-
Notifications
You must be signed in to change notification settings - Fork 119
Terminology
The following terms have specific definitions for usage within this documentation.
The following definitions are utilized for the terms listed above.
GitHub-powered workflow that performs specific repository operations.
Example: Package deployment, Unit testing
Not to be confused with the action
keyword used in the Uber Class, or keys potentially found in body and parameter payloads.
Solution used to perform authentication to the CrowdStrike API. The FalconPy SDK supports 5 discrete authentication mechanisms.
Mechanism | Behavior |
---|---|
Credential Authentication |
Credentials are provided as a dictionary containing the keys client_id and client_secret to the class using the creds keyword. |
Direct Authentication |
Credentials are provided directly to the class as the keywords client_id and client_secret . |
Environment Authentication |
Credentials are retrieved from the environment at runtime from the FALCON_CLIENT_ID and FALCON_CLIENT_SECRET variables. |
Legacy Authentication |
A token is generated using the OAuth2 Service Class or the Uber Class and then provided to the new class using the access_token keyword.This mechanism does not support automatic token refresh. |
Object Authentication |
The auth_object from a previously authenticated instance of a Service Class or the Uber Class itself is leveraged to share authentication between classes. |
The base address used for API requests.
Examples: US1 or https://api.crowdstrike.com
FalconPy supports the following CrowdStrike Base URLs:
Short name | Base URL |
---|---|
US1 | api.crowdstrike.com |
US2 | api.us-2.crowdstrike.com |
EU1 | api.eu-1.crowdstrike.com |
USGOV1 | api.laggar.gcw.crowdstrike.com |
You may specify the short name or the base URL (with or without https://
) when using the base_url
keyword.
Programmatic logic used to abstract body payload parameters into keywords for use within FalconPy library methods.
More detail about body payload abstraction can be found in the Payload Handling documentation.
A pre-release version of FalconPy available on the test package index.
In object-oriented programming, a class is an extensible program-code-template for creating objects, providing initial values for state (member variables) and implementations of behavior (member functions or methods).
(Definition provided by Wikipedia)
Starting in version 0.8.6, developers using the US1
, US2
or EU1
regions no
longer need to specify their base_url
as this value is auto-discovered as part of the authentication process.
Please note:
USGOV1
users will still need to provide this value.
Short name | Base URL | Auto discovery support? |
---|---|---|
US1 | https://api.crowdstrike.com | |
US2 | https://api.us-2.crowdstrike.com | |
EU1 | https://api.eu-1.crowdstrike.com | |
USGOV1 | https://api.laggar.gcw.crowdstrike.com |
The percentage of code which is covered by automated unit testing. The FalconPy library maintains 100% code coverage for all released versions.
The method that is called when creating an instance of a class. By convention, this method is named __init__
.
This term is sometimes used as a verb: First construct an instance of the class...
A class used as a generic abstraction layer to represent a discrete segment or type of data.
A stand-alone class that extends the functionality provided by an interface class.
A combination of HTTP method and route that is used to perform a specific API operation.
The sub-module within FalconPy that contains definitions for every endpoint within the CrowdStrike API.
The measure of the ability to extend a software system and the level of effort required to implement the extension.
(Definition provided by Wikipedia)
More detail regarding extending existing functionality within FalconPy can be found in the Extensibility documentation.
A helper-class within FalconPy that facilitates payload and module debugging.
Falcon Query Language - The syntax used to provide filters and sort specifications to API requests.
More information about FQL can be found here.
HTTP operation (GET, POST, PATCH, PUT, DELETE, UPDATE) to use when sending a request to a specific endpoint route.
The combination of Route and HTTP Method define a specific API operation.
Shorthand abbreviation for Identity Protection.
A class used as a generic abstraction layer to provide base functionality to all derivative classes that inherit it.
Shorthand abbreviation for Indicator of Attack.
Shorthand abbreviation for Indicator of Compromise.
Context: Instance of XYZ Service Class
A single object, constructed or instantiated using a specific class definition.
A question, bug or enhancement request for the FalconPy library.
User submitted issues that do not result in a bug finding or enhancement request are converted into discussions and posted to the q & a section of our discussion board.
We want to hear from you! Please let us know of any issues you encounter.
The process of redacting sensitive information from debug logs. Log Sanitization is enabled within FalconPy by default, but can be disabled using the sanitize_log
keyword. Currently bearer tokens, client_id
, client_secret
and member_cid
are redacted.
A function defined within a library class or module that executes a discrete sequence of steps. Typically this is in reference to a method that performs a specific API operation.
Examples: query_detects, query_devices_by_filter
The term method
is also used to refer to the HTTP method used to communicate with a specific endpoint route.
Shorthand abbreviation for Machine Learning.
Performing a request against a specific endpoint route within the CrowdStrike API using one of the allowed HTTP methods to accomplish a specific task.
More detail regarding Operations can be found here.
Unique string used to identify an operation from among all available operations within all CrowdStrike API service collections. Operation IDs are case sensitive.
More detail regarding Operation IDs can be found here.
FalconPy-specific term for using Operation IDs as the method names within Service Classes for calls that interact with the CrowdStrike API.
Generic reference to the installation bundle for the FalconPy library.
Generic reference to PyPI, the Python Package Index.
Programmatic logic used to abstract query string payload parameters into keywords for use within FalconPy library methods.
More detail about parameter abstraction can be found in the Payload Handling documentation.
In computing and telecommunications, the payload is the part of transmitted data that is the actual intended message. Headers and metadata are sent only to enable payload delivery.
(Definition provided by Wikipedia)
More detail regarding payload types and how they are handled can be found here.
The sub-module within FalconPy that contains helpers for creating and managing body
payloads used for API requests.
Python Enhancement Proposal #8 - A commonly referenced Python enhancement proposal that is used as the programmatic style guide for code implemented within this library.
More details about PEP 8 can be found here.
Python Enhancement Proposal #257 - A commonly referenced Python enhancement proposal that governs the semantics and conventions associated with Python docstrings used within this library.
More details about PEP 257 can be found here.
Shorthand abbreviation for Pull Request.
Consuming the response from the CrowdStrike API as a Python object instead of a JSON formatted dictionary.
A formally distributed version of FalconPy, available on the production package index.
The URL address of an endpoint, without the Base URL, that identifies the location of a specific Operation.
Shorthand abbreviation for Real Time Response.
A FalconPy class that represents a single CrowdStrike API service collection, with methods defined for every operation within that service collection.
More detail regarding basic Service Class usage can be found here.
Collection of API endpoints that comprise a specific CrowdStrike offering.
Service collections are also sometimes called the generic term "API" or "API collection".
Examples: Detects, the Hosts collection, the Real Time Response API
Swagger is a set of open-source tools built around the OpenAPI Specification that can help you design, build, document and consume REST APIs.
More detail regarding Swagger / OpenAPI Specification can be found here.
A standalone FalconPy class that provides a singular harness to every operation within every service collection of the CrowdStrike API.
More detail regarding basic Uber Class usage can be found here.
A single test performed using the FalconPy library to confirm programmatic logic executes as intended. One unit test may be comprised of multiple real or simulated API operations.
A series of unit tests performed using the FalconPy library to confirm functionality. Typically performed after a push or merge to the repository, these can also be executed by developers locally. Unit testing is designed to test every available code path within the FalconPy library, not necessarily every element of CrowdStrike API functionality.
Shorthand abbreviation for Zero Trust Assessment.
Is there a term referenced within this repository that you feel needs a definition? Let us know by posting to our discussion board!
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust