Ensure that the Event Stream API has been enabled for the CID The Crowdstrike API Documentation agrees and states the following for Event Streams, specifically if you're a GovCloud customer. After opening up a ticket with Crowdstrike and asking them to enable the event streams on our CID...
Proposed commit message Return empty events array when no resources in alert and host data-streams. When there are no resources in first API call, current CEL code returns state. But this state doe...
src/falconpy/_api_request/_request.py 109 0 100% src/falconpy/_api_request/_request_behavior.py 55 0 100% src/falconpy/_api_request/_request_connection.py 8 0 100% src/falconpy/_api_request/_request_meta.py 26 0 100% src/falconpy/_api_request/_request_payloads.py 8 0 100% src...
tagging the incident with an event type of the event types based at least in part of a pattern of the patterns meeting a second predetermined criterion; determining a first time of events for the incident based at least in part on determining that a first composite score meets or exceeds a...
Go toSupport and resources>API Clients and Keys. SelectAdd new API clientand enter any name for the client. Enable theReadAPI Scope forZero Trust Assessment,Hosts,Detections,Event Streams, andUser Management. SelectAdd. Copy theClient ID,Client Secret, andBase URLto a safe place. ...
Select Add new API client and enter any name for the client.Enable the Read API Scope for Zero Trust Assessment, Hosts, Detections, Event Streams, and User Management.Select Add.Copy the Client ID, Client Secret, and Base URL to a safe place....