### API Documentation & Ruby Examples: Get Combined Sensor Installers by Query (V2)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorDownload.md
Provides API specifications and Ruby code examples for querying sensor installer details using a V2 endpoint. Note: The Ruby example is truncated in the source.
```APIDOC
Method: get_combined_sensor_installers_by_query_v2(opts)
Description: Get sensor installer details by provided query
Return type: DomainSensorInstallersV2
```
```ruby
require 'time'
require 'crimson-falcon'
```
--------------------------------
### Ruby Example: Instantiate QuickscanproLaunchScanRequest
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/QuickscanproLaunchScanRequest.md
Demonstrates how to create a new instance of the `Falcon::QuickscanproLaunchScanRequest` class in Ruby. This example shows the basic instantiation process, requiring the 'crimson-falcon' gem and initializing the 'resources' property to null.
```ruby
require 'crimson-falcon'
instance = Falcon::QuickscanproLaunchScanRequest.new(
resources: null
)
```
--------------------------------
### Ruby Example for DeviceControlCreatePolicyReqV1 Instantiation
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DeviceControlCreatePolicyReqV1.md
Demonstrates how to create a new instance of the `Falcon::DeviceControlCreatePolicyReqV1` class in Ruby, showing the basic structure for initializing its properties.
```ruby
require 'crimson-falcon'
instance = Falcon::DeviceControlCreatePolicyReqV1.new(
clone_id: null,
description: null,
name: null,
platform_name: null,
settings: null
)
```
--------------------------------
### Retrieve Sensor Installer CCID (Ruby)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorDownload.md
Demonstrates how to get the CCID for sensor installers using the `get_sensor_installers_ccidby_query` method in Ruby. Includes authorization setup and error handling.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_SECRET"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::SensorDownload.new
begin
# Get CCID to use with sensor installers
result = api_instance.get_sensor_installers_ccidby_query
p result
rescue Falcon::ApiError => e
puts "Error when calling SensorDownload->get_sensor_installers_ccidby_query: #{e}"
end
```
--------------------------------
### API Documentation & Ruby Examples: Get Combined Sensor Installers by Query (V1)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorDownload.md
Provides API specifications and Ruby code examples for querying sensor installer details using various filters and pagination options. Includes both standard API calls and the _with_http_info variant.
```APIDOC
Method: get_combined_sensor_installers_by_query(opts)
Description: Get sensor installer details by provided query
Parameters:
offset:
Type: Integer
Description: The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results.
Notes: optional
limit:
Type: Integer
Description: The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results.
Notes: optional
sort:
Type: String
Description: Sort items using their properties. Common sort options include: <ul><li>version|asc</li><li>release_date|desc</li></ul>
Notes: optional
filter:
Type: String
Description: Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include: <ul><li>platform:\"windows\"</li><li>version:>\"5.2\"</li></ul>
Notes: optional
Return type: DomainSensorInstallersV1
Authorization: oauth2
HTTP request headers:
Content-Type: Not defined
Accept: application/json
```
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::SensorDownload.new
opts = {
offset: 56, # Integer | The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results.
limit: 56, # Integer | The number of items to return in this response (default: 100, max: 500).
sort: 'sort_example', # String | Sort items using their properties. Common sort options include:
version|asc
release_date|desc
filter: 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include:
platform:\"windows\"
version:>\"5.2\"
}
begin
# Get sensor installer details by provided query
result = api_instance.get_combined_sensor_installers_by_query(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling SensorDownload->get_combined_sensor_installers_by_query: #{e}"
end
```
```ruby
begin
# Get sensor installer details by provided query
data, status_code, headers = api_instance.get_combined_sensor_installers_by_query_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
puts "Error when calling SensorDownload->get_combined_sensor_installers_by_query_with_http_info: #{e}"
end
```
--------------------------------
### Ruby Example: Instantiating MalqueryMultiDownloadRequestV1
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/MalqueryMultiDownloadRequestV1.md
This Ruby code snippet demonstrates how to create an instance of `Falcon::MalqueryMultiDownloadRequestV1`. It shows the required `crimson-falcon` gem and the basic instantiation with the `samples` property.
```ruby
require 'crimson-falcon'
instance = Falcon::MalqueryMultiDownloadRequestV1.new(
samples: null
)
```
--------------------------------
### Ruby Example: Instantiate DomainDiscoverAPIApplicationBrowserExtensionInstallation
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainDiscoverAPIApplicationBrowserExtensionInstallation.md
Demonstrates how to create a new instance of the `Falcon::DomainDiscoverAPIApplicationBrowserExtensionInstallation` class in Ruby. This example initializes an object with default or null values for its various properties, showcasing the basic instantiation syntax.
```ruby
require 'crimson-falcon'
instance = Falcon::DomainDiscoverAPIApplicationBrowserExtensionInstallation.new(
browser_profile_id: null,
browser_profile_name: null,
browser_version: null,
enabled: null,
method: null,
path: null,
role: null,
user_sid: null,
username: null
)
```
--------------------------------
### Retrieve Sensor Installer Details by ID (Ruby)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorDownload.md
Demonstrates how to get sensor installer details using `get_sensor_installers_entities` with SHA256 IDs in Ruby. Includes authorization setup and error handling.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_SECRET"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::SensorDownload.new
ids = ['inner_example'] # Array | The IDs of the installers
begin
# Get sensor installer details by provided SHA256 IDs
result = api_instance.get_sensor_installers_entities(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling SensorDownload->get_sensor_installers_entities: #{e}"
end
```
--------------------------------
### Retrieve Sensor Installer Details V2 by ID (Ruby)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorDownload.md
Demonstrates how to get sensor installer details using `get_sensor_installers_entities_v2` with SHA256 IDs in Ruby. Includes authorization setup and error handling.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_SECRET"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::SensorDownload.new
ids = ['inner_example'] # Array | The IDs of the installers
begin
# Get sensor installer details by provided SHA256 IDs
result = api_instance.get_sensor_installers_entities_v2(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling SensorDownload->get_sensor_installers_entities_v2: #{e}"
end
```
--------------------------------
### Ruby Example: Instantiate Falcon::DomainAPIComplianceMappingV1
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainAPIComplianceMappingV1.md
Demonstrates how to create a new instance of the `Falcon::DomainAPIComplianceMappingV1` class in Ruby, initializing its properties with null values.
```Ruby
require 'crimson-falcon'
instance = Falcon::DomainAPIComplianceMappingV1.new(
controls: null,
framework: null,
version: null
)
```
--------------------------------
### Ruby Example: Instantiate DeviceapiLoginDetailV1
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DeviceapiLoginDetailV1.md
Demonstrates how to create a new instance of the DeviceapiLoginDetailV1 model in Ruby. This example uses the 'crimson-falcon' gem and initializes the model with null values for its properties.
```ruby
require 'crimson-falcon'
instance = Falcon::DeviceapiLoginDetailV1.new(
cid: null,
device_id: null,
recent_logins: null
)
```
--------------------------------
### Read Installation Token Details in Ruby
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/InstallationTokens.md
This example demonstrates how to retrieve the details of one or more installation tokens by their IDs using the `tokens_read` method in Ruby. It includes the necessary authorization setup and shows how to pass an array of token IDs to fetch their corresponding details.
```APIDOC
Method: tokens_read
Signature: tokens_read(opts)
Description: Gets the details of one or more tokens by id.
Parameters:
- Name: ids
Type: Array
Description: IDs of tokens to retrieve details for
Notes: [optional]
Return Type: ApiTokenDetailsResponseV1
Authorization: oauth2
```
```Ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::InstallationTokens.new
opts = {
ids: ['inner_example'] # Array | IDs of tokens to retrieve details for
}
begin
# Gets the details of one or more tokens by id.
result = api_instance.tokens_read(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling InstallationTokens->tokens_read: #{e}"
end
```
--------------------------------
### Read Customer Settings (Ruby)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/InstallationTokens.md
Illustrates how to check current installation token settings using the `customer_settings_read` method. This example includes the necessary authorization setup for the Falcon SDK and basic error handling.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::InstallationTokens.new
begin
# Check current installation token settings.
result = api_instance.customer_settings_read
p result
rescue Falcon::ApiError => e
puts "Error when calling InstallationTokens->customer_settings_read: #{e}"
end
```
--------------------------------
### Ruby Example: Instantiate FalconxMalwareConfig
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/FalconxMalwareConfig.md
Demonstrates how to create a new instance of the FalconxMalwareConfig object in Ruby. This example initializes all available properties to `null`.
```Ruby
require 'crimson-falcon'
instance = Falcon::FalconxMalwareConfig.new(
bitcoin_addresses: null,
c2s: null,
campaign_id: null,
encryption_keys: null,
family: null,
mitre_attacks: null,
mutexes: null,
passwords: null,
plugin_version: null,
rs4_key: null,
rsa: null,
urls: null,
version: null
)
```
--------------------------------
### Ruby Example: Get Queued RTR Sessions Setup
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/RealTimeResponse.md
Demonstrates the initial setup for authenticating and preparing to call the `r_tr_list_queued_sessions` API to retrieve metadata for queued Real-Time Response sessions using the Crimson Falcon Ruby SDK.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
```
--------------------------------
### Ruby Example for DomainContentPackage Instantiation
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainContentPackage.md
Demonstrates how to create a new instance of `DomainContentPackage` in Ruby using the `crimson-falcon` library, showing the basic initialization with its 'id' property.
```ruby
require 'crimson-falcon'
instance = Falcon::DomainContentPackage.new(
id: null
)
```
--------------------------------
### Ruby Example: Instantiate Falcon::DomainRuleQueryResponseV1
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainRuleQueryResponseV1.md
Provides a Ruby code snippet demonstrating how to create a new instance of the `Falcon::DomainRuleQueryResponseV1` class, showing the basic initialization process with placeholder null values for its properties.
```ruby
require 'crimson-falcon'
instance = Falcon::DomainRuleQueryResponseV1.new(
errors: null,
meta: null,
resources: null
)
```
--------------------------------
### Example: Get User Groups by ID v2 (Ruby)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Mssp.md
Partial Ruby example demonstrating the initial setup for configuring the Crimson Falcon API client to call the `get_user_groups_by_idv2` method. This snippet shows the necessary `require` statements and client configuration.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::Mssp.new
```
--------------------------------
### Ruby Example: Get Actions by IDs (action_get_v1)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Ioc.md
Demonstrates how to retrieve actions by their IDs using the `action_get_v1` method in Ruby. Includes authorization setup, basic usage, and an example of using `action_get_v1_with_http_info` to access full HTTP response details.
```Ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::Ioc.new
opts = {
ids: ['inner_example'] # Array | The ids of the Actions to retrieve
}
begin
# Get Actions by ids.
result = api_instance.action_get_v1(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling Ioc->action_get_v1: #{e}"
end
```
```Ruby
begin
# Get Actions by ids.
data, status_code, headers = api_instance.action_get_v1_with_http_info(opts)
p status_code # => 2xx
p headers # => { ... }
p data # =>
rescue Falcon::ApiError => e
puts "Error when calling Ioc->action_get_v1_with_http_info: #{e}"
end
```
--------------------------------
### Ruby Example: Instantiate DeviceapiLoginHistoryResponseV1
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DeviceapiLoginHistoryResponseV1.md
This Ruby code snippet demonstrates how to create a new instance of the `Falcon::DeviceapiLoginHistoryResponseV1` class. It shows the basic initialization process, assigning `null` to its properties for illustrative purposes.
```Ruby
require 'crimson-falcon'
instance = Falcon::DeviceapiLoginHistoryResponseV1.new(
errors: null,
meta: null,
resources: null
)
```
--------------------------------
### Get Human Inputs by ID (Ruby)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Workflows.md
Shows how to retrieve specific human inputs by their IDs using the `workflow_get_human_input_v1` method. The example includes SDK setup and error handling.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::Workflows.new
ids = ['inner_example'] # Array | IDs of human inputs to read
begin
# Gets one or more specific human inputs by their IDs.
result = api_instance.workflow_get_human_input_v1(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling Workflows->workflow_get_human_input_v1: #{e}"
end
```
--------------------------------
### Ruby Example: Instantiating DomainDiscoverAPIMountStorageInfo
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainDiscoverAPIMountStorageInfo.md
Demonstrates how to create a new instance of the `Falcon::DomainDiscoverAPIMountStorageInfo` class in Ruby. This example initializes the object's properties with null values, showing the basic syntax for object creation.
```ruby
require 'crimson-falcon'
instance = Falcon::DomainDiscoverAPIMountStorageInfo.new(
available_space: null,
mount_path: null,
used_space: null
)
```
--------------------------------
### Ruby Example for DomainProductPermission Instantiation
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainProductPermission.md
This Ruby code snippet demonstrates how to create a new instance of the `Falcon::DomainProductPermission` class. It shows the basic setup for requiring the necessary library and initializing the object with its `features` and `product` properties.
```ruby
require 'crimson-falcon'
instance = Falcon::DomainProductPermission.new(
features: null,
product: null
)
```
--------------------------------
### Ruby Example: Get Global Detection Counts
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/OverwatchDashboard.md
Demonstrates how to call the `aggregates_detections_global_counts` API using the Ruby `crimson-falcon` SDK, including authorization setup and basic error handling.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::OverwatchDashboard.new
filter = 'filter_example' # String | An FQL filter string
begin
# Get the total number of detections pushed across all customers
result = api_instance.aggregates_detections_global_counts(filter)
p result
rescue Falcon::ApiError => e
puts "Error when calling OverwatchDashboard->aggregates_detections_global_counts: #{e}"
end
```
--------------------------------
### Ruby Example for DomainAPIResponseNodesFindingsV1 Instantiation
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainAPIResponseNodesFindingsV1.md
Illustrates how to create an instance of the `Falcon::DomainAPIResponseNodesFindingsV1` class in Ruby, demonstrating the basic initialization process with placeholder null values for its properties.
```ruby
require 'crimson-falcon'
instance = Falcon::DomainAPIResponseNodesFindingsV1.new(
errors: null,
meta: null,
resources: null
)
```
--------------------------------
### Get Child Customers (Ruby)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Mssp.md
This Ruby example demonstrates how to retrieve links to child customers by their CIDs using the `get_children` method. It includes the necessary authorization setup for the Falcon API client.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::Mssp.new
ids = ['inner_example'] # Array | CID of a child customer
begin
# Get link to child customer by child CID(s)
result = api_instance.get_children(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling Mssp->get_children: #{e}"
end
```
--------------------------------
### Ruby Example for Initializing Falcon::ClientExtraLimit
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/ClientExtraLimit.md
Demonstrates how to create a new instance of the Falcon::ClientExtraLimit class in Ruby, showing the basic initialization with placeholder values for 'from' and 'limit' properties.
```ruby
require 'crimson-falcon'
instance = Falcon::ClientExtraLimit.new(
from: null,
limit: null
)
```
--------------------------------
### Ruby Example: Get Firewall Events
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/FirewallManagement.md
Demonstrates how to retrieve firewall events by ID using the `crimson-falcon` Ruby client. It includes setup for authorization and error handling for event retrieval.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FirewallManagement.new
ids = ['inner_example'] # Array | The events to retrieve, identified by ID
begin
# Get events entities by ID and optionally version
result = api_instance.get_events(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FirewallManagement->get_events: #{e}"
end
```
--------------------------------
### Ruby Example for Falcon::DomainBenchmark Instantiation
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainBenchmark.md
This Ruby code snippet demonstrates how to create a new instance of the `Falcon::DomainBenchmark` class. It shows the basic structure for initializing the object with its properties, using the `crimson-falcon` library.
```Ruby
require 'crimson-falcon'
instance = Falcon::DomainBenchmark.new(
applicable_profiles: null,
benchmark_short: null,
id: null,
recommendation_number: null
)
```
--------------------------------
### Get Audit Event Details by ID (Ruby)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/InstallationTokens.md
Shows how to retrieve details for one or more audit events by their IDs using the `audit_events_read` method in Ruby. Includes authorization setup and parameter usage.
```Ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::InstallationTokens.new
opts = {
ids: ['inner_example'] # Array | IDs of audit events to retrieve details for
}
begin
# Gets the details of one or more audit events by id.
result = api_instance.audit_events_read(opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling InstallationTokens->audit_events_read: #{e}"
end
```
--------------------------------
### Ruby Example: Instantiating MalqueryFuzzySearchParametersV1
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/MalqueryFuzzySearchParametersV1.md
This Ruby code snippet demonstrates how to create a new instance of the `Falcon::MalqueryFuzzySearchParametersV1` class. It shows the basic initialization of the `options` and `patterns` properties with `null` values, illustrating the object's construction.
```ruby
require 'crimson-falcon'
instance = Falcon::MalqueryFuzzySearchParametersV1.new(
options: null,
patterns: null
)
```
--------------------------------
### Ruby Example: Get Firewall Field Specifications
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/FirewallManagement.md
Demonstrates how to retrieve firewall field specifications by ID using the `crimson-falcon` Ruby client. It includes setup for authorization and error handling for field retrieval.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
}
api_instance = Falcon::FirewallManagement.new
ids = ['inner_example'] # Array | The IDs of the rule types to retrieve
begin
# Get the firewall field specifications by ID
result = api_instance.get_firewall_fields(ids)
p result
rescue Falcon::ApiError => e
puts "Error when calling FirewallManagement->get_firewall_fields: #{e}"
end
```
--------------------------------
### Ruby Example: Get Count of Devices Observing a Custom IOC
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Iocs.md
This Ruby code example demonstrates how to use the `devices_count` method to retrieve the number of hosts that have observed a specific custom IOC. It includes the necessary setup for API authorization using `client_id` and `client_secret`, along with basic error handling for API calls.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::Iocs.new
type = 'type_example' # String | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address.
value = 'value_example' # String | The string representation of the indicator
begin
# Number of hosts in your customer account that have observed a given custom IOC
result = api_instance.devices_count(type, value)
p result
rescue Falcon::ApiError => e
puts "Error when calling Iocs->devices_count: #{e}"
end
```
--------------------------------
### Ruby Example: Instantiate Falcon::PolicyframeworkBenchmark
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/PolicyframeworkBenchmark.md
This Ruby code snippet demonstrates how to initialize a new instance of the `Falcon::PolicyframeworkBenchmark` class using the `crimson-falcon` library. It shows the basic structure for setting its `id`, `name`, and `version` properties to `null` for initial setup.
```ruby
require 'crimson-falcon'
instance = Falcon::PolicyframeworkBenchmark.new(
id: null,
name: null,
version: null
)
```
--------------------------------
### Get Child Customers V2 (Ruby)
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Mssp.md
This Ruby example demonstrates how to retrieve links to child customers using the `get_children_v2` method, which accepts a request body. It includes the necessary authorization setup for the Falcon API client.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::Mssp.new
body = Falcon::MsaspecIdsRequest.new({ids: ['ids_example']}) # MsaspecIdsRequest |
begin
# Get link to child customer by child CID(s)
result = api_instance.get_children_v2(body)
p result
rescue Falcon::ApiError => e
puts "Error when calling Mssp->get_children_v2: #{e}"
end
```
--------------------------------
### Ruby Example: Instantiating Falcon::SensorUpdateBuildsRespV1
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorUpdateBuildsRespV1.md
This Ruby code snippet demonstrates how to initialize a new instance of the `Falcon::SensorUpdateBuildsRespV1` class, setting its `errors`, `meta`, and `resources` properties to null for a basic example. It requires the 'crimson-falcon' gem.
```ruby
require 'crimson-falcon'
instance = Falcon::SensorUpdateBuildsRespV1.new(
errors: null,
meta: null,
resources: null
)
```
--------------------------------
### Ruby Example for Initializing RegistrationAzureDownloadCertificateResponseV1
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/RegistrationAzureDownloadCertificateResponseV1.md
Demonstrates how to initialize an instance of the `Falcon::RegistrationAzureDownloadCertificateResponseV1` class in Ruby. It shows the necessary `require` statement for the 'crimson-falcon' gem and how to create a new object, providing example null values for its properties.
```ruby
require 'crimson-falcon'
instance = Falcon::RegistrationAzureDownloadCertificateResponseV1.new(
errors: null,
meta: null,
resources: null
)
```
--------------------------------
### Ruby Example: Get Saved Search Results
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/FoundryLogscale.md
Demonstrates how to use the `get_saved_searches_execute_v1` method in Ruby to retrieve results from a previously executed asynchronous query. It includes SDK configuration, parameter setup, and basic error handling.
```ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::FoundryLogscale.new
job_id = 'job_id_example' # String | Job ID for a previously executed async query
opts = {
app_id: 'app_id_example', # String | Application ID.
infer_json_types: true, # Boolean | Whether to try to infer data types in json event response instead of returning map[string]string
job_status_only: true, # Boolean | If set to true, result rows are dropped from the response and only the job status is returned
limit: 'limit_example', # String | Maximum number of records to return.
match_response_schema: true, # Boolean | Whether to validate search results against their schema
metadata: true, # Boolean | Whether to include metadata in the response
offset: 'offset_example', # String | Starting pagination offset of records to return.
x_cs_useruuid: 'x_cs_useruuid_example' # String | Requester UUID.
}
begin
# Get the results of a saved search
result = api_instance.get_saved_searches_execute_v1(job_id, opts)
p result
rescue Falcon::ApiError => e
puts "Error when calling FoundryLogscale->get_saved_searches_execute_v1: #{e}"
end
```
--------------------------------
### Ruby Example: Get Correlation Rule Aggregates
Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/CorrelationRules.md
Demonstrates how to use the `aggregates_rule_versions_post_v1` API method in Ruby to retrieve rule aggregates. It includes setup for authorization using client ID and secret, and basic error handling.
```Ruby
require 'time'
require 'crimson-falcon'
# Setup authorization
Falcon.configure do |config|
config.client_id = "Your_Client_ID"
config.client_secret = "Your_Client_Secret"
config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1"
end
api_instance = Falcon::CorrelationRules.new
ids = ['inner_example'] # Array | The IDs
body = [3.56] # Array