Installation Tokens
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Gets the details of one or more audit events by id. | ||||
|
Check current installation token settings. | ||||
|
Update installation token settings. | ||||
|
Gets the details of one or more tokens by id. | ||||
|
Creates a token. | ||||
|
Deletes a token immediately. To revoke a token, use tokens_update instead. | ||||
|
Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore. | ||||
|
Search for audit events by providing a FQL filter and paging details. | ||||
|
Search for tokens by providing a FQL filter and paging details. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Gets the details of one or more audit events by id.
audit_events_read
| Method | Route |
|---|---|
 |
/installation-tokens/entities/audit-events/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
 |
|
query | string or list of strings | ID(s) of the audit events to retrieve details for. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.audit_events_read(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("audit_events_read", ids=id_list)
print(response)Back to Table of Contents
Check current installation token settings.
customer_settings_read
| Method | Route |
|---|---|
|
/installation-tokens/entities/customer-settings/v1 |
- Consumes: application/json
- Produces: application/json
No keywords or arguments accepted.
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.customer_settings_read()
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("customer_settings_read")
print(response)Back to Table of Contents
Update installation token settings.
customer-settings-update
| Method | Route |
|---|---|
 |
/installation-tokens/entities/customer-settings/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
 |
body | dictionary | Full body payload in JSON format. |
| max_active_tokens |
|
 |
body | integer | Maximum number of active tokens. |
| tokens_required |
|
|
body | boolean | Flag indicating if tokens are required. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.customer_settings_update(max_active_tokens=integer,
tokens_required=boolean
)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"max_active_tokens": integer,
"tokens_required": boolean
}
response = falcon.command("customer_settings_update", body=BODY)
print(response)Back to Table of Contents
Gets the details of one or more tokens by id.
tokens_read
| Method | Route |
|---|---|
|
/installation-tokens/entities/tokens/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | ID(s) of the tokens to retrieve details for. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_read(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("tokens_read", ids=id_list)
print(response)Back to Table of Contents
Creates a token.
tokens_create
| Method | Route |
|---|---|
 |
/installation-tokens/entities/tokens/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| expires_timestamp |
|
|
body | string | Expiration timestamp. UTC format. |
| label |
|
|
body | string | Installation token label. |
| revoked |
|
|
body | boolean | Flag indicating if the token is revoked. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.tokens_create(expires_timestamp="string",
label="string",
revoked=boolean
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"expires_timestamp": "2021-09-22T02:28:11.762Z",
"label": "string",
"revoked": boolean
}
response = falcon.command("tokens_create", body=BODY)
print(response)Back to Table of Contents
Deletes a token immediately. To revoke a token, use tokens_update instead.
tokens_delete
| Method | Route |
|---|---|
 |
/installation-tokens/entities/tokens/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | string or list of strings | ID(s) of the tokens to delete. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_delete(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("tokens_delete", ids=id_list)
print(response)Back to Table of Contents
Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.
tokens_update
| Method | Route |
|---|---|
|
/installation-tokens/entities/tokens/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body |
|
|
body | dictionary | Full body payload in JSON format. |
| expires_timestamp |
|
|
body | string | Expiration timestamp. UTC format. |
| label |
|
|
body | string | Installation token label. |
| ids |
|
|
query | string or list of strings | ID(s) of the tokens to update. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| revoked |
|
|
body | boolean | Flag indicating if the token is revoked. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.tokens_update(expires_timestamp="string",
label="string",
ids=id_list,
revoked=boolean
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"expires_timestamp": "2021-09-22T02:28:11.762Z",
"label": "string",
"revoked": boolean
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("tokens_update", body=BODY, ids=id_list)
print(response)Back to Table of Contents
Search for audit events by providing a FQL filter and paging details.
audit_events_query
| Method | Route |
|---|---|
|
/installation-tokens/queries/audit-events/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | FQL Syntax formatted string used to limit the results. |
| limit |
|
|
query | integer | Maximum number of records to return. (Max: 1000, Default: 10) |
| offset |
|
|
query | integer | Starting index of overall result set from which to return ids. |
| sort |
|
|
query | string | The property to sort by. (Ex: timestamp.desc) |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.audit_events_query(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("audit_events_query",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)Back to Table of Contents
Search for tokens by providing a FQL filter and paging details.
tokens_query
| Method | Route |
|---|---|
|
/installation-tokens/queries/tokens/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | FQL Syntax formatted string used to limit the results. |
| limit |
|
|
query | integer | Maximum number of records to return. (Max: 1000, Default: 10) |
| offset |
|
|
query | integer | Starting index of overall result set from which to return ids. |
| sort |
|
|
query | string | The property to sort by. (Ex: created_timestamp.desc) |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import InstallationTokens
# Do not hardcode API credentials!
falcon = InstallationTokens(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.tokens_query(offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("tokens_query",
offset=integer,
limit=integer,
sort="string",
filter="string"
)
print(response)Back to Table of Contents
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
