CrowdStrike Falcon FileVantage

this connector allows you to retrieve information on the changes in crowdstrike falcon filevantage capabilities this connector has the following capabilities get changes asset setup this connector supports authentication via oauth2 and interact with detections and network containment each api endpoint requires authorization via an oauth2 token your first api request should retrieve an oauth2 token using the oauth2/token endpoint, such as https //api crowdstrike com/oauth2/token https //api crowdstrike com/oauth2/token for subsequent requests, include the oauth2 token in an http authorization header configurations oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required token url string required client id the client id string required client secret the client secret string required scope permission scopes for this action array optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get changes this action retrieves information on changes retrieve key attributes of falcon filevantage changes for the specified ids endpoint url /filevantage/entities/changes/v2 method get input argument name type required description ids array required one or more change ids in the form of ids=id1\&ids=id2 the maximum number of ids that can be requested at once is 500 output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta pagination object output field pagination limit number output field limit offset number output field offset total number output field total powered by string output field powered by query time number time value trace id string unique identifier writes object output field writes resources affected number output field resources affected resources array output field resources action timestamp string output field action timestamp action type string type of the resource aid string unique identifier attributes array output field attributes attribute string output field attribute change string output field change cid string unique identifier command line string output field command line diff object output field diff after object output field after hash object output field hash sha256 string output field sha256 example \[ { "status code" 200, "response headers" { "server" "nginx", "date" "wed, 15 nov 2023 18 14 54 gmt", "content type" "application/json", "content length" "212", "connection" "keep alive", "content encoding" "gzip", "set cookie" "fimstickounet=1700072095 287 613 340356|e35349c49e1306d19f343f6ed7e1d4db; expire ", "strict transport security" "max age=15724800; includesubdomains, max age=31536000; includesubdomains", "x cs region" "us 1", "x cs traceid" "3d61e49f 0348 4fa8 8101 198f445fa71d", "x ratelimit limit" "6000", "x ratelimit remaining" "5999" }, "reason" "ok", "json body" { "meta" {}, "resources" \[], "errors" \[] } } ] response headers header description example connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 212 content type the media type of the resource application/json date the date and time at which the message was originated wed, 15 nov 2023 18 14 54 gmt server information about the software used by the origin server nginx set cookie http response header set cookie fimstickounet=1700072095 287 613 340356 e35349c49e1306d19f343f6ed7e1d4db; expires=fri, 17 nov 23 18 14 54 gmt; max age=172800; path=/; secure; httponly strict transport security http response header strict transport security max age=15724800; includesubdomains, max age=31536000; includesubdomains x cs region http response header x cs region us 1 x cs traceid http response header x cs traceid 3d61e49f 0348 4fa8 8101 198f445fa71d x ratelimit limit the number of requests allowed in the current rate limit window 6000 x ratelimit remaining the number of requests remaining in the current rate limit window 5999 notes crowdstrike falcon filevantage api documentation link https //www falconpy io/service collections/filevantage html#getchangesfalconpy docs https //www falconpy io/service collections/quarantine html