ThreatGraph
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Retrieve edges for a given vertex id. One edge type must be specified | ||||
|
Look up instances of indicators such as hashes, domain names, and ip addresses that have been seen on devices in your environment. | ||||
|
Retrieve summary for a given vertex ID | ||||
|
Retrieve metadata for a given vertex ID | ||||
|
Retrieve metadata for a given vertex ID | ||||
|
Show all available edge types | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Retrieve edges for a given vertex id. One edge type must be specified
get_edges
| Method | Route |
|---|---|
 |
/threatgraph/combined/edges/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |  |
|
query | string | Vertex ID to get details for. Only one value is supported |
| limit | |
|
query | integer | How many edges to return in a single request [1-100] |
| offset | |
|
query | string | The offset to use to retrieve the next page of results |
| edge_type | |
|
query | string | The type of edges that you would like to retrieve |
| direction | |
|
query | string | The direction of edges that you would like to retrieve. |
| scope | |
|
query | string | Scope of the request |
| nano | |
|
query | boolean | Return nano-precision entity timestamps |
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_edges(limit=integer,
offset="string",
edge_type="string",
direction="string",
scope="string",
nano=boolean,
ids=id_list
)
print(response)from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.combined_edges_get(limit=integer,
offset="string",
edge_type="string",
direction="string",
scope="string",
nano=boolean,
ids=id_list
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("combined_edges_get",
limit=integer,
offset="string",
edge_type="string",
direction="string",
scope="string",
nano=boolean,
ids=id_list
)
print(response)Back to Table of Contents
Look up instances of indicators such as hashes, domain names, and ip addresses that have been seen on devices in your environment.
get_ran_on
| Method | Route |
|---|---|
|
/threatgraph/combined/ran-on/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| value | |
|
query | string | The value of the indicator to search by. |
| type | |
|
query | string | The type of indicator that you would like to retrieve |
| limit | |
|
query | integer | How many edges to return in a single request [1-100] |
| offset | |
|
query | string | The offset to use to retrieve the next page of results |
| nano | |
|
query | boolean | Return nano-precision entity timestamps |
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_ran_on(value="string",
type="string",
limit=integer,
offset="string",
nano=boolean
)
print(response)from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combined_ran_on_get(value="string",
type="string",
limit=integer,
offset="string",
nano=boolean
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("combined_ran_on_get",
value="string",
type="string",
limit=integer,
offset="string",
nano=boolean
)
print(response)Back to Table of Contents
Retrieve summary for a given vertex ID
get_summary
| Method | Route |
|---|---|
|
/threatgraph/combined/{vertex-type}/summary/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| vertex_type | |
|
path | string | Type of vertex to get properties for |
| ids | |
|
query | array (string) | Vertex ID to get details for |
| scope | |
|
query | string | Scope of the request |
| nano | |
|
query | boolean | Return nano-precision entity timestamps |
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_summary(scope="string", nano=boolean, ids=id_list, vertex_type="string")
print(response)from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.combined_summary_get(scope="string",
nano=boolean,
ids=id_list,
vertex_type="string"
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("combined_summary_get",
scope="string",
nano=boolean,
ids=id_list,
vertex_type="string"
)
print(response)Back to Table of Contents
Retrieve metadata for a given vertex ID
get_vertices_v1
| Method | Route |
|---|---|
|
/threatgraph/entities/{vertex-type}/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| vertex_type | |
|
path | string | Type of vertex to get properties for |
| ids | |
|
query | array (string) | Vertex ID to get details for |
| scope | |
|
query | string | Scope of the request |
| nano | |
|
query | boolean | Return nano-precision entity timestamps |
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_vertices_v1(scope="string", nano=boolean, ids=id_list, vertex_type="string")
print(response)from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_vertices_get(scope="string",
nano=boolean,
ids=id_list,
vertex_type="string"
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_vertices_get",
scope="string",
nano="string",
ids=id_list,
vertex_type="string"
)
print(response)Back to Table of Contents
Retrieve metadata for a given vertex ID
get_vertices
| Method | Route |
|---|---|
|
/threatgraph/entities/{vertex-type}/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| vertex_type | |
|
path | string | Type of vertex to get properties for |
| ids | |
|
query | array (string) | Vertex ID to get details for |
| scope | |
|
query | string | Scope of the request |
| nano | |
|
query | boolean | Return nano-precision entity timestamps |
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_vertices(scope="string", nano=boolean, ids=id_list, vertex_type="string")
print(response)from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.entities_vertices_getv2(scope="string",
nano=boolean,
ids=id_list,
vertex_type="string"
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("entities_vertices_getv2",
scope="string",
nano=boolean,
ids=id_list,
vertex_type="string"
)
print(response)Back to Table of Contents
Show all available edge types
get_edge_types
| Method | Route |
|---|---|
|
/threatgraph/queries/edge-types/v1 |
- Produces: application/json
No keywords or arguments accepted
from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_edge_types()
print(response)from falconpy import ThreatGraph
falcon = ThreatGraph(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queries_edgetypes_get()
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queries_edgetypes_get")
print(response)Back to Table of Contents
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
