CrowdStrike Cloud Security Integration Guide

Overview

The CrowdStrike Cloud Security integration allows your NINA workflows to connect with CrowdStrike Falcon platform for multi-cloud protection and cloud security posture management (cspm). This integration enables automated security operations, threat detection, and incident response directly from your automation platform.

Capabilities

This integration provides access to 15 resources with 204 operations covering:

A S P M: Operations for A S P M
Cloud Aws Registration: Operations for Cloud Aws Registration
Cloud Azure Registration: Operations for Cloud Azure Registration
Cloud Connect Aws: Operations for Cloud Connect Aws
Cloud Oci Registration: Operations for Cloud Oci Registration
Cloud Policies: Operations for Cloud Policies
Cloud Security: Operations for Cloud Security
Cloud Security Assets: Operations for Cloud Security Assets
Cloud Security Compliance: Operations for Cloud Security Compliance
Cloud Security Detections: Operations for Cloud Security Detections
Cloud Snapshots: Operations for Cloud Snapshots
Cspg Iacapi: Operations for Cspg Iacapi
Cspm Registration: Operations for Cspm Registration
D4C Registration: Operations for D4C Registration
Saas Security: Operations for Saas Security

Credential Configuration

Before using the CrowdStrike Cloud Security integration in your workflows, you need to configure credentials for authentication.

Authentication Method

CrowdStrike Falcon uses OAuth2 Client Credentials authentication. This is a server-to-server authentication flow where you provide a Client ID and Client Secret, and the integration automatically handles token acquisition and refresh.

Field	Description	Required
Client ID	Your CrowdStrike API Client ID	Yes
Client Secret	Your CrowdStrike API Client Secret	Yes
Base URL	CrowdStrike API endpoint for your cloud region	Yes

How It Works

You provide the Client ID and Client Secret when creating a credential
The integration exchanges these for an OAuth2 access token automatically
Tokens are refreshed automatically when they expire
No redirect URLs or user interaction required

CrowdStrike Cloud Regions

Select the Base URL that matches your CrowdStrike Falcon cloud region:

Cloud Region	Base URL	Description
US-1	`https://api.crowdstrike.com`	United States (default)
US-2	`https://api.us-2.crowdstrike.com`	United States (secondary)
EU-1	`https://api.eu-1.crowdstrike.com`	European Union
US-GOV-1	`https://api.laggar.gcw.crowdstrike.com`	US Government Cloud

How to Obtain API Credentials

Log in to the CrowdStrike Falcon Console
Navigate to Support and resources > API Clients and Keys
Click Add new API client
Configure the API client:
- Client Name: A descriptive name (e.g., "NINA Integration")
- Description: Purpose of this API client
- API Scopes: Select the permissions required for your use case (see Required Scopes below)
Click Add to create the client
Copy and securely store the Client ID and Client Secret immediately

Important: The Client Secret is only displayed once at creation time. If you lose it, you must create a new API client.

Required API Scopes

The API scopes required depend on which operations you plan to use. Common scopes include:

Scope	Permission	Use Case
Detections	Read/Write	View and manage detections
Hosts	Read/Write	Query and manage endpoints
Incidents	Read/Write	View and manage incidents
IOCs	Read/Write	Manage indicators of compromise
Prevention Policies	Read/Write	Manage prevention policies
Real Time Response	Read/Write	Execute RTR commands
Sensor Update Policies	Read/Write	Manage sensor updates

Refer to the CrowdStrike API documentation for a complete list of available scopes.

Creating a CrowdStrike Credential in NINA

Navigate to the Credentials section in NINA
Click Add New Credential
Fill in the credential details:
- Integration Service: Select "CrowdStrike Cloud Security"
- Client ID: Paste your CrowdStrike API Client ID
- Client Secret: Paste your CrowdStrike API Client Secret
- Base URL: Select your CrowdStrike cloud region URL
Click Test Connection to verify the credentials work
Click Save to store the credential securely

Note: All CrowdStrike integrations (EDR, Intel, Platform, etc.) share the same credential. You only need to create one credential to use across all CrowdStrike modules.

Supported Resources

Resource	Description	Operations
A S P M	Operations for A S P M	54
Cloud Aws Registration	Operations for Cloud Aws Registration	5
Cloud Azure Registration	Operations for Cloud Azure Registration	7
Cloud Connect Aws	Operations for Cloud Connect Aws	9
Cloud Oci Registration	Operations for Cloud Oci Registration	7
Cloud Policies	Operations for Cloud Policies	22
Cloud Security	Operations for Cloud Security	6
Cloud Security Assets	Operations for Cloud Security Assets	3
Cloud Security Compliance	Operations for Cloud Security Compliance	2
Cloud Security Detections	Operations for Cloud Security Detections	2
Cloud Snapshots	Operations for Cloud Snapshots	6
Cspg Iacapi	Operations for Cspg Iacapi	2
Cspm Registration	Operations for Cspm Registration	38
D4C Registration	Operations for D4C Registration	20
Saas Security	Operations for Saas Security	21

Resource Details

A S P M

Operations for A S P M

Operations

Operation	Name	Description
`create_executor_node`	Create Executor Node	SDK: a_s_p_m.CreateExecutorNode
`create_integration`	Create Integration	SDK: a_s_p_m.CreateIntegration
`create_integration_task`	Create Integration Task	SDK: a_s_p_m.CreateIntegrationTask
`delete_executor_node`	Delete Executor Node	SDK: a_s_p_m.DeleteExecutorNode
`delete_group_id09`	Delete Group Id09	SDK: a_s_p_m.DeleteGroupID09
`delete_integration`	Delete Integration	SDK: a_s_p_m.DeleteIntegration
`delete_integration_task`	Delete Integration Task	SDK: a_s_p_m.DeleteIntegrationTask
`delete_tags`	Delete Tags	SDK: a_s_p_m.DeleteTags
`execute_function_data`	Execute Function Data	SDK: a_s_p_m.ExecuteFunctionData
`execute_function_data_count`	Execute Function Data Count	SDK: a_s_p_m.ExecuteFunctionDataCount
`execute_functions`	Execute Functions	SDK: a_s_p_m.ExecuteFunctions
`execute_functions_count`	Execute Functions Count	SDK: a_s_p_m.ExecuteFunctionsCount
`execute_functions_overtime`	Execute Functions Overtime	SDK: a_s_p_m.ExecuteFunctionsOvertime
`get_cloud_security_integration_state`	Get Cloud Security Integration State	SDK: a_s_p_m.GetCloudSecurityIntegrationState
`get_cspminventory_baservices`	Get Cspminventory Baservices	SDK: a_s_p_m.GetCSPMInventoryBAServices
`get_cspminventory_service_details`	Get Cspminventory Service Details	SDK: a_s_p_m.GetCSPMInventoryServiceDetails
`get_executor_nodes`	Get Executor Nodes	SDK: a_s_p_m.GetExecutorNodes
`get_executor_nodes_id09instances_csv`	Get Executor Nodes Id09Instances Csv	SDK: a_s_p_m.GetExecutorNodesID09InstancesCsv
`get_executor_nodes_metadata`	Get Executor Nodes Metadata	SDK: a_s_p_m.GetExecutorNodesMetadata
`get_group_id09v2`	Get Group Id09V2	SDK: a_s_p_m.GetGroupID09V2
`get_groups_hier_v2`	Get Groups Hier V2	SDK: a_s_p_m.GetGroupsHierV2
`get_groups_list_v2`	Get Groups List V2	SDK: a_s_p_m.GetGroupsListV2
`get_integration_tasks`	Get Integration Tasks	SDK: a_s_p_m.GetIntegrationTasks
`get_integration_tasks_admin`	Get Integration Tasks Admin	SDK: a_s_p_m.GetIntegrationTasksAdmin
`get_integration_tasks_metadata`	Get Integration Tasks Metadata	SDK: a_s_p_m.GetIntegrationTasksMetadata
`get_integration_tasks_v2`	Get Integration Tasks V2	SDK: a_s_p_m.GetIntegrationTasksV2
`get_integration_types`	Get Integration Types	SDK: a_s_p_m.GetIntegrationTypes
`get_integrations`	Get Integrations	SDK: a_s_p_m.GetIntegrations
`get_integrations_v2`	Get Integrations V2	SDK: a_s_p_m.GetIntegrationsV2
`get_service_artifacts`	Get Service Artifacts	SDK: a_s_p_m.GetServiceArtifacts
`get_service_violation_types`	Get Service Violation Types	SDK: a_s_p_m.GetServiceViolationTypes
`get_services_count`	Get Services Count	SDK: a_s_p_m.GetServicesCount
`get_tags`	Get Tags	SDK: a_s_p_m.GetTags
`get_users_v2`	Get Users V2	SDK: a_s_p_m.GetUsersV2
`list_execute`	List Execute	SDK: a_s_p_m.ExecuteQuery
`list_execute_function_data`	List Execute Function Data	SDK: a_s_p_m.ExecuteFunctionDataQuery
`list_execute_function_data_count`	List Execute Function Data Count	SDK: a_s_p_m.ExecuteFunctionDataQueryCount
`list_execute_functions`	List Execute Functions	SDK: a_s_p_m.ExecuteFunctionsQuery
`list_execute_functions_count`	List Execute Functions Count	SDK: a_s_p_m.ExecuteFunctionsQueryCount
`list_execute_functions_overtime`	List Execute Functions Overtime	SDK: a_s_p_m.ExecuteFunctionsQueryOvertime
`post_group_id09update_default`	Post Group Id09Update Default	SDK: a_s_p_m.PostGroupID09UpdateDefault
`post_group_id09v2`	Post Group Id09V2	SDK: a_s_p_m.PostGroupID09V2
`post_group_v2`	Post Group V2	SDK: a_s_p_m.PostGroupV2
`run_integration_task`	Run Integration Task	SDK: a_s_p_m.RunIntegrationTask
`run_integration_task_admin`	Run Integration Task Admin	SDK: a_s_p_m.RunIntegrationTaskAdmin
`run_integration_task_v2`	Run Integration Task V2	SDK: a_s_p_m.RunIntegrationTaskV2
`service_now_get_deployments`	Service Now Get Deployments	SDK: a_s_p_m.ServiceNowGetDeployments
`service_now_get_services`	Service Now Get Services	SDK: a_s_p_m.ServiceNowGetServices
`set_cloud_security_integration_state`	Set Cloud Security Integration State	SDK: a_s_p_m.SetCloudSecurityIntegrationState
`update_executor_node`	Update Executor Node	SDK: a_s_p_m.UpdateExecutorNode
`update_integration`	Update Integration	SDK: a_s_p_m.UpdateIntegration
`update_integration_task`	Update Integration Task	SDK: a_s_p_m.UpdateIntegrationTask
`upsert_business_applications`	Upsert Business Applications	SDK: a_s_p_m.UpsertBusinessApplications
`upsert_tags`	Upsert Tags	SDK: a_s_p_m.UpsertTags

Create Executor Node

SDK: a_s_p_m.CreateExecutorNode

Parameters:

Name	Type	Required	Description
`additional_header`	string	No	additional header. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`current_aws_arn`	string	No	current aws arn. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`dashboard_url`	string	No	dashboard url. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	No
`last_health_check`	number	No	last health check. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`name`	string	No	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`node_type`	string	No	node type. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`password`	string	No	password. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`pod_settings`	object	No	pod settings. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`proxy_address`	string	No	proxy address. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`status`	object	No	status. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`type`	string	No	type. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`useJobs`	boolean	No	use jobs
`username`	string	No	username. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "additional_header": "<additional_header>",
  "current_aws_arn": "<current_aws_arn>",
  "dashboard_url": "<dashboard_url>",
  "id": "<id>",
  "last_health_check": 10,
  "name": "<name>",
  "node_type": "<node_type>",
  "password": "<password>",
  "pod_settings": {},
  "proxy_address": "<proxy_address>",
  "status": {},
  "type": "<type>",
  "useJobs": true,
  "username": "<username>"
}

Create Integration

SDK: a_s_p_m.CreateIntegration

Parameters:

Name	Type	Required	Description
`integration`	object	No	integration. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "integration": {}
}

Create Integration Task

SDK: a_s_p_m.CreateIntegrationTask

Parameters:

Name	Type	Required	Description
`integration_task`	object	No	integration task. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "integration_task": {}
}

Delete Executor Node

SDK: a_s_p_m.DeleteExecutorNode

Parameters:

Name	Type	Required	Description
`id`	number	No	ID.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "id": 10
}

Delete Group Id09

SDK: a_s_p_m.DeleteGroupID09

Parameters:

Name	Type	Required	Description
`id`	number	No	Group ID

Example:

{
  "id": 10
}

Delete Integration

SDK: a_s_p_m.DeleteIntegration

Parameters:

Name	Type	Required	Description
`id`	number	No	ID.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "id": 10
}

Delete Integration Task

SDK: a_s_p_m.DeleteIntegrationTask

Parameters:

Name	Type	Required	Description
`id`	number	No	ID.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "id": 10
}

Delete Tags

SDK: a_s_p_m.DeleteTags

Parameters:

Name	Type	Required	Description
`entries`	object	Yes	entries. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "entries": {},
  "name": "<name>"
}

Execute Function Data

SDK: a_s_p_m.ExecuteFunctionData

Parameters:

Name	Type	Required	Description
`field`	string	No	Field.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "field": "<field>"
}

Execute Function Data Count

SDK: a_s_p_m.ExecuteFunctionDataCount

Parameters:

Name	Type	Required	Description
`aws_lambda_arn`	string	No	required for 'aws' cloud provider
`azure_function_app_name`	string	No	required for 'azure' cloud provider
`azure_site_resource_group`	string	No	required for 'azure' cloud provider
`azure_site_subscription_id`	string	No	required for 'azure' cloud provider
`cloud_provider`	string	No	CloudProvider.
`gcp_cloud_function_url`	string	No	required for 'gcp' cloud provider
`query_name`	string	No	QueryName.

Example:

{
  "aws_lambda_arn": "<aws_lambda_arn>",
  "azure_function_app_name": "<azure_function_app_name>",
  "azure_site_resource_group": "<azure_site_resource_group>",
  "azure_site_subscription_id": "<azure_site_subscription_id>",
  "cloud_provider": "<cloud_provider>",
  "gcp_cloud_function_url": "<gcp_cloud_function_url>",
  "query_name": "<query_name>"
}

Execute Functions

SDK: a_s_p_m.ExecuteFunctions

Parameters:

Name	Type	Required	Description
`field`	string	No	Field.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "field": "<field>"
}

Execute Functions Count

SDK: a_s_p_m.ExecuteFunctionsCount

Parameters:

Name	Type	Required	Description
`cid`	array	No	required for 'azure' cloud provider
`cloud_account_id`	array	No	required for 'aws' cloud provider
`cloud_provider`	array	No	CloudProvider.
`query_name`	string	No	QueryName.
`region`	array	No	required for 'gcp' cloud provider

Example:

{
  "cid": ["<cid>"],
  "cloud_account_id": ["<cloud_account_id>"],
  "cloud_provider": ["<cloud_provider>"],
  "query_name": "<query_name>",
  "region": ["<region>"]
}

Execute Functions Overtime

SDK: a_s_p_m.ExecuteFunctionsOvertime

Parameters:

Name	Type	Required	Description
`field`	string	No	Field.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "field": "<field>"
}

Get Cloud Security Integration State

SDK: a_s_p_m.GetCloudSecurityIntegrationState

This operation has no parameters.

Example:

{
}

Get Cspminventory Baservices

SDK: a_s_p_m.GetCSPMInventoryBAServices

Parameters:

Name	Type	Required	Description
`business_application_name`	string	No	Business application name
`limit`	number	No	Pagination limit
`offset`	number	No	Pagination offset

Example:

{
  "business_application_name": "<business_application_name>",
  "limit": 10,
  "offset": 10
}

Get Cspminventory Service Details

SDK: a_s_p_m.GetCSPMInventoryServiceDetails

Parameters:

Name	Type	Required	Description
`persistent_signature`	string	No	Service signature

Example:

{
  "persistent_signature": "<persistent_signature>"
}

Get Executor Nodes

SDK: a_s_p_m.GetExecutorNodes

Parameters:

Name	Type	Required	Description
`direction`	string	No	Direction.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`executor_node_ids`	array	No	executor node ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`executor_node_names`	array	No	executor node names. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/op...
`executor_node_states`	array	No	executor node states
`executor_node_types`	array	No	executor node types. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/op...
`integration_type`	number	No	IntegrationType.
`limit`	number	No	Limit.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`node_type`	string	No	NodeType.
`offset`	number	No	Offset.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`order_by`	string	No	OrderBy.

Example:

{
  "direction": "<direction>",
  "executor_node_ids": ["<executor_node_ids>"],
  "executor_node_names": ["<executor_node_names>"],
  "executor_node_states": ["<executor_node_states>"],
  "executor_node_types": ["<executor_node_types>"],
  "integration_type": 10,
  "limit": 10,
  "node_type": "<node_type>",
  "offset": 10,
  "order_by": "<order_by>"
}

Get Executor Nodes Id09Instances Csv

SDK: a_s_p_m.GetExecutorNodesID09InstancesCsv

Parameters:

Name	Type	Required	Description
`additional_header`	string	No	additional header. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`current_aws_arn`	string	No	current aws arn. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`dashboard_url`	string	No	dashboard url. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	No
`last_health_check`	number	No	last health check. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`name`	string	No	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`node_type`	string	No	node type. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`password`	string	No	password. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`pod_settings`	object	No	pod settings. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`proxy_address`	string	No	proxy address. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`status`	object	No	status. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`type`	string	No	type. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`useJobs`	boolean	No	use jobs
`username`	string	No	username. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "additional_header": "<additional_header>",
  "current_aws_arn": "<current_aws_arn>",
  "dashboard_url": "<dashboard_url>",
  "id": "<id>",
  "last_health_check": 10,
  "name": "<name>",
  "node_type": "<node_type>",
  "password": "<password>",
  "pod_settings": {},
  "proxy_address": "<proxy_address>",
  "status": {},
  "type": "<type>",
  "useJobs": true,
  "username": "<username>"
}

Get Executor Nodes Metadata

SDK: a_s_p_m.GetExecutorNodesMetadata

Parameters:

Name	Type	Required	Description
`executor_node_ids`	array	No	executor node ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`executor_node_names`	array	No	executor node names. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/op...
`executor_node_states`	array	No	executor node states
`executor_node_types`	array	No	executor node types. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/op...

Example:

{
  "executor_node_ids": ["<executor_node_ids>"],
  "executor_node_names": ["<executor_node_names>"],
  "executor_node_states": ["<executor_node_states>"],
  "executor_node_types": ["<executor_node_types>"]
}

Get Group Id09V2

SDK: a_s_p_m.GetGroupID09V2

Parameters:

Name	Type	Required	Description
`id`	number	No	Group ID

Example:

{
  "id": 10
}

Get Groups Hier V2

SDK: a_s_p_m.GetGroupsHierV2

This operation has no parameters.

Example:

{
}

Get Groups List V2

SDK: a_s_p_m.GetGroupsListV2

Parameters:

Name	Type	Required	Description
`type`	string	No	Group types to query - can either be empty (all), parents, children

Example:

{
  "type": "<type>"
}

Get Integration Tasks

SDK: a_s_p_m.GetIntegrationTasks

Parameters:

Name	Type	Required	Description
`category`	string	No	Category.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`direction`	string	No	Direction.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`ids`	number	No	Ids.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`integration_task_type`	number	No	IntegrationTaskType.
`integration_task_types`	number	No	IntegrationTaskTypes.
`limit`	number	No	Limit.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`names`	string	No	Names.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`offset`	number	No	Offset.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`order_by`	string	No	OrderBy.

Example:

{
  "category": "<category>",
  "direction": "<direction>",
  "ids": 10,
  "integration_task_type": 10,
  "integration_task_types": 10,
  "limit": 10,
  "names": "<names>",
  "offset": 10,
  "order_by": "<order_by>"
}

Get Integration Tasks Admin

SDK: a_s_p_m.GetIntegrationTasksAdmin

Parameters:

Name	Type	Required	Description
`category`	string	No	Category.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`direction`	string	No	Direction.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`ids`	number	No	Ids.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`integration_task_type`	number	No	IntegrationTaskType.
`integration_task_types`	number	No	IntegrationTaskTypes.
`limit`	number	No	Limit.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`names`	string	No	Names.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`offset`	number	No	Offset.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`order_by`	string	No	OrderBy.

Example:

{
  "category": "<category>",
  "direction": "<direction>",
  "ids": 10,
  "integration_task_type": 10,
  "integration_task_types": 10,
  "limit": 10,
  "names": "<names>",
  "offset": 10,
  "order_by": "<order_by>"
}

Get Integration Tasks Metadata

SDK: a_s_p_m.GetIntegrationTasksMetadata

Parameters:

Name	Type	Required	Description
`category`	string	No	Category.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`ids`	number	No	Ids.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`integration_task_types`	number	No	IntegrationTaskTypes.
`names`	string	No	Names.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "category": "<category>",
  "ids": 10,
  "integration_task_types": 10,
  "names": "<names>"
}

Get Integration Tasks V2

SDK: a_s_p_m.GetIntegrationTasksV2

Parameters:

Name	Type	Required	Description
`category`	string	No	Category.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`direction`	string	No	Direction.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`ids`	number	No	Ids.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`integration_task_type`	number	No	IntegrationTaskType.
`integration_task_types`	number	No	IntegrationTaskTypes.
`limit`	number	No	Limit.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`names`	string	No	Names.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`offset`	number	No	Offset.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`order_by`	string	No	OrderBy.

Example:

{
  "category": "<category>",
  "direction": "<direction>",
  "ids": 10,
  "integration_task_type": 10,
  "integration_task_types": 10,
  "limit": 10,
  "names": "<names>",
  "offset": 10,
  "order_by": "<order_by>"
}

Get Integration Types

SDK: a_s_p_m.GetIntegrationTypes

This operation has no parameters.

Example:

{
}

Get Integrations

SDK: a_s_p_m.GetIntegrations

Parameters:

Name	Type	Required	Description
`category`	string	No	Category.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`integration_type`	number	No	IntegrationType.

Example:

{
  "category": "<category>",
  "integration_type": 10
}

Get Integrations V2

SDK: a_s_p_m.GetIntegrationsV2

Parameters:

Name	Type	Required	Description
`category`	string	No	Category.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`integration_type`	number	No	IntegrationType.

Example:

{
  "category": "<category>",
  "integration_type": 10
}

Get Service Artifacts

SDK: a_s_p_m.GetServiceArtifacts

Parameters:

Name	Type	Required	Description
`direction`	string	No	Direction.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`limit`	number	No	Limit.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`offset`	number	No	Offset.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`optional_time`	number	No	OptionalTime.
`order_by`	array	No	OrderBy.
`persistent_signature`	string	No	PersistentSignature.
`revision_id`	number	No	RevisionID.

Example:

{
  "direction": "<direction>",
  "limit": 10,
  "offset": 10,
  "optional_time": 10,
  "order_by": ["<order_by>"],
  "persistent_signature": "<persistent_signature>",
  "revision_id": 10
}

Get Service Violation Types

SDK: a_s_p_m.GetServiceViolationTypes

Parameters:

Name	Type	Required	Description
`filter`	object	No	filter. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`optionalTime`	number	No	optional time
`revisionId`	number	No	revision Id

Example:

{
  "filter": {},
  "optionalTime": 10,
  "revisionId": 10
}

Get Services Count

SDK: a_s_p_m.GetServicesCount

Parameters:

Name	Type	Required	Description
`cids`	array	Yes	cids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`deploymentTupleFilters`	object	Yes	deployment tuple filters
`nestingLevel`	number	No	nesting level
`onlyCount`	boolean	No	only count
`optionalTime`	number	No	optional time
`pagination`	object	No	pagination. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`persistentSignatures`	array	Yes	persistent signatures
`qlFilters`	string	No	ql filters
`relatedEntities`	object	Yes	related entities
`revisionId`	number	No	revision Id
`rolesSignature`	string	No	roles signature

Example:

{
  "cids": ["<cids>"],
  "deploymentTupleFilters": {},
  "nestingLevel": 10,
  "onlyCount": true,
  "optionalTime": 10,
  "pagination": {},
  "persistentSignatures": ["<persistentSignatures>"],
  "qlFilters": "<qlFilters>",
  "relatedEntities": {},
  "revisionId": 10,
  "rolesSignature": "<rolesSignature>"
}

Get Tags

SDK: a_s_p_m.GetTags

Parameters:

Name	Type	Required	Description
`is_unique`	boolean	No	IsUnique.
`limit`	number	No	Limit.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	array	No	Name.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`offset`	number	No	Offset.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`tag_name`	string	No	TagName.

Example:

{
  "is_unique": true,
  "limit": 10,
  "name": ["<name>"],
  "offset": 10,
  "tag_name": "<tag_name>"
}

Get Users V2

SDK: a_s_p_m.GetUsersV2

Parameters:

Name	Type	Required	Description
`pagination`	string	No	URL encoded pagination JSON - limit, offset, direction, orderBy

Example:

{
  "pagination": "<pagination>"
}

List Execute

SDK: a_s_p_m.ExecuteQuery

Parameters:

Name	Type	Required	Description
`paginate`	object	No	paginate. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`query`	string	Yes	query. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`revisionId`	number	No	revision Id
`selectFields`	object	No	select fields
`timestamp`	number	No	timestamp. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "paginate": {},
  "query": "<query>",
  "revisionId": 10,
  "selectFields": {},
  "timestamp": 10
}

List Execute Function Data

SDK: a_s_p_m.ExecuteFunctionDataQuery

Parameters:

Name	Type	Required	Description
`field`	string	No	Field.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "field": "<field>"
}

List Execute Function Data Count

SDK: a_s_p_m.ExecuteFunctionDataQueryCount

Parameters:

Name	Type	Required	Description
`field`	string	No	Field.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "field": "<field>"
}

List Execute Functions

SDK: a_s_p_m.ExecuteFunctionsQuery

Parameters:

Name	Type	Required	Description
`field`	string	No	Field.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "field": "<field>"
}

List Execute Functions Count

SDK: a_s_p_m.ExecuteFunctionsQueryCount

Parameters:

Name	Type	Required	Description
`field`	string	No	Field.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "field": "<field>"
}

List Execute Functions Overtime

SDK: a_s_p_m.ExecuteFunctionsQueryOvertime

Parameters:

Name	Type	Required	Description
`field`	string	No	Field.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "field": "<field>"
}

Post Group Id09Update Default

SDK: a_s_p_m.PostGroupID09UpdateDefault

Parameters:

Name	Type	Required	Description
`id`	number	No	Group ID

Example:

{
  "id": 10
}

Post Group Id09V2

SDK: a_s_p_m.PostGroupID09V2

Parameters:

Name	Type	Required	Description
`children`	array	Yes	children. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	No	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`groupId`	number	No	group Id
`groupType`	string	No	group type
`isDefault`	boolean	No	is default
`name`	string	No	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`parentId`	number	No	parent Id
`scope`	string	No	scope. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "children": ["<children>"],
  "description": "<description>",
  "groupId": 10,
  "groupType": "<groupType>",
  "isDefault": true,
  "name": "<name>",
  "parentId": 10,
  "scope": "<scope>"
}

Post Group V2

SDK: a_s_p_m.PostGroupV2

Parameters:

Name	Type	Required	Description
`children`	array	Yes	children. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	No	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`groupType`	string	No	group type
`isDefault`	boolean	No	is default
`name`	string	No	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`parentId`	number	No	parent Id
`scope`	string	No	scope. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "children": ["<children>"],
  "description": "<description>",
  "groupType": "<groupType>",
  "isDefault": true,
  "name": "<name>",
  "parentId": 10,
  "scope": "<scope>"
}

Run Integration Task

SDK: a_s_p_m.RunIntegrationTask

Parameters:

Name	Type	Required	Description
`access_token`	string	No	access token. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`category`	string	No	category. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`data`	string	No	data. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`override`	boolean	No	override. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`scheduled`	boolean	No	scheduled. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`task_id`	number	No	task id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "access_token": "<access_token>",
  "category": "<category>",
  "data": "<data>",
  "override": true,
  "scheduled": true,
  "task_id": 10
}

Run Integration Task Admin

SDK: a_s_p_m.RunIntegrationTaskAdmin

Parameters:

Name	Type	Required	Description
`access_token`	string	No	access token. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`category`	string	No	category. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`data`	string	No	data. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`override`	boolean	No	override. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`scheduled`	boolean	No	scheduled. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`task_id`	number	No	task id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "access_token": "<access_token>",
  "category": "<category>",
  "data": "<data>",
  "override": true,
  "scheduled": true,
  "task_id": 10
}

Run Integration Task V2

SDK: a_s_p_m.RunIntegrationTaskV2

Parameters:

Name	Type	Required	Description
`access_token`	string	No	access token. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`category`	string	No	category. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`data`	string	No	data. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`override`	boolean	No	override. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`scheduled`	boolean	No	scheduled. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`task_id`	number	No	task id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "access_token": "<access_token>",
  "category": "<category>",
  "data": "<data>",
  "override": true,
  "scheduled": true,
  "task_id": 10
}

Service Now Get Deployments

SDK: a_s_p_m.ServiceNowGetDeployments

Parameters:

Name	Type	Required	Description
`direction`	string	No	Direction.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`limit`	number	No	Limit.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`offset`	number	No	Offset.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`order_by`	string	No	OrderBy.
`ql_filters`	string	No	QlFilters.

Example:

{
  "direction": "<direction>",
  "limit": 10,
  "offset": 10,
  "order_by": "<order_by>",
  "ql_filters": "<ql_filters>"
}

Service Now Get Services

SDK: a_s_p_m.ServiceNowGetServices

Parameters:

Name	Type	Required	Description
`direction`	string	No	Direction.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`exclude_artifacts`	boolean	No	ExcludeArtifacts.
`limit`	number	No	Limit.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`offset`	number	No	Offset.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`order_by`	string	No	OrderBy.
`ql_filters`	string	No	QlFilters.

Example:

{
  "direction": "<direction>",
  "exclude_artifacts": true,
  "limit": 10,
  "offset": 10,
  "order_by": "<order_by>",
  "ql_filters": "<ql_filters>"
}

Set Cloud Security Integration State

SDK: a_s_p_m.SetCloudSecurityIntegrationState

Parameters:

Name	Type	Required	Description
`isEnabled`	boolean	Yes	is enabled

Example:

{
  "isEnabled": true
}

Update Executor Node

SDK: a_s_p_m.UpdateExecutorNode

Parameters:

Name	Type	Required	Description
`additional_header`	string	No	additional header. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`current_aws_arn`	string	No	current aws arn. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`dashboard_url`	string	No	dashboard url. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	No
`last_health_check`	number	No	last health check. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`name`	string	No	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`node_type`	string	No	node type. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`password`	string	No	password. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`pod_settings`	object	No	pod settings. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`proxy_address`	string	No	proxy address. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`status`	object	No	status. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`type`	string	No	type. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`useJobs`	boolean	No	use jobs
`username`	string	No	username. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "additional_header": "<additional_header>",
  "current_aws_arn": "<current_aws_arn>",
  "dashboard_url": "<dashboard_url>",
  "id": "<id>",
  "last_health_check": 10,
  "name": "<name>",
  "node_type": "<node_type>",
  "password": "<password>",
  "pod_settings": {},
  "proxy_address": "<proxy_address>",
  "status": {},
  "type": "<type>",
  "useJobs": true,
  "username": "<username>"
}

Update Integration

SDK: a_s_p_m.UpdateIntegration

Parameters:

Name	Type	Required	Description
`integration`	object	No	integration. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`overwriteFields`	array	Yes	overwrite fields

Example:

{
  "integration": {},
  "overwriteFields": ["<overwriteFields>"]
}

Update Integration Task

SDK: a_s_p_m.UpdateIntegrationTask

Parameters:

Name	Type	Required	Description
`integration_task`	object	No	integration task. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "integration_task": {}
}

Upsert Business Applications

SDK: a_s_p_m.UpsertBusinessApplications

Parameters:

Name	Type	Required	Description
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`persistentSignatures`	array	Yes	persistent signatures

Example:

{
  "name": "<name>",
  "persistentSignatures": ["<persistentSignatures>"]
}

Upsert Tags

SDK: a_s_p_m.UpsertTags

Parameters:

Name	Type	Required	Description
`entries`	object	Yes	entries. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "entries": {}
}

Cloud Aws Registration

Operations for Cloud Aws Registration

Operations

Operation	Name	Description
`cloud_registration_aws_create_account`	Cloud Registration Aws Create Account	SDK: cloud_aws_registration.CloudRegistrationAwsCreateAccount
`cloud_registration_aws_delete_account`	Cloud Registration Aws Delete Account	SDK: cloud_aws_registration.CloudRegistrationAwsDeleteAccount
`cloud_registration_aws_get_accounts`	Cloud Registration Aws Get Accounts	SDK: cloud_aws_registration.CloudRegistrationAwsGetAccounts
`cloud_registration_aws_update_account`	Cloud Registration Aws Update Account	SDK: cloud_aws_registration.CloudRegistrationAwsUpdateAccount
`list_cloud_registration_aws_accounts`	List Cloud Registration Aws Accounts	SDK: cloud_aws_registration.CloudRegistrationAwsQueryAccounts

Cloud Registration Aws Create Account

SDK: cloud_aws_registration.CloudRegistrationAwsCreateAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Cloud Registration Aws Delete Account

SDK: cloud_aws_registration.CloudRegistrationAwsDeleteAccount

Parameters:

Name	Type	Required	Description
`ids`	array	No	AWS account IDs to remove
`organization_ids`	array	No	AWS organization IDs to remove

Example:

{
  "ids": ["<ids>"],
  "organization_ids": ["<organization_ids>"]
}

Cloud Registration Aws Get Accounts

SDK: cloud_aws_registration.CloudRegistrationAwsGetAccounts

Parameters:

Name	Type	Required	Description
`ids`	array	No	AWS account IDs to filter

Example:

{
  "ids": ["<ids>"]
}

Cloud Registration Aws Update Account

SDK: cloud_aws_registration.CloudRegistrationAwsUpdateAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

List Cloud Registration Aws Accounts

SDK: cloud_aws_registration.CloudRegistrationAwsQueryAccounts

Parameters:

Name	Type	Required	Description
`account_status`	string	No	Account status to filter results by.
`features`	array	No	Features registered for an account
`group_by`	string	No	Field to group by.
`limit`	number	No	The maximum number of items to return. When not specified or 0, 100 is used. When larger than 500...
`offset`	number	No	The offset to start retrieving records from.
`organization_ids`	array	No	Organization IDs used to filter accounts
`products`	array	No	Products registered for an account

Example:

{
  "account_status": "<account_status>",
  "features": ["<features>"],
  "group_by": "<group_by>",
  "limit": 10,
  "offset": 10,
  "organization_ids": ["<organization_ids>"],
  "products": ["<products>"]
}

Cloud Azure Registration

Operations for Cloud Azure Registration

Operations

Operation	Name	Description
`cloud_registration_azure_create_registration`	Cloud Registration Azure Create Registration	SDK: cloud_azure_registration.CloudRegistrationAzureCreateRegistration
`cloud_registration_azure_delete_registration`	Cloud Registration Azure Delete Registration	SDK: cloud_azure_registration.CloudRegistrationAzureDeleteRegistration
`cloud_registration_azure_download_script`	Cloud Registration Azure Download Script	SDK: cloud_azure_registration.CloudRegistrationAzureDownloadScript
`cloud_registration_azure_get_registration`	Cloud Registration Azure Get Registration	SDK: cloud_azure_registration.CloudRegistrationAzureGetRegistration
`cloud_registration_azure_trigger_health_check`	Cloud Registration Azure Trigger Health Check	SDK: cloud_azure_registration.CloudRegistrationAzureTriggerHealthCheck
`cloud_registration_azure_update_registration`	Cloud Registration Azure Update Registration	SDK: cloud_azure_registration.CloudRegistrationAzureUpdateRegistration
`download_azure_script`	Download Azure Script	SDK: cloud_azure_registration.DownloadAzureScript

Cloud Registration Azure Create Registration

SDK: cloud_azure_registration.CloudRegistrationAzureCreateRegistration

Parameters:

Name	Type	Required	Description
`resource`	object	Yes	resource. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "resource": {}
}

Cloud Registration Azure Delete Registration

SDK: cloud_azure_registration.CloudRegistrationAzureDeleteRegistration

Parameters:

Name	Type	Required	Description
`tenant_ids`	array	No	Azure tenant IDs

Example:

{
  "tenant_ids": ["<tenant_ids>"]
}

Cloud Registration Azure Download Script

SDK: cloud_azure_registration.CloudRegistrationAzureDownloadScript

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Cloud Registration Azure Get Registration

SDK: cloud_azure_registration.CloudRegistrationAzureGetRegistration

Parameters:

Name	Type	Required	Description
`tenant_id`	string	No	Tenant ID. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "tenant_id": "<tenant_id>"
}

Cloud Registration Azure Trigger Health Check

SDK: cloud_azure_registration.CloudRegistrationAzureTriggerHealthCheck

Parameters:

Name	Type	Required	Description
`tenant_ids`	array	No	Azure tenant IDs

Example:

{
  "tenant_ids": ["<tenant_ids>"]
}

Cloud Registration Azure Update Registration

SDK: cloud_azure_registration.CloudRegistrationAzureUpdateRegistration

Parameters:

Name	Type	Required	Description
`resource`	object	Yes	resource. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "resource": {}
}

Download Azure Script

SDK: cloud_azure_registration.DownloadAzureScript

Parameters:

Name	Type	Required	Description
`tenant_id`	string	No	Azure tenant ID

Example:

{
  "tenant_id": "<tenant_id>"
}

Cloud Connect Aws

Operations for Cloud Connect Aws

Operations

Operation	Name	Description
`create_or_update_awssettings`	Create Or Update Awssettings	SDK: cloud_connect_aws.CreateOrUpdateAWSSettings
`delete_awsaccounts`	Delete Awsaccounts	SDK: cloud_connect_aws.DeleteAWSAccounts
`get_awsaccounts`	Get Awsaccounts	SDK: cloud_connect_aws.GetAWSAccounts
`get_awssettings`	Get Awssettings	SDK: cloud_connect_aws.GetAWSSettings
`list_awsaccounts`	List Awsaccounts	SDK: cloud_connect_aws.QueryAWSAccounts
`list_awsaccounts_for_ids`	List Awsaccounts For Ids	SDK: cloud_connect_aws.QueryAWSAccountsForIDs
`provision_awsaccounts`	Provision Awsaccounts	SDK: cloud_connect_aws.ProvisionAWSAccounts
`update_awsaccounts`	Update Awsaccounts	SDK: cloud_connect_aws.UpdateAWSAccounts
`verify_awsaccount_access`	Verify Awsaccount Access	SDK: cloud_connect_aws.VerifyAWSAccountAccess

Create Or Update Awssettings

SDK: cloud_connect_aws.CreateOrUpdateAWSSettings

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Delete Awsaccounts

SDK: cloud_connect_aws.DeleteAWSAccounts

Parameters:

Name	Type	Required	Description
`ids`	array	No	IDs of accounts to remove

Example:

{
  "ids": ["<ids>"]
}

Get Awsaccounts

SDK: cloud_connect_aws.GetAWSAccounts

Parameters:

Name	Type	Required	Description
`ids`	array	No	IDs of accounts to retrieve details

Example:

{
  "ids": ["<ids>"]
}

Get Awssettings

SDK: cloud_connect_aws.GetAWSSettings

This operation has no parameters.

Example:

{
}

List Awsaccounts

SDK: cloud_connect_aws.QueryAWSAccounts

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-1000]. Defaults to 100. Default: 100
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by (e.g. alias.desc or state.asc)

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Awsaccounts For Ids

SDK: cloud_connect_aws.QueryAWSAccountsForIDs

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-1000]. Defaults to 100. Default: 100
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by (e.g. alias.desc or state.asc)

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Provision Awsaccounts

SDK: cloud_connect_aws.ProvisionAWSAccounts

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Update Awsaccounts

SDK: cloud_connect_aws.UpdateAWSAccounts

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Verify Awsaccount Access

SDK: cloud_connect_aws.VerifyAWSAccountAccess

Parameters:

Name	Type	Required	Description
`ids`	array	No	IDs of accounts to verify access on

Example:

{
  "ids": ["<ids>"]
}

Cloud Oci Registration

Operations for Cloud Oci Registration

Operations

Operation	Name	Description
`cloud_security_registration_oci_create_account`	Cloud Security Registration Oci Create Account	SDK: cloud_oci_registration.CloudSecurityRegistrationOciCreateAccount
`cloud_security_registration_oci_delete_account`	Cloud Security Registration Oci Delete Account	SDK: cloud_oci_registration.CloudSecurityRegistrationOciDeleteAccount
`cloud_security_registration_oci_download_script`	Cloud Security Registration Oci Download Script	SDK: cloud_oci_registration.CloudSecurityRegistrationOciDownloadScript
`cloud_security_registration_oci_get_account`	Cloud Security Registration Oci Get Account	SDK: cloud_oci_registration.CloudSecurityRegistrationOciGetAccount
`cloud_security_registration_oci_rotate_key`	Cloud Security Registration Oci Rotate Key	SDK: cloud_oci_registration.CloudSecurityRegistrationOciRotateKey
`cloud_security_registration_oci_update_account`	Cloud Security Registration Oci Update Account	SDK: cloud_oci_registration.CloudSecurityRegistrationOciUpdateAccount
`cloud_security_registration_oci_validate_tenancy`	Cloud Security Registration Oci Validate Tenancy	SDK: cloud_oci_registration.CloudSecurityRegistrationOciValidateTenancy

Cloud Security Registration Oci Create Account

SDK: cloud_oci_registration.CloudSecurityRegistrationOciCreateAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Cloud Security Registration Oci Delete Account

SDK: cloud_oci_registration.CloudSecurityRegistrationOciDeleteAccount

Parameters:

Name	Type	Required	Description
`ids`	array	No	OCI tenancy ocids to remove

Example:

{
  "ids": ["<ids>"]
}

Cloud Security Registration Oci Download Script

SDK: cloud_oci_registration.CloudSecurityRegistrationOciDownloadScript

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Cloud Security Registration Oci Get Account

SDK: cloud_oci_registration.CloudSecurityRegistrationOciGetAccount

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL (Falcon Query Language) string for filtering results. Allowed filters are Set{tenancy_name, ...
`limit`	number	No	Maximum number of records to return (default: 100, max: 10000) Default: 100
`next_token`	string	No	Token for cursor-based pagination. Currently unsupported.
`offset`	number	No	Starting index of result
`sort`	string	No	Field and direction for sorting results - allowed sort fields are Set{updated_at, tenancy_ocid, ...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "next_token": "<next_token>",
  "offset": 10,
  "sort": "<sort>"
}

Cloud Security Registration Oci Rotate Key

SDK: cloud_oci_registration.CloudSecurityRegistrationOciRotateKey

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Cloud Security Registration Oci Update Account

SDK: cloud_oci_registration.CloudSecurityRegistrationOciUpdateAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Cloud Security Registration Oci Validate Tenancy

SDK: cloud_oci_registration.CloudSecurityRegistrationOciValidateTenancy

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Cloud Policies

Operations for Cloud Policies

Operations

Operation	Name	Description
`create_compliance_control`	Create Compliance Control	SDK: cloud_policies.CreateComplianceControl
`create_compliance_framework`	Create Compliance Framework	SDK: cloud_policies.CreateComplianceFramework
`create_rule_mixin0`	Create Rule Mixin0	SDK: cloud_policies.CreateRuleMixin0
`create_rule_override`	Create Rule Override	SDK: cloud_policies.CreateRuleOverride
`delete_compliance_control`	Delete Compliance Control	SDK: cloud_policies.DeleteComplianceControl
`delete_compliance_framework`	Delete Compliance Framework	SDK: cloud_policies.DeleteComplianceFramework
`delete_rule_mixin0`	Delete Rule Mixin0	SDK: cloud_policies.DeleteRuleMixin0
`delete_rule_override`	Delete Rule Override	SDK: cloud_policies.DeleteRuleOverride
`get_compliance_controls`	Get Compliance Controls	SDK: cloud_policies.GetComplianceControls
`get_compliance_frameworks`	Get Compliance Frameworks	SDK: cloud_policies.GetComplianceFrameworks
`get_evaluation_result`	Get Evaluation Result	SDK: cloud_policies.GetEvaluationResult
`get_rule`	Get Rule	SDK: cloud_policies.GetRule
`get_rule_override`	Get Rule Override	SDK: cloud_policies.GetRuleOverride
`list_compliance_controls`	List Compliance Controls	SDK: cloud_policies.QueryComplianceControls
`list_compliance_frameworks`	List Compliance Frameworks	SDK: cloud_policies.QueryComplianceFrameworks
`list_rule`	List Rule	SDK: cloud_policies.QueryRule
`rename_section_compliance_framework`	Rename Section Compliance Framework	SDK: cloud_policies.RenameSectionComplianceFramework
`replace_control_rules`	Replace Control Rules	SDK: cloud_policies.ReplaceControlRules
`update_compliance_control`	Update Compliance Control	SDK: cloud_policies.UpdateComplianceControl
`update_compliance_framework`	Update Compliance Framework	SDK: cloud_policies.UpdateComplianceFramework
`update_rule`	Update Rule	SDK: cloud_policies.UpdateRule
`update_rule_override`	Update Rule Override	SDK: cloud_policies.UpdateRuleOverride

Create Compliance Control

SDK: cloud_policies.CreateComplianceControl

Parameters:

Name	Type	Required	Description
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`framework_id`	string	Yes	framework id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`section_name`	string	Yes	section name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "description": "<description>",
  "framework_id": "<framework_id>",
  "name": "<name>",
  "section_name": "<section_name>"
}

Create Compliance Framework

SDK: cloud_policies.CreateComplianceFramework

Parameters:

Name	Type	Required	Description
`active`	boolean	No	active. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "active": true,
  "description": "<description>",
  "name": "<name>"
}

Create Rule Mixin0

SDK: cloud_policies.CreateRuleMixin0

Parameters:

Name	Type	Required	Description
`alert_info`	string	No	alert info. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`attack_types`	string	No	attack types. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`controls`	object	Yes	controls. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`domain`	string	Yes	domain. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`logic`	string	Yes	logic. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`parent_rule_id`	string	Yes	parent rule id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`platform`	string	Yes	platform. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`provider`	string	Yes	provider. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`remediation_info`	string	No	remediation info. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`remediation_url`	string	No	remediation url. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`resource_type`	string	Yes	resource type. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`severity`	number	No	severity. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`subdomain`	string	Yes	subdomain. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "alert_info": "<alert_info>",
  "attack_types": "<attack_types>",
  "controls": {},
  "description": "<description>",
  "domain": "<domain>",
  "logic": "<logic>",
  "name": "<name>",
  "parent_rule_id": "<parent_rule_id>",
  "platform": "<platform>",
  "provider": "<provider>",
  "remediation_info": "<remediation_info>",
  "remediation_url": "<remediation_url>",
  "resource_type": "<resource_type>",
  "severity": 10,
  "subdomain": "<subdomain>"
}

Create Rule Override

SDK: cloud_policies.CreateRuleOverride

Parameters:

Name	Type	Required	Description
`overrides`	object	Yes	overrides. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "overrides": {}
}

Delete Compliance Control

SDK: cloud_policies.DeleteComplianceControl

Parameters:

Name	Type	Required	Description
`ids`	array	No	The uuids of compliance control to delete

Example:

{
  "ids": ["<ids>"]
}

Delete Compliance Framework

SDK: cloud_policies.DeleteComplianceFramework

Parameters:

Name	Type	Required	Description
`ids`	string	No	The uuids of compliance framework to delete

Example:

{
  "ids": "<ids>"
}

Delete Rule Mixin0

SDK: cloud_policies.DeleteRuleMixin0

Parameters:

Name	Type	Required	Description
`ids`	array	No	The uuids of rules to delete

Example:

{
  "ids": ["<ids>"]
}

Delete Rule Override

SDK: cloud_policies.DeleteRuleOverride

Parameters:

Name	Type	Required	Description
`ids`	array	No	The uuids of rule overrides to delete

Example:

{
  "ids": ["<ids>"]
}

Get Compliance Controls

SDK: cloud_policies.GetComplianceControls

Parameters:

Name	Type	Required	Description
`ids`	array	No	The uuids of compliance controls to retrieve

Example:

{
  "ids": ["<ids>"]
}

Get Compliance Frameworks

SDK: cloud_policies.GetComplianceFrameworks

Parameters:

Name	Type	Required	Description
`ids`	array	No	The uuids of compliance frameworks to retrieve

Example:

{
  "ids": ["<ids>"]
}

Get Evaluation Result

SDK: cloud_policies.GetEvaluationResult

Parameters:

Name	Type	Required	Description
`logic`	string	Yes	logic. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "logic": "<logic>"
}

Get Rule

SDK: cloud_policies.GetRule

Parameters:

Name	Type	Required	Description
`ids`	array	No	The uuids of rules to retrieve

Example:

{
  "ids": ["<ids>"]
}

Get Rule Override

SDK: cloud_policies.GetRuleOverride

Parameters:

Name	Type	Required	Description
`ids`	array	No	The uuids of rule overrides to retrieve

Example:

{
  "ids": ["<ids>"]
}

List Compliance Controls

SDK: cloud_policies.QueryComplianceControls

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL filter, allowed props: compliance_control_name compliance_control_authority *compliance_c...
`limit`	number	No	The maximum number of resources to return. The maximum allowed is 500. Default: 100
`offset`	number	No	The number of results to skip before starting to return results.
`sort`	string	No	Field to sort on. Sortable fields: compliance_control_name compliance_control_authority *comp...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Compliance Frameworks

SDK: cloud_policies.QueryComplianceFrameworks

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL filter, allowed properties: compliance_framework_name compliance_framework_version *compl...
`limit`	number	No	The maximum number of resources to return. The maximum allowed is 500. Default: 100
`offset`	number	No	The number of results to skip before starting to return results.
`sort`	string	No	Field to sort on. Sortable fields: compliance_framework_name compliance_framework_version *co...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Rule

SDK: cloud_policies.QueryRule

Parameters:

Name	Type	Required	Description
`filter`	string	No	rule_domain rule_status rule_severity rule_short_code rule_service rule_resource_type...
`limit`	number	No	The maximum number of resources to return. The maximum allowed is 500. Default: 100
`offset`	number	No	The number of results to skip before starting to return results.
`sort`	string	No	rule_severity rule_short_code rule_service rule_resource_type rule_provider *rule_subdo...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Rename Section Compliance Framework

SDK: cloud_policies.RenameSectionComplianceFramework

Parameters:

Name	Type	Required	Description
`section_name`	string	Yes	section name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "section_name": "<section_name>"
}

Replace Control Rules

SDK: cloud_policies.ReplaceControlRules

Parameters:

Name	Type	Required	Description
`rule_ids`	array	Yes	rule ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "rule_ids": ["<rule_ids>"]
}

Update Compliance Control

SDK: cloud_policies.UpdateComplianceControl

Parameters:

Name	Type	Required	Description
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "description": "<description>",
  "name": "<name>"
}

Update Compliance Framework

SDK: cloud_policies.UpdateComplianceFramework

Parameters:

Name	Type	Required	Description
`active`	boolean	No	active. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "active": true,
  "description": "<description>",
  "name": "<name>"
}

Update Rule

SDK: cloud_policies.UpdateRule

Parameters:

Name	Type	Required	Description
`alert_info`	string	No	alert info. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`attack_types`	array	Yes	attack types. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`category`	string	No	category. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`controls`	object	Yes	controls. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	No	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	No	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rule_logic_list`	object	Yes	rule logic list. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`severity`	number	No	severity. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`uuid`	string	Yes	uuid. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "alert_info": "<alert_info>",
  "attack_types": ["<attack_types>"],
  "category": "<category>",
  "controls": {},
  "description": "<description>",
  "name": "<name>",
  "rule_logic_list": {},
  "severity": 10,
  "uuid": "<uuid>"
}

Update Rule Override

SDK: cloud_policies.UpdateRuleOverride

Parameters:

Name	Type	Required	Description
`overrides`	object	Yes	overrides. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "overrides": {}
}

Cloud Security

Operations for Cloud Security

Operations

Operation	Name	Description
`create_cloud_group_external`	Create Cloud Group External	SDK: cloud_security.CreateCloudGroupExternal
`delete_cloud_groups_external`	Delete Cloud Groups External	SDK: cloud_security.DeleteCloudGroupsExternal
`list_cloud_group_ids_external`	List Cloud Group Ids External	SDK: cloud_security.ListCloudGroupIDsExternal
`list_cloud_groups_by_idexternal`	List Cloud Groups By Idexternal	SDK: cloud_security.ListCloudGroupsByIDExternal
`list_cloud_groups_external`	List Cloud Groups External	SDK: cloud_security.ListCloudGroupsExternal
`update_cloud_group_external`	Update Cloud Group External	SDK: cloud_security.UpdateCloudGroupExternal

Create Cloud Group External

SDK: cloud_security.CreateCloudGroupExternal

Parameters:

Name	Type	Required	Description
`business_impact`	string	No	Business Impact is one of the "business context" field of the group.
`business_unit`	string	No	Business Unit is one of the "business context" field of the group. Max Length: 100
`description`	string	No	description Max Length: 1000
`environment`	string	No	Environment is one of the "business context" field of the group.
`name`	string	Yes	Group name is unique and case insensitive. Max Length: 100
`owners`	array	Yes	The owners field contains a list of user emails.
`selectors`	object	No	The Selectors for the cloud group.

Example:

{
  "business_impact": "<business_impact>",
  "business_unit": "<business_unit>",
  "description": "<description>",
  "environment": "<environment>",
  "name": "<name>",
  "owners": ["<owners>"],
  "selectors": {}
}

Delete Cloud Groups External

SDK: cloud_security.DeleteCloudGroupsExternal

Parameters:

Name	Type	Required	Description
`ids`	array	No	Cloud Groups UUIDs to delete

Example:

{
  "ids": ["<ids>"]
}

List Cloud Group Ids External

SDK: cloud_security.ListCloudGroupIDsExternal

Parameters:

Name	Type	Required	Description
`filter`	string	No	- `name` - `description` - `created_at` - `updated_at` Selector properties: - `cloud_provider` - ...
`limit`	string	No	The maximum number of cloud groups to retrieve. Format: int64 Default: "100"
`offset`	string	No	The starting position of the list operation. Format: int64 Default: "0"
`sort`	string	No	A valid sort string. Default: "name

Example:

{
  "filter": "<filter>",
  "limit": "<limit>",
  "offset": "<offset>",
  "sort": "<sort>"
}

List Cloud Groups By Idexternal

SDK: cloud_security.ListCloudGroupsByIDExternal

Parameters:

Name	Type	Required	Description
`ids`	array	No	Ids.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "ids": ["<ids>"]
}

List Cloud Groups External

SDK: cloud_security.ListCloudGroupsExternal

Parameters:

Name	Type	Required	Description
`filter`	string	No	- `name` - `description` - `created_at` - `updated_at` Selector properties: - `cloud_provider` - ...
`limit`	string	No	The maximum number of cloud groups to retrieve. Format: int64 Default: "100"
`offset`	string	No	The starting position of the list operation. Format: int64 Default: "0"
`sort`	string	No	A valid sort string. Default: "name

Example:

{
  "filter": "<filter>",
  "limit": "<limit>",
  "offset": "<offset>",
  "sort": "<sort>"
}

Update Cloud Group External

SDK: cloud_security.UpdateCloudGroupExternal

Parameters:

Name	Type	Required	Description
`group`	object	No	Group.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "group": {}
}

Cloud Security Assets

Operations for Cloud Security Assets

Operations

Operation	Name	Description
`cloud_security_assets_combined_compliance_by_account`	Cloud Security Assets Combined Compliance By Account	SDK: cloud_security_assets.CloudSecurityAssetsCombinedComplianceByAccount
`cloud_security_assets_entities_get`	Cloud Security Assets Entities Get	SDK: cloud_security_assets.CloudSecurityAssetsEntitiesGet
`cloud_security_assets_queries`	Cloud Security Assets Queries	SDK: cloud_security_assets.CloudSecurityAssetsQueries

Cloud Security Assets Combined Compliance By Account

SDK: cloud_security_assets.CloudSecurityAssetsCombinedComplianceByAccount

Parameters:

Name	Type	Required	Description
`after`	string	No	token-based pagination. use for paginating through an entire result set. Use only one of 'offset'...
`filter`	string	No	- `control.benchmark.name` - `control.benchmark.version` - `control.extension.status` - `control....
`include_failing_iom_severity_counts`	boolean	No	Include counts of failing IOMs by severity level
`limit`	number	No	The maximum number of items to return. When not specified or 0, 20 is used. When larger than 1000...
`offset`	number	No	Offset returned controls. Use only one of 'offset' and 'after' parameter for paginating. 'offset'...
`sort`	string	No	- `assessment_id` - `cloud_provider` - `control.benchmark.name` - `control.benchmark.version` - `...

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "include_failing_iom_severity_counts": true,
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Cloud Security Assets Entities Get

SDK: cloud_security_assets.CloudSecurityAssetsEntitiesGet

Parameters:

Name	Type	Required	Description
`ids`	array	No	List of assets to return (maximum 100 IDs allowed). Use POST method with same path if more entiti...

Example:

{
  "ids": ["<ids>"]
}

Cloud Security Assets Queries

SDK: cloud_security_assets.CloudSecurityAssetsQueries

Parameters:

Name	Type	Required	Description
`after`	string	No	token-based pagination. use for paginating through an entire result set. Use only one of 'offset'...
`filter`	string	No	- `service_category` - `severity` - `snapshot_detections` - `ssm_managed` - `status` - `tag_key` ...
`limit`	number	No	The maximum number of items to return. When not specified or 0, 500 is used. When larger than 100...
`offset`	number	No	Offset returned assets. Use only one of 'offset' and 'after' parameter for paginating. 'offset' c...
`sort`	string	No	- `service_category` - `ssm_managed` - `status` - `tenancy_name` - `tenancy_ocid` - `tenancy_type...

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Cloud Security Compliance

Operations for Cloud Security Compliance

Operations

Operation	Name	Description
`cloud_compliance_framework_posture_summaries`	Cloud Compliance Framework Posture Summaries	SDK: cloud_security_compliance.CloudComplianceFrameworkPostureSummaries
`cloud_compliance_rule_posture_summaries`	Cloud Compliance Rule Posture Summaries	SDK: cloud_security_compliance.CloudComplianceRulePostureSummaries

Cloud Compliance Framework Posture Summaries

SDK: cloud_security_compliance.CloudComplianceFrameworkPostureSummaries

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL filter, supported properties: - `account_id` - `account_name` - `business_impact` - `cloud_la...
`ids`	array	No	The uuids of compliance frameworks to retrieve (maximum 20 IDs allowed).

Example:

{
  "filter": "<filter>",
  "ids": ["<ids>"]
}

Cloud Compliance Rule Posture Summaries

SDK: cloud_security_compliance.CloudComplianceRulePostureSummaries

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL filter, supported properties: - `account_id` - `account_name` - `business_impact` - `cloud_la...
`ids`	array	No	The uuids of compliance rules to retrieve (maximum 350 IDs allowed).

Example:

{
  "filter": "<filter>",
  "ids": ["<ids>"]
}

Cloud Security Detections

Operations for Cloud Security Detections

Operations

Operation	Name	Description
`cspm_evaluations_iom_entities`	Cspm Evaluations Iom Entities	SDK: cloud_security_detections.CspmEvaluationsIomEntities
`cspm_evaluations_iom_queries`	Cspm Evaluations Iom Queries	SDK: cloud_security_detections.CspmEvaluationsIomQueries

Cspm Evaluations Iom Entities

SDK: cloud_security_detections.CspmEvaluationsIomEntities

Parameters:

Name	Type	Required	Description
`ids`	array	No	List of IOMs to return (maximum 100 IDs allowed). Use POST method with same path if more entities...

Example:

{
  "ids": ["<ids>"]
}

Cspm Evaluations Iom Queries

SDK: cloud_security_detections.CspmEvaluationsIomQueries

Parameters:

Name	Type	Required	Description
`after`	string	No	token-based pagination. Use for paginating through an entire result set. Use only one of 'offset'...
`filter`	string	No	- `rule_id` - `rule_name` - `rule_origin` - `rule_remediation` - `section` - `service` - `service...
`limit`	number	No	The maximum number of items to return. When not specified or 0, 500 is used. When larger than 100...
`offset`	number	No	Offset returned assets
`sort`	string	No	- `rule_id` - `rule_name` - `rule_origin` - `rule_remediation` - `section` - `service` - `service...

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Cloud Snapshots

Operations for Cloud Snapshots

Operations

Operation	Name	Description
`create_deployment_entity`	Create Deployment Entity	SDK: cloud_snapshots.CreateDeploymentEntity
`get_credentials_mixin0mixin60`	Get Credentials Mixin0Mixin60	SDK: cloud_snapshots.GetCredentialsMixin0Mixin60
`get_scan_report`	Get Scan Report	SDK: cloud_snapshots.GetScanReport
`read_deployments_combined`	Read Deployments Combined	SDK: cloud_snapshots.ReadDeploymentsCombined
`read_deployments_entities`	Read Deployments Entities	SDK: cloud_snapshots.ReadDeploymentsEntities
`register`	Register	SDK: cloud_snapshots.Register

Create Deployment Entity

SDK: cloud_snapshots.CreateDeploymentEntity

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Get Credentials Mixin0Mixin60

SDK: cloud_snapshots.GetCredentialsMixin0Mixin60

This operation has no parameters.

Example:

{
}

Get Scan Report

SDK: cloud_snapshots.GetScanReport

Parameters:

Name	Type	Required	Description
`ids`	array	No	the instance identifiers to fetch the report for

Example:

{
  "ids": ["<ids>"]
}

Read Deployments Combined

SDK: cloud_snapshots.ReadDeploymentsCombined

Parameters:

Name	Type	Required	Description
`filter`	string	No	Search snapshot jobs using a query in Falcon Query Language (FQL). Supported filters: account_id,...
`limit`	number	No	The upper-bound on the number of records to retrieve.
`offset`	number	No	The offset from where to begin.
`sort`	string	No	The fields to sort the records on. Supported columns: [account_id asset_identifier cloud_provider...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Read Deployments Entities

SDK: cloud_snapshots.ReadDeploymentsEntities

Parameters:

Name	Type	Required	Description
`ids`	array	No	Search snapshot jobs by ids - The maximum amount is 100 IDs

Example:

{
  "ids": ["<ids>"]
}

Register

SDK: cloud_snapshots.Register

Parameters:

Name	Type	Required	Description
`aws_accounts`	object	Yes	aws accounts. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "aws_accounts": {}
}

Cspg Iacapi

Operations for Cspg Iacapi

Operations

Operation	Name	Description
`combined_detections`	Combined Detections	SDK: cspg_iacapi.CombinedDetections
`get_credentials_mixin0`	Get Credentials Mixin0	SDK: cspg_iacapi.GetCredentialsMixin0

Combined Detections

SDK: cspg_iacapi.CombinedDetections

Parameters:

Name	Type	Required	Description
`filter`	string	No	Search IaC detections using a query in Falcon Query Language (FQL). Supported filters: detection_...
`limit`	number	No	the upper-bound on the number of records to retrieve
`offset`	number	No	The offset from where to begin.
`sort`	string	No	fields to sort the records on. Supported columns: [detection_uuid file_name last_detected platfor...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Get Credentials Mixin0

SDK: cspg_iacapi.GetCredentialsMixin0

This operation has no parameters.

Example:

{
}

Cspm Registration

Operations for Cspm Registration

Operations

Operation	Name	Description
`azure_download_certificate`	Azure Download Certificate	SDK: cspm_registration.AzureDownloadCertificate
`azure_refresh_certificate`	Azure Refresh Certificate	SDK: cspm_registration.AzureRefreshCertificate
`connect_cspmgcpaccount`	Connect Cspmgcpaccount	SDK: cspm_registration.ConnectCSPMGCPAccount
`create_cspmaws_account`	Create Cspmaws Account	SDK: cspm_registration.CreateCSPMAwsAccount
`create_cspmazure_account`	Create Cspmazure Account	SDK: cspm_registration.CreateCSPMAzureAccount
`create_cspmazure_management_group`	Create Cspmazure Management Group	SDK: cspm_registration.CreateCSPMAzureManagementGroup
`create_cspmgcpaccount`	Create Cspmgcpaccount	SDK: cspm_registration.CreateCSPMGCPAccount
`delete_cspmaws_account`	Delete Cspmaws Account	SDK: cspm_registration.DeleteCSPMAwsAccount
`delete_cspmazure_account`	Delete Cspmazure Account	SDK: cspm_registration.DeleteCSPMAzureAccount
`delete_cspmazure_management_group`	Delete Cspmazure Management Group	SDK: cspm_registration.DeleteCSPMAzureManagementGroup
`delete_cspmgcpaccount`	Delete Cspmgcpaccount	SDK: cspm_registration.DeleteCSPMGCPAccount
`get`	Get	SDK: cspm_registration.GetConfigurationDetectionEntities
`get_behavior_detections`	Get Behavior Detections	SDK: cspm_registration.GetBehaviorDetections
`get_cloud_event_ids`	Get Cloud Event Ids	SDK: cspm_registration.GetCloudEventIDs
`get_configuration_detection_ids_v2`	Get Configuration Detection Ids V2	SDK: cspm_registration.GetConfigurationDetectionIDsV2
`get_configuration_detections`	Get Configuration Detections	SDK: cspm_registration.GetConfigurationDetections
`get_cspmaws_account`	Get Cspmaws Account	SDK: cspm_registration.GetCSPMAwsAccount
`get_cspmaws_console_setup_urls`	Get Cspmaws Console Setup Urls	SDK: cspm_registration.GetCSPMAwsConsoleSetupURLs
`get_cspmazure_account`	Get Cspmazure Account	SDK: cspm_registration.GetCSPMAzureAccount
`get_cspmazure_management_group`	Get Cspmazure Management Group	SDK: cspm_registration.GetCSPMAzureManagementGroup
`get_cspmazure_user_scripts_attachment`	Get Cspmazure User Scripts Attachment	SDK: cspm_registration.GetCSPMAzureUserScriptsAttachment
`get_cspmcgpaccount`	Get Cspmcgpaccount	SDK: cspm_registration.GetCSPMCGPAccount
`get_cspmgcpservice_accounts_ext`	Get Cspmgcpservice Accounts Ext	SDK: cspm_registration.GetCSPMGCPServiceAccountsExt
`get_cspmgcpuser_scripts_attachment`	Get Cspmgcpuser Scripts Attachment	SDK: cspm_registration.GetCSPMGCPUserScriptsAttachment
`get_cspmgcpvalidate_accounts_ext`	Get Cspmgcpvalidate Accounts Ext	SDK: cspm_registration.GetCSPMGCPValidateAccountsExt
`get_cspmpolicies_details`	Get Cspmpolicies Details	SDK: cspm_registration.GetCSPMPoliciesDetails
`get_cspmpolicy`	Get Cspmpolicy	SDK: cspm_registration.GetCSPMPolicy
`get_cspmpolicy_settings`	Get Cspmpolicy Settings	SDK: cspm_registration.GetCSPMPolicySettings
`get_cspmscan_schedule`	Get Cspmscan Schedule	SDK: cspm_registration.GetCSPMScanSchedule
`update_cspmaws_account`	Update Cspmaws Account	SDK: cspm_registration.PatchCSPMAwsAccount
`update_cspmazure_account`	Update Cspmazure Account	SDK: cspm_registration.UpdateCSPMAzureAccount
`update_cspmazure_account_client_id`	Update Cspmazure Account Client Id	SDK: cspm_registration.UpdateCSPMAzureAccountClientID
`update_cspmazure_tenant_default_subscription_id`	Update Cspmazure Tenant Default Subscription Id	SDK: cspm_registration.UpdateCSPMAzureTenantDefaultSubscriptionID
`update_cspmgcpaccount`	Update Cspmgcpaccount	SDK: cspm_registration.UpdateCSPMGCPAccount
`update_cspmgcpservice_accounts_ext`	Update Cspmgcpservice Accounts Ext	SDK: cspm_registration.UpdateCSPMGCPServiceAccountsExt
`update_cspmpolicy_settings`	Update Cspmpolicy Settings	SDK: cspm_registration.UpdateCSPMPolicySettings
`update_cspmscan_schedule`	Update Cspmscan Schedule	SDK: cspm_registration.UpdateCSPMScanSchedule
`validate_cspmgcpservice_account_ext`	Validate Cspmgcpservice Account Ext	SDK: cspm_registration.ValidateCSPMGCPServiceAccountExt

Azure Download Certificate

SDK: cspm_registration.AzureDownloadCertificate

Parameters:

Name	Type	Required	Description
`tenant_id`	array	No	Azure Tenant ID

Example:

{
  "tenant_id": ["<tenant_id>"]
}

Azure Refresh Certificate

SDK: cspm_registration.AzureRefreshCertificate

Parameters:

Name	Type	Required	Description
`tenant_id`	array	No	Azure Tenant ID
`years_valid`	string	No	Years the certificate should be valid. Max 2 Default: "1"

Example:

{
  "tenant_id": ["<tenant_id>"],
  "years_valid": "<years_valid>"
}

Connect Cspmgcpaccount

SDK: cspm_registration.ConnectCSPMGCPAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Create Cspmaws Account

SDK: cspm_registration.CreateCSPMAwsAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Create Cspmazure Account

SDK: cspm_registration.CreateCSPMAzureAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Create Cspmazure Management Group

SDK: cspm_registration.CreateCSPMAzureManagementGroup

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Create Cspmgcpaccount

SDK: cspm_registration.CreateCSPMGCPAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Delete Cspmaws Account

SDK: cspm_registration.DeleteCSPMAwsAccount

Parameters:

Name	Type	Required	Description
`ids`	array	No	AWS account IDs to remove
`organization_ids`	array	No	AWS organization IDs to remove

Example:

{
  "ids": ["<ids>"],
  "organization_ids": ["<organization_ids>"]
}

Delete Cspmazure Account

SDK: cspm_registration.DeleteCSPMAzureAccount

Parameters:

Name	Type	Required	Description
`ids`	array	No	Azure subscription IDs to remove
`retain_tenant`	string	No	RetainTenant.
`tenant_ids`	array	No	Tenant ids to remove

Example:

{
  "ids": ["<ids>"],
  "retain_tenant": "<retain_tenant>",
  "tenant_ids": ["<tenant_ids>"]
}

Delete Cspmazure Management Group

SDK: cspm_registration.DeleteCSPMAzureManagementGroup

Parameters:

Name	Type	Required	Description
`tenant_ids`	array	No	Tenant ids to remove

Example:

{
  "tenant_ids": ["<tenant_ids>"]
}

Delete Cspmgcpaccount

SDK: cspm_registration.DeleteCSPMGCPAccount

Parameters:

Name	Type	Required	Description
`ids`	array	No	Hierarchical Resource IDs of accounts

Example:

{
  "ids": ["<ids>"]
}

Get

SDK: cspm_registration.GetConfigurationDetectionEntities

Parameters:

Name	Type	Required	Description
`ids`	array	No	detection ids

Example:

{
  "ids": ["<ids>"]
}

Get Behavior Detections

SDK: cspm_registration.GetBehaviorDetections

Parameters:

Name	Type	Required	Description
`account_id`	string	No	Cloud Account ID (e.g.: AWS accountID, Azure subscriptionID)
`aws_account_id`	string	No	AWS Account ID. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`azure_subscription_id`	string	No	Azure Subscription ID
`azure_tenant_id`	string	No	Azure Tenant ID. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`cloud_provider`	string	No	Cloud Provider (e.g.: aws
`date_time_since`	string	No	Filter to get all events after this date, in format RFC3339 : e.g. 2006-01-02T15:04:05Z07:00
`limit`	number	No	The maximum records to return. [1-500]
`next_token`	string	No	String to get next page of results, is associated with a previous execution of GetBehaviorDetecti...
`resource_id`	array	No	Resource ID. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`resource_uuid`	array	No	Resource UUID. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`service`	string	No	Cloud Service (e.g. EC2
`severity`	string	No	Policy Severity
`since`	string	No	Filter events using a duration string (e.g. 24h) Default: "24h"
`state`	string	No	State (e.g.: open

Example:

{
  "account_id": "<account_id>",
  "aws_account_id": "<aws_account_id>",
  "azure_subscription_id": "<azure_subscription_id>",
  "azure_tenant_id": "<azure_tenant_id>",
  "cloud_provider": "<cloud_provider>",
  "date_time_since": "<date_time_since>",
  "limit": 10,
  "next_token": "<next_token>",
  "resource_id": ["<resource_id>"],
  "resource_uuid": ["<resource_uuid>"],
  "service": "<service>",
  "severity": "<severity>",
  "since": "<since>",
  "state": "<state>"
}

Get Cloud Event Ids

SDK: cspm_registration.GetCloudEventIDs

Parameters:

Name	Type	Required	Description
`xcsuseruuid`	string	No	Requester User UUID
`id`	string	No	IOA Aggregate Event ID

Example:

{
  "xcsuseruuid": "<xcsuseruuid>",
  "id": "<id>"
}

Get Configuration Detection Ids V2

SDK: cspm_registration.GetConfigurationDetectionIDsV2

Parameters:

Name	Type	Required	Description
`filter`	string	No	use_current_scan_ids - *use this to get records for latest scans (ignored when next_token is set)...
`limit`	number	No	The max number of detections to return Default: 500
`next_token`	string	No	String to get next page of results. Cannot be combined with any filter except limit.
`offset`	number	No	Offset returned detections. Cannot be combined with next_token filter
`sort`	string	No	account_name account_id attack_types azure_subscription_id cloud_provider cloud_service_keyword s...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "next_token": "<next_token>",
  "offset": 10,
  "sort": "<sort>"
}

Get Configuration Detections

SDK: cspm_registration.GetConfigurationDetections

Parameters:

Name	Type	Required	Description
`account_id`	string	No	AWS account ID or GCP Project Number or Azure subscription ID
`azure_subscription_id`	string	No	Azure Subscription ID
`azure_tenant_id`	string	No	Azure Tenant ID. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`cloud_provider`	string	No	Cloud Provider (e.g.: aws
`limit`	number	No	The maximum records to return. [1-500]
`next_token`	string	No	String to get next page of results, is associated with a previous execution of GetConfigurationDe...
`region`	string	No	Cloud Provider Region
`service`	string	No	Cloud Service (e.g.: EBS
`severity`	string	No	Policy Severity
`status`	string	No	Status (e.g.: new

Example:

{
  "account_id": "<account_id>",
  "azure_subscription_id": "<azure_subscription_id>",
  "azure_tenant_id": "<azure_tenant_id>",
  "cloud_provider": "<cloud_provider>",
  "limit": 10,
  "next_token": "<next_token>",
  "region": "<region>",
  "service": "<service>",
  "severity": "<severity>",
  "status": "<status>"
}

Get Cspmaws Account

SDK: cspm_registration.GetCSPMAwsAccount

Parameters:

Name	Type	Required	Description
`cspm_lite`	string	No	Only return CSPM Lite accounts
`group_by`	string	No	Field to group by.
`iam_role_arns`	array	No	AWS IAM role ARNs
`ids`	array	No	AWS account IDs
`limit`	number	No	The maximum records to return. Defaults to 100. Default: 100
`migrated`	string	No	Only return migrated d4c accounts
`offset`	number	No	The offset to start retrieving records from
`organization_ids`	array	No	AWS organization IDs
`scan_type`	string	No	Type of scan, dry or full, to perform on selected accounts
`status`	string	No	Account status to filter results by.

Example:

{
  "cspm_lite": "<cspm_lite>",
  "group_by": "<group_by>",
  "iam_role_arns": ["<iam_role_arns>"],
  "ids": ["<ids>"],
  "limit": 10,
  "migrated": "<migrated>",
  "offset": 10,
  "organization_ids": ["<organization_ids>"],
  "scan_type": "<scan_type>",
  "status": "<status>"
}

Get Cspmaws Console Setup Urls

SDK: cspm_registration.GetCSPMAwsConsoleSetupURLs

Parameters:

Name	Type	Required	Description
`ids`	array	No	AWS account IDs
`region`	string	No	Region. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`tags`	string	No	Base64 encoded JSON string to be used as AWS tags
`template`	string	No	Template to be rendered
`use_existing_cloudtrail`	string	No	UseExistingCloudtrail.

Example:

{
  "ids": ["<ids>"],
  "region": "<region>",
  "tags": "<tags>",
  "template": "<template>",
  "use_existing_cloudtrail": "<use_existing_cloudtrail>"
}

Get Cspmazure Account

SDK: cspm_registration.GetCSPMAzureAccount

Parameters:

Name	Type	Required	Description
`cspm_lite`	string	No	Only return CSPM Lite accounts
`ids`	array	No	SubscriptionIDs of accounts to select for this status operation. If this is empty then all accoun...
`limit`	number	No	The maximum records to return. Defaults to 100. Default: 100
`offset`	number	No	The offset to start retrieving records from
`scan_type`	string	No	Type of scan, dry or full, to perform on selected accounts
`status`	string	No	Account status to filter results by.
`tenant_ids`	array	No	Tenant ids to filter azure accounts

Example:

{
  "cspm_lite": "<cspm_lite>",
  "ids": ["<ids>"],
  "limit": 10,
  "offset": 10,
  "scan_type": "<scan_type>",
  "status": "<status>",
  "tenant_ids": ["<tenant_ids>"]
}

Get Cspmazure Management Group

SDK: cspm_registration.GetCSPMAzureManagementGroup

Parameters:

Name	Type	Required	Description
`limit`	number	No	The maximum records to return. Defaults to 100. Default: 100
`offset`	number	No	The offset to start retrieving records from
`tenant_ids`	array	No	Tenant ids to filter azure accounts

Example:

{
  "limit": 10,
  "offset": 10,
  "tenant_ids": ["<tenant_ids>"]
}

Get Cspmazure User Scripts Attachment

SDK: cspm_registration.GetCSPMAzureUserScriptsAttachment

Parameters:

Name	Type	Required	Description
`account_type`	string	No	AccountType.
`azure_management_group`	boolean	No	Use Azure Management Group
`subscription_ids`	array	No	Subscription IDs to generate script for. Defaults to all.
`template`	string	No	Template to be rendered
`tenant_id`	string	No	Tenant ID to generate script for. Defaults to most recently registered tenant.

Example:

{
  "account_type": "<account_type>",
  "azure_management_group": true,
  "subscription_ids": ["<subscription_ids>"],
  "template": "<template>",
  "tenant_id": "<tenant_id>"
}

Get Cspmcgpaccount

SDK: cspm_registration.GetCSPMCGPAccount

Parameters:

Name	Type	Required	Description
`ids`	array	No	Hierarchical Resource IDs of accounts
`limit`	number	No	The maximum records to return. Defaults to 100. Default: 100
`offset`	number	No	The offset to start retrieving records from
`parent_type`	string	No	GCP Hierarchy Parent Type, organization/folder/project
`scan_type`	string	No	Type of scan, dry or full, to perform on selected accounts
`sort`	string	No	Order fields in ascending or descending order. Ex: parent_type
`status`	string	No	Account status to filter results by.

Example:

{
  "ids": ["<ids>"],
  "limit": 10,
  "offset": 10,
  "parent_type": "<parent_type>",
  "scan_type": "<scan_type>",
  "sort": "<sort>",
  "status": "<status>"
}

Get Cspmgcpservice Accounts Ext

SDK: cspm_registration.GetCSPMGCPServiceAccountsExt

Parameters:

Name	Type	Required	Description
`id`	string	No	Service Account ID

Example:

{
  "id": "<id>"
}

Get Cspmgcpuser Scripts Attachment

SDK: cspm_registration.GetCSPMGCPUserScriptsAttachment

Parameters:

Name	Type	Required	Description
`ids`	array	No	Hierarchical Resource IDs of accounts
`parent_type`	string	No	GCP Hierarchy Parent Type, organization/folder/project

Example:

{
  "ids": ["<ids>"],
  "parent_type": "<parent_type>"
}

Get Cspmgcpvalidate Accounts Ext

SDK: cspm_registration.GetCSPMGCPValidateAccountsExt

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Get Cspmpolicies Details

SDK: cspm_registration.GetCSPMPoliciesDetails

Parameters:

Name	Type	Required	Description
`ids`	array	No	Policy IDs

Example:

{
  "ids": ["<ids>"]
}

Get Cspmpolicy

SDK: cspm_registration.GetCSPMPolicy

Parameters:

Name	Type	Required	Description
`ids`	number	No	Policy ID

Example:

{
  "ids": 10
}

Get Cspmpolicy Settings

SDK: cspm_registration.GetCSPMPolicySettings

Parameters:

Name	Type	Required	Description
`cloud_platform`	string	No	Cloud Platform (e.g.: aws
`policy_id`	string	No	Policy ID. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`service`	string	No	Service type to filter policy settings by.

Example:

{
  "cloud_platform": "<cloud_platform>",
  "policy_id": "<policy_id>",
  "service": "<service>"
}

Get Cspmscan Schedule

SDK: cspm_registration.GetCSPMScanSchedule

Parameters:

Name	Type	Required	Description
`cloud_platform`	array	No	Cloud Platform. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "cloud_platform": ["<cloud_platform>"]
}

Update Cspmaws Account

SDK: cspm_registration.PatchCSPMAwsAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Update Cspmazure Account

SDK: cspm_registration.UpdateCSPMAzureAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Update Cspmazure Account Client Id

SDK: cspm_registration.UpdateCSPMAzureAccountClientID

Parameters:

Name	Type	Required	Description
`id`	string	No	ClientID to use for the Service Principal associated with the customer's Azure account
`tenant_id`	string	No	Tenant ID to update client ID for. Required if multiple tenants are registered.

Example:

{
  "id": "<id>",
  "tenant_id": "<tenant_id>"
}

Update Cspmazure Tenant Default Subscription Id

SDK: cspm_registration.UpdateCSPMAzureTenantDefaultSubscriptionID

Parameters:

Name	Type	Required	Description
`subscription_id`	string	No	Default Subscription ID to patch for all subscriptions belonged to a tenant.
`tenant_id`	string	No	Tenant ID to update client ID for. Required if multiple tenants are registered.

Example:

{
  "subscription_id": "<subscription_id>",
  "tenant_id": "<tenant_id>"
}

Update Cspmgcpaccount

SDK: cspm_registration.UpdateCSPMGCPAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Update Cspmgcpservice Accounts Ext

SDK: cspm_registration.UpdateCSPMGCPServiceAccountsExt

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Update Cspmpolicy Settings

SDK: cspm_registration.UpdateCSPMPolicySettings

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Update Cspmscan Schedule

SDK: cspm_registration.UpdateCSPMScanSchedule

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Validate Cspmgcpservice Account Ext

SDK: cspm_registration.ValidateCSPMGCPServiceAccountExt

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

D4C Registration

Operations for D4C Registration

Operations

Operation	Name	Description
`connect_d4cgcpaccount`	Connect D4Cgcpaccount	SDK: d4c_registration.ConnectD4CGCPAccount
`create_d4caws_account`	Create D4Caws Account	SDK: d4c_registration.CreateD4CAwsAccount
`create_d4cgcp_account`	Create D4Cgcp Account	SDK: d4c_registration.CreateD4CGcpAccount
`create_discover_cloud_azure_account`	Create Discover Cloud Azure Account	SDK: d4c_registration.CreateDiscoverCloudAzureAccount
`delete_d4caws_account`	Delete D4Caws Account	SDK: d4c_registration.DeleteD4CAwsAccount
`delete_d4cgcpaccount`	Delete D4Cgcpaccount	SDK: d4c_registration.DeleteD4CGCPAccount
`get_d4caws_account`	Get D4Caws Account	SDK: d4c_registration.GetD4CAwsAccount
`get_d4caws_console_setup_urls`	Get D4Caws Console Setup Urls	SDK: d4c_registration.GetD4CAwsConsoleSetupURLs
`get_d4cawsaccount_scripts_attachment`	Get D4Cawsaccount Scripts Attachment	SDK: d4c_registration.GetD4CAWSAccountScriptsAttachment
`get_d4cgcp_account`	Get D4Cgcp Account	SDK: d4c_registration.GetD4CGcpAccount
`get_d4cgcp_user_scripts`	Get D4Cgcp User Scripts	SDK: d4c_registration.GetD4CGcpUserScripts
`get_d4cgcpservice_accounts_ext`	Get D4Cgcpservice Accounts Ext	SDK: d4c_registration.GetD4CGCPServiceAccountsExt
`get_d4cgcpuser_scripts_attachment`	Get D4Cgcpuser Scripts Attachment	SDK: d4c_registration.GetD4CGCPUserScriptsAttachment
`get_discover_cloud_azure_account`	Get Discover Cloud Azure Account	SDK: d4c_registration.GetDiscoverCloudAzureAccount
`get_discover_cloud_azure_tenant_ids`	Get Discover Cloud Azure Tenant Ids	SDK: d4c_registration.GetDiscoverCloudAzureTenantIDs
`get_discover_cloud_azure_user_scripts`	Get Discover Cloud Azure User Scripts	SDK: d4c_registration.GetDiscoverCloudAzureUserScripts
`get_discover_cloud_azure_user_scripts_attachment`	Get Discover Cloud Azure User Scripts Attachment	SDK: d4c_registration.GetDiscoverCloudAzureUserScriptsAttachment
`get_horizon_d4cscripts`	Get Horizon D4Cscripts	SDK: d4c_registration.GetHorizonD4CScripts
`update_d4cgcpservice_accounts_ext`	Update D4Cgcpservice Accounts Ext	SDK: d4c_registration.UpdateD4CGCPServiceAccountsExt
`update_discover_cloud_azure_account_client_id`	Update Discover Cloud Azure Account Client Id	SDK: d4c_registration.UpdateDiscoverCloudAzureAccountClientID

Connect D4Cgcpaccount

SDK: d4c_registration.ConnectD4CGCPAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Create D4Caws Account

SDK: d4c_registration.CreateD4CAwsAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Create D4Cgcp Account

SDK: d4c_registration.CreateD4CGcpAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Create Discover Cloud Azure Account

SDK: d4c_registration.CreateDiscoverCloudAzureAccount

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Delete D4Caws Account

SDK: d4c_registration.DeleteD4CAwsAccount

Parameters:

Name	Type	Required	Description
`ids`	array	No	AWS account IDs to remove
`organization_ids`	array	No	AWS organization IDs to remove

Example:

{
  "ids": ["<ids>"],
  "organization_ids": ["<organization_ids>"]
}

Delete D4Cgcpaccount

SDK: d4c_registration.DeleteD4CGCPAccount

Parameters:

Name	Type	Required	Description
`ids`	array	No	Hierarchical Resource IDs of accounts

Example:

{
  "ids": ["<ids>"]
}

Get D4Caws Account

SDK: d4c_registration.GetD4CAwsAccount

Parameters:

Name	Type	Required	Description
`ids`	array	No	AWS account IDs
`limit`	number	No	The maximum records to return. Defaults to 100. Default: 100
`migrated`	string	No	Only return migrated d4c accounts
`offset`	number	No	The offset to start retrieving records from
`organization_ids`	array	No	AWS organization IDs
`scan_type`	string	No	Type of scan, dry or full, to perform on selected accounts
`status`	string	No	Account status to filter results by.

Example:

{
  "ids": ["<ids>"],
  "limit": 10,
  "migrated": "<migrated>",
  "offset": 10,
  "organization_ids": ["<organization_ids>"],
  "scan_type": "<scan_type>",
  "status": "<status>"
}

Get D4Caws Console Setup Urls

SDK: d4c_registration.GetD4CAwsConsoleSetupURLs

Parameters:

Name	Type	Required	Description
`region`	string	No	Region. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "region": "<region>"
}

Get D4Cawsaccount Scripts Attachment

SDK: d4c_registration.GetD4CAWSAccountScriptsAttachment

Parameters:

Name	Type	Required	Description
`accounts`	array	No	The list of accounts to register
`aws_profile`	string	No	The AWS profile to be used during registration
`aws_region`	string	No	The AWS region to be used during registration
`behavior_assessment_enabled`	string	No	BehaviorAssessmentEnabled.
`dspm_enabled`	string	No	DspmEnabled.
`dspm_host_account_id`	string	No	DspmHostAccountID.
`dspm_host_integration_role_name`	string	No	DspmHostIntegrationRoleName.
`dspm_host_scanner_role_name`	string	No	DspmHostScannerRoleName.
`dspm_regions`	array	No	DspmRegions.
`dspm_role`	string	No	DspmRole.
`falcon_client_id`	string	No	The Falcon client ID used during registration
`iam_role_arn`	string	No	The custom IAM role to be used during registration
`idp_enabled`	string	No	Set to true to enable Identity Protection feature
`ids`	array	No	AWS account IDs
`organization_id`	string	No	The AWS organization ID to be registered
`organizational_unit_ids`	array	No	The AWS Organizational Unit IDs to be registered
`sensor_management_enabled`	string	No	SensorManagementEnabled.
`tags`	string	No	Base64 encoded JSON string to be used as AWS tags
`template`	string	No	Template to be rendered Default: "aws-bash"
`use_existing_cloudtrail`	string	No	UseExistingCloudtrail.

Example:

{
  "accounts": ["<accounts>"],
  "aws_profile": "<aws_profile>",
  "aws_region": "<aws_region>",
  "behavior_assessment_enabled": "<behavior_assessment_enabled>",
  "dspm_enabled": "<dspm_enabled>",
  "dspm_host_account_id": "<dspm_host_account_id>",
  "dspm_host_integration_role_name": "<dspm_host_integration_role_name>",
  "dspm_host_scanner_role_name": "<dspm_host_scanner_role_name>",
  "dspm_regions": ["<dspm_regions>"],
  "dspm_role": "<dspm_role>",
  "falcon_client_id": "<falcon_client_id>",
  "iam_role_arn": "<iam_role_arn>",
  "idp_enabled": "<idp_enabled>",
  "ids": ["<ids>"],
  "organization_id": "<organization_id>",
  "organizational_unit_ids": ["<organizational_unit_ids>"],
  "sensor_management_enabled": "<sensor_management_enabled>",
  "tags": "<tags>",
  "template": "<template>",
  "use_existing_cloudtrail": "<use_existing_cloudtrail>"
}

Get D4Cgcp Account

SDK: d4c_registration.GetD4CGcpAccount

Parameters:

Name	Type	Required	Description
`ids`	array	No	Hierarchical Resource IDs of accounts
`limit`	number	No	The maximum records to return. Defaults to 100. Default: 100
`offset`	number	No	The offset to start retrieving records from
`parent_type`	string	No	GCP Hierarchy Parent Type, organization/folder/project
`scan_type`	string	No	Type of scan, dry or full, to perform on selected accounts
`sort`	string	No	Order fields in ascending or descending order. Ex: parent_type
`status`	string	No	Account status to filter results by.

Example:

{
  "ids": ["<ids>"],
  "limit": 10,
  "offset": 10,
  "parent_type": "<parent_type>",
  "scan_type": "<scan_type>",
  "sort": "<sort>",
  "status": "<status>"
}

Get D4Cgcp User Scripts

SDK: d4c_registration.GetD4CGcpUserScripts

Parameters:

Name	Type	Required	Description
`parent_type`	string	No	GCP Hierarchy Parent Type, organization/folder/project

Example:

{
  "parent_type": "<parent_type>"
}

Get D4Cgcpservice Accounts Ext

SDK: d4c_registration.GetD4CGCPServiceAccountsExt

Parameters:

Name	Type	Required	Description
`id`	string	No	Service Account ID

Example:

{
  "id": "<id>"
}

Get D4Cgcpuser Scripts Attachment

SDK: d4c_registration.GetD4CGCPUserScriptsAttachment

Parameters:

Name	Type	Required	Description
`ids`	array	No	Hierarchical Resource IDs of accounts
`parent_type`	string	No	GCP Hierarchy Parent Type, organization/folder/project
`status`	string	No	Account status to filter results by.

Example:

{
  "ids": ["<ids>"],
  "parent_type": "<parent_type>",
  "status": "<status>"
}

Get Discover Cloud Azure Account

SDK: d4c_registration.GetDiscoverCloudAzureAccount

Parameters:

Name	Type	Required	Description
`ids`	array	No	SubscriptionIDs of accounts to select for this status operation. If this is empty then all accoun...
`limit`	number	No	The maximum records to return. Defaults to 100. Default: 100
`offset`	number	No	The offset to start retrieving records from
`scan_type`	string	No	Type of scan, dry or full, to perform on selected accounts
`status`	string	No	Account status to filter results by.
`tenant_ids`	array	No	Tenant ids to filter azure accounts

Example:

{
  "ids": ["<ids>"],
  "limit": 10,
  "offset": 10,
  "scan_type": "<scan_type>",
  "status": "<status>",
  "tenant_ids": ["<tenant_ids>"]
}

Get Discover Cloud Azure Tenant Ids

SDK: d4c_registration.GetDiscoverCloudAzureTenantIDs

This operation has no parameters.

Example:

{
}

Get Discover Cloud Azure User Scripts

SDK: d4c_registration.GetDiscoverCloudAzureUserScripts

This operation has no parameters.

Example:

{
}

Get Discover Cloud Azure User Scripts Attachment

SDK: d4c_registration.GetDiscoverCloudAzureUserScriptsAttachment

Parameters:

Name	Type	Required	Description
`azure_management_group`	boolean	No	Use Azure Management Group
`subscription_ids`	array	No	Azure Subscription ID
`template`	string	No	Template to be rendered
`tenant_id`	array	No	Azure Tenant ID

Example:

{
  "azure_management_group": true,
  "subscription_ids": ["<subscription_ids>"],
  "template": "<template>",
  "tenant_id": ["<tenant_id>"]
}

Get Horizon D4Cscripts

SDK: d4c_registration.GetHorizonD4CScripts

Parameters:

Name	Type	Required	Description
`account_type`	string	No	Account type (e.g.: commercial,gov) Only applicable when registering AWS commercial account in a ...
`delete`	string	No	Delete.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`organization_id`	string	No	AWS organization ID
`single_account`	string	No	Get static script for single account

Example:

{
  "account_type": "<account_type>",
  "delete": "<delete>",
  "organization_id": "<organization_id>",
  "single_account": "<single_account>"
}

Update D4Cgcpservice Accounts Ext

SDK: d4c_registration.UpdateD4CGCPServiceAccountsExt

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Update Discover Cloud Azure Account Client Id

SDK: d4c_registration.UpdateDiscoverCloudAzureAccountClientID

Parameters:

Name	Type	Required	Description
`id`	string	No	ClientID to use for the Service Principal associated with the customer's Azure account
`object_id`	string	No	Object ID to use for the Service Principal associated with the customer's Azure account
`tenant_id`	string	No	Tenant ID to update client ID for. Required if multiple tenants are registered.

Example:

{
  "id": "<id>",
  "object_id": "<object_id>",
  "tenant_id": "<tenant_id>"
}

Saas Security

Operations for Saas Security

Operations

Operation	Name	Description
`dismiss_affected_entity_v3`	Dismiss Affected Entity V3	SDK: saas_security.DismissAffectedEntityV3
`dismiss_security_check_v3`	Dismiss Security Check V3	SDK: saas_security.DismissSecurityCheckV3
`get_activity_monitor_v3`	Get Activity Monitor V3	SDK: saas_security.GetActivityMonitorV3
`get_alerts_v3`	Get Alerts V3	SDK: saas_security.GetAlertsV3
`get_app_inventory`	Get App Inventory	SDK: saas_security.GetAppInventory
`get_app_inventory_users`	Get App Inventory Users	SDK: saas_security.GetAppInventoryUsers
`get_asset_inventory_v3`	Get Asset Inventory V3	SDK: saas_security.GetAssetInventoryV3
`get_device_inventory_v3`	Get Device Inventory V3	SDK: saas_security.GetDeviceInventoryV3
`get_integrations_v3`	Get Integrations V3	SDK: saas_security.GetIntegrationsV3
`get_metrics_v3`	Get Metrics V3	SDK: saas_security.GetMetricsV3
`get_security_check_affected_v3`	Get Security Check Affected V3	SDK: saas_security.GetSecurityCheckAffectedV3
`get_security_check_compliance_v3`	Get Security Check Compliance V3	SDK: saas_security.GetSecurityCheckComplianceV3
`get_security_checks_v3`	Get Security Checks V3	SDK: saas_security.GetSecurityChecksV3
`get_supported_saas_v3`	Get Supported Saas V3	SDK: saas_security.GetSupportedSaasV3
`get_system_logs_v3`	Get System Logs V3	SDK: saas_security.GetSystemLogsV3
`get_system_users_v3`	Get System Users V3	SDK: saas_security.GetSystemUsersV3
`get_user_inventory_v3`	Get User Inventory V3	SDK: saas_security.GetUserInventoryV3
`integration_builder_end_transaction_v3`	Integration Builder End Transaction V3	SDK: saas_security.IntegrationBuilderEndTransactionV3
`integration_builder_get_status_v3`	Integration Builder Get Status V3	SDK: saas_security.IntegrationBuilderGetStatusV3
`integration_builder_reset_v3`	Integration Builder Reset V3	SDK: saas_security.IntegrationBuilderResetV3
`integration_builder_upload_v3`	Integration Builder Upload V3	SDK: saas_security.IntegrationBuilderUploadV3

Dismiss Affected Entity V3

SDK: saas_security.DismissAffectedEntityV3

Parameters:

Name	Type	Required	Description
`id`	string	No	Security Check ID

Example:

{
  "id": "<id>"
}

Dismiss Security Check V3

SDK: saas_security.DismissSecurityCheckV3

Parameters:

Name	Type	Required	Description
`id`	string	No	Security Check ID

Example:

{
  "id": "<id>"
}

Get Activity Monitor V3

SDK: saas_security.GetActivityMonitorV3

Parameters:

Name	Type	Required	Description
`actor`	string	No	Actor. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`category`	string	No	Comma separated list of categories
`integration_id`	string	No	Integration ID. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`limit`	number	No	Max number of logs to fetch
`projection`	string	No	Comma separated list of projections
`skip`	number	No	Number of logs to skip

Example:

{
  "actor": "<actor>",
  "category": "<category>",
  "integration_id": "<integration_id>",
  "limit": 10,
  "projection": "<projection>",
  "skip": 10
}

Get Alerts V3

SDK: saas_security.GetAlertsV3

Parameters:

Name	Type	Required	Description
`ascending`	boolean	No	Ascending.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	No	Alert ID
`integration_id`	string	No	Comma separated list of integration ID's of the alert you want to get
`last_id`	string	No	The last id of the alert you want to get
`limit`	number	No	The maximum number of objects to return
`offset`	number	No	The starting index of the results
`type`	string	No	The type of alert you want to get

Example:

{
  "ascending": true,
  "id": "<id>",
  "integration_id": "<integration_id>",
  "last_id": "<last_id>",
  "limit": 10,
  "offset": 10,
  "type": "<type>"
}

Get App Inventory

SDK: saas_security.GetAppInventory

Parameters:

Name	Type	Required	Description
`access_level`	string	No	Comma separated list of access levels
`groups`	string	No	Comma separated list of groups
`integration_id`	string	No	Comma separated list of integration IDs
`last_activity`	string	No	Last activity was within or was not within the last 'value' days. Format: 'was value' or 'was not...
`limit`	number	No	The maximum number of objects to return
`offset`	number	No	The starting index of the results
`scopes`	string	No	Comma separated list of scopes
`status`	string	No	Comma separated list of application statuses (approved, in review, rejected, unclassified)
`type`	string	No	Comma separated list of app types
`users`	string	No	Users. Format: 'is equal value' or 'contains value' or 'value' (implies 'is equal value')

Example:

{
  "access_level": "<access_level>",
  "groups": "<groups>",
  "integration_id": "<integration_id>",
  "last_activity": "<last_activity>",
  "limit": 10,
  "offset": 10,
  "scopes": "<scopes>",
  "status": "<status>",
  "type": "<type>",
  "users": "<users>"
}

Get App Inventory Users

SDK: saas_security.GetAppInventoryUsers

Parameters:

Name	Type	Required	Description
`item_id`	string	No	Item ID in format: 'integration_id

Example:

{
  "item_id": "<item_id>"
}

Get Asset Inventory V3

SDK: saas_security.GetAssetInventoryV3

Parameters:

Name	Type	Required	Description
`access_level`	string	No	Comma separated list of access levels
`integration_id`	string	No	Comma separated list of integration IDs
`last_accessed`	string	No	Last accessed date was within or was not within the last 'value' days. Format: 'was value' or 'wa...
`last_modified`	string	No	Last modified date was within or was not within the last 'value' days. Format: 'was value' or 'wa...
`limit`	number	No	The maximum number of objects to return
`offset`	number	No	The starting index of the results
`password_protected`	boolean	No	Password protected. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/ope...
`resource_name`	string	No	Resource name contains 'value' (case insensitive)
`resource_owner`	string	No	Resource owner contains 'value' (case insensitive)
`resource_owner_enabled`	boolean	No	Resource owner enabled
`resource_type`	string	No	Comma separated list of resource types
`unmanaged_domain`	string	No	Comma separated list of unmanaged domains

Example:

{
  "access_level": "<access_level>",
  "integration_id": "<integration_id>",
  "last_accessed": "<last_accessed>",
  "last_modified": "<last_modified>",
  "limit": 10,
  "offset": 10,
  "password_protected": true,
  "resource_name": "<resource_name>",
  "resource_owner": "<resource_owner>",
  "resource_owner_enabled": true,
  "resource_type": "<resource_type>",
  "unmanaged_domain": "<unmanaged_domain>"
}

Get Device Inventory V3

SDK: saas_security.GetDeviceInventoryV3

Parameters:

Name	Type	Required	Description
`email`	string	No	Email. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`integration_id`	string	No	Comma separated integration ID's
`limit`	number	No	The maximum number of objects to return
`offset`	number	No	The starting index of the results
`privileged_only`	boolean	No	Privileged Only. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`unassociated_devices`	boolean	No	Unassociated Devices

Example:

{
  "email": "<email>",
  "integration_id": "<integration_id>",
  "limit": 10,
  "offset": 10,
  "privileged_only": true,
  "unassociated_devices": true
}

Get Integrations V3

SDK: saas_security.GetIntegrationsV3

Parameters:

Name	Type	Required	Description
`saas_id`	string	No	Comma separated SaaS ID's

Example:

{
  "saas_id": "<saas_id>"
}

Get Metrics V3

SDK: saas_security.GetMetricsV3

Parameters:

Name	Type	Required	Description
`check_type`	string	No	Check Type. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`compliance`	boolean	No	Compliance. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`impact`	string	No	Impact. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`integration_id`	string	No	Comma separated list of integration IDs
`limit`	number	No	The maximum number of objects to return
`offset`	number	No	The starting index of the results
`status`	string	No	Exposure status

Example:

{
  "check_type": "<check_type>",
  "compliance": true,
  "impact": "<impact>",
  "integration_id": "<integration_id>",
  "limit": 10,
  "offset": 10,
  "status": "<status>"
}

Get Security Check Affected V3

SDK: saas_security.GetSecurityCheckAffectedV3

Parameters:

Name	Type	Required	Description
`id`	string	No	Security Check ID
`limit`	number	No	The maximum number of objects to return
`offset`	number	No	The starting index of the results

Example:

{
  "id": "<id>",
  "limit": 10,
  "offset": 10
}

Get Security Check Compliance V3

SDK: saas_security.GetSecurityCheckComplianceV3

Parameters:

Name	Type	Required	Description
`id`	string	No	Security Check ID

Example:

{
  "id": "<id>"
}

Get Security Checks V3

SDK: saas_security.GetSecurityChecksV3

Parameters:

Name	Type	Required	Description
`check_type`	string	No	Check Type. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`compliance`	boolean	No	Compliance. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	No	Security Check ID
`impact`	string	No	Impact. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`integration_id`	string	No	Comma separated list of integration IDs
`limit`	number	No	The maximum number of objects to return
`offset`	number	No	The starting index of the results
`status`	string	No	Exposure status

Example:

{
  "check_type": "<check_type>",
  "compliance": true,
  "id": "<id>",
  "impact": "<impact>",
  "integration_id": "<integration_id>",
  "limit": 10,
  "offset": 10,
  "status": "<status>"
}

Get Supported Saas V3

SDK: saas_security.GetSupportedSaasV3

This operation has no parameters.

Example:

{
}

Get System Logs V3

SDK: saas_security.GetSystemLogsV3

Parameters:

Name	Type	Required	Description
`limit`	number	No	The maximum number of objects to return
`offset`	number	No	The starting index of the results
`total_count`	boolean	No	Fetch Total Count?

Example:

{
  "limit": 10,
  "offset": 10,
  "total_count": true
}

Get System Users V3

SDK: saas_security.GetSystemUsersV3

This operation has no parameters.

Example:

{
}

Get User Inventory V3

SDK: saas_security.GetUserInventoryV3

Parameters:

Name	Type	Required	Description
`email`	string	No	Email. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`integration_id`	string	No	Comma separated integration ID's
`limit`	number	No	The maximum number of objects to return
`offset`	number	No	The starting index of the results
`privileged_only`	boolean	No	Privileged Only. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "email": "<email>",
  "integration_id": "<integration_id>",
  "limit": 10,
  "offset": 10,
  "privileged_only": true
}

Integration Builder End Transaction V3

SDK: saas_security.IntegrationBuilderEndTransactionV3

Parameters:

Name	Type	Required	Description
`id`	string	No	Integration ID

Example:

{
  "id": "<id>"
}

Integration Builder Get Status V3

SDK: saas_security.IntegrationBuilderGetStatusV3

Parameters:

Name	Type	Required	Description
`id`	string	No	Integration ID

Example:

{
  "id": "<id>"
}

Integration Builder Reset V3

SDK: saas_security.IntegrationBuilderResetV3

Parameters:

Name	Type	Required	Description
`id`	string	No	Integration ID

Example:

{
  "id": "<id>"
}

Integration Builder Upload V3

SDK: saas_security.IntegrationBuilderUploadV3

Parameters:

Name	Type	Required	Description
`data`	string	Yes	Data Min Length: 1. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/ope...

Example:

{
  "data": "<data>"
}

Best Practices

Use Appropriate Filters: Leverage FQL (Falcon Query Language) filters to narrow down results and improve performance.
Implement Pagination: For operations returning large datasets, use limit and offset parameters to paginate results.
Handle Rate Limits: CrowdStrike APIs have rate limits. Implement appropriate delays and retry logic in your workflows.
Secure Credentials: Never log or expose API credentials. Use NINA's credential management for secure storage.
Use Specific Scopes: When creating API clients, only request the minimum required API scopes.
Monitor API Usage: Track your API usage to avoid hitting rate limits during critical operations.
Validate IDs: Always validate resource IDs before using them in update or delete operations.
Error Handling: Implement comprehensive error handling for API failures and unexpected responses.

Troubleshooting

Issue	Possible Solution
401 Unauthorized	Verify Client ID and Client Secret are correct; check if credentials have expired
403 Forbidden	Ensure API client has required scopes for the operation
404 Not Found	Verify the resource ID exists and is accessible with your credentials
429 Too Many Requests	Rate limit exceeded; implement delays between requests
Invalid Filter	Check FQL syntax; refer to CrowdStrike FQL documentation
Connection Timeout	Verify network connectivity and correct Base URL for your region
Empty Results	Verify filter criteria; check if resources exist in your environment

Support

For issues with this integration, please contact support with:

The operation you were attempting
Any error messages received
The parameters used (excluding sensitive data)
Your CrowdStrike cloud region

For CrowdStrike API documentation, visit: CrowdStrike Developer Portal

Updated: 2026-02-05

Overview​

Capabilities​

Credential Configuration​

Authentication Method​

How It Works​

CrowdStrike Cloud Regions​

How to Obtain API Credentials​

Required API Scopes​

Creating a CrowdStrike Credential in NINA​

Supported Resources​

Resource Details​

A S P M​

Operations​

Create Executor Node​

Create Integration​

Create Integration Task​

Delete Executor Node​

Delete Group Id09​

Delete Integration​

Delete Integration Task​

Delete Tags​

Execute Function Data​

Execute Function Data Count​

Execute Functions​

Execute Functions Count​

Execute Functions Overtime​

Get Cloud Security Integration State​

Get Cspminventory Baservices​

Get Cspminventory Service Details​

Get Executor Nodes​

Get Executor Nodes Id09Instances Csv​

Get Executor Nodes Metadata​

Get Group Id09V2​

Get Groups Hier V2​

Get Groups List V2​

Get Integration Tasks​

Get Integration Tasks Admin​

Get Integration Tasks Metadata​

Get Integration Tasks V2​

Get Integration Types​

Get Integrations​

Get Integrations V2​

Get Service Artifacts​

Get Service Violation Types​

Get Services Count​

Get Tags​

Get Users V2​

List Execute​

List Execute Function Data​

List Execute Function Data Count​

List Execute Functions​

List Execute Functions Count​

List Execute Functions Overtime​

Post Group Id09Update Default​

Post Group Id09V2​

Post Group V2​

Run Integration Task​

Run Integration Task Admin​

Run Integration Task V2​

Service Now Get Deployments​

Service Now Get Services​

Set Cloud Security Integration State​

Update Executor Node​

Update Integration​

Update Integration Task​

Upsert Business Applications​

Upsert Tags​

Cloud Aws Registration​

Operations​

Cloud Registration Aws Create Account​

Cloud Registration Aws Delete Account​

Cloud Registration Aws Get Accounts​

Cloud Registration Aws Update Account​

List Cloud Registration Aws Accounts​

Cloud Azure Registration​

Operations​

Cloud Registration Azure Create Registration​

Cloud Registration Azure Delete Registration​

Cloud Registration Azure Download Script​

Cloud Registration Azure Get Registration​

Overview

Capabilities

Credential Configuration

Authentication Method

How It Works

CrowdStrike Cloud Regions

How to Obtain API Credentials

Required API Scopes

Creating a CrowdStrike Credential in NINA

Supported Resources

Resource Details

A S P M

Operations

Create Executor Node

Create Integration

Create Integration Task

Delete Executor Node

Delete Group Id09

Delete Integration

Delete Integration Task

Delete Tags

Execute Function Data

Execute Function Data Count

Execute Functions

Execute Functions Count

Execute Functions Overtime

Get Cloud Security Integration State

Get Cspminventory Baservices

Get Cspminventory Service Details

Get Executor Nodes

Get Executor Nodes Id09Instances Csv

Get Executor Nodes Metadata

Get Group Id09V2

Get Groups Hier V2

Get Groups List V2

Get Integration Tasks

Get Integration Tasks Admin

Get Integration Tasks Metadata

Get Integration Tasks V2

Get Integration Types

Get Integrations

Get Integrations V2

Get Service Artifacts

Get Service Violation Types

Get Services Count

Get Tags

Get Users V2

List Execute

List Execute Function Data

List Execute Function Data Count

List Execute Functions

List Execute Functions Count

List Execute Functions Overtime

Post Group Id09Update Default

Post Group Id09V2

Post Group V2

Run Integration Task

Run Integration Task Admin

Run Integration Task V2

Service Now Get Deployments

Service Now Get Services

Set Cloud Security Integration State

Update Executor Node

Update Integration

Update Integration Task

Upsert Business Applications

Upsert Tags

Cloud Aws Registration

Operations

Cloud Registration Aws Create Account

Cloud Registration Aws Delete Account

Cloud Registration Aws Get Accounts

Cloud Registration Aws Update Account

List Cloud Registration Aws Accounts

Cloud Azure Registration

Operations

Cloud Registration Azure Create Registration

Cloud Registration Azure Delete Registration

Cloud Registration Azure Download Script

Cloud Registration Azure Get Registration