Intel
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Get info about actors that match provided FQL filters. | ||||
|
Get info about indicators that match provided FQL filters. | ||||
|
Get info about reports that match provided FQL filters. | ||||
|
Retrieve specific actors using their actor IDs. | ||||
|
Retrieve specific indicators using their indicator IDs. | ||||
|
Return a Report PDF attachment | ||||
|
Retrieve specific reports using their report IDs. | ||||
|
Download earlier rule sets. | ||||
|
Download the latest rule set. | ||||
|
Retrieve details for rule sets for the specified ids. | ||||
|
Get actor IDs that match provided FQL filters. | ||||
|
Get indicators IDs that match provided FQL filters. | ||||
|
Get report IDs that match provided FQL filters. | ||||
|
Search for rule IDs that match provided filter criteria. | ||||
Get info about actors that match provided FQL filters.
query_actor_entities
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| offset | query | integer | Set the starting row number to return actors from. Defaults to 0. | |
| limit | query | integer | Set the number of actors to return. The value must be between 1 and 5000. | |
| sort | query | string | Order fields in ascending or descending order. Ex: created_date | |
| filter | query | string | Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | |
| q | query | string | Perform a generic substring search across all fields. | |
| fields | query | array (string) | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: . Ex: slug full. Defaults to basic. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.query_actor_entities(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string",
fields=["string", "string"]
)
print(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.QueryIntelActorEntities(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string",
fields=["string", "string"]
)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"offset": integer,
"limit": integer,
"sort": "string",
"filter": "string",
"q": "string",
"fields": [
"string",
"string"
]
}
response = falcon.command("QueryIntelActorEntities", parameters=PARAMS)
print(response)Get info about indicators that match provided FQL filters.
query_indicator_entities
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| offset | query | integer | Set the starting row number to return indicators from. Defaults to 0. | |
| limit | query | integer | Set the number of indicators to return. The number must be between 1 and 50000 | |
| sort | query | string | Order fields in ascending or descending order. Ex: published_date | |
| filter | query | string | Filter your query by specifying FQL filter parameters. Filter parameters include: _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities. | |
| q | query | string | Perform a generic substring search across all fields. | |
| include_deleted | query | boolean | If true, include both published and deleted indicators in the response. Defaults to false. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.query_indicator_entities(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string",
include_deleted=boolean
)
print(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.QueryIntelIndicatorEntities(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string",
include_deleted=boolean
)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"offset": integer,
"limit": integer,
"sort": "string",
"filter": "string",
"q": "string",
"include_deleted": boolean
}
response = falcon.command("QueryIntelIndicatorEntities", parameters=PARAMS)
print(response)Get info about reports that match provided FQL filters.
query_report_entities
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| offset | query | integer | Set the starting row number to return reports from. Defaults to 0. | |
| limit | query | integer | Set the number of reports to return. The value must be between 1 and 5000. | |
| sort | query | string | Order fields in ascending or descending order. Ex: created_date | |
| filter | query | string | Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | |
| q | query | string | Perform a generic substring search across all fields. | |
| fields | query | array (string) | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: . Ex: slug full. Defaults to basic. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.query_report_entities(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string",
fields=["string", "string"]
)
print(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.QueryIntelReportEntities(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string",
fields=["string", "string"]
)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"offset": integer,
"limit": integer,
"sort": "string",
"filter": "string",
"q": "string",
"fields": [
"string",
"string"
]
}
response = falcon.command("QueryIntelReportEntities", parameters=PARAMS)
print(response)Retrieve specific actors using their actor IDs.
get_actor_entities
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | The IDs of the actors you want to retrieve. |
| fields | query | array (string) | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: . Ex: slug full. Defaults to basic. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_actor_entities(fields=["string", "string"], ids=id_list)
print(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetIntelActorEntities(fields=["string", "string"], ids=id_list)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"fields": [
"string",
"string"
]
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetIntelActorEntities", parameters=PARAMS, ids=id_list)
print(response)Retrieve specific indicators using their indicator IDs.
get_indicator_entities
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | body | body | string |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.get_indicator_entities(body=BODY)
print(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.GetIntelIndicatorEntities(body=BODY)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.command("GetIntelIndicatorEntities", body=BODY)
print(response)Return a Report PDF attachment
get_report_pdf
- Produces: application/octet-stream
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | id | query | string | The ID of the report you want to download as a PDF. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
save_file = "some_file.ext"
response = falcon.get_report_pdf(id="string")
open(save_file, 'wb').write(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
save_file = "some_file.ext"
response = falcon.GetIntelReportPDF(id="string")
open(save_file, 'wb').write(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"id": "string"
}
save_file = "some_file.ext"
response = falcon.command("GetIntelReportPDF", parameters=PARAMS)
open(save_file, 'wb').write(response)Retrieve specific reports using their report IDs.
get_report_entities
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | The IDs of the reports you want to retrieve. |
| fields | query | array (string) | The fields to return, or a predefined set of fields in the form of the collection name surrounded by two underscores like: . Ex: slug full. Defaults to basic. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_report_entities(fields=["string", "string"], ids=id_list)
print(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetIntelReportEntities(fields=["string", "string"], ids=id_list)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"fields": [
"string",
"string"
]
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetIntelReportEntities", parameters=PARAMS, ids=id_list)
print(response)Download earlier rule sets.
get_rule_file
- Produces: application/zip
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| Accept | header | string | Choose the format you want the rule set in. | |
| ✅ | id | query | integer | The ID of the rule set. |
| format | query | string | Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
HEADERS = {
"Accept": "string"
}
save_file = "some_file.zip"
response = falcon.get_rule_file(id=integer, format="string", headers=HEADERS)
open(save_file, 'wb').write(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
HEADERS = {
"Accept": "string"
}
save_file = "some_file.zip"
response = falcon.GetIntelRuleFile(id=integer, format="string", headers=HEADERS)
open(save_file, 'wb').write(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"id": integer,
"format": "string"
}
HEADERS = {
"Accept": "string"
}
save_file = "some_file.zip"
response = falcon.command("GetIntelRuleFile", parameters=PARAMS, headers=HEADERS)
open(save_file, 'wb').write(response)Download the latest rule set.
get_latest_rule_file
- Produces: application/zip
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| Accept | header | string | Choose the format you want the rule set in. | |
| ✅ | type | query | string | The rule news report type. Accepted values: snort-suricata-master snort-suricata-update snort-suricata-changelog yara-master yara-update yara-changelog common-event-format netwitness |
| format | query | string | Choose the format you want the rule set in. Valid formats are zip and gzip. Defaults to zip. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
HEADERS = {
"Accept": "string"
}
save_file = "some_file.zip"
response = falcon.get_latest_rule_file(type="string", format="string", headers=HEADERS)
open(save_file, 'wb').write(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
HEADERS = {
"Accept": "string"
}
save_file = "some_file.zip"
response = falcon.GetLatestIntelRuleFile(type="string", format="string", headers=HEADERS)
open(save_file, 'wb').write(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"type": "string",
"format": "string"
}
HEADERS = {
"Accept": "string"
}
save_file = "some_file.zip"
response = falcon.command("GetLatestIntelRuleFile", parameters=PARAMS, headers=HEADERS)
open(save_file, 'wb').write(response)Retrieve details for rule sets for the specified ids.
get_rule_entities
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | The ids of rules to return. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rule_entities(ids=id_list)
print(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetIntelRuleEntities(ids=id_list)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetIntelRuleEntities", ids=id_list)
print(response)Get actor IDs that match provided FQL filters.
query_actor_ids
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| offset | query | integer | Set the starting row number to return actors IDs from. Defaults to 0. | |
| limit | query | integer | Set the number of actor IDs to return. The value must be between 1 and 5000. | |
| sort | query | string | Order fields in ascending or descending order. Ex: created_date | |
| filter | query | string | Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | |
| q | query | string | Perform a generic substring search across all fields. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.query_actor_ids(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string"
)
print(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.QueryIntelActorIds(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string"
)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"offset": integer,
"limit": integer,
"sort": "string",
"filter": "string",
"q": "string"
}
response = falcon.command("QueryIntelActorIds", parameters=PARAMS)
print(response)Get indicators IDs that match provided FQL filters.
query_indicator_ids
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| offset | query | integer | Set the starting row number to return indicator IDs from. Defaults to 0. | |
| limit | query | integer | Set the number of indicator IDs to return. The number must be between 1 and 50000 | |
| sort | query | string | Order fields in ascending or descending order. Ex: published_date | |
| filter | query | string | Filter your query by specifying FQL filter parameters. Filter parameters include: _marker, actors, deleted, domain_types, id, indicator, ip_address_types, kill_chains, labels, labels.created_on, labels.last_valid_on, labels.name, last_updated, malicious_confidence, malware_families, published_date, reports, targets, threat_types, type, vulnerabilities. | |
| q | query | string | Perform a generic substring search across all fields. | |
| include_deleted | query | boolean | If true, include both published and deleted indicators in the response. Defaults to false. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.query_indicator_ids(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string",
include_deleted=boolean
)
print(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.QueryIntelIndicatorIds(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string",
include_deleted=boolean
)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"offset": integer,
"limit": integer,
"sort": "string",
"filter": "string",
"q": "string",
"include_deleted": boolean
}
response = falcon.command("QueryIntelIndicatorIds", parameters=PARAMS)
print(response)Get report IDs that match provided FQL filters.
query_report_ids
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| offset | query | integer | Set the starting row number to return report IDs from. Defaults to 0. | |
| limit | query | integer | Set the number of report IDs to return. The value must be between 1 and 5000. | |
| sort | query | string | Order fields in ascending or descending order. Ex: created_date | |
| filter | query | string | Filter your query by specifying FQL filter parameters. Filter parameters include: actors, actors.id, actors.name, actors.slug, actors.url, created_date, description, id, last_modified_date, motivations, motivations.id, motivations.slug, motivations.value, name, name.raw, short_description, slug, sub_type, sub_type.id, sub_type.name, sub_type.slug, tags, tags.id, tags.slug, tags.value, target_countries, target_countries.id, target_countries.slug, target_countries.value, target_industries, target_industries.id, target_industries.slug, target_industries.value, type, type.id, type.name, type.slug, url. | |
| q | query | string | Perform a generic substring search across all fields. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.query_report_ids(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string"
)
print(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.QueryIntelReportIds(offset=integer,
limit=integer,
sort="string",
filter="string",
q="string"
)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"offset": integer,
"limit": integer,
"sort": "string",
"filter": "string",
"q": "string"
}
response = falcon.command("QueryIntelReportIds", parameters=PARAMS)
print(response)Search for rule IDs that match provided filter criteria.
query_rule_ids
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| offset | query | integer | Set the starting row number to return reports from. Defaults to 0. | |
| limit | query | integer | The number of rule IDs to return. Defaults to 10. | |
| sort | query | string | Order fields in ascending or descending order. Ex: created_date | |
| name | query | array (string) | Search by rule title. | |
| ✅ | type | query | string | The rule news report type. Accepted values: snort-suricata-master snort-suricata-update snort-suricata-changelog yara-master yara-update yara-changelog common-event-format netwitness |
| description | query | array (string) | Substring match on description field. | |
| tags | query | array (string) | Search for rule tags. | |
| min_created_date | query | integer | Filter results to those created on or after a certain date. | |
| max_created_date | query | string | Filter results to those created on or before a certain date. | |
| q | query | string | Perform a generic substring search across all fields. |
from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.query_rule_ids(offset=integer,
limit=integer,
sort="string",
name=["string", "string"],
type="string",
description=["string", "string"],
tags=["string", "string"],
min_created_date=integer,
max_created_date="string",
q="string"
)
print(response)from falconpy.intel import Intel
falcon = Intel(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.QueryIntelRuleIds(offset=integer,
limit=integer,
sort="string",
name=["string", "string"],
type="string",
description=["string", "string"],
tags=["string", "string"],
min_created_date=integer,
max_created_date="string",
q="string"
)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"offset": integer,
"limit": integer,
"sort": "string",
"name": [
"string",
"string"
],
"type": "string",
"description": [
"string",
"string"
],
"tags": [
"string",
"string"
],
"min_created_date": integer,
"max_created_date": "string",
"q": "string"
}
response = falcon.command("QueryIntelRuleIds", parameters=PARAMS)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
