Skip to content

User Management

Joshua Hiller edited this page Dec 19, 2024 · 27 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Using the User Management service collection

Uber class support Service class support Documentation Version Page Updated Samples Available

This service collection has code examples posted to the repository.

Table of Contents

Operation ID Description
GetRoles
PEP 8 get_roles
Get info about a role.
combinedUserRolesV1
PEP 8 get_user_grants
This operation lists both direct as well as flight control grants between a User and a Customer.
entitiesRolesV1
PEP 8 get_roles_mssp
Get info about a role, supports Flight Control.
userActionV1
PEP 8 user_action
Apply actions to one or more users.
userRolesActionV1
PEP 8 user_roles_action
Grant or Revoke one or more role(s) to a user against a CID.
GrantUserRoleIds
PEP 8 grant_user_role_ids
Assign one or more roles to a user.
RevokeUserRoleIds
PEP 8 revoke_user_role_ids
Revoke one or more roles from a user
GetAvailableRoleIds
PEP 8 get_available_role_ids
Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to GetRoles.
queriesRolesV1
PEP 8 query_roles
Show role IDs for all roles available in your customer account. Supports Flight Control.
queryUserV1
PEP 8 query_users
List user IDs for all users in your customer account.
GetUserRoleIds
PEP 8 get_user_role_ids
Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to GetRoles.
RetrieveUser
PEP 8 retrieve_user
Get info about a user.
retrieveUsersGETV1
PEP 8 retrieve_users
Get info about users including their name, UID and CID by providing user UUIDs.
CreateUser
PEP 8 create_user
Create a new user. After creating a user, assign one or more roles with GrantUserRoleIds.
createUserV1
PEP 8 create_user_mssp
Create a new user. After creating a user, assign one or more roles with userRolesActionV1. Supports Flight Control.
DeleteUser
PEP 8 delete_user
Delete a user permanently.
deleteUserV1
PEP 8 delete_user_mssp
Delete a user permanently. Supports Flight Control.
UpdateUser
PEP 8 update_user
Modify an existing user's first or last name
updateUserV1
PEP 8 update_user_mssp
Modify an existing user's first or last name. Supports Flight Control.
RetrieveEmailsByCID
PEP 8 retrieve_emails_by_cid
List the usernames (usually an email address) for all users in your customer account
RetrieveUserUUIDsByCID
PEP 8 retrieve_user_uuids_by_cid
List user IDs for all users in your customer account. For more information on each user, provide the user ID to RetrieveUser.
RetrieveUserUUID
PEP 8 retrieve_user_uuid
Get a user's ID by providing a username (usually an email address)

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetRoles

Get info about a role

PEP8 method name

get_roles

Endpoint

Method Route
GET /user-roles/entities/user-roles/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings ID of a role. Find a role ID from GetAvailableRoleIds or GetUserRoleIds.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_roles(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetRoles(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetRoles", ids=id_list)
print(response)

combinedUserRolesV1

Get User Grant(s). This operation lists both direct as well as flight control grants between a User and a Customer.

PEP8 method name

get_user_grants

Endpoint

Method Route
GET /user-management/combined/user-roles/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cid
Service Class Support

Uber Class Support
query string Customer ID to get grants for. An empty CID value returns Role IDs for the user against the current CID in view.
direct_only
Service Class Support

Uber Class Support
query boolean Specifies if to request direct only role grants or all role grants between user and CID (specified using cid keyword).
filter
Service Class Support

Uber Class Support
query string The filter expression that should be used to limit the results. FQL syntax.
Available values: role_id, role_name
limit
Service Class Support

Uber Class Support
query integer The maximum number of records to return.
Default: 100
Maximum: 500
offset
Service Class Support

Uber Class Support
query integer The integer offset to start retrieving records from.
Default: 0
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.
sort
Service Class Support

Uber Class Support
query string The property to sort by. FQL syntax.
Available sort values: cid, role_name, type
user_uuid
Service Class Support

Uber Class Support
query string User UUID to retrieve available roles for. Must be provides as a keyword, argument or part of the parameters payload.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.get_user_grants(cid="string",
                                  direct_only=boolean,
                                  filter="string",
                                  limit=integer,
                                  offset=integer,
                                  sort="string",
                                  user_uuid="string"
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.combinedUserRolesV1(cid="string",
                                      direct_only=boolean,
                                      filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string",
                                      user_uuid="string"
                                      )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("combinedUserRolesV1",
                          cid="string",
                          direct_only=boolean,
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string",
                          user_uuid="string"
                          )
print(response)

queriesRolesV1

Show role IDs for all roles available in your customer account. Supports Flight Control.

PEP8 method name

query_roles

Endpoint

Method Route
GET /user-management/queries/roles/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
action
Service Class Support

Uber Class Support
query string Actionable purpose of the query. Default value: grant
cid
Service Class Support

Uber Class Support
query string Customer ID to get available role IDs for. An empty CID value returns Role IDs for the current CID in view.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.
user_uuid
Service Class Support

Uber Class Support
query string User UUID to retrieve available roles for. An empty user_uuid will return all role IDs available for the customer.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.query_roles(action="string",
                              cid="string",
                              user_uuid="string"
                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.queriesRolesV1(action="string",
                                 cid="string",
                                 user_uuid="string"
                                 )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queriesRolesV1",
                          action="string",
                          cid="string",
                          user_uuid="string"
                          )
print(response)

queryUserV1

List user IDs for all users in your customer account.

PEP8 method name

query_users

Endpoint

Method Route
GET /user-management/queries/users/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string The filter expression that should be used to limit the results. FQL syntax.
Available values: assigned_cids, cid, first_name, last_name, name, uid.
limit
Service Class Support

Uber Class Support
query integer The maximum number of records to return.
Default: 0
Maximum: 500
offset
Service Class Support

Uber Class Support
query integer The integer offset to start retrieving records from.
Default: 0
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.
sort
Service Class Support

Uber Class Support
query string The property to sort by. FQL syntax.
Available sort values: `first_name

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.query_users(filter="string",
                              limit=integer,
                              offset=integer,
                              sort="string",
                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.queryUserV1(filter="string",
                              limit=integer,
                              offset=integer,
                              sort="string",
                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("queryUserV1",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string",
                          )
print(response)

entitiesRolesV1

Get information about a role, supports Flight Control.

PEP8 method name

get_roles_mssp

Endpoint

Method Route
GET /user-management/entities/roles/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cid
Service Class Support

Uber Class Support
query string Customer ID to get available roles for. Providing no value for cid returns results for the current CID in view.
ids
Service Class Support

Uber Class Support
query string or list of strings List of role IDs to retrieve. Comma-delimited strings accepted. Must be provided as a keyword, argument or part of the parameters payload. Find a role ID from GetAvailableRoleIds or GetUserRoleIds.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_user_grants(cid="string", ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.combinedUserRolesV1(cid="string", ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("combinedUserRolesV1", cid="string", ids=id_list)

print(response)

userActionV1

Apply actions to one or more users.

PEP8 method name

user_action

Endpoint

Method Route
POST /user-management/entities/user-actions/v1

Required Scope

user-management:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
action_name
Service Class Support

Uber Class Support
body (action parameter) string Action to perform.
Allowed values: reset_2fa, reset_password. Must be provided as a keyword or as part of the body payload.
action_value
Service Class Support

Uber Class Support
body (action parameter) string Value to provide for action.
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format, not required when using other keywords.
ids
Service Class Support

Uber Class Support
body string or list of strings User IDs to apply actions to. Supports comma-delimited strings. Must be provided as a keyword or as part of the body payload.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.user_action(action_name="string",
                              action_value="string",
                              ids=id_list
                              )

print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.userActionV1(action_name="string",
                               action_value="string",
                               ids=id_list
                               )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = ['ID1', 'ID2', 'ID3']

BODY = {
    "action": {
        "action_name": "string",
        "action_value": "string"
    },
    "ids": id_list
}

response = falcon.command("userActionV1", body=BODY)

print(response)

userRolesActionV1

Grant or Revoke one or more role(s) to a user against a CID.

PEP8 method name

user_roles_action

Endpoint

Method Route
POST /user-management/entities/user-role-actions/v1

Required Scope

user-management:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
action
Service Class Support

Uber Class Support
body (action parameter) string Action to perform.
Allowed values: grant, revoke. Must be provided as a keyword or as part of the body payload.
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format, not required when using other keywords.
cid
Service Class Support

Uber Class Support
body string Customer ID of the tenant to take action within. Must be provided as a keyword or as part of the body payload.
role_ids
Service Class Support

Uber Class Support
body string or list of strings Role IDs you want to adjust within the user id. Must be provided as a keyword or as part of the body payload.
uuid
Service Class Support

Uber Class Support
body string User ID to grant roles access to. Must be provided as a keyword or as part of the body payload.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.user_roles_action(action="string",
                                    cid="string",
                                    role_ids=id_list
                                    uuid="string"
                                    )

print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.userRolesActionV1(action="string",
                                    cid="string",
                                    role_ids=id_list
                                    uuid="string"
                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = ['ID1', 'ID2', 'ID3']

BODY = {
    "action": "string",
    "cid": "string",
    "role_ids": id_list,
    "uuid": "string"
}

response = falcon.command("userRolesActionV1", body=BODY)

print(response)

GrantUserRoleIds

Assign one or more roles to a user

PEP8 method name

grant_user_role_ids

Endpoint

Method Route
POST /user-roles/entities/user-roles/v1

Required Scope

user-management:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body string Role ID(s) of the role you want to assign.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
role_ids
Service Class Support

Uber Class Support
body string or list of strings Role ID(s) of the role you want to assign. Can also use the keyword roleIds.
user_uuid
Service Class Support

Uber Class Support
query string ID of a user. Find a user's ID using RetrieveUserUUID.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.grant_user_role_ids(user_uuid="string", role_ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GrantUserRoleIds(user_uuid="string", role_ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "roleIds": [
        "string"
    ]
}

response = falcon.command("GrantUserRoleIds", user_uuid="string", body=BODY)
print(response)

RevokeUserRoleIds

Revoke one or more roles from a user

PEP8 method name

revoke_user_role_ids

Endpoint

Method Route
DELETE /user-roles/entities/user-roles/v1

Required Scope

user-management:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
ids
Service Class Support

Uber Class Support
query string or list of strings One or more role IDs to revoke. Find a role's ID using GetAvailableRoleIds.
user_uuid
Service Class Support

Uber Class Support
query string ID of a user. Find a user's ID using RetrieveUserUUID.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.revoke_user_role_ids(user_uuid="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.RevokeUserRoleIds(user_uuid="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("RevokeUserRoleIds", user_uuid="string", ids=id_list)
print(response)

GetAvailableRoleIds

Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to GetRoles.

PEP8 method name

get_available_role_ids

Endpoint

Method Route
GET /user-roles/queries/user-role-ids-by-cid/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.get_available_role_ids()
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.GetAvailableRoleIds()
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetAvailableRoleIds")
print(response)

GetUserRoleIds

Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to GetRoles.

PEP8 method name

get_user_role_ids

Endpoint

Method Route
GET /user-roles/queries/user-role-ids-by-user-uuid/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
user_uuid
Service Class Support

Uber Class Support
query string ID of a user. Find a user's ID using RetrieveUserUUID.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.get_user_role_ids(user_uuid="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.GetUserRoleIds(user_uuid="string")
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetUserRoleIds", user_uuid="string")
print(response)

RetrieveUser

Get info about a user

PEP8 method name

retrieve_user

Endpoint

Method Route
GET /users/entities/users/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
ids
Service Class Support

Uber Class Support
query string or list of strings ID of a user. Find a user's ID using RetrieveUserUUID.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.retrieve_user(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.RetrieveUser(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("RetrieveUser", ids=id_list)
print(response)

retrieveUsersGETV1

Get info about users including their name, UID and CID by providing user UUIDs.

PEP8 method name

retrieve_users

Endpoint

Method Route
POST /user-management/entities/users/GET/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
query dictionary Full body payload in JSON format.
ids
Service Class Support

Uber Class Support
query string or list of strings List of user IDs to retrieve. Find a user's ID using RetrieveUserUUID. Must be provided as an argument, keyword, or part of the body payload.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.retrieve_users(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.retrieveUsersGETV1(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = ['ID1', 'ID2', 'ID3']

BODY = {
    "ids": id_list
}

response = falcon.command("retrieveUsersGETV1", ids=id_list)
print(response)

CreateUser

Create a new user. After creating a user, assign one or more roles with GrantUserRoleIds.

PEP8 method name

create_user

Endpoint

Method Route
POST /users/entities/users/v1

Required Scope

user-management:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body string Attributes for this user. uid (required) is the user's email address, which is their username in Falcon. Optional attributes:
  • firstName
  • lastName
  • password
As a best practice, we recommend omitting password. If single sign-on is enabled for your customer account, the password attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no password. The user should use the activation email to set their own password.
first_name
Service Class Support

Uber Class Support
body string First name of the user. (Can also use the keyword firstName.)
last_name
Service Class Support

Uber Class Support
body string Last name of the user. (Can also use the keyword lastName.)
password
Service Class Support

Uber Class Support
body string Assigned password. String.

As a best practice, we recommend ommitting password. If single sign-on is enabled for your customer account, the password attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no password. The user should use the activation email to set their own password.
uid
Service Class Support

Uber Class Support
body string The user's email address, which will be the assigned username.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.create_user(first_name="string",
                              last_name="string",
                              uid="username@domain.com"
                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.CreateUser(first_name="string",
                             last_name="string",
                             uid="username@domain.com"
                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "firstName": "string",
    "lastName": "string",
    "password": "string",
    "uid": "username@domain.com"
}

response = falcon.command("CreateUser", body=BODY)
print(response)

createUserV1

Create a new user. Supports Flight Control. After creating a user, assign one or more roles with userRolesActionV1.

PEP8 method name

create_user_mssp

Endpoint

Method Route
POST /user-management/entities/users/v1

Required Scope

user-management:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body string Attributes for this user. uid (required) is the user's email address, which is their username in Falcon. Optional attributes:
  • first_name
  • last_name
  • password
As a best practice, we recommend omitting password. If single sign-on is enabled for your customer account, the password attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no password. The user should use the activation email to set their own password.
first_name
Service Class Support

Uber Class Support
body string First name of the user. (Can also use the keyword firstName.)
last_name
Service Class Support

Uber Class Support
body string Last name of the user. (Can also use the keyword lastName.)
password
Service Class Support

Uber Class Support
body string Assigned password. String.

As a best practice, we recommend ommitting password. If single sign-on is enabled for your customer account, the password attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no password. The user should use the activation email to set their own password.
uid
Service Class Support

Uber Class Support
body string The user's email address, which will be the assigned username. Must be provided as a keyword or as part of the body payload.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.create_user_mssp(first_name="string",
                                   last_name="string",
                                   uid="username@domain.com"
                                   )
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.createUserV1(first_name="string",
                               last_name="string",
                               uid="username@domain.com"
                               )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "firstName": "string",
    "lastName": "string",
    "uid": "username@domain.com"
}

response = falcon.command("createUserV1", body=BODY)

print(response)

DeleteUser

Delete a user permanently

PEP8 method name

delete_user

Endpoint

Method Route
DELETE /users/entities/users/v1

Required Scope

user-management:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
user_uuid
Service Class Support

Uber Class Support
query string ID of a user. Find a user's ID using RetrieveUserUUID.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.delete_user(user_uuid="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.DeleteUser(user_uuid="string")
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("DeleteUser", user_uuid="string")
print(response)

deleteUserV1

Delete a user permanently. Supports Flight Control.

PEP8 method name

delete_user_mssp

Endpoint

Method Route
DELETE /user-management/entities/users/v1

Required Scope

user-management:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format, not required if user_uuid keyword is provided.
user_uuid
Service Class Support

Uber Class Support
query string User ID of a user to delete. Find a user's ID using RetrieveUserUUID.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.delete_user_mssp(user_uuid="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.deleteUserV1(user_uuid="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("deleteUserV1", user_uuid="string")

print(response)

UpdateUser

Modify an existing user's first or last name

PEP8 method name

update_user

Endpoint

Method Route
PATCH /users/entities/users/v1

Required Scope

user-management:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
first_name
Service Class Support

Uber Class Support
body string First name of the user. (Can also use the keyword firstName.)
last_name
Service Class Support

Uber Class Support
body string Last name of the user. (Can also use the keyword lastName.)
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
user_uuid
Service Class Support

Uber Class Support
query string The user ID to modify.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.update_user(user_uuid="string",
                             first_name="string",
                             last_name="string"
                             )
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.UpdateUser(user_uuid="string",
                             first_name="string",
                             last_name="string"
                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "firstName": "string",
    "lastName": "string"
}

response = falcon.command("UpdateUser", user_uuid="string", body=BODY)
print(response)

updateUserV1

Modify an existing user's first or last name. Supports Flight Control.

PEP8 method name

update_user_mssp

Endpoint

Method Route
PATCH /user-management/entities/users/v1

Required Scope

user-management:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
first_name
Service Class Support

Uber Class Support
body string First name of the user. (Can also use the keyword firstName.)
last_name
Service Class Support

Uber Class Support
body string Last name of the user. (Can also use the keyword lastName.)
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
user_uuid
Service Class Support

Uber Class Support
query string The user ID to modify. Must be provided as a keyword or as part of the parameters payload.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.update_user_mssp(user_uuid="string",
                                   first_name="string",
                                   last_name="string"
                                   )

print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.updateUserV1(user_uuid="string",
                               first_name="string",
                               last_name="string"
                               )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "firstName": "string",
    "lastName": "string"
}

response = falcon.command("updateUserV1", user_uuid="string", body=BODY)
print(response)

RetrieveEmailsByCID

List the usernames (usually an email address) for all users in your customer account

PEP8 method name

retrieve_emails_by_cid

Endpoint

Method Route
GET /users/queries/emails-by-cid/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.retrieve_emails_by_cid()
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.RetrieveEmailsByCID()
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("RetrieveEmailsByCID")
print(response)

RetrieveUserUUIDsByCID

List user IDs for all users in your customer account. For more information on each user, provide the user ID to RetrieveUser.

PEP8 method name

retrieve_user_uuids_by_cid

Endpoint

Method Route
GET /users/queries/user-uuids-by-cid/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.retrieve_user_uuids_by_cid()
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.RetrieveUserUUIDsByCID()
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("RetrieveUserUUIDsByCID")
print(response)

RetrieveUserUUID

Get a user's ID by providing a username (usually an email address)

PEP8 method name

retrieve_user_uuid

Endpoint

Method Route
GET /users/queries/user-uuids-by-email/v1

Required Scope

user-management:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
uid
Service Class Support

Uber Class Support
query string or list of strings List of User names to retrieve.

Usage

Service class example (PEP8 syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )
id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.retrieve_user_uuid(uid=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import UserManagement

# Do not hardcode API credentials!
falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.RetrieveUserUUID(uid=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("RetrieveUserUUID", uid=id_list)
print(response)

CrowdStrike Falcon

Clone this wiki locally