CrowdStrike Falcon FileVantage

this connector allows you to retrieve information on the changes in crowdstrike falcon filevantage capabilities this connector has the following capabilities get changes asset setup this connector supports authentication via oauth2 and interact with detections and network containment each api endpoint requires authorization via an oauth2 token your first api request should retrieve an oauth2 token using the oauth2/token endpoint, such as https //api crowdstrike com/oauth2/token for subsequent requests, include the oauth2 token in an http authorization header notes https //www falconpy io/service collections/filevantage html#getchanges https //www falconpy io/service collections/quarantine html configurations oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required token url string required client id the client id string required client secret the client secret string required scope permission scopes for this action array optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get changes this action retrieves information on changes retrieve key attributes of falcon filevantage changes for the specified ids endpoint url /filevantage/entities/changes/v2 method get input argument name type required description parameters ids array required one or more change ids in the form of ids=id1\&ids=id2 the maximum number of ids that can be requested at once is 500 input example {"parameters" {"ids" \["1","2"]}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta pagination object output field meta pagination meta pagination limit number output field meta pagination limit meta pagination offset number output field meta pagination offset meta pagination total number output field meta pagination total meta powered by string output field meta powered by meta query time number time value meta trace id string unique identifier meta writes object output field meta writes meta writes resources affected number output field meta writes resources affected resources array output field resources resources action timestamp string output field resources action timestamp resources action type string type of the resource resources aid string unique identifier resources attributes array output field resources attributes resources attributes attribute string output field resources attributes attribute resources attributes change string output field resources attributes change resources cid string unique identifier resources command line string output field resources command line resources diff object output field resources diff resources diff after object output field resources diff after resources diff after hash object output field resources diff after hash resources diff after hash sha256 string output field resources diff after hash sha256 output example {"status code" 200,"response headers" {"server" "nginx","date" "wed, 15 nov 2023 18 14 54 gmt","content type" "application/json","content length" "212","connection" "keep alive","content encoding" "gzip","set cookie" "fimstickounet=1700072095 287 613 340356|e35349c49e1306d19f343f6ed7e1d4db; expire ","strict transport security" "max age=15724800; includesubdomains, max age=31536000; includesubdomains","x cs region" "us 1","x cs traceid" "3d61e49f 0348 4fa8 8101 198f445fa71d","x ratelimit limit" response headers header description example connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 212 content type the media type of the resource application/json date the date and time at which the message was originated wed, 15 nov 2023 18 14 54 gmt server information about the software used by the origin server nginx set cookie http response header set cookie fimstickounet=1700072095 287 613 340356 e35349c49e1306d19f343f6ed7e1d4db; expires=fri, 17 nov 23 18 14 54 gmt; max age=172800; path=/; secure; httponly strict transport security http response header strict transport security max age=15724800; includesubdomains, max age=31536000; includesubdomains x cs region http response header x cs region us 1 x cs traceid http response header x cs traceid 3d61e49f 0348 4fa8 8101 198f445fa71d x ratelimit limit the number of requests allowed in the current rate limit window 6000 x ratelimit remaining the number of requests remaining in the current rate limit window 5999