API CLIENTS and KEY REPORTING

Question 1

How to manage API Keys?

Answer 1

Use API Clients/Keys > Controls to manage API authentication for organization’s API integrations with Falcon.

Question 2

What role must a user have to view and modify API keys?

Answer 2

-Must have Falcon Admin role to view and modify API keys

Question 3

How many sets of controls are in API Clients/ Keys

Answer 3

API Clients/Keys = 2 sets of controls:

-Top half (API Keys) handles legacy standard for API authentication.
Top half of API Clients/Keys you’ll see
*Legacy API UUID
*A Reset Key button for legacy API Key

-Bottom half (API Clients) handles newer OAuth2 standard for API Authentication

Question 4

What happens when a user clicks “Reset Key”

Answer 4

-If you click Reset Key, Falcon revokes existing API key, and generates a new one for your existing UUID
**New key is displayed only once upon being generated, so record it in a safe place (test calls it a SECRET key).

**Once resetting key, you cut off access for all existing integrations until you reconfigure them to use the new key

Question 5

What can the Legacy API UUID be used for?

Answer 5

-To authenticate requests to some Query API endpoints and all ThreatGraph API endpoints

Question 6

What is the CS API (advanced programming interface)?

Answer 6

A set of REST- based API endpoints that allow you to perform programmatically instead of through the falcon console

Question 7

CS API uses _____for authentication?

Answer 7

-OAuth2

Question 8

Using OAuth2 you can…

Answer 8

-Use access tokens to make API requests
-manage multiple API clients
-Define limited scopes of permissions for API functionality

Question 9

What is created along with the creation of an API client?

Answer 9

-client ID
-Secret

Question 10

What is exchanged during an OAuth2 flow?

Answer 10

-Client ID and secret are exchanged for the OAuth2.0 access token

Question 11

What is exchanged during an OAuth2 flow?

Answer 11

-Client ID and secret are exchanged for the OAuth2.0 access token

Question 12

How often does the OAuth2.0 token expire?

Answer 12

-Expire every ½ hour

Question 13

How to create an API client?

Answer 13

Falcon main menu> support and resources>resources and tools>API clients and keys>add new api client>enter client name>select api scopes>click read or write checkboxes to enable access>click add> store api creds somewhere safe>done

Question 14

How to reset an API client secret?

Answer 14

Falcon main menu> support and resources>resources and tools>API clients and keys>select api client>click reset secret icon>click reset>record new api secret somewhere safe>done

Question 15

How to edit an API client?

Answer 15

Falcon main menu> support and resources>resources and tools>API clients and keys> select api client> click edit icon> make changes as necessary> save

Question 16

How to delete an API client?

Answer 16

Falcon main menu> support and resources>resources and tools>API clients and keys>select api client> delete>delete