Spotlight Evaluation Logic
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria. | ||||
|
Get details on evaluation logic items by providing one or more IDs. | ||||
|
Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic entities which match the filter criteria.
query_evaluation_logic_combined
| Method | Route |
|---|---|
 |
/spotlight/combined/evaluation-logic/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after |
 |
|
query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
| limit |
|
|
query | integer | Maximum number of entities to return. |
| filter |
|
|
query | string | FQL query specifying the filter parameters. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | Sort evaluation logic by their properties. |
from falconpy.spotlight_evaluation_logic import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_evaluation_logic_combined(after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)from falconpy import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combinedQueryEvaluationLogic(after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("combinedQueryEvaluationLogic",
after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)Get details on evaluation logic items by providing one or more IDs.
get_evaluation_logic
| Method | Route |
|---|---|
|
/spotlight/entities/evaluation-logic/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids |
|
|
query | list of strings | One or more evaluation logic IDs. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy.spotlight_evaluation_logic import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_evaluation_logic(ids=id_list)
print(response)from falconpy import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getEvaluationLogic(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getEvaluationLogic", ids=id_list)
print(response)Search for evaluation logic in your environment by providing a FQL filter and paging details. Returns a set of evaluation logic IDs which match the filter criteria.
query_evaluation_logic
| Method | Route |
|---|---|
|
/spotlight/queries/evaluation-logic/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after |
|
|
query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
| limit |
|
|
query | integer | Maximum number of entities to return. |
| filter |
|
|
query | string | FQL query specifying the filter parameters. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
| sort |
|
|
query | string | Sort evaluation logic by their properties. |
from falconpy.spotlight_evaluation_logic import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_evaluation_logic(after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)from falconpy import SpotlightEvaluationLogic
# Do not hardcode API credentials!
falcon = SpotlightEvaluationLogic(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.queryEvaluationLogic(after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("queryEvaluationLogic",
after="string",
limit=integer,
filter="string",
sort="string"
)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
