### API Documentation & Ruby Examples: Get Combined Sensor Installers by Query (V2) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorDownload.md Provides API specifications and Ruby code examples for querying sensor installer details using a V2 endpoint. Note: The Ruby example is truncated in the source. ```APIDOC Method: get_combined_sensor_installers_by_query_v2(opts) Description: Get sensor installer details by provided query Return type: DomainSensorInstallersV2 ``` ```ruby require 'time' require 'crimson-falcon' ``` -------------------------------- ### Ruby Example: Instantiate QuickscanproLaunchScanRequest Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/QuickscanproLaunchScanRequest.md Demonstrates how to create a new instance of the `Falcon::QuickscanproLaunchScanRequest` class in Ruby. This example shows the basic instantiation process, requiring the 'crimson-falcon' gem and initializing the 'resources' property to null. ```ruby require 'crimson-falcon' instance = Falcon::QuickscanproLaunchScanRequest.new( resources: null ) ``` -------------------------------- ### Ruby Example for DeviceControlCreatePolicyReqV1 Instantiation Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DeviceControlCreatePolicyReqV1.md Demonstrates how to create a new instance of the `Falcon::DeviceControlCreatePolicyReqV1` class in Ruby, showing the basic structure for initializing its properties. ```ruby require 'crimson-falcon' instance = Falcon::DeviceControlCreatePolicyReqV1.new( clone_id: null, description: null, name: null, platform_name: null, settings: null ) ``` -------------------------------- ### Retrieve Sensor Installer CCID (Ruby) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorDownload.md Demonstrates how to get the CCID for sensor installers using the `get_sensor_installers_ccidby_query` method in Ruby. Includes authorization setup and error handling. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_SECRET" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::SensorDownload.new begin # Get CCID to use with sensor installers result = api_instance.get_sensor_installers_ccidby_query p result rescue Falcon::ApiError => e puts "Error when calling SensorDownload->get_sensor_installers_ccidby_query: #{e}" end ``` -------------------------------- ### API Documentation & Ruby Examples: Get Combined Sensor Installers by Query (V1) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorDownload.md Provides API specifications and Ruby code examples for querying sensor installer details using various filters and pagination options. Includes both standard API calls and the _with_http_info variant. ```APIDOC Method: get_combined_sensor_installers_by_query(opts) Description: Get sensor installer details by provided query Parameters: offset: Type: Integer Description: The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results. Notes: optional limit: Type: Integer Description: The number of items to return in this response (default: 100, max: 500). Use with the offset parameter to manage pagination of results. Notes: optional sort: Type: String Description: Sort items using their properties. Common sort options include: <ul><li>version|asc</li><li>release_date|desc</li></ul> Notes: optional filter: Type: String Description: Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include: <ul><li>platform:\"windows\"</li><li>version:>\"5.2\"</li></ul> Notes: optional Return type: DomainSensorInstallersV1 Authorization: oauth2 HTTP request headers: Content-Type: Not defined Accept: application/json ``` ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::SensorDownload.new opts = { offset: 56, # Integer | The first item to return, where 0 is the latest item. Use with the limit parameter to manage pagination of results. limit: 56, # Integer | The number of items to return in this response (default: 100, max: 500). sort: 'sort_example', # String | Sort items using their properties. Common sort options include: filter: 'filter_example' # String | Filter items using a query in Falcon Query Language (FQL). An asterisk wildcard * includes all results. Common filter options include: } begin # Get sensor installer details by provided query result = api_instance.get_combined_sensor_installers_by_query(opts) p result rescue Falcon::ApiError => e puts "Error when calling SensorDownload->get_combined_sensor_installers_by_query: #{e}" end ``` ```ruby begin # Get sensor installer details by provided query data, status_code, headers = api_instance.get_combined_sensor_installers_by_query_with_http_info(opts) p status_code # => 2xx p headers # => { ... } p data # => rescue Falcon::ApiError => e puts "Error when calling SensorDownload->get_combined_sensor_installers_by_query_with_http_info: #{e}" end ``` -------------------------------- ### Ruby Example: Instantiating MalqueryMultiDownloadRequestV1 Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/MalqueryMultiDownloadRequestV1.md This Ruby code snippet demonstrates how to create an instance of `Falcon::MalqueryMultiDownloadRequestV1`. It shows the required `crimson-falcon` gem and the basic instantiation with the `samples` property. ```ruby require 'crimson-falcon' instance = Falcon::MalqueryMultiDownloadRequestV1.new( samples: null ) ``` -------------------------------- ### Ruby Example: Instantiate DomainDiscoverAPIApplicationBrowserExtensionInstallation Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainDiscoverAPIApplicationBrowserExtensionInstallation.md Demonstrates how to create a new instance of the `Falcon::DomainDiscoverAPIApplicationBrowserExtensionInstallation` class in Ruby. This example initializes an object with default or null values for its various properties, showcasing the basic instantiation syntax. ```ruby require 'crimson-falcon' instance = Falcon::DomainDiscoverAPIApplicationBrowserExtensionInstallation.new( browser_profile_id: null, browser_profile_name: null, browser_version: null, enabled: null, method: null, path: null, role: null, user_sid: null, username: null ) ``` -------------------------------- ### Retrieve Sensor Installer Details by ID (Ruby) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorDownload.md Demonstrates how to get sensor installer details using `get_sensor_installers_entities` with SHA256 IDs in Ruby. Includes authorization setup and error handling. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_SECRET" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::SensorDownload.new ids = ['inner_example'] # Array | The IDs of the installers begin # Get sensor installer details by provided SHA256 IDs result = api_instance.get_sensor_installers_entities(ids) p result rescue Falcon::ApiError => e puts "Error when calling SensorDownload->get_sensor_installers_entities: #{e}" end ``` -------------------------------- ### Retrieve Sensor Installer Details V2 by ID (Ruby) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorDownload.md Demonstrates how to get sensor installer details using `get_sensor_installers_entities_v2` with SHA256 IDs in Ruby. Includes authorization setup and error handling. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_SECRET" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::SensorDownload.new ids = ['inner_example'] # Array | The IDs of the installers begin # Get sensor installer details by provided SHA256 IDs result = api_instance.get_sensor_installers_entities_v2(ids) p result rescue Falcon::ApiError => e puts "Error when calling SensorDownload->get_sensor_installers_entities_v2: #{e}" end ``` -------------------------------- ### Ruby Example: Instantiate Falcon::DomainAPIComplianceMappingV1 Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainAPIComplianceMappingV1.md Demonstrates how to create a new instance of the `Falcon::DomainAPIComplianceMappingV1` class in Ruby, initializing its properties with null values. ```Ruby require 'crimson-falcon' instance = Falcon::DomainAPIComplianceMappingV1.new( controls: null, framework: null, version: null ) ``` -------------------------------- ### Ruby Example: Instantiate DeviceapiLoginDetailV1 Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DeviceapiLoginDetailV1.md Demonstrates how to create a new instance of the DeviceapiLoginDetailV1 model in Ruby. This example uses the 'crimson-falcon' gem and initializes the model with null values for its properties. ```ruby require 'crimson-falcon' instance = Falcon::DeviceapiLoginDetailV1.new( cid: null, device_id: null, recent_logins: null ) ``` -------------------------------- ### Read Installation Token Details in Ruby Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/InstallationTokens.md This example demonstrates how to retrieve the details of one or more installation tokens by their IDs using the `tokens_read` method in Ruby. It includes the necessary authorization setup and shows how to pass an array of token IDs to fetch their corresponding details. ```APIDOC Method: tokens_read Signature: tokens_read(opts) Description: Gets the details of one or more tokens by id. Parameters: - Name: ids Type: Array Description: IDs of tokens to retrieve details for Notes: [optional] Return Type: ApiTokenDetailsResponseV1 Authorization: oauth2 ``` ```Ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::InstallationTokens.new opts = { ids: ['inner_example'] # Array | IDs of tokens to retrieve details for } begin # Gets the details of one or more tokens by id. result = api_instance.tokens_read(opts) p result rescue Falcon::ApiError => e puts "Error when calling InstallationTokens->tokens_read: #{e}" end ``` -------------------------------- ### Read Customer Settings (Ruby) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/InstallationTokens.md Illustrates how to check current installation token settings using the `customer_settings_read` method. This example includes the necessary authorization setup for the Falcon SDK and basic error handling. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::InstallationTokens.new begin # Check current installation token settings. result = api_instance.customer_settings_read p result rescue Falcon::ApiError => e puts "Error when calling InstallationTokens->customer_settings_read: #{e}" end ``` -------------------------------- ### Ruby Example: Instantiate FalconxMalwareConfig Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/FalconxMalwareConfig.md Demonstrates how to create a new instance of the FalconxMalwareConfig object in Ruby. This example initializes all available properties to `null`. ```Ruby require 'crimson-falcon' instance = Falcon::FalconxMalwareConfig.new( bitcoin_addresses: null, c2s: null, campaign_id: null, encryption_keys: null, family: null, mitre_attacks: null, mutexes: null, passwords: null, plugin_version: null, rs4_key: null, rsa: null, urls: null, version: null ) ``` -------------------------------- ### Ruby Example: Get Queued RTR Sessions Setup Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/RealTimeResponse.md Demonstrates the initial setup for authenticating and preparing to call the `r_tr_list_queued_sessions` API to retrieve metadata for queued Real-Time Response sessions using the Crimson Falcon Ruby SDK. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end ``` -------------------------------- ### Ruby Example for DomainContentPackage Instantiation Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainContentPackage.md Demonstrates how to create a new instance of `DomainContentPackage` in Ruby using the `crimson-falcon` library, showing the basic initialization with its 'id' property. ```ruby require 'crimson-falcon' instance = Falcon::DomainContentPackage.new( id: null ) ``` -------------------------------- ### Ruby Example: Instantiate Falcon::DomainRuleQueryResponseV1 Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainRuleQueryResponseV1.md Provides a Ruby code snippet demonstrating how to create a new instance of the `Falcon::DomainRuleQueryResponseV1` class, showing the basic initialization process with placeholder null values for its properties. ```ruby require 'crimson-falcon' instance = Falcon::DomainRuleQueryResponseV1.new( errors: null, meta: null, resources: null ) ``` -------------------------------- ### Example: Get User Groups by ID v2 (Ruby) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Mssp.md Partial Ruby example demonstrating the initial setup for configuring the Crimson Falcon API client to call the `get_user_groups_by_idv2` method. This snippet shows the necessary `require` statements and client configuration. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::Mssp.new ``` -------------------------------- ### Ruby Example: Get Actions by IDs (action_get_v1) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Ioc.md Demonstrates how to retrieve actions by their IDs using the `action_get_v1` method in Ruby. Includes authorization setup, basic usage, and an example of using `action_get_v1_with_http_info` to access full HTTP response details. ```Ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::Ioc.new opts = { ids: ['inner_example'] # Array | The ids of the Actions to retrieve } begin # Get Actions by ids. result = api_instance.action_get_v1(opts) p result rescue Falcon::ApiError => e puts "Error when calling Ioc->action_get_v1: #{e}" end ``` ```Ruby begin # Get Actions by ids. data, status_code, headers = api_instance.action_get_v1_with_http_info(opts) p status_code # => 2xx p headers # => { ... } p data # => rescue Falcon::ApiError => e puts "Error when calling Ioc->action_get_v1_with_http_info: #{e}" end ``` -------------------------------- ### Ruby Example: Instantiate DeviceapiLoginHistoryResponseV1 Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DeviceapiLoginHistoryResponseV1.md This Ruby code snippet demonstrates how to create a new instance of the `Falcon::DeviceapiLoginHistoryResponseV1` class. It shows the basic initialization process, assigning `null` to its properties for illustrative purposes. ```Ruby require 'crimson-falcon' instance = Falcon::DeviceapiLoginHistoryResponseV1.new( errors: null, meta: null, resources: null ) ``` -------------------------------- ### Get Human Inputs by ID (Ruby) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Workflows.md Shows how to retrieve specific human inputs by their IDs using the `workflow_get_human_input_v1` method. The example includes SDK setup and error handling. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::Workflows.new ids = ['inner_example'] # Array | IDs of human inputs to read begin # Gets one or more specific human inputs by their IDs. result = api_instance.workflow_get_human_input_v1(ids) p result rescue Falcon::ApiError => e puts "Error when calling Workflows->workflow_get_human_input_v1: #{e}" end ``` -------------------------------- ### Ruby Example: Instantiating DomainDiscoverAPIMountStorageInfo Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainDiscoverAPIMountStorageInfo.md Demonstrates how to create a new instance of the `Falcon::DomainDiscoverAPIMountStorageInfo` class in Ruby. This example initializes the object's properties with null values, showing the basic syntax for object creation. ```ruby require 'crimson-falcon' instance = Falcon::DomainDiscoverAPIMountStorageInfo.new( available_space: null, mount_path: null, used_space: null ) ``` -------------------------------- ### Ruby Example for DomainProductPermission Instantiation Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainProductPermission.md This Ruby code snippet demonstrates how to create a new instance of the `Falcon::DomainProductPermission` class. It shows the basic setup for requiring the necessary library and initializing the object with its `features` and `product` properties. ```ruby require 'crimson-falcon' instance = Falcon::DomainProductPermission.new( features: null, product: null ) ``` -------------------------------- ### Ruby Example: Get Global Detection Counts Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/OverwatchDashboard.md Demonstrates how to call the `aggregates_detections_global_counts` API using the Ruby `crimson-falcon` SDK, including authorization setup and basic error handling. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::OverwatchDashboard.new filter = 'filter_example' # String | An FQL filter string begin # Get the total number of detections pushed across all customers result = api_instance.aggregates_detections_global_counts(filter) p result rescue Falcon::ApiError => e puts "Error when calling OverwatchDashboard->aggregates_detections_global_counts: #{e}" end ``` -------------------------------- ### Ruby Example for DomainAPIResponseNodesFindingsV1 Instantiation Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainAPIResponseNodesFindingsV1.md Illustrates how to create an instance of the `Falcon::DomainAPIResponseNodesFindingsV1` class in Ruby, demonstrating the basic initialization process with placeholder null values for its properties. ```ruby require 'crimson-falcon' instance = Falcon::DomainAPIResponseNodesFindingsV1.new( errors: null, meta: null, resources: null ) ``` -------------------------------- ### Get Child Customers (Ruby) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Mssp.md This Ruby example demonstrates how to retrieve links to child customers by their CIDs using the `get_children` method. It includes the necessary authorization setup for the Falcon API client. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::Mssp.new ids = ['inner_example'] # Array | CID of a child customer begin # Get link to child customer by child CID(s) result = api_instance.get_children(ids) p result rescue Falcon::ApiError => e puts "Error when calling Mssp->get_children: #{e}" end ``` -------------------------------- ### Ruby Example for Initializing Falcon::ClientExtraLimit Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/ClientExtraLimit.md Demonstrates how to create a new instance of the Falcon::ClientExtraLimit class in Ruby, showing the basic initialization with placeholder values for 'from' and 'limit' properties. ```ruby require 'crimson-falcon' instance = Falcon::ClientExtraLimit.new( from: null, limit: null ) ``` -------------------------------- ### Ruby Example: Get Firewall Events Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/FirewallManagement.md Demonstrates how to retrieve firewall events by ID using the `crimson-falcon` Ruby client. It includes setup for authorization and error handling for event retrieval. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::FirewallManagement.new ids = ['inner_example'] # Array | The events to retrieve, identified by ID begin # Get events entities by ID and optionally version result = api_instance.get_events(ids) p result rescue Falcon::ApiError => e puts "Error when calling FirewallManagement->get_events: #{e}" end ``` -------------------------------- ### Ruby Example for Falcon::DomainBenchmark Instantiation Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainBenchmark.md This Ruby code snippet demonstrates how to create a new instance of the `Falcon::DomainBenchmark` class. It shows the basic structure for initializing the object with its properties, using the `crimson-falcon` library. ```Ruby require 'crimson-falcon' instance = Falcon::DomainBenchmark.new( applicable_profiles: null, benchmark_short: null, id: null, recommendation_number: null ) ``` -------------------------------- ### Get Audit Event Details by ID (Ruby) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/InstallationTokens.md Shows how to retrieve details for one or more audit events by their IDs using the `audit_events_read` method in Ruby. Includes authorization setup and parameter usage. ```Ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::InstallationTokens.new opts = { ids: ['inner_example'] # Array | IDs of audit events to retrieve details for } begin # Gets the details of one or more audit events by id. result = api_instance.audit_events_read(opts) p result rescue Falcon::ApiError => e puts "Error when calling InstallationTokens->audit_events_read: #{e}" end ``` -------------------------------- ### Ruby Example: Instantiating MalqueryFuzzySearchParametersV1 Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/MalqueryFuzzySearchParametersV1.md This Ruby code snippet demonstrates how to create a new instance of the `Falcon::MalqueryFuzzySearchParametersV1` class. It shows the basic initialization of the `options` and `patterns` properties with `null` values, illustrating the object's construction. ```ruby require 'crimson-falcon' instance = Falcon::MalqueryFuzzySearchParametersV1.new( options: null, patterns: null ) ``` -------------------------------- ### Ruby Example: Get Firewall Field Specifications Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/FirewallManagement.md Demonstrates how to retrieve firewall field specifications by ID using the `crimson-falcon` Ruby client. It includes setup for authorization and error handling for field retrieval. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" } api_instance = Falcon::FirewallManagement.new ids = ['inner_example'] # Array | The IDs of the rule types to retrieve begin # Get the firewall field specifications by ID result = api_instance.get_firewall_fields(ids) p result rescue Falcon::ApiError => e puts "Error when calling FirewallManagement->get_firewall_fields: #{e}" end ``` -------------------------------- ### Ruby Example: Get Count of Devices Observing a Custom IOC Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Iocs.md This Ruby code example demonstrates how to use the `devices_count` method to retrieve the number of hosts that have observed a specific custom IOC. It includes the necessary setup for API authorization using `client_id` and `client_secret`, along with basic error handling for API calls. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::Iocs.new type = 'type_example' # String | The type of the indicator. Valid types include: sha256: A hex-encoded sha256 hash string. Length - min: 64, max: 64. md5: A hex-encoded md5 hash string. Length - min 32, max: 32. domain: A domain name. Length - min: 1, max: 200. ipv4: An IPv4 address. Must be a valid IP address. ipv6: An IPv6 address. Must be a valid IP address. value = 'value_example' # String | The string representation of the indicator begin # Number of hosts in your customer account that have observed a given custom IOC result = api_instance.devices_count(type, value) p result rescue Falcon::ApiError => e puts "Error when calling Iocs->devices_count: #{e}" end ``` -------------------------------- ### Ruby Example: Instantiate Falcon::PolicyframeworkBenchmark Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/PolicyframeworkBenchmark.md This Ruby code snippet demonstrates how to initialize a new instance of the `Falcon::PolicyframeworkBenchmark` class using the `crimson-falcon` library. It shows the basic structure for setting its `id`, `name`, and `version` properties to `null` for initial setup. ```ruby require 'crimson-falcon' instance = Falcon::PolicyframeworkBenchmark.new( id: null, name: null, version: null ) ``` -------------------------------- ### Get Child Customers V2 (Ruby) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Mssp.md This Ruby example demonstrates how to retrieve links to child customers using the `get_children_v2` method, which accepts a request body. It includes the necessary authorization setup for the Falcon API client. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::Mssp.new body = Falcon::MsaspecIdsRequest.new({ids: ['ids_example']}) # MsaspecIdsRequest | begin # Get link to child customer by child CID(s) result = api_instance.get_children_v2(body) p result rescue Falcon::ApiError => e puts "Error when calling Mssp->get_children_v2: #{e}" end ``` -------------------------------- ### Ruby Example: Instantiating Falcon::SensorUpdateBuildsRespV1 Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/SensorUpdateBuildsRespV1.md This Ruby code snippet demonstrates how to initialize a new instance of the `Falcon::SensorUpdateBuildsRespV1` class, setting its `errors`, `meta`, and `resources` properties to null for a basic example. It requires the 'crimson-falcon' gem. ```ruby require 'crimson-falcon' instance = Falcon::SensorUpdateBuildsRespV1.new( errors: null, meta: null, resources: null ) ``` -------------------------------- ### Ruby Example for Initializing RegistrationAzureDownloadCertificateResponseV1 Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/RegistrationAzureDownloadCertificateResponseV1.md Demonstrates how to initialize an instance of the `Falcon::RegistrationAzureDownloadCertificateResponseV1` class in Ruby. It shows the necessary `require` statement for the 'crimson-falcon' gem and how to create a new object, providing example null values for its properties. ```ruby require 'crimson-falcon' instance = Falcon::RegistrationAzureDownloadCertificateResponseV1.new( errors: null, meta: null, resources: null ) ``` -------------------------------- ### Ruby Example: Get Saved Search Results Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/FoundryLogscale.md Demonstrates how to use the `get_saved_searches_execute_v1` method in Ruby to retrieve results from a previously executed asynchronous query. It includes SDK configuration, parameter setup, and basic error handling. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::FoundryLogscale.new job_id = 'job_id_example' # String | Job ID for a previously executed async query opts = { app_id: 'app_id_example', # String | Application ID. infer_json_types: true, # Boolean | Whether to try to infer data types in json event response instead of returning map[string]string job_status_only: true, # Boolean | If set to true, result rows are dropped from the response and only the job status is returned limit: 'limit_example', # String | Maximum number of records to return. match_response_schema: true, # Boolean | Whether to validate search results against their schema metadata: true, # Boolean | Whether to include metadata in the response offset: 'offset_example', # String | Starting pagination offset of records to return. x_cs_useruuid: 'x_cs_useruuid_example' # String | Requester UUID. } begin # Get the results of a saved search result = api_instance.get_saved_searches_execute_v1(job_id, opts) p result rescue Falcon::ApiError => e puts "Error when calling FoundryLogscale->get_saved_searches_execute_v1: #{e}" end ``` -------------------------------- ### Ruby Example: Get Correlation Rule Aggregates Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/CorrelationRules.md Demonstrates how to use the `aggregates_rule_versions_post_v1` API method in Ruby to retrieve rule aggregates. It includes setup for authorization using client ID and secret, and basic error handling. ```Ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::CorrelationRules.new ids = ['inner_example'] # Array | The IDs body = [3.56] # Array | opts = { filter: 'filter_example' # String | FQL query specifying the filter parameters } begin # Get rules aggregates as specified via json in the request body. result = api_instance.aggregates_rule_versions_post_v1(ids, body, opts) p result rescue Falcon::ApiError => e puts "Error when calling CorrelationRules->aggregates_rule_versions_post_v1: #{e}" end ``` -------------------------------- ### Ruby Example: Initialize DomainMsaMetaInfoWithSearchAfter Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainMsaMetaInfoWithSearchAfter.md This Ruby code snippet demonstrates how to create a new instance of the `Falcon::DomainMsaMetaInfoWithSearchAfter` class. It shows the basic instantiation process, setting all properties to `null` as an initial example. ```ruby require 'crimson-falcon' instance = Falcon::DomainMsaMetaInfoWithSearchAfter.new( pagination: null, powered_by: null, query_time: null, trace_id: null, writes: null ) ``` -------------------------------- ### Retrieve Failed Rules Count by Severity Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/ContainerImageCompliance.md Provides an example of how to call the `ext_aggregate_failed_rules_count_by_severity` method to get a count of failed rules, categorized by their severity levels. Includes SDK setup and error handling. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::ContainerImageCompliance.new opts = { filter: 'filter_example' # String | Filter results using a query in Falcon Query Language (FQL). Supported Filters: compliance_finding.severity: Compliance finding severity; available values: 4, 3, 2, 1 (4: critical, 3: high, 2: medium, 1:low) cloud_info.cloud_provider: Cloud provider asset_type: asset type (container, image) cloud_info.cloud_account_id: Cloud account ID cid: Customer ID image_digest: Image digest (sha256 digest) image_repository: Image repository image_tag: Image tag compliance_finding.framework: Compliance finding framework (available values: CIS) image_registry: Image registry cloud_info.cloud_region: Cloud region image_id: Image ID cloud_info.cluster_name: Kubernetes cluster name compliance_finding.name: Compliance finding Name compliance_finding.id: Compliance finding ID } begin # get the failed rules count grouped into severity levels result = api_instance.ext_aggregate_failed_rules_count_by_severity(opts) p result rescue Falcon::ApiError => e puts "Error when calling ContainerImageCompliance->ext_aggregate_failed_rules_count_by_severity: #{e}" end ``` -------------------------------- ### Ruby Example for Initializing DomainLaunchExportJobRequestV1 Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainLaunchExportJobRequestV1.md Demonstrates how to create a new instance of the `Falcon::DomainLaunchExportJobRequestV1` class in Ruby. This example shows the basic structure for initializing the request object with placeholder values for its properties. ```ruby require 'crimson-falcon' instance = Falcon::DomainLaunchExportJobRequestV1.new( entity: null, export_type: null, filter: null, human_readable: null, sort: null ) ``` -------------------------------- ### Ruby Example: Get Cluster Assessments Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/ContainerImageCompliance.md Demonstrates how to use the `ext_aggregate_cluster_assessments` API method in Ruby to retrieve compliance assessments for each cluster. It includes setup for API authorization and handling potential errors. ```Ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::ContainerImageCompliance.new opts = { filter: 'filter_example' # String | Filter results using a query in Falcon Query Language (FQL). Supported Filters: cloud_info.namespace: Kubernetes namespace cloud_info.cloud_provider: Cloud provider cid: Customer ID compliance_finding.framework: Compliance finding framework (available values: CIS) cloud_info.cloud_region: Cloud region cloud_info.cloud_account_id: Cloud account ID cloud_info.cluster_name: Kubernetes cluster name } begin # get the assessments for each cluster result = api_instance.ext_aggregate_cluster_assessments(opts) p result rescue Falcon::ApiError => e puts "Error when calling ContainerImageCompliance->ext_aggregate_cluster_assessments: #{e}" end ``` -------------------------------- ### Ruby Example for Initializing IocapiMsaReplyDevicesRanOn Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/IocapiMsaReplyDevicesRanOn.md This Ruby code snippet demonstrates how to create a new instance of the `Falcon::IocapiMsaReplyDevicesRanOn` class. It shows the basic initialization process, setting the `errors`, `meta`, and `resources` properties to `null`. ```ruby require 'crimson-falcon' instance = Falcon::IocapiMsaReplyDevicesRanOn.new( errors: null, meta: null, resources: null ) ``` -------------------------------- ### Ruby: Get Role Information (v1) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/UserManagement.md Provides an example of how to retrieve information about a specific role using the `entities_roles_v1` method. It includes client setup, handling required role IDs, and an optional customer ID parameter. ```Ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" } api_instance = Falcon::UserManagement.new ids = ['inner_example'] # Array | ID of a role. Find a role ID from `/user-management/queries/roles/v1`. opts = { cid: 'cid_example' # String | Customer ID to get available roles for. Empty CID would result in Role IDs for current CID in view. } begin # Get info about a role result = api_instance.entities_roles_v1(ids, opts) p result rescue Falcon::ApiError => e puts "Error when calling UserManagement->entities_roles_v1: #{e}" end ``` ```APIDOC Method: entities_roles_v1(ids, opts) Description: Get info about a role Parameters: ids: Array (ID of a role. Find a role ID from `/user-management/queries/roles/v1`.) cid: String (Customer ID to get available roles for. Empty CID would result in Role IDs for current CID in view. [optional]) Return Type: FlightcontrolapiGetRolesResponse Authorization: oauth2 HTTP Request Headers: Content-Type: Not defined Accept: application/json ``` -------------------------------- ### Ruby Example: Initiate Actions with start_actions Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Filevantage.md Demonstrates how to use the `start_actions` method in Ruby to initiate actions on change IDs. Includes setup for authorization and error handling. ```Ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::Filevantage.new body = Falcon::ActionsCreateActionRequest.new({change_ids: ['change_ids_example'], operation: 'operation_example'}) # ActionsCreateActionRequest | Create a new action. * `operation` must be one of the `suppress`, `unsuppress`, or `purge` * `change_ids` represent the ids of the changes the operation will perform; limited to 100 ids per action * `comment` optional comment to describe the reason for the action begin # Initiates the specified action on the provided change ids result = api_instance.start_actions(body) p result rescue Falcon::ApiError => e puts "Error when calling Filevantage->start_actions: #{e}" end ``` -------------------------------- ### Ruby: Get Exposed Data Records Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/Recon.md This Ruby example demonstrates how to configure the Crimson Falcon API client and call the `get_notifications_exposed_data_records_v1` method. It shows how to retrieve exposed data records based on their IDs, with client setup and error handling. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::Recon.new ids = ['inner_example'] # Array | Notification exposed records IDs. begin # Get notifications exposed data records based on their IDs. IDs can be retrieved using the GET /queries/notifications-exposed-data-records/v1 endpoint. The associate notification can be fetched using the /entities/notifications/v* endpoints result = api_instance.get_notifications_exposed_data_records_v1(ids) p result rescue Falcon::ApiError => e puts "Error when calling Recon->get_notifications_exposed_data_records_v1: #{e}" end ``` -------------------------------- ### Ruby Example for Falcon::DeviceapiDevicePagingV2 Instantiation Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DeviceapiDevicePagingV2.md Illustrates how to create a new instance of the `Falcon::DeviceapiDevicePagingV2` object in Ruby, demonstrating the initialization of its various properties with null values. ```ruby require 'crimson-falcon' instance = Falcon::DeviceapiDevicePagingV2.new( expires_at: null, limit: null, _next: null, offset: null, previous: null, total: null ) ``` -------------------------------- ### Ruby Example for ApiCustomerSettingsPatchRequestV1 Instantiation Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/ApiCustomerSettingsPatchRequestV1.md Demonstrates how to create an instance of the ApiCustomerSettingsPatchRequestV1 object in Ruby, showing the basic initialization with optional parameters set to null. ```Ruby require 'crimson-falcon' instance = Falcon::ApiCustomerSettingsPatchRequestV1.new( max_active_tokens: null, tokens_required: null ) ``` -------------------------------- ### Get FalconX Sandbox Summary Reports (Ruby) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/FalconxSandbox.md This Ruby example demonstrates how to retrieve a short summary version of a sandbox report. It includes the necessary authorization setup for the Crimson Falcon API client and handles potential API errors. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::FalconxSandbox.new ids = ['inner_example'] # Array | ID of a summary. Find a summary ID from the response when submitting a malware sample or search with `/falconx/queries/reports/v1`. begin # Get a short summary version of a sandbox report. result = api_instance.get_summary_reports(ids) p result rescue Falcon::ApiError => e puts "Error when calling FalconxSandbox->get_summary_reports: #{e}" end ``` -------------------------------- ### Ruby Example: Get Custom IOA Rules by ID Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/CustomIoa.md Demonstrates how to fetch custom IOA rules using the `get_rules_mixin0` method of the `CustomIoa` API client in Ruby. It includes setup for API authorization and basic error handling for API calls. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::CustomIoa.new ids = ['inner_example'] # Array | The IDs of the entities begin # Get rules by ID and optionally with cid and/or version in the following format: `[cid:]ID[:version]`. The max number of IDs is constrained by URL size. result = api_instance.get_rules_mixin0(ids) p result rescue Falcon::ApiError => e puts "Error when calling CustomIoa->get_rules_mixin0: #{e}" end ``` -------------------------------- ### Ruby Example for DomainMsaQfResponse Instantiation Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DomainMsaQfResponse.md Demonstrates how to create a new instance of the `Falcon::DomainMsaQfResponse` object in Ruby. This example shows the basic syntax for initializing the object with its properties set to null, illustrating the required dependencies and object construction. ```ruby require 'crimson-falcon' instance = Falcon::DomainMsaQfResponse.new( errors: null, meta: null, resources: null ) ``` -------------------------------- ### Ruby Example for Falcon::FalconxUrlData Instantiation Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/FalconxUrlData.md This Ruby code snippet demonstrates how to create a new instance of the `Falcon::FalconxUrlData` class. It shows the basic syntax for initializing the object with its properties, using the `crimson-falcon` library. ```ruby require 'crimson-falcon' instance = Falcon::FalconxUrlData.new( type: null, url: null, verdict: null ) ``` -------------------------------- ### Retrieve External GCP Service Accounts (Basic Call) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/CspmRegistration.md Illustrates how to call the `get_cspm_gcp_service_accounts_ext` API to get service account ID and client email for external clients. This example includes the necessary SDK imports and initial authorization setup. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::CspmRegistration.new opts = { id: 'id_example' # String | Service Account ID } begin # Returns the service account id and client email for external clients. result = api_instance.get_cspm_gcp_service_accounts_ext(opts) p result rescue Falcon::ApiError => e puts "Error when calling CspmRegistration->get_cspm_gcp_service_accounts_ext: #{e}" end ``` -------------------------------- ### Ruby Example for DeviceapiUpdateDeviceDetailsResponseV1 Instantiation Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DeviceapiUpdateDeviceDetailsResponseV1.md Demonstrates how to create an instance of the `DeviceapiUpdateDeviceDetailsResponseV1` object in Ruby, showing the required `crimson-falcon` gem and placeholder values for its properties. ```Ruby require 'crimson-falcon' instance = Falcon::DeviceapiUpdateDeviceDetailsResponseV1.new( code: null, device_id: null, error: null, updated: null ) ``` -------------------------------- ### Get External Assets by ID (Ruby) Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/ExposureManagement.md Demonstrates how to retrieve details for one or more external assets using their IDs. The example includes the necessary authorization setup for the Crimson Falcon API and a basic error handling block to catch API-specific exceptions. ```ruby require 'time' require 'crimson-falcon' # Setup authorization Falcon.configure do |config| config.client_id = "Your_Client_ID" config.client_secret = "Your_Client_Secret" config.cloud = "us-1" # or "us-2", "eu-1", "us-gov1" end api_instance = Falcon::ExposureManagement.new ids = ['inner_example'] # Array | One or more asset IDs (max: 100). Find asset IDs with GET `/fem/queries/external-assets/v1` begin # Get details on external assets by providing one or more IDs. result = api_instance.get_external_assets(ids) p result rescue Falcon::ApiError => e puts "Error when calling ExposureManagement->get_external_assets: #{e}" end ``` -------------------------------- ### Ruby Example: Instantiating DeviceapiDeviceDetailsResponseSwagger Source: https://github.com/crowdstrike/crimson-falcon/blob/main/docs/DeviceapiDeviceDetailsResponseSwagger.md This Ruby code snippet demonstrates how to create a new instance of the `Falcon::DeviceapiDeviceDetailsResponseSwagger` class. It shows the basic initialization process, setting the `errors`, `meta`, and `resources` properties to `null`. ```ruby require 'crimson-falcon' instance = Falcon::DeviceapiDeviceDetailsResponseSwagger.new( errors: null, meta: null, resources: null ) ```