This repository contains a collection of examples demonstrating the use of the CrowdStrike Falcon APIs. The examples are written in Ruby and use the Crimson Falcon Ruby SDK.
These examples are intended to be used as a quick start reference for developers looking to integrate with the CrowdStrike Falcon platform.
They are not intended to be used as-is in production environments.
These examples will follow one of three standard patterns for authenticating to the CrowdStrike Falcon platform via the Crimson Falcon Ruby SDK:
| Pattern | Usage detail |
|---|---|
| Environment variables | Credentials are retrieved from the local environment of the machine the example is executed on. These values are named:
|
| Runtime (Command line arguments) | Credentials are consumed at runtime via command line parameters. The common options can be found in the shared options library which utilizes the optparse Ruby library. |
| Prompt | If no environment variables or command line arguments are found, the script will prompt you for your credentials. A shared prompt library helper utilizes Ruby's io/console library. |
Note: Member CID can be passed in via the
-mor--member-cidflag.
Please note: These are not the only methods for providing these values.
-
Install Ruby and the "crimson-falcon" gem. Follow the Installation guide.
-
Run the sample script in your terminal:
ruby sensor_download/get_ccid.rb
or list the available options:
ruby sensor_download/get_ccid.rb -h
The following samples are categorized by CrowdStrike Falcon API service collection.
| Service Collection | Samples |
|---|---|
| Hosts | Sensor Versions by Hostname |
| Incidents | Get CrowdScore |
| OAuth2 | Get OAuth2 Token |
| Sensor Download | Get CCID |