OpenAPIClient-php

Use this API specification as a reference for the API endpoints you can use to interact with your Falcon environment. These endpoints support authentication via OAuth2 and interact with detections and network containment. For detailed usage guides and examples, see our documentation inside the Falcon console.

To use the APIs described below, combine the base URL with the path shown for each API endpoint. For commercial cloud customers, your base URL is https://api.eu-1.crowdstrike.com.

Each API endpoint requires authorization via an OAuth2 token. Your first API request should retrieve an OAuth2 token using the oauth2/token endpoint, such as https://api.eu-1.crowdstrike.com/oauth2/token. For subsequent requests, include the OAuth2 token in an HTTP authorization header. Tokens expire after 30 minutes, after which you should make a new token request to continue making API requests.

Installation & Usage

Requirements

PHP 7.2 and later.

Composer

To install the bindings via Composer, add the following to composer.json:

{
  "repositories": [
    {
      "type": "vcs",
      "url": "https://github.com/MartinMulder/openapi-crowdstrike-falcon-php.git"
    }
  ],
  "require": {
    "MartinMulder/openapi-crowdstrike-falcon-php": "*@dev"
  }
}

Then run composer install

Manual Installation

Download the files and include autoload.php:

<?php
require_once('/path/to/OpenAPIClient-php/vendor/autoload.php');

Getting Started

Please follow the installation procedure and then run the following:

<?php
require_once(__DIR__ . '/vendor/autoload.php');



// Configure OAuth2 access token for authorization: oauth2
$config = OpenAPI\Client\Configuration::getDefaultConfiguration()->setAccessToken('YOUR_ACCESS_TOKEN');


$apiInstance = new OpenAPI\Client\Api\CloudConnectAwsApi(
    // If you want use custom http client, pass your client which implements `GuzzleHttp\ClientInterface`.
    // This is optional, `GuzzleHttp\Client` will be used as default.
    new GuzzleHttp\Client(),
    $config
);
$body = new \OpenAPI\Client\Model\ModelsModifyAWSCustomerSettingsV1(); // \OpenAPI\Client\Model\ModelsModifyAWSCustomerSettingsV1

try {
    $result = $apiInstance->createOrUpdateAWSSettings($body);
    print_r($result);
} catch (Exception $e) {
    echo 'Exception when calling CloudConnectAwsApi->createOrUpdateAWSSettings: ', $e->getMessage(), PHP_EOL;
}

API Endpoints

All URIs are relative to https://api.eu-1.crowdstrike.com

Class	Method	HTTP request	Description
CloudConnectAwsApi	createOrUpdateAWSSettings	POST /cloud-connect-aws/entities/settings/v1	Create or update Global Settings which are applicable to all provisioned AWS accounts
CloudConnectAwsApi	deleteAWSAccounts	DELETE /cloud-connect-aws/entities/accounts/v1	Delete a set of AWS Accounts by specifying their IDs
CloudConnectAwsApi	getAWSAccounts	GET /cloud-connect-aws/entities/accounts/v1	Retrieve a set of AWS Accounts by specifying their IDs
CloudConnectAwsApi	getAWSSettings	GET /cloud-connect-aws/combined/settings/v1	Retrieve a set of Global Settings which are applicable to all provisioned AWS accounts
CloudConnectAwsApi	provisionAWSAccounts	POST /cloud-connect-aws/entities/accounts/v1	Provision AWS Accounts by specifying details about the accounts to provision
CloudConnectAwsApi	queryAWSAccounts	GET /cloud-connect-aws/combined/accounts/v1	Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria
CloudConnectAwsApi	queryAWSAccountsForIDs	GET /cloud-connect-aws/queries/accounts/v1	Search for provisioned AWS Accounts by providing an FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria
CloudConnectAwsApi	updateAWSAccounts	PATCH /cloud-connect-aws/entities/accounts/v1	Update AWS Accounts by specifying the ID of the account and details to update
CloudConnectAwsApi	verifyAWSAccountAccess	POST /cloud-connect-aws/entities/verify-account-access/v1	Performs an Access Verification check on the specified AWS Account IDs
CspmRegistrationApi	createCSPMAwsAccount	POST /cloud-connect-cspm-aws/entities/account/v1	Creates a new account in our system for a customer and generates a script for them to run in their AWS cloud environment to grant us access.
CspmRegistrationApi	createCSPMAzureAccount	POST /cloud-connect-cspm-azure/entities/account/v1	Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
CspmRegistrationApi	deleteCSPMAwsAccount	DELETE /cloud-connect-cspm-aws/entities/account/v1	Deletes an existing AWS account or organization in our system.
CspmRegistrationApi	deleteCSPMAzureAccount	DELETE /cloud-connect-cspm-azure/entities/account/v1	Deletes an Azure subscription from the system.
CspmRegistrationApi	getCSPMAwsAccount	GET /cloud-connect-cspm-aws/entities/account/v1	Returns information about the current status of an AWS account.
CspmRegistrationApi	getCSPMAwsAccountScriptsAttachment	GET /cloud-connect-cspm-aws/entities/user-scripts-download/v1	Return a script for customer to run in their cloud environment to grant us access to their AWS environment as a downloadable attachment.
CspmRegistrationApi	getCSPMAwsConsoleSetupURLs	GET /cloud-connect-cspm-aws/entities/console-setup-urls/v1	Return a URL for customer to visit in their cloud environment to grant us access to their AWS environment.
CspmRegistrationApi	getCSPMAzureAccount	GET /cloud-connect-cspm-azure/entities/account/v1	Return information about Azure account registration
CspmRegistrationApi	getCSPMAzureUserScriptsAttachment	GET /cloud-connect-cspm-azure/entities/user-scripts-download/v1	Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
CspmRegistrationApi	getCSPMPolicy	GET /settings/entities/policy-details/v1	Given a policy ID, returns detailed policy information.
CspmRegistrationApi	getCSPMPolicySettings	GET /settings/entities/policy/v1	Returns information about current policy settings.
CspmRegistrationApi	getCSPMScanSchedule	GET /settings/scan-schedule/v1	Returns scan schedule configuration for one or more cloud platforms.
CspmRegistrationApi	updateCSPMAzureAccountClientID	PATCH /cloud-connect-cspm-azure/entities/client-id/v1	Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
CspmRegistrationApi	updateCSPMPolicySettings	PATCH /settings/entities/policy/v1	Updates a policy setting - can be used to override policy severity or to disable a policy entirely.
CspmRegistrationApi	updateCSPMScanSchedule	POST /settings/scan-schedule/v1	Updates scan schedule configuration for one or more cloud platforms.
CustomIoaApi	createRule	POST /ioarules/entities/rules/v1	Create a rule within a rule group. Returns the rule.
CustomIoaApi	createRuleGroupMixin0	POST /ioarules/entities/rule-groups/v1	Create a rule group for a platform with a name and an optional description. Returns the rule group.
CustomIoaApi	deleteRuleGroupsMixin0	DELETE /ioarules/entities/rule-groups/v1	Delete rule groups by ID.
CustomIoaApi	deleteRules	DELETE /ioarules/entities/rules/v1	Delete rules from a rule group by ID.
CustomIoaApi	getPatterns	GET /ioarules/entities/pattern-severities/v1	Get pattern severities by ID.
CustomIoaApi	getPlatformsMixin0	GET /ioarules/entities/platforms/v1	Get platforms by ID.
CustomIoaApi	getRuleGroupsMixin0	GET /ioarules/entities/rule-groups/v1	Get rule groups by ID.
CustomIoaApi	getRuleTypes	GET /ioarules/entities/rule-types/v1	Get rule types by ID.
CustomIoaApi	getRulesGet	POST /ioarules/entities/rules/GET/v1	Get rules by ID and optionally version in the following format: `ID[:version]`.
CustomIoaApi	getRulesMixin0	GET /ioarules/entities/rules/v1	Get rules by ID and optionally version in the following format: `ID[:version]`. The max number of IDs is constrained by URL size.
CustomIoaApi	queryPatterns	GET /ioarules/queries/pattern-severities/v1	Get all pattern severity IDs.
CustomIoaApi	queryPlatformsMixin0	GET /ioarules/queries/platforms/v1	Get all platform IDs.
CustomIoaApi	queryRuleGroupsFull	GET /ioarules/queries/rule-groups-full/v1	Find all rule groups matching the query with optional filter.
CustomIoaApi	queryRuleGroupsMixin0	GET /ioarules/queries/rule-groups/v1	Finds all rule group IDs matching the query with optional filter.
CustomIoaApi	queryRuleTypes	GET /ioarules/queries/rule-types/v1	Get all rule type IDs.
CustomIoaApi	queryRulesMixin0	GET /ioarules/queries/rules/v1	Finds all rule IDs matching the query with optional filter.
CustomIoaApi	updateRuleGroupMixin0	PATCH /ioarules/entities/rule-groups/v1	Update a rule group. The following properties can be modified: name, description, enabled.
CustomIoaApi	updateRules	PATCH /ioarules/entities/rules/v1	Update rules within a rule group. Return the updated rules.
CustomIoaApi	validate	POST /ioarules/entities/rules/validate/v1	Validates field values and checks for matches if a test string is provided.
D4cRegistrationApi	createCSPMAzureAccount	POST /cloud-connect-azure/entities/account/v1	Creates a new account in our system for a customer and generates a script for them to run in their cloud environment to grant us access.
D4cRegistrationApi	createCSPMGCPAccount	POST /cloud-connect-gcp/entities/account/v1	Creates a new account in our system for a customer and generates a new service account for them to add access to in their GCP environment to grant us access.
D4cRegistrationApi	getCSPMAzureAccount	GET /cloud-connect-azure/entities/account/v1	Return information about Azure account registration
D4cRegistrationApi	getCSPMAzureUserScripts	GET /cloud-connect-azure/entities/user-scripts/v1	Return a script for customer to run in their cloud environment to grant us access to their Azure environment
D4cRegistrationApi	getCSPMAzureUserScriptsAttachment	GET /cloud-connect-azure/entities/user-scripts-download/v1	Return a script for customer to run in their cloud environment to grant us access to their Azure environment as a downloadable attachment
D4cRegistrationApi	getCSPMCGPAccount	GET /cloud-connect-gcp/entities/account/v1	Returns information about the current status of an GCP account.
D4cRegistrationApi	getCSPMGCPUserScripts	GET /cloud-connect-gcp/entities/user-scripts/v1	Return a script for customer to run in their cloud environment to grant us access to their GCP environment
D4cRegistrationApi	getCSPMGCPUserScriptsAttachment	GET /cloud-connect-gcp/entities/user-scripts-download/v1	Return a script for customer to run in their cloud environment to grant us access to their GCP environment as a downloadable attachment
D4cRegistrationApi	updateCSPMAzureAccountClientID	PATCH /cloud-connect-azure/entities/client-id/v1	Update an Azure service account in our system by with the user-created client_id created with the public key we've provided
DetectsApi	getAggregateDetects	POST /detects/aggregates/detects/GET/v1	Get detect aggregates as specified via json in request body.
DetectsApi	getDetectSummaries	POST /detects/entities/summaries/GET/v1	View information about detections
DetectsApi	queryDetects	GET /detects/queries/detects/v1	Search for detection IDs that match a given query
DetectsApi	updateDetectsByIdsV2	PATCH /detects/entities/detects/v2	Modify the state, assignee, and visibility of detections
DeviceControlPoliciesApi	createDeviceControlPolicies	POST /policy/entities/device-control/v1	Create Device Control Policies by specifying details about the policy to create
DeviceControlPoliciesApi	deleteDeviceControlPolicies	DELETE /policy/entities/device-control/v1	Delete a set of Device Control Policies by specifying their IDs
DeviceControlPoliciesApi	getDeviceControlPolicies	GET /policy/entities/device-control/v1	Retrieve a set of Device Control Policies by specifying their IDs
DeviceControlPoliciesApi	performDeviceControlPoliciesAction	POST /policy/entities/device-control-actions/v1	Perform the specified action on the Device Control Policies specified in the request
DeviceControlPoliciesApi	queryCombinedDeviceControlPolicies	GET /policy/combined/device-control/v1	Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policies which match the filter criteria
DeviceControlPoliciesApi	queryCombinedDeviceControlPolicyMembers	GET /policy/combined/device-control-members/v1	Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria
DeviceControlPoliciesApi	queryDeviceControlPolicies	GET /policy/queries/device-control/v1	Search for Device Control Policies in your environment by providing an FQL filter and paging details. Returns a set of Device Control Policy IDs which match the filter criteria
DeviceControlPoliciesApi	queryDeviceControlPolicyMembers	GET /policy/queries/device-control-members/v1	Search for members of a Device Control Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
DeviceControlPoliciesApi	setDeviceControlPoliciesPrecedence	POST /policy/entities/device-control-precedence/v1	Sets the precedence of Device Control Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
DeviceControlPoliciesApi	updateDeviceControlPolicies	PATCH /policy/entities/device-control/v1	Update Device Control Policies by specifying the ID of the policy and details to update
EventStreamsApi	listAvailableStreamsOAuth2	GET /sensors/entities/datafeed/v2	Discover all event streams in your environment
EventStreamsApi	refreshActiveStreamSession	POST /sensors/entities/datafeed-actions/v1/{partition}	Refresh an active event stream. Use the URL shown in a GET /sensors/entities/datafeed/v2 response.
FirewallManagementApi	aggregateEvents	POST /fwmgr/aggregates/events/GET/v1	Aggregate events for customer
FirewallManagementApi	aggregatePolicyRules	POST /fwmgr/aggregates/policy-rules/GET/v1	Aggregate rules within a policy for customer
FirewallManagementApi	aggregateRuleGroups	POST /fwmgr/aggregates/rule-groups/GET/v1	Aggregate rule groups for customer
FirewallManagementApi	aggregateRules	POST /fwmgr/aggregates/rules/GET/v1	Aggregate rules for customer
FirewallManagementApi	createRuleGroup	POST /fwmgr/entities/rule-groups/v1	Create new rule group on a platform for a customer with a name and description, and return the ID
FirewallManagementApi	deleteRuleGroups	DELETE /fwmgr/entities/rule-groups/v1	Delete rule group entities by ID
FirewallManagementApi	getEvents	GET /fwmgr/entities/events/v1	Get events entities by ID and optionally version
FirewallManagementApi	getFirewallFields	GET /fwmgr/entities/firewall-fields/v1	Get the firewall field specifications by ID
FirewallManagementApi	getPlatforms	GET /fwmgr/entities/platforms/v1	Get platforms by ID, e.g., windows or mac or droid
FirewallManagementApi	getPolicyContainers	GET /fwmgr/entities/policies/v1	Get policy container entities by policy ID
FirewallManagementApi	getRuleGroups	GET /fwmgr/entities/rule-groups/v1	Get rule group entities by ID. These groups do not contain their rule entites, just the rule IDs in precedence order.
FirewallManagementApi	getRules	GET /fwmgr/entities/rules/v1	Get rule entities by ID (64-bit unsigned int as decimal string) or Family ID (32-character hexadecimal string)
FirewallManagementApi	queryEvents	GET /fwmgr/queries/events/v1	Find all event IDs matching the query with filter
FirewallManagementApi	queryFirewallFields	GET /fwmgr/queries/firewall-fields/v1	Get the firewall field specification IDs for the provided platform
FirewallManagementApi	queryPlatforms	GET /fwmgr/queries/platforms/v1	Get the list of platform names
FirewallManagementApi	queryPolicyRules	GET /fwmgr/queries/policy-rules/v1	Find all firewall rule IDs matching the query with filter, and return them in precedence order
FirewallManagementApi	queryRuleGroups	GET /fwmgr/queries/rule-groups/v1	Find all rule group IDs matching the query with filter
FirewallManagementApi	queryRules	GET /fwmgr/queries/rules/v1	Find all rule IDs matching the query with filter
FirewallManagementApi	updatePolicyContainer	PUT /fwmgr/entities/policies/v1	Update an identified policy container
FirewallManagementApi	updateRuleGroup	PATCH /fwmgr/entities/rule-groups/v1	Update name, description, or enabled status of a rule group, or create, edit, delete, or reorder rules
HostGroupApi	createHostGroups	POST /devices/entities/host-groups/v1	Create Host Groups by specifying details about the group to create
HostGroupApi	deleteHostGroups	DELETE /devices/entities/host-groups/v1	Delete a set of Host Groups by specifying their IDs
HostGroupApi	getHostGroups	GET /devices/entities/host-groups/v1	Retrieve a set of Host Groups by specifying their IDs
HostGroupApi	performGroupAction	POST /devices/entities/host-group-actions/v1	Perform the specified action on the Host Groups specified in the request
HostGroupApi	queryCombinedGroupMembers	GET /devices/combined/host-group-members/v1	Search for members of a Host Group in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria
HostGroupApi	queryCombinedHostGroups	GET /devices/combined/host-groups/v1	Search for Host Groups in your environment by providing an FQL filter and paging details. Returns a set of Host Groups which match the filter criteria
HostGroupApi	queryGroupMembers	GET /devices/queries/host-group-members/v1	Search for members of a Host Group in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
HostGroupApi	queryHostGroups	GET /devices/queries/host-groups/v1	Search for Host Groups in your environment by providing an FQL filter and paging details. Returns a set of Host Group IDs which match the filter criteria
HostGroupApi	updateHostGroups	PATCH /devices/entities/host-groups/v1	Update Host Groups by specifying the ID of the group and details to update
HostsApi	getDeviceDetails	GET /devices/entities/devices/v1	Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the /devices/queries/devices/v1 endpoint, the Falcon console or the Streaming API
HostsApi	performActionV2	POST /devices/entities/devices-actions/v2	Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host.
HostsApi	queryDevicesByFilter	GET /devices/queries/devices/v1	Search for hosts in your environment by platform, hostname, IP, and other criteria.
HostsApi	queryDevicesByFilterScroll	GET /devices/queries/devices-scroll/v1	Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit)
HostsApi	queryHiddenDevices	GET /devices/queries/devices-hidden/v1	Retrieve hidden hosts that match the provided filter criteria.
IncidentsApi	crowdScore	GET /incidents/combined/crowdscores/v1	Query environment wide CrowdScore and return the entity data
IncidentsApi	getBehaviors	POST /incidents/entities/behaviors/GET/v1	Get details on behaviors by providing behavior IDs
IncidentsApi	getIncidents	POST /incidents/entities/incidents/GET/v1	Get details on incidents by providing incident IDs
IncidentsApi	performIncidentAction	POST /incidents/entities/incident-actions/v1	Perform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description
IncidentsApi	queryBehaviors	GET /incidents/queries/behaviors/v1	Search for behaviors by providing an FQL filter, sorting, and paging details
IncidentsApi	queryIncidents	GET /incidents/queries/incidents/v1	Search for incidents by providing an FQL filter, sorting, and paging details
InstallationTokensApi	auditEventsQuery	GET /installation-tokens/queries/audit-events/v1	Search for audit events by providing an FQL filter and paging details.
InstallationTokensApi	auditEventsRead	GET /installation-tokens/entities/audit-events/v1	Gets the details of one or more audit events by id.
InstallationTokensApi	customerSettingsRead	GET /installation-tokens/entities/customer-settings/v1	Check current installation token settings.
InstallationTokensApi	tokensCreate	POST /installation-tokens/entities/tokens/v1	Creates a token.
InstallationTokensApi	tokensDelete	DELETE /installation-tokens/entities/tokens/v1	Deletes a token immediately. To revoke a token, use PATCH /installation-tokens/entities/tokens/v1 instead.
InstallationTokensApi	tokensQuery	GET /installation-tokens/queries/tokens/v1	Search for tokens by providing an FQL filter and paging details.
InstallationTokensApi	tokensRead	GET /installation-tokens/entities/tokens/v1	Gets the details of one or more tokens by id.
InstallationTokensApi	tokensUpdate	PATCH /installation-tokens/entities/tokens/v1	Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore.
IntelApi	getIntelActorEntities	GET /intel/entities/actors/v1	Retrieve specific actors using their actor IDs.
IntelApi	getIntelIndicatorEntities	POST /intel/entities/indicators/GET/v1	Retrieve specific indicators using their indicator IDs.
IntelApi	getIntelReportEntities	GET /intel/entities/reports/v1	Retrieve specific reports using their report IDs.
IntelApi	getIntelReportPDF	GET /intel/entities/report-files/v1	Return a Report PDF attachment
IntelApi	getIntelRuleEntities	GET /intel/entities/rules/v1	Retrieve details for rule sets for the specified ids.
IntelApi	getIntelRuleFile	GET /intel/entities/rules-files/v1	Download earlier rule sets.
IntelApi	getLatestIntelRuleFile	GET /intel/entities/rules-latest-files/v1	Download the latest rule set.
IntelApi	queryIntelActorEntities	GET /intel/combined/actors/v1	Get info about actors that match provided FQL filters.
IntelApi	queryIntelActorIds	GET /intel/queries/actors/v1	Get actor IDs that match provided FQL filters.
IntelApi	queryIntelIndicatorEntities	GET /intel/combined/indicators/v1	Get info about indicators that match provided FQL filters.
IntelApi	queryIntelIndicatorIds	GET /intel/queries/indicators/v1	Get indicators IDs that match provided FQL filters.
IntelApi	queryIntelReportEntities	GET /intel/combined/reports/v1	Get info about reports that match provided FQL filters.
IntelApi	queryIntelReportIds	GET /intel/queries/reports/v1	Get report IDs that match provided FQL filters.
IntelApi	queryIntelRuleIds	GET /intel/queries/rules/v1	Search for rule IDs that match provided filter criteria.
IoaExclusionsApi	createIOAExclusionsV1	POST /policy/entities/ioa-exclusions/v1	Create the IOA exclusions
IoaExclusionsApi	deleteIOAExclusionsV1	DELETE /policy/entities/ioa-exclusions/v1	Delete the IOA exclusions by id
IoaExclusionsApi	getIOAExclusionsV1	GET /policy/entities/ioa-exclusions/v1	Get a set of IOA Exclusions by specifying their IDs
IoaExclusionsApi	queryIOAExclusionsV1	GET /policy/queries/ioa-exclusions/v1	Search for IOA exclusions.
IoaExclusionsApi	updateIOAExclusionsV1	PATCH /policy/entities/ioa-exclusions/v1	Update the IOA exclusions
IocsApi	createIOC	POST /indicators/entities/iocs/v1	Create a new IOC
IocsApi	deleteIOC	DELETE /indicators/entities/iocs/v1	Delete an IOC by providing a type and value
IocsApi	devicesCount	GET /indicators/aggregates/devices-count/v1	Number of hosts in your customer account that have observed a given custom IOC
IocsApi	devicesRanOn	GET /indicators/queries/devices/v1	Find hosts that have observed a given custom IOC. For details about those hosts, use GET /devices/entities/devices/v1
IocsApi	entitiesProcesses	GET /processes/entities/processes/v1	For the provided ProcessID retrieve the process details
IocsApi	getIOC	GET /indicators/entities/iocs/v1	Get an IOC by providing a type and value
IocsApi	processesRanOn	GET /indicators/queries/processes/v1	Search for processes associated with a custom IOC
IocsApi	queryIOCs	GET /indicators/queries/iocs/v1	Search the custom IOCs in your customer account
IocsApi	updateIOC	PATCH /indicators/entities/iocs/v1	Update an IOC by providing a type and value
MlExclusionsApi	createMLExclusionsV1	POST /policy/entities/ml-exclusions/v1	Create the ML exclusions
MlExclusionsApi	deleteMLExclusionsV1	DELETE /policy/entities/ml-exclusions/v1	Delete the ML exclusions by id
MlExclusionsApi	getMLExclusionsV1	GET /policy/entities/ml-exclusions/v1	Get a set of ML Exclusions by specifying their IDs
MlExclusionsApi	queryMLExclusionsV1	GET /policy/queries/ml-exclusions/v1	Search for ML exclusions.
MlExclusionsApi	updateMLExclusionsV1	PATCH /policy/entities/ml-exclusions/v1	Update the ML exclusions
Oauth2Api	oauth2AccessToken	POST /oauth2/token	Generate an OAuth2 access token
Oauth2Api	oauth2RevokeToken	POST /oauth2/revoke	Revoke a previously issued OAuth2 access token before the end of its standard 30-minute lifespan.
PreventionPoliciesApi	createPreventionPolicies	POST /policy/entities/prevention/v1	Create Prevention Policies by specifying details about the policy to create
PreventionPoliciesApi	deletePreventionPolicies	DELETE /policy/entities/prevention/v1	Delete a set of Prevention Policies by specifying their IDs
PreventionPoliciesApi	getPreventionPolicies	GET /policy/entities/prevention/v1	Retrieve a set of Prevention Policies by specifying their IDs
PreventionPoliciesApi	performPreventionPoliciesAction	POST /policy/entities/prevention-actions/v1	Perform the specified action on the Prevention Policies specified in the request
PreventionPoliciesApi	queryCombinedPreventionPolicies	GET /policy/combined/prevention/v1	Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria
PreventionPoliciesApi	queryCombinedPreventionPolicyMembers	GET /policy/combined/prevention-members/v1	Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria
PreventionPoliciesApi	queryPreventionPolicies	GET /policy/queries/prevention/v1	Search for Prevention Policies in your environment by providing an FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria
PreventionPoliciesApi	queryPreventionPolicyMembers	GET /policy/queries/prevention-members/v1	Search for members of a Prevention Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
PreventionPoliciesApi	setPreventionPoliciesPrecedence	POST /policy/entities/prevention-precedence/v1	Sets the precedence of Prevention Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
PreventionPoliciesApi	updatePreventionPolicies	PATCH /policy/entities/prevention/v1	Update Prevention Policies by specifying the ID of the policy and details to update
RealTimeResponseApi	batchActiveResponderCmd	POST /real-time-response/combined/batch-active-responder-command/v1	Batch executes a RTR active-responder command across the hosts mapped to the given batch ID.
RealTimeResponseApi	batchCmd	POST /real-time-response/combined/batch-command/v1	Batch executes a RTR read-only command across the hosts mapped to the given batch ID.
RealTimeResponseApi	batchGetCmd	POST /real-time-response/combined/batch-get-command/v1	Batch executes `get` command across hosts to retrieve files. After this call is made `GET /real-time-response/combined/batch-get-command/v1` is used to query for the results.
RealTimeResponseApi	batchGetCmdStatus	GET /real-time-response/combined/batch-get-command/v1	Retrieves the status of the specified batch get command. Will return successful files when they are finished processing.
RealTimeResponseApi	batchInitSessions	POST /real-time-response/combined/batch-init-session/v1	Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host.
RealTimeResponseApi	batchRefreshSessions	POST /real-time-response/combined/batch-refresh-session/v1	Batch refresh a RTR session on multiple hosts. RTR sessions will expire after 10 minutes unless refreshed.
RealTimeResponseApi	rTRAggregateSessions	POST /real-time-response/aggregates/sessions/GET/v1	Get aggregates on session data.
RealTimeResponseApi	rTRCheckActiveResponderCommandStatus	GET /real-time-response/entities/active-responder-command/v1	Get status of an executed active-responder command on a single host.
RealTimeResponseApi	rTRCheckCommandStatus	GET /real-time-response/entities/command/v1	Get status of an executed command on a single host.
RealTimeResponseApi	rTRDeleteFile	DELETE /real-time-response/entities/file/v1	Delete a RTR session file.
RealTimeResponseApi	rTRDeleteQueuedSession	DELETE /real-time-response/entities/queued-sessions/command/v1	Delete a queued session command
RealTimeResponseApi	rTRDeleteSession	DELETE /real-time-response/entities/sessions/v1	Delete a session.
RealTimeResponseApi	rTRExecuteActiveResponderCommand	POST /real-time-response/entities/active-responder-command/v1	Execute an active responder command on a single host.
RealTimeResponseApi	rTRExecuteCommand	POST /real-time-response/entities/command/v1	Execute a command on a single host.
RealTimeResponseApi	rTRGetExtractedFileContents	GET /real-time-response/entities/extracted-file-contents/v1	Get RTR extracted file contents for specified session and sha256.
RealTimeResponseApi	rTRInitSession	POST /real-time-response/entities/sessions/v1	Initialize a new session with the RTR cloud.
RealTimeResponseApi	rTRListAllSessions	GET /real-time-response/queries/sessions/v1	Get a list of session_ids.
RealTimeResponseApi	rTRListFiles	GET /real-time-response/entities/file/v1	Get a list of files for the specified RTR session.
RealTimeResponseApi	rTRListQueuedSessions	POST /real-time-response/entities/queued-sessions/GET/v1	Get queued session metadata by session ID.
RealTimeResponseApi	rTRListSessions	POST /real-time-response/entities/sessions/GET/v1	Get session metadata by session id.
RealTimeResponseApi	rTRPulseSession	POST /real-time-response/entities/refresh-session/v1	Refresh a session timeout on a single host.
RealTimeResponseAdminApi	batchAdminCmd	POST /real-time-response/combined/batch-admin-command/v1	Batch executes a RTR administrator command across the hosts mapped to the given batch ID.
RealTimeResponseAdminApi	rTRCheckAdminCommandStatus	GET /real-time-response/entities/admin-command/v1	Get status of an executed RTR administrator command on a single host.
RealTimeResponseAdminApi	rTRCreatePutFiles	POST /real-time-response/entities/put-files/v1	Upload a new put-file to use for the RTR `put` command.
RealTimeResponseAdminApi	rTRCreateScripts	POST /real-time-response/entities/scripts/v1	Upload a new custom-script to use for the RTR `runscript` command.
RealTimeResponseAdminApi	rTRDeletePutFiles	DELETE /real-time-response/entities/put-files/v1	Delete a put-file based on the ID given. Can only delete one file at a time.
RealTimeResponseAdminApi	rTRDeleteScripts	DELETE /real-time-response/entities/scripts/v1	Delete a custom-script based on the ID given. Can only delete one script at a time.
RealTimeResponseAdminApi	rTRExecuteAdminCommand	POST /real-time-response/entities/admin-command/v1	Execute a RTR administrator command on a single host.
RealTimeResponseAdminApi	rTRGetPutFiles	GET /real-time-response/entities/put-files/v1	Get put-files based on the ID's given. These are used for the RTR `put` command.
RealTimeResponseAdminApi	rTRGetScripts	GET /real-time-response/entities/scripts/v1	Get custom-scripts based on the ID's given. These are used for the RTR `runscript` command.
RealTimeResponseAdminApi	rTRListPutFiles	GET /real-time-response/queries/put-files/v1	Get a list of put-file ID's that are available to the user for the `put` command.
RealTimeResponseAdminApi	rTRListScripts	GET /real-time-response/queries/scripts/v1	Get a list of custom-script ID's that are available to the user for the `runscript` command.
RealTimeResponseAdminApi	rTRUpdateScripts	PATCH /real-time-response/entities/scripts/v1	Upload a new scripts to replace an existing one.
SensorDownloadApi	downloadSensorInstallerById	GET /sensors/entities/download-installer/v1	Download sensor installer by SHA256 ID
SensorDownloadApi	getCombinedSensorInstallersByQuery	GET /sensors/combined/installers/v1	Get sensor installer details by provided query
SensorDownloadApi	getSensorInstallersByQuery	GET /sensors/queries/installers/v1	Get sensor installer IDs by provided query
SensorDownloadApi	getSensorInstallersCCIDByQuery	GET /sensors/queries/installers/ccid/v1	Get CCID to use with sensor installers
SensorDownloadApi	getSensorInstallersEntities	GET /sensors/entities/installers/v1	Get sensor installer details by provided SHA256 IDs
SensorUpdatePoliciesApi	createSensorUpdatePolicies	POST /policy/entities/sensor-update/v1	Create Sensor Update Policies by specifying details about the policy to create
SensorUpdatePoliciesApi	createSensorUpdatePoliciesV2	POST /policy/entities/sensor-update/v2	Create Sensor Update Policies by specifying details about the policy to create with additional support for uninstall protection
SensorUpdatePoliciesApi	deleteSensorUpdatePolicies	DELETE /policy/entities/sensor-update/v1	Delete a set of Sensor Update Policies by specifying their IDs
SensorUpdatePoliciesApi	getSensorUpdatePolicies	GET /policy/entities/sensor-update/v1	Retrieve a set of Sensor Update Policies by specifying their IDs
SensorUpdatePoliciesApi	getSensorUpdatePoliciesV2	GET /policy/entities/sensor-update/v2	Retrieve a set of Sensor Update Policies with additional support for uninstall protection by specifying their IDs
SensorUpdatePoliciesApi	performSensorUpdatePoliciesAction	POST /policy/entities/sensor-update-actions/v1	Perform the specified action on the Sensor Update Policies specified in the request
SensorUpdatePoliciesApi	queryCombinedSensorUpdateBuilds	GET /policy/combined/sensor-update-builds/v1	Retrieve available builds for use with Sensor Update Policies
SensorUpdatePoliciesApi	queryCombinedSensorUpdatePolicies	GET /policy/combined/sensor-update/v1	Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
SensorUpdatePoliciesApi	queryCombinedSensorUpdatePoliciesV2	GET /policy/combined/sensor-update/v2	Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria
SensorUpdatePoliciesApi	queryCombinedSensorUpdatePolicyMembers	GET /policy/combined/sensor-update-members/v1	Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of host details which match the filter criteria
SensorUpdatePoliciesApi	querySensorUpdatePolicies	GET /policy/queries/sensor-update/v1	Search for Sensor Update Policies in your environment by providing an FQL filter and paging details. Returns a set of Sensor Update Policy IDs which match the filter criteria
SensorUpdatePoliciesApi	querySensorUpdatePolicyMembers	GET /policy/queries/sensor-update-members/v1	Search for members of a Sensor Update Policy in your environment by providing an FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria
SensorUpdatePoliciesApi	revealUninstallToken	POST /policy/combined/reveal-uninstall-token/v1	Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value 'MAINTENANCE' as the value for 'device_id'
SensorUpdatePoliciesApi	setSensorUpdatePoliciesPrecedence	POST /policy/entities/sensor-update-precedence/v1	Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence
SensorUpdatePoliciesApi	updateSensorUpdatePolicies	PATCH /policy/entities/sensor-update/v1	Update Sensor Update Policies by specifying the ID of the policy and details to update
SensorUpdatePoliciesApi	updateSensorUpdatePoliciesV2	PATCH /policy/entities/sensor-update/v2	Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection
SensorVisibilityExclusionsApi	createSVExclusionsV1	POST /policy/entities/sv-exclusions/v1	Create the sensor visibility exclusions
SensorVisibilityExclusionsApi	deleteSensorVisibilityExclusionsV1	DELETE /policy/entities/sv-exclusions/v1	Delete the sensor visibility exclusions by id
SensorVisibilityExclusionsApi	getSensorVisibilityExclusionsV1	GET /policy/entities/sv-exclusions/v1	Get a set of Sensor Visibility Exclusions by specifying their IDs
SensorVisibilityExclusionsApi	querySensorVisibilityExclusionsV1	GET /policy/queries/sv-exclusions/v1	Search for sensor visibility exclusions.
SensorVisibilityExclusionsApi	updateSensorVisibilityExclusionsV1	PATCH /policy/entities/sv-exclusions/v1	Update the sensor visibility exclusions
SpotlightVulnerabilitiesApi	getVulnerabilities	GET /spotlight/entities/vulnerabilities/v2	Get details on vulnerabilities by providing one or more IDs
SpotlightVulnerabilitiesApi	queryVulnerabilities	GET /spotlight/queries/vulnerabilities/v1	Search for Vulnerabilities in your environment by providing an FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria
UserManagementApi	createUser	POST /users/entities/users/v1	Create a new user. After creating a user, assign one or more roles with POST /user-roles/entities/user-roles/v1
UserManagementApi	deleteUser	DELETE /users/entities/users/v1	Delete a user permanently
UserManagementApi	getAvailableRoleIds	GET /user-roles/queries/user-role-ids-by-cid/v1	Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to `/customer/entities/roles/v1`.
UserManagementApi	getRoles	GET /user-roles/entities/user-roles/v1	Get info about a role
UserManagementApi	getUserRoleIds	GET /user-roles/queries/user-role-ids-by-user-uuid/v1	Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to `/customer/entities/roles/v1`.
UserManagementApi	grantUserRoleIds	POST /user-roles/entities/user-roles/v1	Assign one or more roles to a user
UserManagementApi	retrieveEmailsByCID	GET /users/queries/emails-by-cid/v1	List the usernames (usually an email address) for all users in your customer account
UserManagementApi	retrieveUser	GET /users/entities/users/v1	Get info about a user
UserManagementApi	retrieveUserUUID	GET /users/queries/user-uuids-by-email/v1	Get a user's ID by providing a username (usually an email address)
UserManagementApi	retrieveUserUUIDsByCID	GET /users/queries/user-uuids-by-cid/v1	List user IDs for all users in your customer account. For more information on each user, provide the user ID to `/users/entities/user/v1`.
UserManagementApi	revokeUserRoleIds	DELETE /user-roles/entities/user-roles/v1	Revoke one or more roles from a user
UserManagementApi	updateUser	PATCH /users/entities/users/v1	Modify an existing user's first or last name

Models

Authorization

basicAuth

Type: HTTP basic authentication

oauth2

Type: OAuth
Flow: application
Authorization URL: ``
Scopes:
- cloud-connect-aws:read: Grants read access on cloud-connect-aws resources
- cloud-connect-aws:write: Grants write access on cloud-connect-aws resources
- cspm-registration:read: Grants read access on cspm-registration resources
- cspm-registration:write: Grants write access on cspm-registration resources
- custom-ioa:read: Grants read access on custom-ioa resources
- custom-ioa:write: Grants write access on custom-ioa resources
- d4c-registration:read: Grants read access on d4c-registration resources
- d4c-registration:write: Grants write access on d4c-registration resources
- detects:read: Grants read access on detects resources
- detects:write: Grants write access on detects resources
- device-control-policies:read: Grants read access on device-control-policies resources
- device-control-policies:write: Grants write access on device-control-policies resources
- devices:read: Grants read access on devices resources
- devices:write: Grants write access on devices resources
- falconx-actors:read: Grants read access on falconx-actors resources
- falconx-indicators:read: Grants read access on falconx-indicators resources
- falconx-reports:read: Grants read access on falconx-reports resources
- falconx-rules:read: Grants read access on falconx-rules resources
- firewall-management:read: Grants read access on firewall-management resources
- firewall-management:write: Grants write access on firewall-management resources
- host-group:read: Grants read access on host-group resources
- host-group:write: Grants write access on host-group resources
- incidents:read: Grants read access on incidents resources
- incidents:write: Grants write access on incidents resources
- installation-tokens:read: Grants read access on installation-tokens resources
- installation-tokens:write: Grants write access on installation-tokens resources
- iocs:read: Grants read access on iocs resources
- iocs:write: Grants write access on iocs resources
- ml-exclusions:read: Grants read access on ml-exclusions resources
- ml-exclusions:write: Grants write access on ml-exclusions resources
- prevention-policies:read: Grants read access on prevention-policies resources
- prevention-policies:write: Grants write access on prevention-policies resources
- real-time-response-admin:write: Grants write access on real-time-response-admin resources
- real-time-response:read: Grants read access on real-time-response resources
- real-time-response:write: Grants write access on real-time-response resources
- self-service-ioa-exclusions:read: Grants read access on self-service-ioa-exclusions resources
- self-service-ioa-exclusions:write: Grants write access on self-service-ioa-exclusions resources
- sensor-installers:read: Grants read access on sensor-installers resources
- sensor-update-policies:read: Grants read access on sensor-update-policies resources
- sensor-update-policies:write: Grants write access on sensor-update-policies resources
- sensor-visibility-exclusions:read: Grants read access on sensor-visibility-exclusions resources
- sensor-visibility-exclusions:write: Grants write access on sensor-visibility-exclusions resources
- spotlight-vulnerabilities:read: Grants read access on spotlight-vulnerabilities resources
- streaming:read: Grants read access on streaming resources
- usermgmt:read: Grants read access on usermgmt resources
- usermgmt:write: Grants write access on usermgmt resources

Tests

To run the tests, use:

composer install
vendor/bin/phpunit

Author

About this package

This PHP package is automatically generated by the OpenAPI Generator project:

API version: 1.0.0-beta
Build package: org.openapitools.codegen.languages.PhpClientCodegen

BBBKing/openapi-crowdstrike-falcon-php