falconpy VS gofalcon

And for falconpy: https://github.com/CrowdStrike/falconpy/wiki/Identity-Protection

https://github.com/CrowdStrike/falconpy/tree/main/samples https://github.com/CrowdStrike/psfalcon/tree/master/samples

We also have an example that does some sorting and basic aggregation that's a little similar (but does not focus on remediations). Similar to your suggestion, this sample also consumes all available matches at the outset using a pretty expansive query.

Here's a sample that will paginate through all of your hosts. Depending on the API call you're using, you can request up to 5,000 hosts.

Howdy Yall, qq. Does anyone know if it is possible to search not just one CVE but a short list? from the github here https://github.com/CrowdStrike/falconpy/blob/main/samples/spotlight/find_hosts_by_cve.py

Logging in with the parent credentials to the Hosts Service Class will show hosts from child CIDs when you make calls to QueryDevicesByFilter or QueryDevicesByFilterScroll. For an example on how to paginate through the results, you can check out the sample here: https://github.com/CrowdStrike/falconpy/blob/main/samples/hosts/sensor_versions_by_hostname_scrolling.py

start with samples work backward: https://github.com/CrowdStrike/falconpy/tree/main/samples/hosts

I would need to see more of your code to get an idea for why you're running into this error. You may find it easier to review an existing integration that populates Chronicle via the Event Streams API instead. This one leverages our Python SDK: https://github.com/CrowdStrike/falcon-integration-gateway.

Can I see more of your code? Feels like we're missing something. Sample code (queued execute): https://github.com/CrowdStrike/falconpy/blob/main/samples/rtr/queued_execute.py

I think you may be right. It looks like the payload handler for this operation is not looking for the id key. (I will track this fix using the GitHub issue you just created. )

Yes, using the Falcon APIs. Try PSFalcon, falconpy or gofalcon. Using PSFalcon, you could do this with the Invoke-FalconRtr command.

I don't recommend using curl beyond testing. Why not try one of our API SDKs?

Go - GoFalcon

CrowdStrike has more than one hundred different API endpoints, and they generally work in a handful of different ways. If you're new to APIs, it's easiest to start with a kit like falconpy, gofalcon or PSFalcon. These kits are all designed to help you handle the basic things like authentication, request formatting, pagination and even combining multiple APIs together to achieve a certain goal.

PSFalcon makes these APIs easier to use with PowerShell, while falconpy and gofalcon make them easier to use with Python and Golang, respectively. If you're completely new to APIs but understand one of these languages, one of these tools will be the best place to start. If you'd like to pull this data directly with Excel, you're going to have to start from scratch, or figure out how you could use Excel to call one of these tools to get your data.