Quarantine
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Returns count of potentially affected quarantined files for each action. | ||||
|
Get quarantine file aggregates as specified via json in request body. | ||||
|
Get quarantine file metadata for specified ids. | ||||
|
Apply action by quarantine file ids | ||||
|
Get quarantine file ids that match the provided filter criteria. | ||||
|
Apply quarantine file actions by query. | ||||
Returns count of potentially affected quarantined files for each action.
action_update_count
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | filter | query | string | FQL specifying filter parameters. |
from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.action_update_count(filter="string")
print(response)from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.ActionUpdateCount(filter="string")
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"filter": "string"
}
response = falcon.command("ActionUpdateCount", parameters=PARAMS)
print(response)Get quarantine file aggregates as specified via json in request body.
get_aggregate_files
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | body | body | string |
from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.get_aggregate_files(body=BODY)
print(response)from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.GetAggregateFiles(body=BODY)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.command("GetAggregateFiles", body=BODY)
print(response)Get quarantine file metadata for specified ids.
get_quarantine_files
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | body | body | string |
from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.get_quarantine_files(body=BODY)
print(response)from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.GetQuarantineFiles(body=BODY)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.command("GetQuarantineFiles", body=BODY)
print(response)Apply action by quarantine file ids
update_quarantined_detects_by_id
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | body | body | string |
from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.update_quarantined_detects_by_id(body=BODY)
print(response)from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.UpdateQuarantinedDetectsByIds(body=BODY)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.command("UpdateQuarantinedDetectsByIds", body=BODY)
print(response)Get quarantine file ids that match the provided filter criteria.
query_quarantine_files
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| offset | query | string | Starting index of overall result set from which to return ids. | |
| limit | query | integer | Number of ids to return. | |
| sort | query | string | Possible order by fields: hostname, username, date_updated, date_created, paths.path, state, paths.state. Ex: 'date_created | |
| filter | query | string | FQL query specifying the filter parameters. Special value '*' means to not filter on anything. Filter term criteria: status, adversary_id, device.device_id, device.country, device.hostname, behaviors.behavior_id, behaviors.ioc_type, behaviors.ioc_value, behaviors.username, behaviors.tree_root_hash. Filter range criteria:, max_severity, max_confidence, first_behavior, last_behavior. | |
| q | query | string | Match phrase_prefix query criteria; included fields: _all (all filter string fields), sha256, state, paths.path, paths.state, hostname, username, date_updated, date_created. |
from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.query_quarantine_files(offset="string",
limit=integer,
sort="string",
filter="string",
q="string"
)
print(response)from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.QueryQuarantineFiles(offset="string",
limit=integer,
sort="string",
filter="string",
q="string"
)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"offset": "string",
"limit": integer,
"sort": "string",
"filter": "string",
"q": "string"
}
response = falcon.command("QueryQuarantineFiles", parameters=PARAMS)
print(response)Apply quarantine file actions by query.
update_quarantined_detects_by_query
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | body | body | string |
from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.update_quarantined_detects_by_query(body=BODY)
print(response)from falconpy.quarantine import Quarantine
falcon = Quarantine(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.UpdateQfByQuery(body=BODY)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.command("UpdateQfByQuery", body=BODY)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
