All URIs are relative to https://api.crowdstrike.com
Method | HTTP request | Description |
---|---|---|
entities_perform_action | POST /devices/entities/group-actions/v1 | Performs the specified action on the provided group IDs. |
get_device_details_v2 | GET /devices/entities/devices/v2 | Get details on one or more hosts by providing host IDs as a query parameter. Supports up to a maximum 100 IDs. |
get_online_state_v1 | GET /devices/entities/online-state/v1 | Get the online status for one or more hosts by specifying each host’s unique ID. Successful requests return an HTTP 200 response and the status for each host identified by a `state` of `online`, `offline`, or `unknown` for each host, identified by host `id`. Make a `GET` request to `/devices/queries/devices/v1` to get a list of host IDs. |
perform_action_v2 | POST /devices/entities/devices-actions/v2 | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
post_device_details_v2 | POST /devices/entities/devices/v2 | Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs. |
query_device_login_history | POST /devices/combined/devices/login-history/v1 | Retrieve details about recent login sessions for a set of devices. |
query_device_login_history_v2 | POST /devices/combined/devices/login-history/v2 | Retrieve details about recent interactive login sessions for a set of devices powered by the Host Timeline. A max of 10 device ids can be specified |
query_devices_by_filter | GET /devices/queries/devices/v1 | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
query_devices_by_filter_scroll | GET /devices/queries/devices-scroll/v1 | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit) |
query_get_network_address_history_v1 | POST /devices/combined/devices/network-address-history/v1 | Retrieve history of IP and MAC addresses of devices. |
query_hidden_devices | GET /devices/queries/devices-hidden/v1 | Retrieve hidden hosts that match the provided filter criteria. |
update_device_tags | PATCH /devices/entities/devices/tags/v1 | Append or remove one or more Falcon Grouping Tags on one or more hosts. Tags must be of the form FalconGroupingTags/ |
entities_perform_action(ids, action_name, body, opts)
Performs the specified action on the provided group IDs.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
ids = ['inner_example'] # Array<String> | The group ids to act on
action_name = 'add_group_member' # String | The action to perform.
body = Falcon::MsaEntityActionRequest.new # MsaEntityActionRequest |
opts = {
disable_hostname_check: true # Boolean | Bool to disable hostname check on add-member
}
begin
# Performs the specified action on the provided group IDs.
result = api_instance.entities_perform_action(ids, action_name, body, opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->entities_perform_action: #{e}"
end
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> entities_perform_action_with_http_info(ids, action_name, body, opts)
begin
# Performs the specified action on the provided group IDs.
data, status_code, headers = api_instance.entities_perform_action_with_http_info(ids, action_name, body, opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <DeviceapiGroupsResponseV1>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->entities_perform_action_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
ids | Array<String> | The group ids to act on | |
action_name | String | The action to perform. | |
body | MsaEntityActionRequest | ||
disable_hostname_check | Boolean | Bool to disable hostname check on add-member | [optional][default to false] |
oauth2
- Content-Type: application/json
- Accept: application/json
get_device_details_v2(ids)
Get details on one or more hosts by providing host IDs as a query parameter. Supports up to a maximum 100 IDs.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
ids = ['inner_example'] # Array<String> | The host agentIDs used to get details on
begin
# Get details on one or more hosts by providing host IDs as a query parameter. Supports up to a maximum 100 IDs.
result = api_instance.get_device_details_v2(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->get_device_details_v2: #{e}"
end
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> get_device_details_v2_with_http_info(ids)
begin
# Get details on one or more hosts by providing host IDs as a query parameter. Supports up to a maximum 100 IDs.
data, status_code, headers = api_instance.get_device_details_v2_with_http_info(ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <DeviceapiDeviceDetailsResponseSwagger>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->get_device_details_v2_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
ids | Array<String> | The host agentIDs used to get details on |
DeviceapiDeviceDetailsResponseSwagger
oauth2
- Content-Type: Not defined
- Accept: application/json
get_online_state_v1(ids)
Get the online status for one or more hosts by specifying each host’s unique ID. Successful requests return an HTTP 200 response and the status for each host identified by a state
of online
, offline
, or unknown
for each host, identified by host id
. Make a GET
request to /devices/queries/devices/v1
to get a list of host IDs.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
ids = ['inner_example'] # Array<String> | The unique ID of the host to get the online status of.
begin
# Get the online status for one or more hosts by specifying each host’s unique ID. Successful requests return an HTTP 200 response and the status for each host identified by a `state` of `online`, `offline`, or `unknown` for each host, identified by host `id`. Make a `GET` request to `/devices/queries/devices/v1` to get a list of host IDs.
result = api_instance.get_online_state_v1(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->get_online_state_v1: #{e}"
end
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> get_online_state_v1_with_http_info(ids)
begin
# Get the online status for one or more hosts by specifying each host’s unique ID. Successful requests return an HTTP 200 response and the status for each host identified by a `state` of `online`, `offline`, or `unknown` for each host, identified by host `id`. Make a `GET` request to `/devices/queries/devices/v1` to get a list of host IDs.
data, status_code, headers = api_instance.get_online_state_v1_with_http_info(ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <StateOnlineStateRespV1>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->get_online_state_v1_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
ids | Array<String> | The unique ID of the host to get the online status of. |
oauth2
- Content-Type: Not defined
- Accept: application/json
perform_action_v2(action_name, body)
Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
action_name = 'action_name_example' # String | Specify one of these actions: - `contain` - This action contains the host, which stops any network communications to locations other than the CrowdStrike cloud and IPs specified in your [containment policy](https://falcon.crowdstrike.com/support/documentation/11/getting-started-guide#containmentpolicy) - `lift_containment`: This action lifts containment on the host, which returns its network communications to normal - `hide_host`: This action will delete a host. After the host is deleted, no new detections for that host will be reported via UI or APIs - `unhide_host`: This action will restore a host. Detection reporting will resume after the host is restored
body = Falcon::MsaEntityActionRequestV2.new({ids: ['ids_example']}) # MsaEntityActionRequestV2 | The host agent ID (AID) of the host you want to contain. Get an agent ID from a detection, the Falcon console, or the Streaming API. Provide the ID in JSON format with the key `ids` and the value in square brackets, such as: `\"ids\": [\"123456789\"]`
begin
# Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host.
result = api_instance.perform_action_v2(action_name, body)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->perform_action_v2: #{e}"
end
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> perform_action_v2_with_http_info(action_name, body)
begin
# Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host.
data, status_code, headers = api_instance.perform_action_v2_with_http_info(action_name, body)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaReplyAffectedEntities>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->perform_action_v2_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
action_name | String | Specify one of these actions: - `contain` - This action contains the host, which stops any network communications to locations other than the CrowdStrike cloud and IPs specified in your containment policy - `lift_containment`: This action lifts containment on the host, which returns its network communications to normal - `hide_host`: This action will delete a host. After the host is deleted, no new detections for that host will be reported via UI or APIs - `unhide_host`: This action will restore a host. Detection reporting will resume after the host is restored | |
body | MsaEntityActionRequestV2 | The host agent ID (AID) of the host you want to contain. Get an agent ID from a detection, the Falcon console, or the Streaming API. Provide the ID in JSON format with the key `ids` and the value in square brackets, such as: `"ids": ["123456789"]` |
oauth2
- Content-Type: application/json
- Accept: application/json
post_device_details_v2(body)
Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
body = Falcon::MsaIdsRequest.new({ids: ['ids_example']}) # MsaIdsRequest |
begin
# Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs.
result = api_instance.post_device_details_v2(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->post_device_details_v2: #{e}"
end
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> post_device_details_v2_with_http_info(body)
begin
# Get details on one or more hosts by providing host IDs in a POST body. Supports up to a maximum 5000 IDs.
data, status_code, headers = api_instance.post_device_details_v2_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <DeviceapiDeviceDetailsResponseSwagger>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->post_device_details_v2_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
body | MsaIdsRequest |
DeviceapiDeviceDetailsResponseSwagger
oauth2
- Content-Type: application/json
- Accept: application/json
query_device_login_history(body)
Retrieve details about recent login sessions for a set of devices.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
body = Falcon::MsaIdsRequest.new({ids: ['ids_example']}) # MsaIdsRequest |
begin
# Retrieve details about recent login sessions for a set of devices.
result = api_instance.query_device_login_history(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_device_login_history: #{e}"
end
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_device_login_history_with_http_info(body)
begin
# Retrieve details about recent login sessions for a set of devices.
data, status_code, headers = api_instance.query_device_login_history_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <DeviceapiLoginHistoryResponseV1>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_device_login_history_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
body | MsaIdsRequest |
DeviceapiLoginHistoryResponseV1
oauth2
- Content-Type: application/json
- Accept: application/json
query_device_login_history_v2(body)
Retrieve details about recent interactive login sessions for a set of devices powered by the Host Timeline. A max of 10 device ids can be specified
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
body = Falcon::MsaIdsRequest.new({ids: ['ids_example']}) # MsaIdsRequest |
begin
# Retrieve details about recent interactive login sessions for a set of devices powered by the Host Timeline. A max of 10 device ids can be specified
result = api_instance.query_device_login_history_v2(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_device_login_history_v2: #{e}"
end
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_device_login_history_v2_with_http_info(body)
begin
# Retrieve details about recent interactive login sessions for a set of devices powered by the Host Timeline. A max of 10 device ids can be specified
data, status_code, headers = api_instance.query_device_login_history_v2_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <DeviceapiLoginHistoryResponseV1>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_device_login_history_v2_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
body | MsaIdsRequest |
DeviceapiLoginHistoryResponseV1
oauth2
- Content-Type: application/json
- Accept: application/json
query_devices_by_filter(opts)
Search for hosts in your environment by platform, hostname, IP, and other criteria.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
opts = {
offset: 56, # Integer | The offset to start retrieving records from
limit: 56, # Integer | The maximum records to return. [1-5000]
sort: 'sort_example', # String | The property to sort by (e.g. status.desc or hostname.asc)
filter: 'filter_example' # String | The filter expression that should be used to limit the results
}
begin
# Search for hosts in your environment by platform, hostname, IP, and other criteria.
result = api_instance.query_devices_by_filter(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_devices_by_filter: #{e}"
end
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_devices_by_filter_with_http_info(opts)
begin
# Search for hosts in your environment by platform, hostname, IP, and other criteria.
data, status_code, headers = api_instance.query_devices_by_filter_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_devices_by_filter_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
offset | Integer | The offset to start retrieving records from | [optional] |
limit | Integer | The maximum records to return. [1-5000] | [optional] |
sort | String | The property to sort by (e.g. status.desc or hostname.asc) | [optional] |
filter | String | The filter expression that should be used to limit the results | [optional] |
oauth2
- Content-Type: Not defined
- Accept: application/json
query_devices_by_filter_scroll(opts)
Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit)
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
opts = {
offset: 'offset_example', # String | The offset to page from, for the next result set
limit: 56, # Integer | The maximum records to return. [1-5000]
sort: 'sort_example', # String | The property to sort by (e.g. status.desc or hostname.asc)
filter: 'filter_example' # String | The filter expression that should be used to limit the results
}
begin
# Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit)
result = api_instance.query_devices_by_filter_scroll(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_devices_by_filter_scroll: #{e}"
end
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_devices_by_filter_scroll_with_http_info(opts)
begin
# Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit)
data, status_code, headers = api_instance.query_devices_by_filter_scroll_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <DeviceapiDeviceResponse>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_devices_by_filter_scroll_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
offset | String | The offset to page from, for the next result set | [optional] |
limit | Integer | The maximum records to return. [1-5000] | [optional] |
sort | String | The property to sort by (e.g. status.desc or hostname.asc) | [optional] |
filter | String | The filter expression that should be used to limit the results | [optional] |
oauth2
- Content-Type: Not defined
- Accept: application/json
query_get_network_address_history_v1(body)
Retrieve history of IP and MAC addresses of devices.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
body = Falcon::MsaIdsRequest.new({ids: ['ids_example']}) # MsaIdsRequest |
begin
# Retrieve history of IP and MAC addresses of devices.
result = api_instance.query_get_network_address_history_v1(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_get_network_address_history_v1: #{e}"
end
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_get_network_address_history_v1_with_http_info(body)
begin
# Retrieve history of IP and MAC addresses of devices.
data, status_code, headers = api_instance.query_get_network_address_history_v1_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <DeviceapiNetworkAddressHistoryResponseV1>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_get_network_address_history_v1_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
body | MsaIdsRequest |
DeviceapiNetworkAddressHistoryResponseV1
oauth2
- Content-Type: application/json
- Accept: application/json
query_hidden_devices
query_hidden_devices(opts)
Retrieve hidden hosts that match the provided filter criteria.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
opts = {
offset: 56, # Integer | The offset to start retrieving records from
limit: 56, # Integer | The maximum records to return. [1-5000]
sort: 'sort_example', # String | The property to sort by (e.g. status.desc or hostname.asc)
filter: 'filter_example' # String | The filter expression that should be used to limit the results
}
begin
# Retrieve hidden hosts that match the provided filter criteria.
result = api_instance.query_hidden_devices(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_hidden_devices: #{e}"
end
Using the query_hidden_devices_with_http_info variant
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> query_hidden_devices_with_http_info(opts)
begin
# Retrieve hidden hosts that match the provided filter criteria.
data, status_code, headers = api_instance.query_hidden_devices_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaQueryResponse>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->query_hidden_devices_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
offset | Integer | The offset to start retrieving records from | [optional] |
limit | Integer | The maximum records to return. [1-5000] | [optional] |
sort | String | The property to sort by (e.g. status.desc or hostname.asc) | [optional] |
filter | String | The filter expression that should be used to limit the results | [optional] |
oauth2
- Content-Type: Not defined
- Accept: application/json
update_device_tags(body)
Append or remove one or more Falcon Grouping Tags on one or more hosts. Tags must be of the form FalconGroupingTags/
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::HostsApi.new
body = Falcon::DeviceapiUpdateDeviceTagsRequestV1.new({action: 'action_example', device_ids: ['device_ids_example'], tags: ['tags_example']}) # DeviceapiUpdateDeviceTagsRequestV1 |
begin
# Append or remove one or more Falcon Grouping Tags on one or more hosts. Tags must be of the form FalconGroupingTags/
result = api_instance.update_device_tags(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->update_device_tags: #{e}"
end
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> update_device_tags_with_http_info(body)
begin
# Append or remove one or more Falcon Grouping Tags on one or more hosts. Tags must be of the form FalconGroupingTags/
data, status_code, headers = api_instance.update_device_tags_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <DeviceapiUpdateDeviceTagsSwaggerV1>
rescue Falcon::ApiError => e
puts "Error when calling HostsApi->update_device_tags_with_http_info: #{e}"
end
Name | Type | Description | Notes |
---|---|---|---|
body | DeviceapiUpdateDeviceTagsRequestV1 |
DeviceapiUpdateDeviceTagsSwaggerV1
oauth2
- Content-Type: application/json
- Accept: application/json