Skip to content

Terminology

Joshua Hiller edited this page Mar 12, 2024 · 24 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Glossary of Terms

Documentation Version Page Updated

Table of contents

The following terms have specific definitions for usage within this documentation.

Action Endpoint Module Method PR
Authentication Mechanism Extensibility ML Pythonic Response
Base URL FalconDebug Operation Release
Body Payload Abstraction FQL / FQL Syntax Operation ID Route
Bleeding Edge HTTP Method Operation ID syntax RTR
Class IDP Package Service Class
Cloud Region Autodiscovery IOA Package Index Service Collection
Code Coverage IOC Parameter Abstraction Swagger
Constructor Interface Class Payload Uber Class
Data Class Instance Payload Module Unit test
Derivative Class Issue PEP 8 Unit testing / Unit test series
Endpoint Log Sanitization PEP 257 ZTA

Definitions

The following definitions are utilized for the terms listed above.

Action

GitHub-powered workflow that performs specific repository operations.

Example: Package deployment, Unit testing

Not to be confused with the action keyword used in the Uber Class, or keys potentially found in body and parameter payloads.

Back to top


Authentication Mechanism

Solution used to perform authentication to the CrowdStrike API. The FalconPy SDK supports 5 discrete authentication mechanisms.

Mechanism Behavior
Credential Authentication Credentials are provided as a dictionary containing the keys client_id and client_secret to the class using the creds keyword.
Direct Authentication Credentials are provided directly to the class as the keywords client_id and client_secret.
Environment Authentication Credentials are retrieved from the environment at runtime from the FALCON_CLIENT_ID and FALCON_CLIENT_SECRET variables.
Legacy Authentication
A token is generated using the OAuth2 Service Class or the Uber Class and then provided to the new class using the access_token keyword.

This mechanism does not support automatic token refresh.
Object Authentication The auth_object from a previously authenticated instance of a Service Class or the Uber Class itself is leveraged to share authentication between classes.

Back to top


Base URL

The base address used for API requests.

Examples: US1 or https://api.crowdstrike.com

FalconPy supports the following CrowdStrike Base URLs:

Short name Base URL
US1 api.crowdstrike.com
US2 api.us-2.crowdstrike.com
EU1 api.eu-1.crowdstrike.com
USGOV1 api.laggar.gcw.crowdstrike.com

You may specify the short name or the base URL (with or without https://) when using the base_url keyword.

Back to top


Body Payload Abstraction

Programmatic logic used to abstract body payload parameters into keywords for use within FalconPy library methods.

More detail about body payload abstraction can be found in the Payload Handling documentation.

Back to top


Bleeding Edge

A pre-release version of FalconPy available on the test package index.

Back to top


Class

In object-oriented programming, a class is an extensible program-code-template for creating objects, providing initial values for state (member variables) and implementations of behavior (member functions or methods).

(Definition provided by Wikipedia)

Back to top


Cloud Region Autodiscovery

Starting in version 0.8.6, developers using the US1, US2 or EU1 regions no longer need to specify their base_url as this value is auto-discovered as part of the authentication process.

Please note: USGOV1 users will still need to provide this value.

Short name Base URL Auto discovery support?
US1 https://api.crowdstrike.com Yes
US2 https://api.us-2.crowdstrike.com Yes
EU1 https://api.eu-1.crowdstrike.com Yes
USGOV1 https://api.laggar.gcw.crowdstrike.com No

Back to top


Code Coverage

The percentage of code which is covered by automated unit testing. The FalconPy library maintains 100% code coverage for all released versions.

Back to top


Constructor

The method that is called when creating an instance of a class. By convention, this method is named __init__.

This term is sometimes used as a verb: First construct an instance of the class...

Back to top


Data Class

A class used as a generic abstraction layer to represent a discrete segment or type of data.

Back to top


Derivative Class

A stand-alone class that extends the functionality provided by an interface class.

Back to top


Endpoint

A combination of HTTP method and route that is used to perform a specific API operation.

Back to top


Endpoint Module

The sub-module within FalconPy that contains definitions for every endpoint within the CrowdStrike API.

Back to top


Extensibility

The measure of the ability to extend a software system and the level of effort required to implement the extension.

(Definition provided by Wikipedia)

More detail regarding extending existing functionality within FalconPy can be found in the Extensibility documentation.

Back to top


FalconDebug

A helper-class within FalconPy that facilitates payload and module debugging.

Back to top


FQL / FQL syntax

Falcon Query Language - The syntax used to provide filters and sort specifications to API requests.

More information about FQL can be found here.

Back to top


HTTP Method

HTTP operation (GET, POST, PATCH, PUT, DELETE, UPDATE) to use when sending a request to a specific endpoint route.

The combination of Route and HTTP Method define a specific API operation.

Back to top


IDP

Shorthand abbreviation for Identity Protection.

Back to top


Interface Class

A class used as a generic abstraction layer to provide base functionality to all derivative classes that inherit it.

Back to top


IOA

Shorthand abbreviation for Indicator of Attack.

Back to top


IOC

Shorthand abbreviation for Indicator of Compromise.

Back to top


Instance

Context: Instance of XYZ Service Class

A single object, constructed or instantiated using a specific class definition.

Back to top


Issue

A question, bug or enhancement request for the FalconPy library.

User submitted issues that do not result in a bug finding or enhancement request are converted into discussions and posted to the q & a section of our discussion board.

We want to hear from you! Please let us know of any issues you encounter.

Back to top


Log Sanitization

The process of redacting sensitive information from debug logs. Log Sanitization is enabled within FalconPy by default, but can be disabled using the sanitize_log keyword. Currently bearer tokens, client_id, client_secret and member_cid are redacted.

Back to top


Method

A function defined within a library class or module that executes a discrete sequence of steps. Typically this is in reference to a method that performs a specific API operation.

Examples: query_detects, query_devices_by_filter

The term method is also used to refer to the HTTP method used to communicate with a specific endpoint route.

Back to top


ML

Shorthand abbreviation for Machine Learning.

Back to top


Operation

Performing a request against a specific endpoint route within the CrowdStrike API using one of the allowed HTTP methods to accomplish a specific task.

More detail regarding Operations can be found here.

Back to top


Operation ID

Unique string used to identify an operation from among all available operations within all CrowdStrike API service collections. Operation IDs are case sensitive.

More detail regarding Operation IDs can be found here.

Back to top


Operation ID syntax

FalconPy-specific term for using Operation IDs as the method names within Service Classes for calls that interact with the CrowdStrike API.

Back to top


Package

Generic reference to the installation bundle for the FalconPy library.

Back to top


Package Index

Generic reference to PyPI, the Python Package Index.

Back to top


Parameter Abstraction

Programmatic logic used to abstract query string payload parameters into keywords for use within FalconPy library methods.

More detail about parameter abstraction can be found in the Payload Handling documentation.

Back to top


Payload

In computing and telecommunications, the payload is the part of transmitted data that is the actual intended message. Headers and metadata are sent only to enable payload delivery.

(Definition provided by Wikipedia)

More detail regarding payload types and how they are handled can be found here.

Back to top


Payload Module

The sub-module within FalconPy that contains helpers for creating and managing body payloads used for API requests.

Back to top


PEP 8

Python Enhancement Proposal #8 - A commonly referenced Python enhancement proposal that is used as the programmatic style guide for code implemented within this library.

More details about PEP 8 can be found here.

Back to top


PEP 257

Python Enhancement Proposal #257 - A commonly referenced Python enhancement proposal that governs the semantics and conventions associated with Python docstrings used within this library.

More details about PEP 257 can be found here.

Back to top


PR

Shorthand abbreviation for Pull Request.

Back to top


Pythonic Response

Consuming the response from the CrowdStrike API as a Python object instead of a JSON formatted dictionary.

Back to top


Release

A formally distributed version of FalconPy, available on the production package index.

Back to top


Route

The URL address of an endpoint, without the Base URL, that identifies the location of a specific Operation.

Back to top


RTR

Shorthand abbreviation for Real Time Response.

Back to top


Service Class

A FalconPy class that represents a single CrowdStrike API service collection, with methods defined for every operation within that service collection.

More detail regarding basic Service Class usage can be found here.

Back to top


Service Collection

Collection of API endpoints that comprise a specific CrowdStrike offering.

Service collections are also sometimes called the generic term "API" or "API collection".

Examples: Detects, the Hosts collection, the Real Time Response API

Back to top


Swagger

Swagger is a set of open-source tools built around the OpenAPI Specification that can help you design, build, document and consume REST APIs.

More detail regarding Swagger / OpenAPI Specification can be found here.

Back to top


Uber Class

A standalone FalconPy class that provides a singular harness to every operation within every service collection of the CrowdStrike API.

More detail regarding basic Uber Class usage can be found here.

Back to top


Unit test

A single test performed using the FalconPy library to confirm programmatic logic executes as intended. One unit test may be comprised of multiple real or simulated API operations.

Back to top


Unit testing / Unit test series

A series of unit tests performed using the FalconPy library to confirm functionality. Typically performed after a push or merge to the repository, these can also be executed by developers locally. Unit testing is designed to test every available code path within the FalconPy library, not necessarily every element of CrowdStrike API functionality.

Back to top


ZTA

Shorthand abbreviation for Zero Trust Assessment.

Back to top


Updates

Is there a term referenced within this repository that you feel needs a definition? Let us know by posting to our discussion board!

CrowdStrike Falcon

Clone this wiki locally