example' # String | The action to perform with the provided ids, must be one of: `assign`, `unassign`, or `precedence`.
ids = ['inner_example'] # Array<String> | One or more rule group ids in the form of ids=ID1&ids=ID2. Note, for the precedence action, precedence is controlled by the order of the ids as they are specified in the request.
begin
# Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.
result = api_instance.update_policy_rule_groups(policy_id, action, ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_policy_rule_groups: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> update_policy_rule_groups_with_http_info(policy_id, action, ids)
begin
# Manage the rule groups assigned to the policy or set the rule group precedence for all rule groups within the policy.
data, status_code, headers = api_instance.update_policy_rule_groups_with_http_info(policy_id, action, ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <PoliciesResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_policy_rule_groups_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| policy_id | String | The id of the policy for which to perform the action. | |
| action | String | The action to perform with the provided ids, must be one of: `assign`, `unassign`, or `precedence`. | |
| ids | Array<String> | One or more rule group ids in the form of ids=ID1&ids=ID2. Note, for the precedence action, precedence is controlled by the order of the ids as they are specified in the request. |
oauth2
- Content-Type: Not defined
- Accept: application/json
update_rule_group_precedence(rule_group_id, ids)
Updates the rule precedence for all rules in the identified rule group.
The ids for all rules contained within the rule group must be specified in the desired precedence order. Requests that do not represent all ids will not be processed.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
rule_group_id = 'rule_group_id_example' # String | Rule group from which to set the precedence.
ids = ['inner_example'] # Array<String> | One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`.
begin
# Updates the rule precedence for all rules in the identified rule group.
result = api_instance.update_rule_group_precedence(rule_group_id, ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_rule_group_precedence: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> update_rule_group_precedence_with_http_info(rule_group_id, ids)
begin
# Updates the rule precedence for all rules in the identified rule group.
data, status_code, headers = api_instance.update_rule_group_precedence_with_http_info(rule_group_id, ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <RulegroupsResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_rule_group_precedence_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| rule_group_id | String | Rule group from which to set the precedence. | |
| ids | Array<String> | One or more (up to 500) rule group ids in the form of `ids=ID1&ids=ID2`. |
oauth2
- Content-Type: Not defined
- Accept: application/json
update_rule_groups(body)
Updates the provided rule group.
Provides the ability to update the name and description of the rule group.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
body = Falcon::RulegroupsUpdateRequest.new({id: 'id_example', name: 'name_example'}) # RulegroupsUpdateRequest | Enables updates to the following fields for an existing rule group. * `id` of the rule group to update. * `name` must be between 1 and 100 characters. * `description` can be between 0 and 500 characters. * `type` may not be modified after the rule group is created. Note: rules are added/removed from rule groups using their dedicated end-points.
begin
# Updates the provided rule group.
result = api_instance.update_rule_groups(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_rule_groups: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> update_rule_groups_with_http_info(body)
begin
# Updates the provided rule group.
data, status_code, headers = api_instance.update_rule_groups_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <RulegroupsResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_rule_groups_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| body | RulegroupsUpdateRequest | Enables updates to the following fields for an existing rule group. * `id` of the rule group to update. * `name` must be between 1 and 100 characters. * `description` can be between 0 and 500 characters. * `type` may not be modified after the rule group is created. Note: rules are added/removed from rule groups using their dedicated end-points. |
oauth2
- Content-Type: application/json
- Accept: application/json
update_rules(body)
Updates the provided rule configuration within the specified rule group.
The rule must currently exist within the specified rule group.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
body = Falcon::RulegroupsRule.new({depth: 'depth_example', id: 'id_example', include: 'include_example', path: 'path_example', rule_group_id: 'rule_group_id_example', severity: 'severity_example', type: 'type_example'}) # RulegroupsRule | Update the rule configuration for the specified rule ID and group. * `id` of the rule to update. * `rule_group_id` that contains the rule configuration. * `description` can be between 0 and 500 characters. * `path` representing the file system or registry path to monitor. * must be between 1 and 250 characters. * All paths must end with the path separator, e.g. c:\\windows\\ /usr/bin/ * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical` * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY` * `precedence` is the order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result this rule being placed before that existing rule. Falcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to. * `include` represents the files, directories, registry keys, or registry values that will be monitored. * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored. * `include_users` represents the changes performed by specific users that will be monitored. * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored. * `include_processes` represents the changes performed by specific processes that will be monitored. * `exclude_processes` represents the changes performed by specific processes that will be `NOT` monitored. * `content_files` represents the files that will be monitored. Listed files must match the file include pattern and not match the file exclude pattern * `content_registry_values` represents the registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern * `enable_content_capture` File system directory monitoring: * `watch_delete_directory_changes` * `watch_create_directory_changes` * `watch_rename_directory_changes` * `watch_attributes_directory_changes` (`macOS` is not supported at this time) * `watch_permissions_directory_changes` (`macOS` is not supported at this time) File system file monitoring: * `watch_rename_file_changes` * `watch_write_file_changes` * `watch_create_file_changes` * `watch_delete_file_changes` * `watch_attributes_file_changes` (`macOS` is not supported at this time) * `watch_permissions_file_changes` (`macOS` is not supported at this time) Windows registry key and value monitoring: * `watch_create_key_changes` * `watch_delete_key_changes` * `watch_rename_key_changes` * `watch_set_value_changes` * `watch_delete_value_changes` * `watch_create_file_changes`
begin
# Updates the provided rule configuration within the specified rule group.
result = api_instance.update_rules(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_rules: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> update_rules_with_http_info(body)
begin
# Updates the provided rule configuration within the specified rule group.
data, status_code, headers = api_instance.update_rules_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <RulegroupsRulesResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_rules_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| body | RulegroupsRule | Update the rule configuration for the specified rule ID and group. * `id` of the rule to update. * `rule_group_id` that contains the rule configuration. * `description` can be between 0 and 500 characters. * `path` representing the file system or registry path to monitor. * must be between 1 and 250 characters. * All paths must end with the path separator, e.g. c:\windows\ /usr/bin/ * `severity` to categorize change events produced by this rule; must be one of: `Low`, `Medium`, `High` or `Critical` * `depth` below the base path to monitor; must be one of: `1`, `2`, `3`, `4`, `5` or `ANY` * `precedence` is the order in which rules will be evaluated starting with 1. Specifying a precedence value that is already set for another rule in the group will result this rule being placed before that existing rule. Falcon GLOB syntax is supported for the following 6 properties. Allowed rule group configuration is based on the type of rule group the rule group is added to. * `include` represents the files, directories, registry keys, or registry values that will be monitored. * `exclude` represents the files, directories, registry keys, or registry values that will `NOT` be monitored. * `include_users` represents the changes performed by specific users that will be monitored. * `exclude_users` represents the changes performed by specific users that will `NOT` be monitored. * `include_processes` represents the changes performed by specific processes that will be monitored. * `exclude_processes` represents the changes performed by specific processes that will be `NOT` monitored. * `content_files` represents the files that will be monitored. Listed files must match the file include pattern and not match the file exclude pattern * `content_registry_values` represents the registry values whose content will be monitored. Listed registry values must match the registry include pattern and not match the registry exclude pattern * `enable_content_capture` File system directory monitoring: * `watch_delete_directory_changes` * `watch_create_directory_changes` * `watch_rename_directory_changes` * `watch_attributes_directory_changes` (`macOS` is not supported at this time) * `watch_permissions_directory_changes` (`macOS` is not supported at this time) File system file monitoring: * `watch_rename_file_changes` * `watch_write_file_changes` * `watch_create_file_changes` * `watch_delete_file_changes` * `watch_attributes_file_changes` (`macOS` is not supported at this time) * `watch_permissions_file_changes` (`macOS` is not supported at this time) Windows registry key and value monitoring: * `watch_create_key_changes` * `watch_delete_key_changes` * `watch_rename_key_changes` * `watch_set_value_changes` * `watch_delete_value_changes` * `watch_create_file_changes` |
oauth2
- Content-Type: application/json
- Accept: application/json
update_scheduled_exclusions(body)
Updates the provided scheduled exclusion configuration within the provided policy.
Updates the provided scheduled exclusion configuration within the provided policy.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FilevantageApi.new
body = Falcon::ScheduledexclusionsUpdateRequest.new({id: 'id_example', name: 'name_example', timezone: 'timezone_example'}) # ScheduledexclusionsUpdateRequest | Update an existing scheduled exclusion for the specified policy. * `policy_id` to add the scheduled exclusion to. * `name` must be between 1 and 100 characters. * `description` can be between 0 and 500 characters. * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes. * admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported. * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes. * **\\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location. * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339. * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339. * `timezone` must be provided to indicate the TimeZone Name set for the provided `scheduled_start` and `scheduled_end` values. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. * `repeated` optionally provided to indicate that the exclusion is applied repeatedly within the `scheduled_start` and `scheduled_end` time. * `start_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true` * `end_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true` * `all_day` must be `true` or `false` to indicate the exclusion is applied all day. * `frequency` must be one of `daily`, `weekly` or `monthly`. * `occurrence` must be one of the following when `frequency` is set to `monthly`: * `1st`, `2nd`, `3rd`, `4th` or `Last` represents the week. * `Days` represents specific calendar days. * `weekly_days` must be one or more of `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` or `Sunday` when `frequency` is set to `weekly` or `frequency` is set to `monthly` and `occurrence` is NOT set to `Days`. * `monthly_days` must be set to one or more calendar days, between 1 and 31 when `frequency` is set to `monthly` and `occurrence` is set to `Days`.
begin
# Updates the provided scheduled exclusion configuration within the provided policy.
result = api_instance.update_scheduled_exclusions(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_scheduled_exclusions: #{e}"
endThis returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> update_scheduled_exclusions_with_http_info(body)
begin
# Updates the provided scheduled exclusion configuration within the provided policy.
data, status_code, headers = api_instance.update_scheduled_exclusions_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <ScheduledexclusionsResponse>
rescue Falcon::ApiError => e
puts "Error when calling FilevantageApi->update_scheduled_exclusions_with_http_info: #{e}"
end| Name | Type | Description | Notes |
|---|---|---|---|
| body | ScheduledexclusionsUpdateRequest | Update an existing scheduled exclusion for the specified policy. * `policy_id` to add the scheduled exclusion to. * `name` must be between 1 and 100 characters. * `description` can be between 0 and 500 characters. * `users` can be between 0 and 500 characters representing a comma separated list of user to exclude their changes. * admin* excludes changes made by all usernames that begin with admin. Falon GLOB syntax is supported. * `processes` can be between 0 and 500 characters representing a comma separated list of processes to exclude their changes. * **\RunMe.exe or **/RunMe.sh excludes changes made by RunMe.exe or RunMe.sh in any location. * `schedule_start` must be provided to indicate the start of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339. * `schedule_end` optionally provided to indicate the end of the schedule. This date/time must be an rfc3339 formatted string https://datatracker.ietf.org/doc/html/rfc3339. * `timezone` must be provided to indicate the TimeZone Name set for the provided `scheduled_start` and `scheduled_end` values. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. * `repeated` optionally provided to indicate that the exclusion is applied repeatedly within the `scheduled_start` and `scheduled_end` time. * `start_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true` * `end_time` must be the hour(00-23) and minute(00-59) of the day formatted as `HH:MM`. Required if `all_day` is not set to `true` * `all_day` must be `true` or `false` to indicate the exclusion is applied all day. * `frequency` must be one of `daily`, `weekly` or `monthly`. * `occurrence` must be one of the following when `frequency` is set to `monthly`: * `1st`, `2nd`, `3rd`, `4th` or `Last` represents the week. * `Days` represents specific calendar days. * `weekly_days` must be one or more of `Monday`, `Tuesday`, `Wednesday`, `Thursday`, `Friday`, `Saturday` or `Sunday` when `frequency` is set to `weekly` or `frequency` is set to `monthly` and `occurrence` is NOT set to `Days`. * `monthly_days` must be set to one or more calendar days, between 1 and 31 when `frequency` is set to `monthly` and `occurrence` is set to `Days`. |
oauth2
- Content-Type: application/json
- Accept: application/json