CrowdStrike Prevention Integration Guide

Overview

The CrowdStrike Prevention integration allows your NINA workflows to connect with CrowdStrike Falcon platform for proactive security policies, custom detections, and exclusion management. This integration enables automated security operations, threat detection, and incident response directly from your automation platform.

Capabilities

This integration provides access to 17 resources with 182 operations covering:

Cao Hunting: Operations for Cao Hunting
Certificate Based Exclusions: Operations for Certificate Based Exclusions
Content Update Policies: Operations for Content Update Policies
Correlation Rules: Operations for Correlation Rules
Correlation Rules Admin: Operations for Correlation Rules Admin
Custom Ioa: Operations for Custom Ioa
Device Control Policies: Operations for Device Control Policies
Device Control With Bluetooth: Operations for Device Control With Bluetooth
Firewall Management: Operations for Firewall Management
Firewall Policies: Operations for Firewall Policies
Image Assessment Policies: Operations for Image Assessment Policies
Ioa Exclusions: Operations for Ioa Exclusions
Ml Exclusions: Operations for Ml Exclusions
Prevention Policies: Operations for Prevention Policies
Response Policies: Operations for Response Policies
Sensor Update Policies: Operations for Sensor Update Policies
Sensor Visibility Exclusions: Operations for Sensor Visibility Exclusions

Credential Configuration

Before using the CrowdStrike Prevention integration in your workflows, you need to configure credentials for authentication.

Authentication Method

CrowdStrike Falcon uses OAuth2 Client Credentials authentication. This is a server-to-server authentication flow where you provide a Client ID and Client Secret, and the integration automatically handles token acquisition and refresh.

Field	Description	Required
Client ID	Your CrowdStrike API Client ID	Yes
Client Secret	Your CrowdStrike API Client Secret	Yes
Base URL	CrowdStrike API endpoint for your cloud region	Yes

How It Works

You provide the Client ID and Client Secret when creating a credential
The integration exchanges these for an OAuth2 access token automatically
Tokens are refreshed automatically when they expire
No redirect URLs or user interaction required

CrowdStrike Cloud Regions

Select the Base URL that matches your CrowdStrike Falcon cloud region:

Cloud Region	Base URL	Description
US-1	`https://api.crowdstrike.com`	United States (default)
US-2	`https://api.us-2.crowdstrike.com`	United States (secondary)
EU-1	`https://api.eu-1.crowdstrike.com`	European Union
US-GOV-1	`https://api.laggar.gcw.crowdstrike.com`	US Government Cloud

How to Obtain API Credentials

Log in to the CrowdStrike Falcon Console
Navigate to Support and resources > API Clients and Keys
Click Add new API client
Configure the API client:
- Client Name: A descriptive name (e.g., "NINA Integration")
- Description: Purpose of this API client
- API Scopes: Select the permissions required for your use case (see Required Scopes below)
Click Add to create the client
Copy and securely store the Client ID and Client Secret immediately

Important: The Client Secret is only displayed once at creation time. If you lose it, you must create a new API client.

Required API Scopes

The API scopes required depend on which operations you plan to use. Common scopes include:

Scope	Permission	Use Case
Detections	Read/Write	View and manage detections
Hosts	Read/Write	Query and manage endpoints
Incidents	Read/Write	View and manage incidents
IOCs	Read/Write	Manage indicators of compromise
Prevention Policies	Read/Write	Manage prevention policies
Real Time Response	Read/Write	Execute RTR commands
Sensor Update Policies	Read/Write	Manage sensor updates

Refer to the CrowdStrike API documentation for a complete list of available scopes.

Creating a CrowdStrike Credential in NINA

Navigate to the Credentials section in NINA
Click Add New Credential
Fill in the credential details:
- Integration Service: Select "CrowdStrike Prevention"
- Client ID: Paste your CrowdStrike API Client ID
- Client Secret: Paste your CrowdStrike API Client Secret
- Base URL: Select your CrowdStrike cloud region URL
Click Test Connection to verify the credentials work
Click Save to store the credential securely

Note: All CrowdStrike integrations (EDR, Intel, Platform, etc.) share the same credential. You only need to create one credential to use across all CrowdStrike modules.

Supported Resources

Resource	Description	Operations
Cao Hunting	Operations for Cao Hunting	4
Certificate Based Exclusions	Operations for Certificate Based Exclusions	6
Content Update Policies	Operations for Content Update Policies	11
Correlation Rules	Operations for Correlation Rules	15
Correlation Rules Admin	Operations for Correlation Rules Admin	1
Custom Ioa	Operations for Custom Ioa	20
Device Control Policies	Operations for Device Control Policies	12
Device Control With Bluetooth	Operations for Device Control With Bluetooth	6
Firewall Management	Operations for Firewall Management	33
Firewall Policies	Operations for Firewall Policies	10
Image Assessment Policies	Operations for Image Assessment Policies	11
Ioa Exclusions	Operations for Ioa Exclusions	5
Ml Exclusions	Operations for Ml Exclusions	5
Prevention Policies	Operations for Prevention Policies	10
Response Policies	Operations for Response Policies	10
Sensor Update Policies	Operations for Sensor Update Policies	18
Sensor Visibility Exclusions	Operations for Sensor Visibility Exclusions	5

Resource Details

Cao Hunting

Operations for Cao Hunting

Operations

Operation	Name	Description
`aggregate_intelligence_queries`	Aggregate Intelligence Queries	SDK: cao_hunting.AggregateIntelligenceQueries
`get_archive_export`	Get Archive Export	SDK: cao_hunting.GetArchiveExport
`get_intelligence_queries`	Get Intelligence Queries	SDK: cao_hunting.GetIntelligenceQueries
`search_intelligence_queries`	Search Intelligence Queries	SDK: cao_hunting.SearchIntelligenceQueries

Aggregate Intelligence Queries

SDK: cao_hunting.AggregateIntelligenceQueries

Parameters:

Name	Type	Required	Description
`body`	object	No	Body.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "body": {}
}

Get Archive Export

SDK: cao_hunting.GetArchiveExport

Parameters:

Name	Type	Required	Description
`archive_type`	string	No	The Archive Type can be one of 'zip' and 'gzip' Default: "zip"
`filter`	string	No	The FQL Filter
`language`	string	No	The Query Language. Accepted Values: <li>cql</li><li>snort</li><li>suricata</li><li...

Example:

{
  "archive_type": "<archive_type>",
  "filter": "<filter>",
  "language": "<language>"
}

Get Intelligence Queries

SDK: cao_hunting.GetIntelligenceQueries

Parameters:

Name	Type	Required	Description
`ids`	array	No	Intelligence queries IDs
`include_translated_content`	array	No	The AI translated language that should be returned if it exists<br>Accepted values are: <li>S...

Example:

{
  "ids": ["<ids>"],
  "include_translated_content": ["<include_translated_content>"]
}

Search Intelligence Queries

SDK: cao_hunting.SearchIntelligenceQueries

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL query specifying the filter parameters.
`limit`	number	No	Number of IDs to return.
`offset`	string	No	Starting index of result set from which to return IDs.
`sort`	string	No	Order by fields.

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": "<offset>",
  "sort": "<sort>"
}

Certificate Based Exclusions

Operations for Certificate Based Exclusions

Operations

Operation	Name	Description
`cb_exclusions_create_`	Cb Exclusions Create	SDK: certificate_based_exclusions.CbExclusionsCreateV1
`cb_exclusions_delete_`	Cb Exclusions Delete	SDK: certificate_based_exclusions.CbExclusionsDeleteV1
`cb_exclusions_get_`	Cb Exclusions Get	SDK: certificate_based_exclusions.CbExclusionsGetV1
`cb_exclusions_update_`	Cb Exclusions Update	SDK: certificate_based_exclusions.CbExclusionsUpdateV1
`certificates_get_`	Certificates Get	SDK: certificate_based_exclusions.CertificatesGetV1
`list_cb_exclusions_`	List Cb Exclusions	SDK: certificate_based_exclusions.CbExclusionsQueryV1

Cb Exclusions Create

SDK: certificate_based_exclusions.CbExclusionsCreateV1

Parameters:

Name	Type	Required	Description
`exclusions`	object	Yes	exclusions. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "exclusions": {}
}

Cb Exclusions Delete

SDK: certificate_based_exclusions.CbExclusionsDeleteV1

Parameters:

Name	Type	Required	Description
`comment`	string	No	The comment why these exclusions were deleted
`ids`	array	No	The ids of the exclusions to delete

Example:

{
  "comment": "<comment>",
  "ids": ["<ids>"]
}

Cb Exclusions Get

SDK: certificate_based_exclusions.CbExclusionsGetV1

Parameters:

Name	Type	Required	Description
`ids`	array	No	The ids of the exclusions to retrieve

Example:

{
  "ids": ["<ids>"]
}

Cb Exclusions Update

SDK: certificate_based_exclusions.CbExclusionsUpdateV1

Parameters:

Name	Type	Required	Description
`exclusions`	object	Yes	exclusions. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "exclusions": {}
}

Certificates Get

SDK: certificate_based_exclusions.CertificatesGetV1

Parameters:

Name	Type	Required	Description
`ids`	string	No	The SHA256 Hash of the file to retrieve certificate signing info for

Example:

{
  "ids": "<ids>"
}

List Cb Exclusions

SDK: certificate_based_exclusions.CbExclusionsQueryV1

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results.
`limit`	number	No	The maximum records to return. [1-100]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The sort expression that should be used to sort the results.

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Content Update Policies

Operations for Content Update Policies

Operations

Operation	Name	Description
`create_content_update_policies`	Create Content Update Policies	SDK: content_update_policies.CreateContentUpdatePolicies
`delete_content_update_policies`	Delete Content Update Policies	SDK: content_update_policies.DeleteContentUpdatePolicies
`get_content_update_policies`	Get Content Update Policies	SDK: content_update_policies.GetContentUpdatePolicies
`list_combined_content_update_policies`	List Combined Content Update Policies	SDK: content_update_policies.QueryCombinedContentUpdatePolicies
`list_combined_content_update_policy_members`	List Combined Content Update Policy Members	SDK: content_update_policies.QueryCombinedContentUpdatePolicyMembers
`list_content_update_policies`	List Content Update Policies	SDK: content_update_policies.QueryContentUpdatePolicies
`list_content_update_policy_members`	List Content Update Policy Members	SDK: content_update_policies.QueryContentUpdatePolicyMembers
`list_pinnable_content_versions`	List Pinnable Content Versions	SDK: content_update_policies.QueryPinnableContentVersions
`perform_content_update_policies_action`	Perform Content Update Policies Action	SDK: content_update_policies.PerformContentUpdatePoliciesAction
`set_content_update_policies_precedence`	Set Content Update Policies Precedence	SDK: content_update_policies.SetContentUpdatePoliciesPrecedence
`update_content_policies`	Update Content Policies	SDK: content_update_policies.UpdateContentUpdatePolicies

Create Content Update Policies

SDK: content_update_policies.CreateContentUpdatePolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Delete Content Update Policies

SDK: content_update_policies.DeleteContentUpdatePolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Content Update Policies to delete

Example:

{
  "ids": ["<ids>"]
}

Get Content Update Policies

SDK: content_update_policies.GetContentUpdatePolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Content Update Policies to return

Example:

{
  "ids": ["<ids>"]
}

List Combined Content Update Policies

SDK: content_update_policies.QueryCombinedContentUpdatePolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Combined Content Update Policy Members

SDK: content_update_policies.QueryCombinedContentUpdatePolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Content Update Policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Content Update Policies

SDK: content_update_policies.QueryContentUpdatePolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Content Update Policy Members

SDK: content_update_policies.QueryContentUpdatePolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Content Update Policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Pinnable Content Versions

SDK: content_update_policies.QueryPinnableContentVersions

Parameters:

Name	Type	Required	Description
`category`	string	No	Content category
`sort`	string	No	value to sort returned content versions by. Allowed sort values are deployed_timestamp.(asc

Example:

{
  "category": "<category>",
  "sort": "<sort>"
}

Perform Content Update Policies Action

SDK: content_update_policies.PerformContentUpdatePoliciesAction

Parameters:

Name	Type	Required	Description
`action_parameters`	object	Yes	action parameters. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`ids`	array	Yes	ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "action_parameters": {},
  "ids": ["<ids>"]
}

Set Content Update Policies Precedence

SDK: content_update_policies.SetContentUpdatePoliciesPrecedence

Parameters:

Name	Type	Required	Description
`ids`	array	Yes	The ids of all current content-update policies for the platform specified. The precedence will be...

Example:

{
  "ids": ["<ids>"]
}

Update Content Policies

SDK: content_update_policies.UpdateContentUpdatePolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Correlation Rules

Operations for Correlation Rules

Operations

Operation	Name	Description
`aggregates_rule_versions_post_`	Aggregates Rule Versions Post	SDK: correlation_rules.AggregatesRuleVersionsPostV1
`combined_rules_get_`	Combined Rules Get	SDK: correlation_rules.CombinedRulesGetV1
`combined_rules_get_v2`	Combined Rules Get V2	SDK: correlation_rules.CombinedRulesGetV2
`entities_latest_rules_get_`	Entities Latest Rules Get	SDK: correlation_rules.EntitiesLatestRulesGetV1
`entities_rule_versions_delete_`	Entities Rule Versions Delete	SDK: correlation_rules.EntitiesRuleVersionsDeleteV1
`entities_rule_versions_export_post_`	Entities Rule Versions Export Post	SDK: correlation_rules.EntitiesRuleVersionsExportPostV1
`entities_rule_versions_import_post_`	Entities Rule Versions Import Post	SDK: correlation_rules.EntitiesRuleVersionsImportPostV1
`entities_rule_versions_publish_patch_`	Entities Rule Versions Publish Patch	SDK: correlation_rules.EntitiesRuleVersionsPublishPatchV1
`entities_rules_delete_`	Entities Rules Delete	SDK: correlation_rules.EntitiesRulesDeleteV1
`entities_rules_get_`	Entities Rules Get	SDK: correlation_rules.EntitiesRulesGetV1
`entities_rules_get_v2`	Entities Rules Get V2	SDK: correlation_rules.EntitiesRulesGetV2
`entities_rules_patch_`	Entities Rules Patch	SDK: correlation_rules.EntitiesRulesPatchV1
`entities_rules_post_`	Entities Rules Post	SDK: correlation_rules.EntitiesRulesPostV1
`queries_rules_get_`	Queries Rules Get	SDK: correlation_rules.QueriesRulesGetV1
`queries_rules_get_v2`	Queries Rules Get V2	SDK: correlation_rules.QueriesRulesGetV2

Aggregates Rule Versions Post

SDK: correlation_rules.AggregatesRuleVersionsPostV1

Parameters:

Name	Type	Required	Description
`body`	object	No	Body.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`filter`	string	No	FQL query specifying the filter parameters
`ids`	array	No	The IDs

Example:

{
  "body": {},
  "filter": "<filter>",
  "ids": ["<ids>"]
}

Combined Rules Get

SDK: correlation_rules.CombinedRulesGetV1

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL query specifying the filter parameters
`limit`	number	No	Number of IDs to return Default: 100
`offset`	number	No	Starting index of overall result set from which to return IDs
`sort`	string	No	Rule property to sort on Default: "created_on"

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Combined Rules Get V2

SDK: correlation_rules.CombinedRulesGetV2

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL query specifying the filter parameters
`limit`	number	No	Number of IDs to return Default: 100
`offset`	number	No	Starting index of overall result set from which to return IDs
`sort`	string	No	Rule property to sort on Default: "created_on"

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Entities Latest Rules Get

SDK: correlation_rules.EntitiesLatestRulesGetV1

Parameters:

Name	Type	Required	Description
`rule_ids`	array	No	The rule IDs

Example:

{
  "rule_ids": ["<rule_ids>"]
}

Entities Rule Versions Delete

SDK: correlation_rules.EntitiesRuleVersionsDeleteV1

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs

Example:

{
  "ids": ["<ids>"]
}

Entities Rule Versions Export Post

SDK: correlation_rules.EntitiesRuleVersionsExportPostV1

Parameters:

Name	Type	Required	Description
`get_latest`	boolean	No	get latest. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`report_format`	string	Yes	report format. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`search`	object	Yes	search. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "get_latest": true,
  "report_format": "<report_format>",
  "search": {}
}

Entities Rule Versions Import Post

SDK: correlation_rules.EntitiesRuleVersionsImportPostV1

This operation has no parameters.

Example:

{
}

Entities Rule Versions Publish Patch

SDK: correlation_rules.EntitiesRuleVersionsPublishPatchV1

Parameters:

Name	Type	Required	Description
`id`	string	Yes

Example:

{
  "id": "<id>"
}

Entities Rules Delete

SDK: correlation_rules.EntitiesRulesDeleteV1

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs

Example:

{
  "ids": ["<ids>"]
}

Entities Rules Get

SDK: correlation_rules.EntitiesRulesGetV1

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs

Example:

{
  "ids": ["<ids>"]
}

Entities Rules Get V2

SDK: correlation_rules.EntitiesRulesGetV2

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs

Example:

{
  "ids": ["<ids>"]
}

Entities Rules Patch

SDK: correlation_rules.EntitiesRulesPatchV1

Parameters:

Name	Type	Required	Description
`body`	object	No	Body.. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "body": {}
}

Entities Rules Post

SDK: correlation_rules.EntitiesRulesPostV1

Parameters:

Name	Type	Required	Description
`comment`	string	No	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`customer_id`	string	Yes	customer id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	No	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`guardrail_notifications`	object	Yes	guardrail notifications
`mitre_attack`	object	Yes	mitre attack. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`notifications`	object	Yes	notifications. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`operation`	object	Yes	operation. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`search`	object	Yes	search. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`severity`	number	Yes	severity. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`status`	string	Yes	status. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`tactic`	string	No	tactic. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`technique`	string	No	technique. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`template_id`	string	Yes	template id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`trigger_on_create`	boolean	No	trigger on create. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...

Example:

{
  "comment": "<comment>",
  "customer_id": "<customer_id>",
  "description": "<description>",
  "guardrail_notifications": {},
  "mitre_attack": {},
  "name": "<name>",
  "notifications": {},
  "operation": {},
  "search": {},
  "severity": 10,
  "status": "<status>",
  "tactic": "<tactic>",
  "technique": "<technique>",
  "template_id": "<template_id>",
  "trigger_on_create": true
}

Queries Rules Get

SDK: correlation_rules.QueriesRulesGetV1

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL query specifying the filter parameters
`limit`	number	No	Number of IDs to return Default: 100
`offset`	number	No	Starting index of overall result set from which to return IDs
`sort`	string	No	Rule property to sort on Default: "created_on"

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Queries Rules Get V2

SDK: correlation_rules.QueriesRulesGetV2

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL query specifying the filter parameters
`limit`	number	No	Number of IDs to return Default: 100
`offset`	number	No	Starting index of overall result set from which to return IDs
`sort`	string	No	Rule property to sort on Default: "created_on"

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Correlation Rules Admin

Operations for Correlation Rules Admin

Operations

Operation	Name	Description
`entities_rules_ownership_put_`	Entities Rules Ownership Put	SDK: correlation_rules_admin.EntitiesRulesOwnershipPutV1

Entities Rules Ownership Put

SDK: correlation_rules_admin.EntitiesRulesOwnershipPutV1

Parameters:

Name	Type	Required	Description
`api_client_id`	string	No	api client id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	Yes
`user_id`	string	No	user id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`user_uuid`	string	No	user uuid. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "api_client_id": "<api_client_id>",
  "id": "<id>",
  "user_id": "<user_id>",
  "user_uuid": "<user_uuid>"
}

Custom Ioa

Operations for Custom Ioa

Operations

Operation	Name	Description
`create_rule`	Create Rule	SDK: custom_ioa.CreateRule
`create_rule_group_mixin0`	Create Rule Group Mixin0	SDK: custom_ioa.CreateRuleGroupMixin0
`delete_rule_groups_mixin0`	Delete Rule Groups Mixin0	SDK: custom_ioa.DeleteRuleGroupsMixin0
`delete_rules`	Delete Rules	SDK: custom_ioa.DeleteRules
`get_patterns`	Get Patterns	SDK: custom_ioa.GetPatterns
`get_platforms_mixin0`	Get Platforms Mixin0	SDK: custom_ioa.GetPlatformsMixin0
`get_rule_groups_mixin0`	Get Rule Groups Mixin0	SDK: custom_ioa.GetRuleGroupsMixin0
`get_rule_types`	Get Rule Types	SDK: custom_ioa.GetRuleTypes
`get_rules`	Get Rules	SDK: custom_ioa.GetRulesGet
`get_rules_mixin0`	Get Rules Mixin0	SDK: custom_ioa.GetRulesMixin0
`list_patterns`	List Patterns	SDK: custom_ioa.QueryPatterns
`list_platforms_mixin0`	List Platforms Mixin0	SDK: custom_ioa.QueryPlatformsMixin0
`list_rule_groups_full`	List Rule Groups Full	SDK: custom_ioa.QueryRuleGroupsFull
`list_rule_groups_mixin0`	List Rule Groups Mixin0	SDK: custom_ioa.QueryRuleGroupsMixin0
`list_rule_types`	List Rule Types	SDK: custom_ioa.QueryRuleTypes
`list_rules_mixin0`	List Rules Mixin0	SDK: custom_ioa.QueryRulesMixin0
`update_rule_group_mixin0`	Update Rule Group Mixin0	SDK: custom_ioa.UpdateRuleGroupMixin0
`update_rules`	Update Rules	SDK: custom_ioa.UpdateRules
`update_rules_v2`	Update Rules V2	SDK: custom_ioa.UpdateRulesV2
`validate`	Validate	SDK: custom_ioa.Validate

Create Rule

SDK: custom_ioa.CreateRule

Parameters:

Name	Type	Required	Description
`comment`	string	Yes	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`disposition_id`	number	Yes	disposition id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`field_values`	object	Yes	field values. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`pattern_severity`	string	Yes	pattern severity. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rulegroup_id`	string	Yes	rulegroup id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`ruletype_id`	string	Yes	ruletype id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "comment": "<comment>",
  "description": "<description>",
  "disposition_id": 10,
  "field_values": {},
  "name": "<name>",
  "pattern_severity": "<pattern_severity>",
  "rulegroup_id": "<rulegroup_id>",
  "ruletype_id": "<ruletype_id>"
}

Create Rule Group Mixin0

SDK: custom_ioa.CreateRuleGroupMixin0

Parameters:

Name	Type	Required	Description
`comment`	string	Yes	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`platform`	string	Yes	platform. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "comment": "<comment>",
  "description": "<description>",
  "name": "<name>",
  "platform": "<platform>"
}

Delete Rule Groups Mixin0

SDK: custom_ioa.DeleteRuleGroupsMixin0

Parameters:

Name	Type	Required	Description
`comment`	string	No	Explains why the entity is being deleted
`ids`	array	No	The IDs of the entities

Example:

{
  "comment": "<comment>",
  "ids": ["<ids>"]
}

Delete Rules

SDK: custom_ioa.DeleteRules

Parameters:

Name	Type	Required	Description
`comment`	string	No	Explains why the entity is being deleted
`ids`	array	No	The IDs of the entities
`rule_group_id`	string	No	The parent rule group

Example:

{
  "comment": "<comment>",
  "ids": ["<ids>"],
  "rule_group_id": "<rule_group_id>"
}

Get Patterns

SDK: custom_ioa.GetPatterns

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the entities

Example:

{
  "ids": ["<ids>"]
}

Get Platforms Mixin0

SDK: custom_ioa.GetPlatformsMixin0

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the entities

Example:

{
  "ids": ["<ids>"]
}

Get Rule Groups Mixin0

SDK: custom_ioa.GetRuleGroupsMixin0

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the entities

Example:

{
  "ids": ["<ids>"]
}

Get Rule Types

SDK: custom_ioa.GetRuleTypes

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the entities

Example:

{
  "ids": ["<ids>"]
}

Get Rules

SDK: custom_ioa.GetRulesGet

Parameters:

Name	Type	Required	Description
`ids`	array	Yes	ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "ids": ["<ids>"]
}

Get Rules Mixin0

SDK: custom_ioa.GetRulesMixin0

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the entities

Example:

{
  "ids": ["<ids>"]
}

List Patterns

SDK: custom_ioa.QueryPatterns

Parameters:

Name	Type	Required	Description
`limit`	number	No	Number of IDs to return
`offset`	string	No	Starting index of overall result set from which to return IDs

Example:

{
  "limit": 10,
  "offset": "<offset>"
}

List Platforms Mixin0

SDK: custom_ioa.QueryPlatformsMixin0

Parameters:

Name	Type	Required	Description
`limit`	number	No	Number of IDs to return
`offset`	string	No	Starting index of overall result set from which to return IDs

Example:

{
  "limit": 10,
  "offset": "<offset>"
}

List Rule Groups Full

SDK: custom_ioa.QueryRuleGroupsFull

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL query specifying the filter parameters. Filter term criteria: [enabled platform name descript...
`limit`	number	No	Number of IDs to return
`offset`	string	No	Starting index of overall result set from which to return IDs
`sort`	string	No	Possible order by fields: {created_by, created_on, enabled, modified_by, modified_on, name}

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": "<offset>",
  "sort": "<sort>"
}

List Rule Groups Mixin0

SDK: custom_ioa.QueryRuleGroupsMixin0

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL query specifying the filter parameters. Filter term criteria: [enabled platform name descript...
`limit`	number	No	Number of IDs to return
`offset`	string	No	Starting index of overall result set from which to return IDs
`sort`	string	No	Possible order by fields: {created_by, created_on, enabled, modified_by, modified_on, name}

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": "<offset>",
  "sort": "<sort>"
}

List Rule Types

SDK: custom_ioa.QueryRuleTypes

Parameters:

Name	Type	Required	Description
`limit`	number	No	Number of IDs to return
`offset`	string	No	Starting index of overall result set from which to return IDs

Example:

{
  "limit": 10,
  "offset": "<offset>"
}

List Rules Mixin0

SDK: custom_ioa.QueryRulesMixin0

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL query specifying the filter parameters. Filter term criteria: [enabled platform name descript...
`limit`	number	No	Number of IDs to return
`offset`	string	No	Starting index of overall result set from which to return IDs
`sort`	string	No	Possible order by fields: {rules.created_by, rules.created_on, rules.current_version.action_labe...

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": "<offset>",
  "sort": "<sort>"
}

Update Rule Group Mixin0

SDK: custom_ioa.UpdateRuleGroupMixin0

Parameters:

Name	Type	Required	Description
`comment`	string	Yes	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`enabled`	boolean	Yes	enabled. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	Yes
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rulegroup_version`	number	Yes	rulegroup version. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...

Example:

{
  "comment": "<comment>",
  "description": "<description>",
  "enabled": true,
  "id": "<id>",
  "name": "<name>",
  "rulegroup_version": 10
}

Update Rules

SDK: custom_ioa.UpdateRules

Parameters:

Name	Type	Required	Description
`comment`	string	Yes	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rule_updates`	object	Yes	rule updates. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rulegroup_id`	string	Yes	rulegroup id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rulegroup_version`	number	Yes	rulegroup version. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...

Example:

{
  "comment": "<comment>",
  "rule_updates": {},
  "rulegroup_id": "<rulegroup_id>",
  "rulegroup_version": 10
}

Update Rules V2

SDK: custom_ioa.UpdateRulesV2

Parameters:

Name	Type	Required	Description
`comment`	string	Yes	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rule_updates`	object	Yes	rule updates. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rulegroup_id`	string	Yes	rulegroup id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rulegroup_version`	number	Yes	rulegroup version. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...

Example:

{
  "comment": "<comment>",
  "rule_updates": {},
  "rulegroup_id": "<rulegroup_id>",
  "rulegroup_version": 10
}

Validate

SDK: custom_ioa.Validate

Parameters:

Name	Type	Required	Description
`fields`	object	Yes	fields. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "fields": {}
}

Device Control Policies

Operations for Device Control Policies

Operations

Operation	Name	Description
`create_device_control_policies`	Create Device Control Policies	SDK: device_control_policies.CreateDeviceControlPolicies
`delete_device_control_policies`	Delete Device Control Policies	SDK: device_control_policies.DeleteDeviceControlPolicies
`get_default_device_control_policies`	Get Default Device Control Policies	SDK: device_control_policies.GetDefaultDeviceControlPolicies
`get_device_control_policies`	Get Device Control Policies	SDK: device_control_policies.GetDeviceControlPolicies
`list_combined_device_control_policies`	List Combined Device Control Policies	SDK: device_control_policies.QueryCombinedDeviceControlPolicies
`list_combined_device_control_policy_members`	List Combined Device Control Policy Members	SDK: device_control_policies.QueryCombinedDeviceControlPolicyMembers
`list_device_control_policies`	List Device Control Policies	SDK: device_control_policies.QueryDeviceControlPolicies
`list_device_control_policy_members`	List Device Control Policy Members	SDK: device_control_policies.QueryDeviceControlPolicyMembers
`perform_device_control_policies_action`	Perform Device Control Policies Action	SDK: device_control_policies.PerformDeviceControlPoliciesAction
`set_device_control_policies_precedence`	Set Device Control Policies Precedence	SDK: device_control_policies.SetDeviceControlPoliciesPrecedence
`update_default_device_control_policies`	Update Default Device Control Policies	SDK: device_control_policies.UpdateDefaultDeviceControlPolicies
`update_device_control_policies`	Update Device Control Policies	SDK: device_control_policies.UpdateDeviceControlPolicies

Create Device Control Policies

SDK: device_control_policies.CreateDeviceControlPolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Delete Device Control Policies

SDK: device_control_policies.DeleteDeviceControlPolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Device Control Policies to delete

Example:

{
  "ids": ["<ids>"]
}

Get Default Device Control Policies

SDK: device_control_policies.GetDefaultDeviceControlPolicies

This operation has no parameters.

Example:

{
}

Get Device Control Policies

SDK: device_control_policies.GetDeviceControlPolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Device Control Policies to return

Example:

{
  "ids": ["<ids>"]
}

List Combined Device Control Policies

SDK: device_control_policies.QueryCombinedDeviceControlPolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Combined Device Control Policy Members

SDK: device_control_policies.QueryCombinedDeviceControlPolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Device Control Policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Device Control Policies

SDK: device_control_policies.QueryDeviceControlPolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Device Control Policy Members

SDK: device_control_policies.QueryDeviceControlPolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Device Control Policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Perform Device Control Policies Action

SDK: device_control_policies.PerformDeviceControlPoliciesAction

Parameters:

Name	Type	Required	Description
`action_parameters`	object	Yes	action parameters. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`ids`	array	Yes	ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "action_parameters": {},
  "ids": ["<ids>"]
}

Set Device Control Policies Precedence

SDK: device_control_policies.SetDeviceControlPoliciesPrecedence

Parameters:

Name	Type	Required	Description
`ids`	array	Yes	The ids of all current prevention policies for the platform specified. The precedence will be set...
`platform_name`	string	Yes	The name of the platform for which to set precedence

Example:

{
  "ids": ["<ids>"],
  "platform_name": "<platform_name>"
}

Update Default Device Control Policies

SDK: device_control_policies.UpdateDefaultDeviceControlPolicies

Parameters:

Name	Type	Required	Description
`custom_notifications`	object	No	custom notifications

Example:

{
  "custom_notifications": {}
}

Update Device Control Policies

SDK: device_control_policies.UpdateDeviceControlPolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Device Control With Bluetooth

Operations for Device Control With Bluetooth

Operations

Operation	Name	Description
`get_default_device_control_settings`	Get Default Device Control Settings	SDK: device_control_with_bluetooth.GetDefaultDeviceControlSettings
`get_device_control_policies_v2`	Get Device Control Policies V2	SDK: device_control_with_bluetooth.GetDeviceControlPoliciesV2
`post_device_control_policies_v2`	Post Device Control Policies V2	SDK: device_control_with_bluetooth.PostDeviceControlPoliciesV2
`update_default_device_control_settings`	Update Default Device Control Settings	SDK: device_control_with_bluetooth.UpdateDefaultDeviceControlSettings
`update_device_control_policies_classes_`	Update Device Control Policies Classes	SDK: device_control_with_bluetooth.PatchDeviceControlPoliciesClassesV1
`update_device_control_policies_v2`	Update Device Control Policies V2	SDK: device_control_with_bluetooth.PatchDeviceControlPoliciesV2

Get Default Device Control Settings

SDK: device_control_with_bluetooth.GetDefaultDeviceControlSettings

This operation has no parameters.

Example:

{
}

Get Device Control Policies V2

SDK: device_control_with_bluetooth.GetDeviceControlPoliciesV2

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the policies to get

Example:

{
  "ids": ["<ids>"]
}

Post Device Control Policies V2

SDK: device_control_with_bluetooth.PostDeviceControlPoliciesV2

Parameters:

Name	Type	Required	Description
`policies`	object	Yes	List of policies to create. Maximum batch size: 1000

Example:

{
  "policies": {}
}

Update Default Device Control Settings

SDK: device_control_with_bluetooth.UpdateDefaultDeviceControlSettings

Parameters:

Name	Type	Required	Description
`bluetooth_custom_notifications`	object	No	bluetooth custom notifications
`usb_custom_notifications`	object	No	usb custom notifications

Example:

{
  "bluetooth_custom_notifications": {},
  "usb_custom_notifications": {}
}

Update Device Control Policies Classes

SDK: device_control_with_bluetooth.PatchDeviceControlPoliciesClassesV1

Parameters:

Name	Type	Required	Description
`policies`	object	Yes	List of policy classes to update. Maximum batch size: 1000

Example:

{
  "policies": {}
}

Update Device Control Policies V2

SDK: device_control_with_bluetooth.PatchDeviceControlPoliciesV2

Parameters:

Name	Type	Required	Description
`policies`	object	Yes	List of policies to update. Maximum batch size: 1000

Example:

{
  "policies": {}
}

Firewall Management

Operations for Firewall Management

Operations

Operation	Name	Description
`aggregate_events`	Aggregate Events	SDK: firewall_management.AggregateEvents
`aggregate_policy_rules`	Aggregate Policy Rules	SDK: firewall_management.AggregatePolicyRules
`aggregate_rule_groups`	Aggregate Rule Groups	SDK: firewall_management.AggregateRuleGroups
`aggregate_rules`	Aggregate Rules	SDK: firewall_management.AggregateRules
`create_network_locations`	Create Network Locations	SDK: firewall_management.CreateNetworkLocations
`create_rule_group`	Create Rule Group	SDK: firewall_management.CreateRuleGroup
`create_rule_group_validation`	Create Rule Group Validation	SDK: firewall_management.CreateRuleGroupValidation
`delete_network_locations`	Delete Network Locations	SDK: firewall_management.DeleteNetworkLocations
`delete_rule_groups`	Delete Rule Groups	SDK: firewall_management.DeleteRuleGroups
`get_events`	Get Events	SDK: firewall_management.GetEvents
`get_firewall_fields`	Get Firewall Fields	SDK: firewall_management.GetFirewallFields
`get_network_locations`	Get Network Locations	SDK: firewall_management.GetNetworkLocations
`get_network_locations_details`	Get Network Locations Details	SDK: firewall_management.GetNetworkLocationsDetails
`get_platforms`	Get Platforms	SDK: firewall_management.GetPlatforms
`get_policy_containers`	Get Policy Containers	SDK: firewall_management.GetPolicyContainers
`get_rule_groups`	Get Rule Groups	SDK: firewall_management.GetRuleGroups
`get_rules`	Get Rules	SDK: firewall_management.GetRules
`list_events`	List Events	SDK: firewall_management.QueryEvents
`list_firewall_fields`	List Firewall Fields	SDK: firewall_management.QueryFirewallFields
`list_network_locations`	List Network Locations	SDK: firewall_management.QueryNetworkLocations
`list_platforms`	List Platforms	SDK: firewall_management.QueryPlatforms
`list_policy_rules`	List Policy Rules	SDK: firewall_management.QueryPolicyRules
`list_rule_groups`	List Rule Groups	SDK: firewall_management.QueryRuleGroups
`list_rules`	List Rules	SDK: firewall_management.QueryRules
`update_network_locations`	Update Network Locations	SDK: firewall_management.UpdateNetworkLocations
`update_network_locations_metadata`	Update Network Locations Metadata	SDK: firewall_management.UpdateNetworkLocationsMetadata
`update_network_locations_precedence`	Update Network Locations Precedence	SDK: firewall_management.UpdateNetworkLocationsPrecedence
`update_policy_container`	Update Policy Container	SDK: firewall_management.UpdatePolicyContainer
`update_policy_container_`	Update Policy Container	SDK: firewall_management.UpdatePolicyContainerV1
`update_rule_group`	Update Rule Group	SDK: firewall_management.UpdateRuleGroup
`update_rule_group_validation`	Update Rule Group Validation	SDK: firewall_management.UpdateRuleGroupValidation
`upsert_network_locations`	Upsert Network Locations	SDK: firewall_management.UpsertNetworkLocations
`validate_filepath_pattern`	Validate Filepath Pattern	SDK: firewall_management.ValidateFilepathPattern

Aggregate Events

SDK: firewall_management.AggregateEvents

Parameters:

Name	Type	Required	Description
`body`	object	No	Query criteria and settings

Example:

{
  "body": {}
}

Aggregate Policy Rules

SDK: firewall_management.AggregatePolicyRules

Parameters:

Name	Type	Required	Description
`body`	object	No	Query criteria and settings

Example:

{
  "body": {}
}

Aggregate Rule Groups

SDK: firewall_management.AggregateRuleGroups

Parameters:

Name	Type	Required	Description
`body`	object	No	Query criteria and settings

Example:

{
  "body": {}
}

Aggregate Rules

SDK: firewall_management.AggregateRules

Parameters:

Name	Type	Required	Description
`body`	object	No	Query criteria and settings

Example:

{
  "body": {}
}

Create Network Locations

SDK: firewall_management.CreateNetworkLocations

Parameters:

Name	Type	Required	Description
`connection_types`	object	Yes	connection types. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`default_gateways`	array	Yes	default gateways. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`dhcp_servers`	array	Yes	dhcp servers. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`dns_resolution_targets`	object	Yes	dns resolution targets
`dns_servers`	array	Yes	dns servers. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`enabled`	boolean	Yes	enabled. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`host_addresses`	array	Yes	host addresses. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`https_reachable_hosts`	object	Yes	https reachable hosts
`icmp_request_targets`	object	Yes	icmp request targets
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "connection_types": {},
  "default_gateways": ["<default_gateways>"],
  "description": "<description>",
  "dhcp_servers": ["<dhcp_servers>"],
  "dns_resolution_targets": {},
  "dns_servers": ["<dns_servers>"],
  "enabled": true,
  "host_addresses": ["<host_addresses>"],
  "https_reachable_hosts": {},
  "icmp_request_targets": {},
  "name": "<name>"
}

Create Rule Group

SDK: firewall_management.CreateRuleGroup

Parameters:

Name	Type	Required	Description
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`enabled`	boolean	Yes	enabled. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`platform`	string	Yes	platform. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rules`	object	Yes	rules. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "description": "<description>",
  "enabled": true,
  "name": "<name>",
  "platform": "<platform>",
  "rules": {}
}

Create Rule Group Validation

SDK: firewall_management.CreateRuleGroupValidation

Parameters:

Name	Type	Required	Description
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`enabled`	boolean	Yes	enabled. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`platform`	string	Yes	platform. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rules`	object	Yes	rules. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "description": "<description>",
  "enabled": true,
  "name": "<name>",
  "platform": "<platform>",
  "rules": {}
}

Delete Network Locations

SDK: firewall_management.DeleteNetworkLocations

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the network locations to be deleted

Example:

{
  "ids": ["<ids>"]
}

Delete Rule Groups

SDK: firewall_management.DeleteRuleGroups

Parameters:

Name	Type	Required	Description
`comment`	string	No	Audit log comment for this action
`ids`	array	No	The IDs of the rule groups to be deleted

Example:

{
  "comment": "<comment>",
  "ids": ["<ids>"]
}

Get Events

SDK: firewall_management.GetEvents

Parameters:

Name	Type	Required	Description
`ids`	array	No	The events to retrieve, identified by ID

Example:

{
  "ids": ["<ids>"]
}

Get Firewall Fields

SDK: firewall_management.GetFirewallFields

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the rule types to retrieve

Example:

{
  "ids": ["<ids>"]
}

Get Network Locations

SDK: firewall_management.GetNetworkLocations

Parameters:

Name	Type	Required	Description
`ids`	array	No	The events to retrieve, identified by ID

Example:

{
  "ids": ["<ids>"]
}

Get Network Locations Details

SDK: firewall_management.GetNetworkLocationsDetails

Parameters:

Name	Type	Required	Description
`ids`	array	No	The events to retrieve, identified by ID

Example:

{
  "ids": ["<ids>"]
}

Get Platforms

SDK: firewall_management.GetPlatforms

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the platforms to retrieve

Example:

{
  "ids": ["<ids>"]
}

Get Policy Containers

SDK: firewall_management.GetPolicyContainers

Parameters:

Name	Type	Required	Description
`ids`	array	No	The policy container(s) to retrieve, identified by policy ID

Example:

{
  "ids": ["<ids>"]
}

Get Rule Groups

SDK: firewall_management.GetRuleGroups

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the rule groups to retrieve

Example:

{
  "ids": ["<ids>"]
}

Get Rules

SDK: firewall_management.GetRules

Parameters:

Name	Type	Required	Description
`ids`	array	No	The rules to retrieve, identified by ID

Example:

{
  "ids": ["<ids>"]
}

List Events

SDK: firewall_management.QueryEvents

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`filter`	string	No	FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, descri...
`limit`	number	No	Number of ids to return.
`offset`	string	No	Starting index of overall result set from which to return ids.
`sort`	string	No	Possible order by fields:

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "offset": "<offset>",
  "sort": "<sort>"
}

List Firewall Fields

SDK: firewall_management.QueryFirewallFields

Parameters:

Name	Type	Required	Description
`limit`	number	No	Number of ids to return.
`offset`	string	No	Starting index of overall result set from which to return ids.
`platform_id`	string	No	Get fields configuration for this platform

Example:

{
  "limit": 10,
  "offset": "<offset>",
  "platform_id": "<platform_id>"
}

List Network Locations

SDK: firewall_management.QueryNetworkLocations

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`filter`	string	No	FQL query specifying the filter parameters. Filter term criteria: name
`limit`	number	No	Number of ids to return.
`offset`	string	No	Starting index of overall result set from which to return ids.
`sort`	string	No	Possible order by fields:

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "offset": "<offset>",
  "sort": "<sort>"
}

List Platforms

SDK: firewall_management.QueryPlatforms

Parameters:

Name	Type	Required	Description
`limit`	number	No	Number of ids to return.
`offset`	string	No	Starting index of overall result set from which to return ids.

Example:

{
  "limit": 10,
  "offset": "<offset>"
}

List Policy Rules

SDK: firewall_management.QueryPolicyRules

Parameters:

Name	Type	Required	Description
`filter`	string	No	FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, descri...
`id`	string	No	The ID of the policy container within which to query
`limit`	number	No	Number of ids to return.
`offset`	string	No	Starting index of overall result set from which to return ids.
`sort`	string	No	Possible order by fields:

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": "<offset>",
  "sort": "<sort>"
}

List Rule Groups

SDK: firewall_management.QueryRuleGroups

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`filter`	string	No	FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, descri...
`limit`	number	No	Number of ids to return.
`offset`	string	No	Starting index of overall result set from which to return ids.
`sort`	string	No	Possible order by fields:

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "offset": "<offset>",
  "sort": "<sort>"
}

List Rules

SDK: firewall_management.QueryRules

Parameters:

Name	Type	Required	Description
`after`	string	No	A pagination token used with the `limit` parameter to manage pagination of results. On your first...
`filter`	string	No	FQL query specifying the filter parameters. Filter term criteria: enabled, platform, name, descri...
`limit`	number	No	Number of ids to return.
`offset`	string	No	Starting index of overall result set from which to return ids.
`sort`	string	No	Possible order by fields:

Example:

{
  "after": "<after>",
  "filter": "<filter>",
  "limit": 10,
  "offset": "<offset>",
  "sort": "<sort>"
}

Update Network Locations

SDK: firewall_management.UpdateNetworkLocations

Parameters:

Name	Type	Required	Description
`connection_types`	object	Yes	connection types. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`created_by`	string	No	created by. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`created_on`	string	No	created on. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`default_gateways`	array	Yes	default gateways. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`dhcp_servers`	array	Yes	dhcp servers. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`dns_resolution_targets`	object	Yes	dns resolution targets
`dns_servers`	array	Yes	dns servers. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`enabled`	boolean	Yes	enabled. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`host_addresses`	array	Yes	host addresses. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`https_reachable_hosts`	object	Yes	https reachable hosts
`icmp_request_targets`	object	Yes	icmp request targets
`id`	string	Yes
`modified_by`	string	No	modified by. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`modified_on`	string	No	modified on. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "connection_types": {},
  "created_by": "<created_by>",
  "created_on": "<created_on>",
  "default_gateways": ["<default_gateways>"],
  "description": "<description>",
  "dhcp_servers": ["<dhcp_servers>"],
  "dns_resolution_targets": {},
  "dns_servers": ["<dns_servers>"],
  "enabled": true,
  "host_addresses": ["<host_addresses>"],
  "https_reachable_hosts": {},
  "icmp_request_targets": {},
  "id": "<id>",
  "modified_by": "<modified_by>",
  "modified_on": "<modified_on>",
  "name": "<name>"
}

Update Network Locations Metadata

SDK: firewall_management.UpdateNetworkLocationsMetadata

Parameters:

Name	Type	Required	Description
`cid`	string	Yes	cid. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`dns_resolution_targets_polling_interval`	number	Yes	dns resolution targets polling interval
`https_reachable_hosts_polling_interval`	number	Yes	https reachable hosts polling interval
`icmp_request_targets_polling_interval`	number	Yes	icmp request targets polling interval
`location_precedence`	array	Yes	location precedence. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/op...

Example:

{
  "cid": "<cid>",
  "dns_resolution_targets_polling_interval": 10,
  "https_reachable_hosts_polling_interval": 10,
  "icmp_request_targets_polling_interval": 10,
  "location_precedence": ["<location_precedence>"]
}

Update Network Locations Precedence

SDK: firewall_management.UpdateNetworkLocationsPrecedence

Parameters:

Name	Type	Required	Description
`cid`	string	Yes	cid. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`location_precedence`	array	Yes	location precedence. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/op...

Example:

{
  "cid": "<cid>",
  "location_precedence": ["<location_precedence>"]
}

Update Policy Container

SDK: firewall_management.UpdatePolicyContainer

Parameters:

Name	Type	Required	Description
`default_inbound`	string	Yes	default inbound. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`default_outbound`	string	Yes	default outbound. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`enforce`	boolean	Yes	enforce. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`is_default_policy`	boolean	No	is default policy. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`local_logging`	boolean	Yes	local logging. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`platform_id`	string	Yes	platform id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`policy_id`	string	Yes	policy id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rule_group_ids`	array	Yes	rule group ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`test_mode`	boolean	Yes	test mode. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`tracking`	string	No	tracking. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "default_inbound": "<default_inbound>",
  "default_outbound": "<default_outbound>",
  "enforce": true,
  "is_default_policy": true,
  "local_logging": true,
  "platform_id": "<platform_id>",
  "policy_id": "<policy_id>",
  "rule_group_ids": ["<rule_group_ids>"],
  "test_mode": true,
  "tracking": "<tracking>"
}

Update Policy Container

SDK: firewall_management.UpdatePolicyContainerV1

Parameters:

Name	Type	Required	Description
`default_inbound`	string	Yes	default inbound. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`default_outbound`	string	Yes	default outbound. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`enforce`	boolean	Yes	enforce. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`is_default_policy`	boolean	No	is default policy. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`local_logging`	boolean	Yes	local logging. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`platform_id`	string	Yes	platform id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`policy_id`	string	Yes	policy id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rule_group_ids`	array	Yes	rule group ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`test_mode`	boolean	Yes	test mode. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`tracking`	string	No	tracking. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "default_inbound": "<default_inbound>",
  "default_outbound": "<default_outbound>",
  "enforce": true,
  "is_default_policy": true,
  "local_logging": true,
  "platform_id": "<platform_id>",
  "policy_id": "<policy_id>",
  "rule_group_ids": ["<rule_group_ids>"],
  "test_mode": true,
  "tracking": "<tracking>"
}

Update Rule Group

SDK: firewall_management.UpdateRuleGroup

Parameters:

Name	Type	Required	Description
`diff_operations`	object	Yes	diff operations. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`diff_type`	string	Yes	diff type. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	Yes
`rule_ids`	array	Yes	rule ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rule_versions`	array	Yes	rule versions. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`tracking`	string	Yes	tracking. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "diff_operations": {},
  "diff_type": "<diff_type>",
  "id": "<id>",
  "rule_ids": ["<rule_ids>"],
  "rule_versions": ["<rule_versions>"],
  "tracking": "<tracking>"
}

Update Rule Group Validation

SDK: firewall_management.UpdateRuleGroupValidation

Parameters:

Name	Type	Required	Description
`diff_operations`	object	Yes	diff operations. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`diff_type`	string	Yes	diff type. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	Yes
`rule_ids`	array	Yes	rule ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`rule_versions`	array	Yes	rule versions. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`tracking`	string	Yes	tracking. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "diff_operations": {},
  "diff_type": "<diff_type>",
  "id": "<id>",
  "rule_ids": ["<rule_ids>"],
  "rule_versions": ["<rule_versions>"],
  "tracking": "<tracking>"
}

Upsert Network Locations

SDK: firewall_management.UpsertNetworkLocations

Parameters:

Name	Type	Required	Description
`connection_types`	object	Yes	connection types. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`created_by`	string	No	created by. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`created_on`	string	No	created on. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`default_gateways`	array	Yes	default gateways. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`dhcp_servers`	array	Yes	dhcp servers. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`dns_resolution_targets`	object	Yes	dns resolution targets
`dns_servers`	array	Yes	dns servers. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`enabled`	boolean	Yes	enabled. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`host_addresses`	array	Yes	host addresses. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`https_reachable_hosts`	object	Yes	https reachable hosts
`icmp_request_targets`	object	Yes	icmp request targets
`id`	string	Yes
`modified_by`	string	No	modified by. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`modified_on`	string	No	modified on. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "connection_types": {},
  "created_by": "<created_by>",
  "created_on": "<created_on>",
  "default_gateways": ["<default_gateways>"],
  "description": "<description>",
  "dhcp_servers": ["<dhcp_servers>"],
  "dns_resolution_targets": {},
  "dns_servers": ["<dns_servers>"],
  "enabled": true,
  "host_addresses": ["<host_addresses>"],
  "https_reachable_hosts": {},
  "icmp_request_targets": {},
  "id": "<id>",
  "modified_by": "<modified_by>",
  "modified_on": "<modified_on>",
  "name": "<name>"
}

Validate Filepath Pattern

SDK: firewall_management.ValidateFilepathPattern

Parameters:

Name	Type	Required	Description
`filepath_pattern`	string	Yes	filepath pattern. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`filepath_test_string`	string	Yes	filepath test string

Example:

{
  "filepath_pattern": "<filepath_pattern>",
  "filepath_test_string": "<filepath_test_string>"
}

Firewall Policies

Operations for Firewall Policies

Operations

Operation	Name	Description
`create_firewall_policies`	Create Firewall Policies	SDK: firewall_policies.CreateFirewallPolicies
`delete_firewall_policies`	Delete Firewall Policies	SDK: firewall_policies.DeleteFirewallPolicies
`get_firewall_policies`	Get Firewall Policies	SDK: firewall_policies.GetFirewallPolicies
`list_combined_firewall_policies`	List Combined Firewall Policies	SDK: firewall_policies.QueryCombinedFirewallPolicies
`list_combined_firewall_policy_members`	List Combined Firewall Policy Members	SDK: firewall_policies.QueryCombinedFirewallPolicyMembers
`list_firewall_policies`	List Firewall Policies	SDK: firewall_policies.QueryFirewallPolicies
`list_firewall_policy_members`	List Firewall Policy Members	SDK: firewall_policies.QueryFirewallPolicyMembers
`perform_firewall_policies_action`	Perform Firewall Policies Action	SDK: firewall_policies.PerformFirewallPoliciesAction
`set_firewall_policies_precedence`	Set Firewall Policies Precedence	SDK: firewall_policies.SetFirewallPoliciesPrecedence
`update_firewall_policies`	Update Firewall Policies	SDK: firewall_policies.UpdateFirewallPolicies

Create Firewall Policies

SDK: firewall_policies.CreateFirewallPolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Delete Firewall Policies

SDK: firewall_policies.DeleteFirewallPolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Firewall Policies to delete

Example:

{
  "ids": ["<ids>"]
}

Get Firewall Policies

SDK: firewall_policies.GetFirewallPolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Firewall Policies to return

Example:

{
  "ids": ["<ids>"]
}

List Combined Firewall Policies

SDK: firewall_policies.QueryCombinedFirewallPolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Combined Firewall Policy Members

SDK: firewall_policies.QueryCombinedFirewallPolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Firewall Policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Firewall Policies

SDK: firewall_policies.QueryFirewallPolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Firewall Policy Members

SDK: firewall_policies.QueryFirewallPolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Firewall Policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Perform Firewall Policies Action

SDK: firewall_policies.PerformFirewallPoliciesAction

Parameters:

Name	Type	Required	Description
`action_parameters`	object	Yes	action parameters. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`ids`	array	Yes	ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "action_parameters": {},
  "ids": ["<ids>"]
}

Set Firewall Policies Precedence

SDK: firewall_policies.SetFirewallPoliciesPrecedence

Parameters:

Name	Type	Required	Description
`ids`	array	Yes	The ids of all current prevention policies for the platform specified. The precedence will be set...
`platform_name`	string	Yes	The name of the platform for which to set precedence

Example:

{
  "ids": ["<ids>"],
  "platform_name": "<platform_name>"
}

Update Firewall Policies

SDK: firewall_policies.UpdateFirewallPolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Image Assessment Policies

Operations for Image Assessment Policies

Operations

Operation	Name	Description
`create_policies`	Create Policies	SDK: image_assessment_policies.CreatePolicies
`create_policy_groups`	Create Policy Groups	SDK: image_assessment_policies.CreatePolicyGroups
`delete_policy`	Delete Policy	SDK: image_assessment_policies.DeletePolicy
`delete_policy_group`	Delete Policy Group	SDK: image_assessment_policies.DeletePolicyGroup
`read_policies`	Read Policies	SDK: image_assessment_policies.ReadPolicies
`read_policy_exclusions`	Read Policy Exclusions	SDK: image_assessment_policies.ReadPolicyExclusions
`read_policy_groups`	Read Policy Groups	SDK: image_assessment_policies.ReadPolicyGroups
`update_policies`	Update Policies	SDK: image_assessment_policies.UpdatePolicies
`update_policy_exclusions`	Update Policy Exclusions	SDK: image_assessment_policies.UpdatePolicyExclusions
`update_policy_groups`	Update Policy Groups	SDK: image_assessment_policies.UpdatePolicyGroups
`update_policy_precedence`	Update Policy Precedence	SDK: image_assessment_policies.UpdatePolicyPrecedence

Create Policies

SDK: image_assessment_policies.CreatePolicies

Parameters:

Name	Type	Required	Description
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "description": "<description>",
  "name": "<name>"
}

Create Policy Groups

SDK: image_assessment_policies.CreatePolicyGroups

Parameters:

Name	Type	Required	Description
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`policy_group_data`	object	No	policy group data. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`policy_id`	string	No	policy id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "description": "<description>",
  "name": "<name>",
  "policy_group_data": {},
  "policy_id": "<policy_id>"
}

Delete Policy

SDK: image_assessment_policies.DeletePolicy

Parameters:

Name	Type	Required	Description
`id`	string	No	Image Assessment Policy entity UUID

Example:

{
  "id": "<id>"
}

Delete Policy Group

SDK: image_assessment_policies.DeletePolicyGroup

Parameters:

Name	Type	Required	Description
`id`	string	No	Policy Image Group entity UUID

Example:

{
  "id": "<id>"
}

Read Policies

SDK: image_assessment_policies.ReadPolicies

This operation has no parameters.

Example:

{
}

Read Policy Exclusions

SDK: image_assessment_policies.ReadPolicyExclusions

This operation has no parameters.

Example:

{
}

Read Policy Groups

SDK: image_assessment_policies.ReadPolicyGroups

This operation has no parameters.

Example:

{
}

Update Policies

SDK: image_assessment_policies.UpdatePolicies

Parameters:

Name	Type	Required	Description
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`is_enabled`	boolean	Yes	is enabled. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`policy_data`	object	No	policy data. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "description": "<description>",
  "is_enabled": true,
  "name": "<name>",
  "policy_data": {}
}

Update Policy Exclusions

SDK: image_assessment_policies.UpdatePolicyExclusions

Parameters:

Name	Type	Required	Description
`conditions`	object	Yes	conditions. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "conditions": {}
}

Update Policy Groups

SDK: image_assessment_policies.UpdatePolicyGroups

Parameters:

Name	Type	Required	Description
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`policy_group_data`	object	No	policy group data. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...

Example:

{
  "description": "<description>",
  "name": "<name>",
  "policy_group_data": {}
}

Update Policy Precedence

SDK: image_assessment_policies.UpdatePolicyPrecedence

Parameters:

Name	Type	Required	Description
`precedence`	array	Yes	precedence. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "precedence": ["<precedence>"]
}

Ioa Exclusions

Operations for Ioa Exclusions

Operations

Operation	Name	Description
`create_ioaexclusions_`	Create Ioaexclusions	SDK: ioa_exclusions.CreateIOAExclusionsV1
`delete_ioaexclusions_`	Delete Ioaexclusions	SDK: ioa_exclusions.DeleteIOAExclusionsV1
`get_ioaexclusions_`	Get Ioaexclusions	SDK: ioa_exclusions.GetIOAExclusionsV1
`list_ioaexclusions_`	List Ioaexclusions	SDK: ioa_exclusions.QueryIOAExclusionsV1
`update_ioaexclusions_`	Update Ioaexclusions	SDK: ioa_exclusions.UpdateIOAExclusionsV1

Create Ioaexclusions

SDK: ioa_exclusions.CreateIOAExclusionsV1

Parameters:

Name	Type	Required	Description
`cl_regex`	string	Yes	cl regex. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`comment`	string	No	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`detection_json`	string	Yes	detection json. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`groups`	array	Yes	groups. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`ifn_regex`	string	Yes	ifn regex. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`pattern_id`	string	Yes	pattern id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`pattern_name`	string	Yes	pattern name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "cl_regex": "<cl_regex>",
  "comment": "<comment>",
  "description": "<description>",
  "detection_json": "<detection_json>",
  "groups": ["<groups>"],
  "ifn_regex": "<ifn_regex>",
  "name": "<name>",
  "pattern_id": "<pattern_id>",
  "pattern_name": "<pattern_name>"
}

Delete Ioaexclusions

SDK: ioa_exclusions.DeleteIOAExclusionsV1

Parameters:

Name	Type	Required	Description
`comment`	string	No	Explains why this exclusions was deleted
`ids`	array	No	The ids of the exclusions to delete

Example:

{
  "comment": "<comment>",
  "ids": ["<ids>"]
}

Get Ioaexclusions

SDK: ioa_exclusions.GetIOAExclusionsV1

Parameters:

Name	Type	Required	Description
`ids`	array	No	The ids of the exclusions to retrieve

Example:

{
  "ids": ["<ids>"]
}

List Ioaexclusions

SDK: ioa_exclusions.QueryIOAExclusionsV1

Parameters:

Name	Type	Required	Description
`cl_regex`	string	No	The `cl_regex` expression to filter exclusions by, used alongside expressions specified in the fi...
`filter`	string	No	The filter expression that should be used to limit the results. Filtered queries involving regex ...
`ifn_regex`	string	No	The `ifn_regex` expression to filter exclusions by, used alongside expressions specified in the f...
`limit`	number	No	The maximum records to return. [1-500]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The sort expression that should be used to sort the results.

Example:

{
  "cl_regex": "<cl_regex>",
  "filter": "<filter>",
  "ifn_regex": "<ifn_regex>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Update Ioaexclusions

SDK: ioa_exclusions.UpdateIOAExclusionsV1

Parameters:

Name	Type	Required	Description
`cl_regex`	string	Yes	cl regex. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`comment`	string	No	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`description`	string	Yes	description. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`detection_json`	string	Yes	detection json. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`groups`	array	Yes	groups. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	Yes
`ifn_regex`	string	Yes	ifn regex. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`name`	string	Yes	name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`pattern_id`	string	Yes	pattern id. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`pattern_name`	string	Yes	pattern name. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "cl_regex": "<cl_regex>",
  "comment": "<comment>",
  "description": "<description>",
  "detection_json": "<detection_json>",
  "groups": ["<groups>"],
  "id": "<id>",
  "ifn_regex": "<ifn_regex>",
  "name": "<name>",
  "pattern_id": "<pattern_id>",
  "pattern_name": "<pattern_name>"
}

Ml Exclusions

Operations for Ml Exclusions

Operations

Operation	Name	Description
`create_mlexclusions_`	Create Mlexclusions	SDK: ml_exclusions.CreateMLExclusionsV1
`delete_mlexclusions_`	Delete Mlexclusions	SDK: ml_exclusions.DeleteMLExclusionsV1
`get_mlexclusions_`	Get Mlexclusions	SDK: ml_exclusions.GetMLExclusionsV1
`list_mlexclusions_`	List Mlexclusions	SDK: ml_exclusions.QueryMLExclusionsV1
`update_mlexclusions_`	Update Mlexclusions	SDK: ml_exclusions.UpdateMLExclusionsV1

Create Mlexclusions

SDK: ml_exclusions.CreateMLExclusionsV1

Parameters:

Name	Type	Required	Description
`comment`	string	No	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`excluded_from`	array	Yes	excluded from. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`groups`	array	Yes	groups. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`value`	string	No	value. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "comment": "<comment>",
  "excluded_from": ["<excluded_from>"],
  "groups": ["<groups>"],
  "value": "<value>"
}

Delete Mlexclusions

SDK: ml_exclusions.DeleteMLExclusionsV1

Parameters:

Name	Type	Required	Description
`comment`	string	No	Explains why this exclusions was deleted
`ids`	array	No	The ids of the exclusions to delete

Example:

{
  "comment": "<comment>",
  "ids": ["<ids>"]
}

Get Mlexclusions

SDK: ml_exclusions.GetMLExclusionsV1

Parameters:

Name	Type	Required	Description
`ids`	array	No	The ids of the exclusions to retrieve

Example:

{
  "ids": ["<ids>"]
}

List Mlexclusions

SDK: ml_exclusions.QueryMLExclusionsV1

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results.
`limit`	number	No	The maximum records to return. [1-500]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The sort expression that should be used to sort the results.

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Update Mlexclusions

SDK: ml_exclusions.UpdateMLExclusionsV1

Parameters:

Name	Type	Required	Description
`comment`	string	No	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`groups`	array	Yes	groups. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	Yes
`is_descendant_process`	boolean	Yes	is descendant process
`value`	string	No	value. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "comment": "<comment>",
  "groups": ["<groups>"],
  "id": "<id>",
  "is_descendant_process": true,
  "value": "<value>"
}

Prevention Policies

Operations for Prevention Policies

Operations

Operation	Name	Description
`create_prevention_policies`	Create Prevention Policies	SDK: prevention_policies.CreatePreventionPolicies
`delete_prevention_policies`	Delete Prevention Policies	SDK: prevention_policies.DeletePreventionPolicies
`get_prevention_policies`	Get Prevention Policies	SDK: prevention_policies.GetPreventionPolicies
`list_combined_prevention_policies`	List Combined Prevention Policies	SDK: prevention_policies.QueryCombinedPreventionPolicies
`list_combined_prevention_policy_members`	List Combined Prevention Policy Members	SDK: prevention_policies.QueryCombinedPreventionPolicyMembers
`list_prevention_policies`	List Prevention Policies	SDK: prevention_policies.QueryPreventionPolicies
`list_prevention_policy_members`	List Prevention Policy Members	SDK: prevention_policies.QueryPreventionPolicyMembers
`perform_prevention_policies_action`	Perform Prevention Policies Action	SDK: prevention_policies.PerformPreventionPoliciesAction
`set_prevention_policies_precedence`	Set Prevention Policies Precedence	SDK: prevention_policies.SetPreventionPoliciesPrecedence
`update_prevention_policies`	Update Prevention Policies	SDK: prevention_policies.UpdatePreventionPolicies

Create Prevention Policies

SDK: prevention_policies.CreatePreventionPolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Delete Prevention Policies

SDK: prevention_policies.DeletePreventionPolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Prevention Policies to delete

Example:

{
  "ids": ["<ids>"]
}

Get Prevention Policies

SDK: prevention_policies.GetPreventionPolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Prevention Policies to return

Example:

{
  "ids": ["<ids>"]
}

List Combined Prevention Policies

SDK: prevention_policies.QueryCombinedPreventionPolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Combined Prevention Policy Members

SDK: prevention_policies.QueryCombinedPreventionPolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Prevention Policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Prevention Policies

SDK: prevention_policies.QueryPreventionPolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Prevention Policy Members

SDK: prevention_policies.QueryPreventionPolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Prevention Policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Perform Prevention Policies Action

SDK: prevention_policies.PerformPreventionPoliciesAction

Parameters:

Name	Type	Required	Description
`action_parameters`	object	Yes	action parameters. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`ids`	array	Yes	ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "action_parameters": {},
  "ids": ["<ids>"]
}

Set Prevention Policies Precedence

SDK: prevention_policies.SetPreventionPoliciesPrecedence

Parameters:

Name	Type	Required	Description
`ids`	array	Yes	The ids of all current prevention policies for the platform specified. The precedence will be set...
`platform_name`	string	Yes	The name of the platform for which to set precedence

Example:

{
  "ids": ["<ids>"],
  "platform_name": "<platform_name>"
}

Update Prevention Policies

SDK: prevention_policies.UpdatePreventionPolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Response Policies

Operations for Response Policies

Operations

Operation	Name	Description
`create_rtresponse_policies`	Create Rtresponse Policies	SDK: response_policies.CreateRTResponsePolicies
`delete_rtresponse_policies`	Delete Rtresponse Policies	SDK: response_policies.DeleteRTResponsePolicies
`get_rtresponse_policies`	Get Rtresponse Policies	SDK: response_policies.GetRTResponsePolicies
`list_combined_rtresponse_policies`	List Combined Rtresponse Policies	SDK: response_policies.QueryCombinedRTResponsePolicies
`list_combined_rtresponse_policy_members`	List Combined Rtresponse Policy Members	SDK: response_policies.QueryCombinedRTResponsePolicyMembers
`list_rtresponse_policies`	List Rtresponse Policies	SDK: response_policies.QueryRTResponsePolicies
`list_rtresponse_policy_members`	List Rtresponse Policy Members	SDK: response_policies.QueryRTResponsePolicyMembers
`perform_rtresponse_policies_action`	Perform Rtresponse Policies Action	SDK: response_policies.PerformRTResponsePoliciesAction
`set_rtresponse_policies_precedence`	Set Rtresponse Policies Precedence	SDK: response_policies.SetRTResponsePoliciesPrecedence
`update_rtresponse_policies`	Update Rtresponse Policies	SDK: response_policies.UpdateRTResponsePolicies

Create Rtresponse Policies

SDK: response_policies.CreateRTResponsePolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Delete Rtresponse Policies

SDK: response_policies.DeleteRTResponsePolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Response Policies to delete

Example:

{
  "ids": ["<ids>"]
}

Get Rtresponse Policies

SDK: response_policies.GetRTResponsePolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the RTR Policies to return

Example:

{
  "ids": ["<ids>"]
}

List Combined Rtresponse Policies

SDK: response_policies.QueryCombinedRTResponsePolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Combined Rtresponse Policy Members

SDK: response_policies.QueryCombinedRTResponsePolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Response policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Rtresponse Policies

SDK: response_policies.QueryRTResponsePolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to determine the results.
`limit`	number	No	The maximum number of records to return [1-5000]
`offset`	number	No	The offset of the first record to retrieve from
`sort`	string	No	The property to sort results by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Rtresponse Policy Members

SDK: response_policies.QueryRTResponsePolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Response policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Perform Rtresponse Policies Action

SDK: response_policies.PerformRTResponsePoliciesAction

Parameters:

Name	Type	Required	Description
`action_parameters`	object	Yes	action parameters. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`ids`	array	Yes	ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "action_parameters": {},
  "ids": ["<ids>"]
}

Set Rtresponse Policies Precedence

SDK: response_policies.SetRTResponsePoliciesPrecedence

Parameters:

Name	Type	Required	Description
`ids`	array	Yes	The ids of all current prevention policies for the platform specified. The precedence will be set...
`platform_name`	string	Yes	The name of the platform for which to set precedence

Example:

{
  "ids": ["<ids>"],
  "platform_name": "<platform_name>"
}

Update Rtresponse Policies

SDK: response_policies.UpdateRTResponsePolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Sensor Update Policies

Operations for Sensor Update Policies

Operations

Operation	Name	Description
`create_sensor_update_policies`	Create Sensor Update Policies	SDK: sensor_update_policies.CreateSensorUpdatePolicies
`create_sensor_update_policies_v2`	Create Sensor Update Policies V2	SDK: sensor_update_policies.CreateSensorUpdatePoliciesV2
`delete_sensor_update_policies`	Delete Sensor Update Policies	SDK: sensor_update_policies.DeleteSensorUpdatePolicies
`get_sensor_update_policies`	Get Sensor Update Policies	SDK: sensor_update_policies.GetSensorUpdatePolicies
`get_sensor_update_policies_v2`	Get Sensor Update Policies V2	SDK: sensor_update_policies.GetSensorUpdatePoliciesV2
`list_combined_sensor_update_builds`	List Combined Sensor Update Builds	SDK: sensor_update_policies.QueryCombinedSensorUpdateBuilds
`list_combined_sensor_update_kernels`	List Combined Sensor Update Kernels	SDK: sensor_update_policies.QueryCombinedSensorUpdateKernels
`list_combined_sensor_update_policies`	List Combined Sensor Update Policies	SDK: sensor_update_policies.QueryCombinedSensorUpdatePolicies
`list_combined_sensor_update_policies_v2`	List Combined Sensor Update Policies V2	SDK: sensor_update_policies.QueryCombinedSensorUpdatePoliciesV2
`list_combined_sensor_update_policy_members`	List Combined Sensor Update Policy Members	SDK: sensor_update_policies.QueryCombinedSensorUpdatePolicyMembers
`list_sensor_update_kernels_distinct`	List Sensor Update Kernels Distinct	SDK: sensor_update_policies.QuerySensorUpdateKernelsDistinct
`list_sensor_update_policies`	List Sensor Update Policies	SDK: sensor_update_policies.QuerySensorUpdatePolicies
`list_sensor_update_policy_members`	List Sensor Update Policy Members	SDK: sensor_update_policies.QuerySensorUpdatePolicyMembers
`perform_sensor_update_policies_action`	Perform Sensor Update Policies Action	SDK: sensor_update_policies.PerformSensorUpdatePoliciesAction
`reveal_uninstall_token`	Reveal Uninstall Token	SDK: sensor_update_policies.RevealUninstallToken
`set_sensor_update_policies_precedence`	Set Sensor Update Policies Precedence	SDK: sensor_update_policies.SetSensorUpdatePoliciesPrecedence
`update_sensor_policies`	Update Sensor Policies	SDK: sensor_update_policies.UpdateSensorUpdatePolicies
`update_sensor_policies_v2`	Update Sensor Policies V2	SDK: sensor_update_policies.UpdateSensorUpdatePoliciesV2

Create Sensor Update Policies

SDK: sensor_update_policies.CreateSensorUpdatePolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Create Sensor Update Policies V2

SDK: sensor_update_policies.CreateSensorUpdatePoliciesV2

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Delete Sensor Update Policies

SDK: sensor_update_policies.DeleteSensorUpdatePolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Sensor Update Policies to delete

Example:

{
  "ids": ["<ids>"]
}

Get Sensor Update Policies

SDK: sensor_update_policies.GetSensorUpdatePolicies

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Sensor Update Policies to return

Example:

{
  "ids": ["<ids>"]
}

Get Sensor Update Policies V2

SDK: sensor_update_policies.GetSensorUpdatePoliciesV2

Parameters:

Name	Type	Required	Description
`ids`	array	No	The IDs of the Sensor Update Policies to return

Example:

{
  "ids": ["<ids>"]
}

List Combined Sensor Update Builds

SDK: sensor_update_policies.QueryCombinedSensorUpdateBuilds

Parameters:

Name	Type	Required	Description
`platform`	string	No	The platform to return builds for
`stage`	array	No	The stages to return builds for

Example:

{
  "platform": "<platform>",
  "stage": ["<stage>"]
}

List Combined Sensor Update Kernels

SDK: sensor_update_policies.QueryCombinedSensorUpdateKernels

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-500]
`offset`	number	No	The offset to start retrieving records from

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10
}

List Combined Sensor Update Policies

SDK: sensor_update_policies.QueryCombinedSensorUpdatePolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Combined Sensor Update Policies V2

SDK: sensor_update_policies.QueryCombinedSensorUpdatePoliciesV2

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Combined Sensor Update Policy Members

SDK: sensor_update_policies.QueryCombinedSensorUpdatePolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Sensor Update Policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Sensor Update Kernels Distinct

SDK: sensor_update_policies.QuerySensorUpdateKernelsDistinct

Parameters:

Name	Type	Required	Description
`distinct_field`	string	No	The field name to get distinct values for
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-500]
`offset`	number	No	The offset to start retrieving records from

Example:

{
  "distinct_field": "<distinct_field>",
  "filter": "<filter>",
  "limit": 10,
  "offset": 10
}

List Sensor Update Policies

SDK: sensor_update_policies.QuerySensorUpdatePolicies

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

List Sensor Update Policy Members

SDK: sensor_update_policies.QuerySensorUpdatePolicyMembers

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results
`id`	string	No	The ID of the Sensor Update Policy to search for members of
`limit`	number	No	The maximum records to return. [1-5000]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The property to sort by

Example:

{
  "filter": "<filter>",
  "id": "<id>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Perform Sensor Update Policies Action

SDK: sensor_update_policies.PerformSensorUpdatePoliciesAction

Parameters:

Name	Type	Required	Description
`action_parameters`	object	Yes	action parameters. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/open...
`ids`	array	Yes	ids. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "action_parameters": {},
  "ids": ["<ids>"]
}

Reveal Uninstall Token

SDK: sensor_update_policies.RevealUninstallToken

Parameters:

Name	Type	Required	Description
`audit_message`	string	No	An optional message to append to the recorded audit log
`device_id`	string	Yes	The id of the device to reveal the token for

Example:

{
  "audit_message": "<audit_message>",
  "device_id": "<device_id>"
}

Set Sensor Update Policies Precedence

SDK: sensor_update_policies.SetSensorUpdatePoliciesPrecedence

Parameters:

Name	Type	Required	Description
`ids`	array	Yes	The ids of all current prevention policies for the platform specified. The precedence will be set...
`platform_name`	string	Yes	The name of the platform for which to set precedence

Example:

{
  "ids": ["<ids>"],
  "platform_name": "<platform_name>"
}

Update Sensor Policies

SDK: sensor_update_policies.UpdateSensorUpdatePolicies

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Update Sensor Policies V2

SDK: sensor_update_policies.UpdateSensorUpdatePoliciesV2

Parameters:

Name	Type	Required	Description
`resources`	array	Yes	Batch operation - array of JSON strings. Each item should be: {"field1":"value1","field2":"value...

Example:

{
  "resources": ["<resources>"]
}

Sensor Visibility Exclusions

Operations for Sensor Visibility Exclusions

Operations

Operation	Name	Description
`create_svexclusions_`	Create Svexclusions	SDK: sensor_visibility_exclusions.CreateSVExclusionsV1
`delete_sensor_visibility_exclusions_`	Delete Sensor Visibility Exclusions	SDK: sensor_visibility_exclusions.DeleteSensorVisibilityExclusionsV1
`get_sensor_visibility_exclusions_`	Get Sensor Visibility Exclusions	SDK: sensor_visibility_exclusions.GetSensorVisibilityExclusionsV1
`list_sensor_visibility_exclusions_`	List Sensor Visibility Exclusions	SDK: sensor_visibility_exclusions.QuerySensorVisibilityExclusionsV1
`update_sensor_visibility_exclusions_`	Update Sensor Visibility Exclusions	SDK: sensor_visibility_exclusions.UpdateSensorVisibilityExclusionsV1

Create Svexclusions

SDK: sensor_visibility_exclusions.CreateSVExclusionsV1

Parameters:

Name	Type	Required	Description
`comment`	string	No	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`groups`	array	Yes	groups. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`is_descendant_process`	boolean	No	is descendant process
`value`	string	No	value. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "comment": "<comment>",
  "groups": ["<groups>"],
  "is_descendant_process": true,
  "value": "<value>"
}

Delete Sensor Visibility Exclusions

SDK: sensor_visibility_exclusions.DeleteSensorVisibilityExclusionsV1

Parameters:

Name	Type	Required	Description
`comment`	string	No	Explains why this exclusions was deleted
`ids`	array	No	The ids of the exclusions to delete

Example:

{
  "comment": "<comment>",
  "ids": ["<ids>"]
}

Get Sensor Visibility Exclusions

SDK: sensor_visibility_exclusions.GetSensorVisibilityExclusionsV1

Parameters:

Name	Type	Required	Description
`ids`	array	No	The ids of the exclusions to retrieve

Example:

{
  "ids": ["<ids>"]
}

List Sensor Visibility Exclusions

SDK: sensor_visibility_exclusions.QuerySensorVisibilityExclusionsV1

Parameters:

Name	Type	Required	Description
`filter`	string	No	The filter expression that should be used to limit the results.
`limit`	number	No	The maximum records to return. [1-500]
`offset`	number	No	The offset to start retrieving records from
`sort`	string	No	The sort expression that should be used to sort the results.

Example:

{
  "filter": "<filter>",
  "limit": 10,
  "offset": 10,
  "sort": "<sort>"
}

Update Sensor Visibility Exclusions

SDK: sensor_visibility_exclusions.UpdateSensorVisibilityExclusionsV1

Parameters:

Name	Type	Required	Description
`comment`	string	No	comment. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`groups`	array	Yes	groups. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/
`id`	string	Yes
`is_descendant_process`	boolean	Yes	is descendant process
`value`	string	No	value. See CrowdStrike API documentation: https://developer.crowdstrike.com/docs/openapi/

Example:

{
  "comment": "<comment>",
  "groups": ["<groups>"],
  "id": "<id>",
  "is_descendant_process": true,
  "value": "<value>"
}

Best Practices

Use Appropriate Filters: Leverage FQL (Falcon Query Language) filters to narrow down results and improve performance.
Implement Pagination: For operations returning large datasets, use limit and offset parameters to paginate results.
Handle Rate Limits: CrowdStrike APIs have rate limits. Implement appropriate delays and retry logic in your workflows.
Secure Credentials: Never log or expose API credentials. Use NINA's credential management for secure storage.
Use Specific Scopes: When creating API clients, only request the minimum required API scopes.
Monitor API Usage: Track your API usage to avoid hitting rate limits during critical operations.
Validate IDs: Always validate resource IDs before using them in update or delete operations.
Error Handling: Implement comprehensive error handling for API failures and unexpected responses.

Troubleshooting

Issue	Possible Solution
401 Unauthorized	Verify Client ID and Client Secret are correct; check if credentials have expired
403 Forbidden	Ensure API client has required scopes for the operation
404 Not Found	Verify the resource ID exists and is accessible with your credentials
429 Too Many Requests	Rate limit exceeded; implement delays between requests
Invalid Filter	Check FQL syntax; refer to CrowdStrike FQL documentation
Connection Timeout	Verify network connectivity and correct Base URL for your region
Empty Results	Verify filter criteria; check if resources exist in your environment

Support

For issues with this integration, please contact support with:

The operation you were attempting
Any error messages received
The parameters used (excluding sensitive data)
Your CrowdStrike cloud region

For CrowdStrike API documentation, visit: CrowdStrike Developer Portal

Updated: 2026-02-05

Overview​

Capabilities​

Credential Configuration​

Authentication Method​

How It Works​

CrowdStrike Cloud Regions​

How to Obtain API Credentials​

Required API Scopes​

Creating a CrowdStrike Credential in NINA​

Supported Resources​

Resource Details​

Cao Hunting​

Operations​

Aggregate Intelligence Queries​

Get Archive Export​

Get Intelligence Queries​

Search Intelligence Queries​

Certificate Based Exclusions​

Operations​

Cb Exclusions Create​

Cb Exclusions Delete​

Cb Exclusions Get​

Cb Exclusions Update​

Certificates Get​

List Cb Exclusions​

Content Update Policies​

Operations​

Create Content Update Policies​

Delete Content Update Policies​

Get Content Update Policies​

List Combined Content Update Policies​

List Combined Content Update Policy Members​

List Content Update Policies​

List Content Update Policy Members​

List Pinnable Content Versions​

Perform Content Update Policies Action​

Set Content Update Policies Precedence​

Update Content Policies​

Correlation Rules​

Operations​

Aggregates Rule Versions Post​

Combined Rules Get​

Combined Rules Get V2​

Entities Latest Rules Get​

Entities Rule Versions Delete​

Entities Rule Versions Export Post​

Entities Rule Versions Import Post​

Entities Rule Versions Publish Patch​

Entities Rules Delete​

Entities Rules Get​

Entities Rules Get V2​

Entities Rules Patch​

Entities Rules Post​

Queries Rules Get​

Queries Rules Get V2​

Correlation Rules Admin​

Operations​

Entities Rules Ownership Put​

Custom Ioa​

Operations​

Create Rule​

Create Rule Group Mixin0​

Delete Rule Groups Mixin0​

Delete Rules​

Get Patterns​

Get Platforms Mixin0​

Get Rule Groups Mixin0​

Get Rule Types​

Get Rules​

Get Rules Mixin0​

List Patterns​

List Platforms Mixin0​

List Rule Groups Full​

List Rule Groups Mixin0​

List Rule Types​

List Rules Mixin0​

Update Rule Group Mixin0​

Update Rules​

Update Rules V2​

Validate​

Overview

Capabilities

Credential Configuration

Authentication Method

How It Works

CrowdStrike Cloud Regions

How to Obtain API Credentials

Required API Scopes

Creating a CrowdStrike Credential in NINA

Supported Resources

Resource Details

Cao Hunting

Operations

Aggregate Intelligence Queries

Get Archive Export

Get Intelligence Queries

Search Intelligence Queries

Certificate Based Exclusions

Operations

Cb Exclusions Create

Cb Exclusions Delete

Cb Exclusions Get

Cb Exclusions Update

Certificates Get

List Cb Exclusions

Content Update Policies

Operations

Create Content Update Policies

Delete Content Update Policies

Get Content Update Policies

List Combined Content Update Policies

List Combined Content Update Policy Members

List Content Update Policies

List Content Update Policy Members

List Pinnable Content Versions

Perform Content Update Policies Action

Set Content Update Policies Precedence

Update Content Policies

Correlation Rules

Operations

Aggregates Rule Versions Post

Combined Rules Get

Combined Rules Get V2

Entities Latest Rules Get

Entities Rule Versions Delete

Entities Rule Versions Export Post

Entities Rule Versions Import Post

Entities Rule Versions Publish Patch

Entities Rules Delete

Entities Rules Get

Entities Rules Get V2

Entities Rules Patch

Entities Rules Post

Queries Rules Get

Queries Rules Get V2

Correlation Rules Admin

Operations

Entities Rules Ownership Put

Custom Ioa

Operations

Create Rule

Create Rule Group Mixin0

Delete Rule Groups Mixin0

Delete Rules

Get Patterns

Get Platforms Mixin0

Get Rule Groups Mixin0

Get Rule Types

Get Rules

Get Rules Mixin0

List Patterns

List Platforms Mixin0

List Rule Groups Full

List Rule Groups Mixin0

List Rule Types

List Rules Mixin0

Update Rule Group Mixin0

Update Rules

Update Rules V2

Validate