All URIs are relative to
Method | HTTP request | Description |
action_get_v1 | GET /iocs/entities/actions/v1 | Get Actions by ids. |
action_query_v1 | GET /iocs/queries/actions/v1 | Query Actions. |
get_indicators_report | POST /iocs/entities/indicators-reports/v1 | Launch an indicators report creation job |
indicator_aggregate_v1 | POST /iocs/aggregates/indicators/v1 | Get Indicators aggregates as specified via json in the request body. |
indicator_combined_v1 | GET /iocs/combined/indicator/v1 | Get Combined for Indicators. |
indicator_create_v1 | POST /iocs/entities/indicators/v1 | Create Indicators. |
indicator_delete_v1 | DELETE /iocs/entities/indicators/v1 | Delete Indicators by ids. |
indicator_get_device_count_v1 | GET /iocs/aggregates/indicators/device-count/v1 | Get the number of devices the indicator has run on |
indicator_get_devices_ran_on_v1 | GET /iocs/queries/indicators/devices/v1 | Get the IDs of devices the indicator has run on |
indicator_get_processes_ran_on_v1 | GET /iocs/queries/indicators/processes/v1 | Get the number of processes the indicator has run on |
indicator_get_v1 | GET /iocs/entities/indicators/v1 | Get Indicators by ids. |
indicator_search_v1 | GET /iocs/queries/indicators/v1 | Search for Indicators. |
indicator_update_v1 | PATCH /iocs/entities/indicators/v1 | Update Indicators. |
ioc_type_query_v1 | GET /iocs/queries/ioc-types/v1 | Query IOC Types. |
platform_query_v1 | GET /iocs/queries/platforms/v1 | Query Platforms. |
severity_query_v1 | GET /iocs/queries/severities/v1 | Query Severities. |
Get Actions by ids.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
opts = {
ids: ['inner_example'] # Array<String> | The ids of the Actions to retrieve
# Get Actions by ids.
result = api_instance.action_get_v1(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->action_get_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> action_get_v1_with_http_info(opts)
# Get Actions by ids.
data, status_code, headers = api_instance.action_get_v1_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiActionRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->action_get_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
ids | Array<String> | The ids of the Actions to retrieve | [optional] |
- Content-Type: Not defined
- Accept: application/json
Query Actions.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
opts = {
offset: 'offset_example', # String | Starting index of overall result set from which to return ids.
limit: 56 # Integer | Number of ids to return.
# Query Actions.
result = api_instance.action_query_v1(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->action_query_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> action_query_v1_with_http_info(opts)
# Query Actions.
data, status_code, headers = api_instance.action_query_v1_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiIndicatorQueryRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->action_query_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
offset | String | Starting index of overall result set from which to return ids. | [optional] |
limit | Integer | Number of ids to return. | [optional] |
- Content-Type: Not defined
- Accept: application/json
Launch an indicators report creation job
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
body ={report_format: 'report_format_example', search:{filter: 'filter_example', query: 'query_example', sort: 'sort_example'})}) # ApiIndicatorsReportRequest |
# Launch an indicators report creation job
result = api_instance.get_indicators_report(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->get_indicators_report: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> get_indicators_report_with_http_info(body)
# Launch an indicators report creation job
data, status_code, headers = api_instance.get_indicators_report_with_http_info(body)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaEntitiesResponse>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->get_indicators_report_with_http_info: #{e}"
Name | Type | Description | Notes |
body | ApiIndicatorsReportRequest |
- Content-Type: application/json
- Accept: application/json
indicator_aggregate_v1(body, opts)
Get Indicators aggregates as specified via json in the request body.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
body ={date_ranges: [{from: 'from_example', to: 'to_example'})], exclude: 'exclude_example', field: 'field_example', filter: 'filter_example', from: 37, include: 'include_example', interval: 'interval_example', missing: 'missing_example', name: 'name_example', q: 'q_example', ranges: [{from: 3.56, to: 3.56})], size: 37, sort: 'sort_example', sub_aggregates: [{date_ranges: [{from: 'from_example', to: 'to_example'})], exclude: 'exclude_example', field: 'field_example', filter: 'filter_example', from: 37, include: 'include_example', interval: 'interval_example', missing: 'missing_example', name: 'name_example', q: 'q_example', ranges: [{from: 3.56, to: 3.56})], size: 37, sort: 'sort_example', sub_aggregates: [], time_zone: 'time_zone_example', type: 'type_example'})], time_zone: 'time_zone_example', type: 'type_example'}) # MsaAggregateQueryRequest |
opts = {
filter: 'filter_example', # String | The filter to narrow down the aggregation data
from_parent: true # Boolean | The filter for returning either only indicators for the request customer or its MSSP parents
# Get Indicators aggregates as specified via json in the request body.
result = api_instance.indicator_aggregate_v1(body, opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_aggregate_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> indicator_aggregate_v1_with_http_info(body, opts)
# Get Indicators aggregates as specified via json in the request body.
data, status_code, headers = api_instance.indicator_aggregate_v1_with_http_info(body, opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <MsaAggregatesResponse>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_aggregate_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
body | MsaAggregateQueryRequest | ||
filter | String | The filter to narrow down the aggregation data | [optional] |
from_parent | Boolean | The filter for returning either only indicators for the request customer or its MSSP parents | [optional] |
- Content-Type: application/json
- Accept: application/json
Get Combined for Indicators.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
opts = {
filter: 'filter_example', # String | The filter expression that should be used to limit the results.
offset: 56, # Integer | The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default. To access more than 10k iocs, use the 'after' parameter instead of 'offset'.
limit: 56, # Integer | The maximum records to return.
sort: 'action', # String | The sort expression that should be used to sort the results.
after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an 'after' token. On subsequent requests, provide the 'after' token from the previous response to continue from that place in the results. To access more than 10k indicators, use the 'after' parameter instead of 'offset'.
from_parent: true # Boolean | The filter for returning either only indicators for the request customer or its MSSP parents
# Get Combined for Indicators.
result = api_instance.indicator_combined_v1(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_combined_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> indicator_combined_v1_with_http_info(opts)
# Get Combined for Indicators.
data, status_code, headers = api_instance.indicator_combined_v1_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiIndicatorRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_combined_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
filter | String | The filter expression that should be used to limit the results. | [optional] |
offset | Integer | The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default. To access more than 10k iocs, use the 'after' parameter instead of 'offset'. | [optional] |
limit | Integer | The maximum records to return. | [optional] |
sort | String | The sort expression that should be used to sort the results. | [optional] |
after | String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an 'after' token. On subsequent requests, provide the 'after' token from the previous response to continue from that place in the results. To access more than 10k indicators, use the 'after' parameter instead of 'offset'. | [optional] |
from_parent | Boolean | The filter for returning either only indicators for the request customer or its MSSP parents | [optional] |
- Content-Type: Not defined
- Accept: application/json
indicator_create_v1(body, opts)
Create Indicators.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
body ={indicators: [{applied_globally: false})]}) # ApiIndicatorCreateReqsV1 |
opts = {
retrodetects: true, # Boolean | Whether to submit to retrodetects
ignore_warnings: true # Boolean | Set to true to ignore warnings and add all IOCs
# Create Indicators.
result = api_instance.indicator_create_v1(body, opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_create_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> indicator_create_v1_with_http_info(body, opts)
# Create Indicators.
data, status_code, headers = api_instance.indicator_create_v1_with_http_info(body, opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiIndicatorRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_create_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
body | ApiIndicatorCreateReqsV1 | ||
retrodetects | Boolean | Whether to submit to retrodetects | [optional] |
ignore_warnings | Boolean | Set to true to ignore warnings and add all IOCs | [optional][default to false] |
- Content-Type: application/json
- Accept: application/json
Delete Indicators by ids.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
opts = {
filter: 'filter_example', # String | The FQL expression to delete Indicators in bulk. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids.
ids: ['inner_example'], # Array<String> | The ids of the Indicators to delete. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids
comment: 'comment_example', # String | The comment why these indicators were deleted
from_parent: true # Boolean | The filter for returning either only indicators for the request customer or its MSSP parents
# Delete Indicators by ids.
result = api_instance.indicator_delete_v1(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_delete_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> indicator_delete_v1_with_http_info(opts)
# Delete Indicators by ids.
data, status_code, headers = api_instance.indicator_delete_v1_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiIndicatorQueryRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_delete_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
filter | String | The FQL expression to delete Indicators in bulk. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids. | [optional] |
ids | Array<String> | The ids of the Indicators to delete. If both 'filter' and 'ids' are provided, then filter takes precedence and ignores ids | [optional] |
comment | String | The comment why these indicators were deleted | [optional] |
from_parent | Boolean | The filter for returning either only indicators for the request customer or its MSSP parents | [optional] |
- Content-Type: Not defined
- Accept: application/json
indicator_get_device_count_v1(type, value)
Get the number of devices the indicator has run on
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
type = 'type_example' # String | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address.
value = 'value_example' # String | The string representation of the indicator
# Get the number of devices the indicator has run on
result = api_instance.indicator_get_device_count_v1(type, value)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_get_device_count_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> indicator_get_device_count_v1_with_http_info(type, value)
# Get the number of devices the indicator has run on
data, status_code, headers = api_instance.indicator_get_device_count_v1_with_http_info(type, value)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiDeviceCountRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_get_device_count_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
type | String | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. | |
value | String | The string representation of the indicator |
- Content-Type: Not defined
- Accept: application/json
indicator_get_devices_ran_on_v1(type, value, opts)
Get the IDs of devices the indicator has run on
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
type = 'type_example' # String | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address.
value = 'value_example' # String | The string representation of the indicator
opts = {
limit: 'limit_example', # String | The maximum number of results to return. Use with the offset parameter to manage pagination of results.
offset: 'offset_example' # String | The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.
# Get the IDs of devices the indicator has run on
result = api_instance.indicator_get_devices_ran_on_v1(type, value, opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_get_devices_ran_on_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> indicator_get_devices_ran_on_v1_with_http_info(type, value, opts)
# Get the IDs of devices the indicator has run on
data, status_code, headers = api_instance.indicator_get_devices_ran_on_v1_with_http_info(type, value, opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiDevicesRanOnRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_get_devices_ran_on_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
type | String | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. | |
value | String | The string representation of the indicator | |
limit | String | The maximum number of results to return. Use with the offset parameter to manage pagination of results. | [optional] |
offset | String | The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results. | [optional] |
- Content-Type: Not defined
- Accept: application/json
indicator_get_processes_ran_on_v1(type, value, device_id, opts)
Get the number of processes the indicator has run on
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
type = 'type_example' # String | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address.
value = 'value_example' # String | The string representation of the indicator
device_id = 'device_id_example' # String | Specify a host's ID to return only processes from that host. Get a host's ID from GET /devices/queries/devices/v1, the Falcon console, or the Streaming API.
opts = {
limit: 'limit_example', # String | The maximum number of results to return. Use with the offset parameter to manage pagination of results.
offset: 'offset_example' # String | The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results.
# Get the number of processes the indicator has run on
result = api_instance.indicator_get_processes_ran_on_v1(type, value, device_id, opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_get_processes_ran_on_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> indicator_get_processes_ran_on_v1_with_http_info(type, value, device_id, opts)
# Get the number of processes the indicator has run on
data, status_code, headers = api_instance.indicator_get_processes_ran_on_v1_with_http_info(type, value, device_id, opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiProcessesRanOnRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_get_processes_ran_on_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
type | String | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. | |
value | String | The string representation of the indicator | |
device_id | String | Specify a host's ID to return only processes from that host. Get a host's ID from GET /devices/queries/devices/v1, the Falcon console, or the Streaming API. | |
limit | String | The maximum number of results to return. Use with the offset parameter to manage pagination of results. | [optional] |
offset | String | The first process to return, where 0 is the latest offset. Use with the limit parameter to manage pagination of results. | [optional] |
- Content-Type: Not defined
- Accept: application/json
Get Indicators by ids.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
ids = ['inner_example'] # Array<String> | The ids of the Indicators to retrieve
# Get Indicators by ids.
result = api_instance.indicator_get_v1(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_get_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> indicator_get_v1_with_http_info(ids)
# Get Indicators by ids.
data, status_code, headers = api_instance.indicator_get_v1_with_http_info(ids)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiIndicatorRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_get_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
ids | Array<String> | The ids of the Indicators to retrieve |
- Content-Type: Not defined
- Accept: application/json
Search for Indicators.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
opts = {
filter: 'filter_example', # String | The filter expression that should be used to limit the results.
offset: 56, # Integer | The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default. To access more than 10k iocs, use the 'after' parameter instead of 'offset'.
limit: 56, # Integer | The maximum records to return.
sort: 'action', # String | The sort expression that should be used to sort the results.
after: 'after_example', # String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an 'after' token. On subsequent requests, provide the 'after' token from the previous response to continue from that place in the results. To access more than 10k indicators, use the 'after' parameter instead of 'offset'.
from_parent: true # Boolean | The filter for returning either only indicators for the request customer or its MSSP parents
# Search for Indicators.
result = api_instance.indicator_search_v1(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_search_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> indicator_search_v1_with_http_info(opts)
# Search for Indicators.
data, status_code, headers = api_instance.indicator_search_v1_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiIndicatorQueryRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_search_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
filter | String | The filter expression that should be used to limit the results. | [optional] |
offset | Integer | The offset to start retrieving records from. Offset and After params are mutually exclusive. If none provided then scrolling will be used by default. To access more than 10k iocs, use the 'after' parameter instead of 'offset'. | [optional] |
limit | Integer | The maximum records to return. | [optional] |
sort | String | The sort expression that should be used to sort the results. | [optional] |
after | String | A pagination token used with the `limit` parameter to manage pagination of results. On your first request, don't provide an 'after' token. On subsequent requests, provide the 'after' token from the previous response to continue from that place in the results. To access more than 10k indicators, use the 'after' parameter instead of 'offset'. | [optional] |
from_parent | Boolean | The filter for returning either only indicators for the request customer or its MSSP parents | [optional] |
- Content-Type: Not defined
- Accept: application/json
indicator_update_v1(body, opts)
Update Indicators.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
body ={bulk_update:, indicators: []}) # ApiIndicatorUpdateReqsV1 |
opts = {
retrodetects: true, # Boolean | Whether to submit to retrodetects
ignore_warnings: true # Boolean | Set to true to ignore warnings and add all IOCs
# Update Indicators.
result = api_instance.indicator_update_v1(body, opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_update_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> indicator_update_v1_with_http_info(body, opts)
# Update Indicators.
data, status_code, headers = api_instance.indicator_update_v1_with_http_info(body, opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiIndicatorRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->indicator_update_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
body | ApiIndicatorUpdateReqsV1 | ||
retrodetects | Boolean | Whether to submit to retrodetects | [optional] |
ignore_warnings | Boolean | Set to true to ignore warnings and add all IOCs | [optional][default to false] |
- Content-Type: application/json
- Accept: application/json
Query IOC Types.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
opts = {
offset: 'offset_example', # String | Starting index of overall result set from which to return ids.
limit: 56 # Integer | Number of ids to return.
# Query IOC Types.
result = api_instance.ioc_type_query_v1(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->ioc_type_query_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> ioc_type_query_v1_with_http_info(opts)
# Query IOC Types.
data, status_code, headers = api_instance.ioc_type_query_v1_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiIndicatorQueryRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->ioc_type_query_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
offset | String | Starting index of overall result set from which to return ids. | [optional] |
limit | Integer | Number of ids to return. | [optional] |
- Content-Type: Not defined
- Accept: application/json
Query Platforms.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
opts = {
offset: 'offset_example', # String | Starting index of overall result set from which to return ids.
limit: 56 # Integer | Number of ids to return.
# Query Platforms.
result = api_instance.platform_query_v1(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->platform_query_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> platform_query_v1_with_http_info(opts)
# Query Platforms.
data, status_code, headers = api_instance.platform_query_v1_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiIndicatorQueryRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->platform_query_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
offset | String | Starting index of overall result set from which to return ids. | [optional] |
limit | Integer | Number of ids to return. | [optional] |
- Content-Type: Not defined
- Accept: application/json
Query Severities.
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret" = "us-1" # or "us-2", "eu-1", "us-gov1"
api_instance =
opts = {
offset: 'offset_example', # String | Starting index of overall result set from which to return ids.
limit: 56 # Integer | Number of ids to return.
# Query Severities.
result = api_instance.severity_query_v1(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->severity_query_v1: #{e}"
This returns an Array which contains the response data, status code and headers.
<Array(, Integer, Hash)> severity_query_v1_with_http_info(opts)
# Query Severities.
data, status_code, headers = api_instance.severity_query_v1_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # => <ApiIndicatorQueryRespV1>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->severity_query_v1_with_http_info: #{e}"
Name | Type | Description | Notes |
offset | String | Starting index of overall result set from which to return ids. | [optional] |
limit | Integer | Number of ids to return. | [optional] |
- Content-Type: Not defined
- Accept: application/json