diff --git a/.github/wordlist.txt b/.github/wordlist.txt
index 59095ff01..d468009b8 100644
--- a/.github/wordlist.txt
+++ b/.github/wordlist.txt
@@ -900,4 +900,281 @@ CreateSavedSearchesExecuteV
 CreateSavedSearchesIngestV
 GetSavedSearchesJobResultsDownloadV
 clobberer
-UUIDs
\ No newline at end of file
+UUIDs
+AAAAGYktHRAAAAAAAAPlDu
+AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz
+AAABhWlDQ
+AENyZWF
+AUhU
+AuOe
+BBIm
+BJQ
+BllzBbyJJBgDclVkO
+COjZBi
+Cmm
+Cnate
+CuffOubQVUXL
+CzCcGPyWywAAAABJRU
+EOFwAAAYBJREFUKM
+ErkJggg
+FlwWeGTHTqTniCLFYaGGlhVnR
+HZIEAKiMj
+HztO
+ILMXTTGYVfaut
+IgniKOqplO
+Iw
+JQOLiIU
+Jh
+KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi
+KfPKlFdkGAMY
+KhRTdx
+Kukd
+LCi
+LWiOxljG
+MZ
+MgcHJvZmlsZQAAKJF
+MyheKA
+NK
+Nsgmm
+ODPYtXBxVlXB
+OEvgJC
+PhmzKrsTnL
+QApADvu
+QL
+QQIPgNXetNfrgFTn
+QV
+QeJEQg
+RBCBLjq
+RXm
+Tjy
+TpaIVBzuIOGSoDmJBVEQ
+TzwPsZjSkL
+UYCNGp
+VNRUuHy
+XFIJ
+XHnrWX
+XRD
+YHAdwB
+YizdKNq
+Yu
+ZWQgd
+aCBHSU
+aP
+aRuc
+akhQXR
+bbXapMy
+bqURczGRXxNAruhAEMI
+bzFWStVWKNO
+cA
+cAAAAGXRFWHRDb
+cj
+createrulesv
+dBEPwBcXNzUnSREu
+dNo
+dYl
+dg
+eSyiBfOe
+eWvnxMS
+fIpdCrg
+fcR
+ftlJAD
+hHg
+hfHCGB
+hmVnGrCQl
+hq
+iELI
+iVBORw
+ifPB
+img
+jrtASSwgEVIEKGggg
+jvXkColZhmtY
+kPFY
+kT
+kjrCirxOfEIyYVSPzIdcXjN
+ktSur
+ky
+lOFcL
+lR
+labelColor
+lkjFIlVEYht
+mDzLkrxafSxySFKjSWX
+mX
+oCMAvnZgCcsF
+oTmjKzz
+pHAfaXxznYxAI
+pehjAiaVfkN
+pnCFP
+png
+quN
+qyB
+qzmLAQGReIYZpk
+rUIRKoRaoVUHk
+rXrcAAgs
+sFkYYUyUnIRcemhCtCU
+sNwTl
+sTAHazSG
+tSr
+tZW
+uOniJhivesLx
+vN
+vO
+wOzbOx
+wcAgMFSh
+wcsyjDA
+wefwe
+wzx
+xr
+yBjDtfWORJZlNtFyo
+zeffHa
+zn
+zuAH
+zzkXJbeUljIldFTstsmSHM
+pyfiglet
+csv
+ExampleToken
+NewExampleToken
+deletesamplev
+getartifacts
+getreports
+getsamplev
+getscans
+getsubmissions
+queryreports
+scansamples
+uploadsamplev
+attck
+getintelactorentities
+getintelindicatorentities
+getintelreportentities
+getmalqueryentitiessamplesfetchv
+getmalqueryrequestv
+getmitrereport
+malqueryinator
+misp
+mitre
+postmalqueryentitiessamplesmultidownloadv
+postmalqueryfuzzysearchv
+queryintelactorentities
+queryintelindicatorentities
+queryintelreportentities
+querymitreattacks
+tf
+xkcd
+cisa
+combinedqueryvulnerabilities
+darkblue
+dhs
+getdevicedetails
+getremediationsv
+getvulnerabilities
+querydevicesbyfilterscroll
+queryvulnerabilities
+getcspmpolicysettings
+deleteawsaccounts
+provisionawsaccounts
+queryawsaccounts
+updateawsaccounts
+verifyawsaccountaccess
+basaglia
+batchactiverespondercmd
+batchadmincmd
+batchinitsessions
+checkadmincommandstatus
+createput
+createscripts
+deleteput
+deletescripts
+deletesession
+executeadmincommand
+getdevicedetails
+getextractedfilecontents
+getsensorinstallersccidbyquery
+gitlab
+initsession
+listput
+listqueuedsessions
+listscripts
+mattia
+proxytool
+querydevicesbyfilterscroll
+querygroupmembers
+rtr
+runscript
+crowdscore
+getincidents
+performincidentaction
+queryincidents
+quickchart
+deletepreventionpolicies
+getpreventionpolicies
+performpreventionpoliciesaction
+querycombinedpreventionpolicies
+querypreventionpolicies
+updatepreventionpolicies
+getdetectsummaries
+querydetects
+updatedetectsbyidsv
+cloner
+groupmixin
+groupsmixin
+batchadmincmd
+batchinitsessions
+checkadmincommandstatus
+createhostgroups
+darkblue
+deletesession
+multicid
+querychildren
+querycombinedhostgroups
+querycombinedpreventionpolicies
+querydevicesbyfilter
+rtr
+listavailablestreamsoauth
+refreshactivestreamsession
+combineduserrolesv
+createuser
+darkblue
+deleteuser
+getavailableroleids
+getuserroleids
+grantuserroleids
+queryuserv
+retrieveuser
+retrieveusersgetv
+retrieveuseruuid
+retrieveuseruuidsbycid
+revokeuserroleids
+getquarantinefiles
+getsamplev
+queryquarantinefiles
+darkblue
+getsensorinstallersccidbyquery
+querychildren
+createsensorupdatepoliciesv
+deletesensorupdatepolicies
+performsensorupdatepoliciesaction
+querycombinedsensorupdatebuilds
+querycombinedsensorupdatekernels
+querycombinedsensorupdatepoliciesv
+querycombinedsensorupdatepolicymembers
+revealuninstalltoken
+setsensorupdatepoliciesprecedence
+updatesensorupdatepolicies
+downloadsensorinstallerbyid
+getcombinedsensorinstallersbyquery
+getdevicedetails
+micgoetz
+performactionv
+querydeviceloginhistory
+querydevicesbyfilter
+querydevicesbyfilterscroll
+rtr
+updatedevicetags
+accesstoken
+aes
+queryawsaccounts
+querydetects
+querydevicesbyfilterscroll
+queryincidents
+queryintelactorentities
+apis
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 35ebf3bdf..7dde1119f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,43 @@
+# Version 1.3.4
+## Added features and functionality
++ Added: Use a Service Class or the Uber Class as a context manager.
+    > Leveraging this functionality will automatically revoke your bearer token on context manager exit.
+    ```python
+    from falconpy import Hosts
+    with Hosts(pythonic=True) as hosts:
+        for device in hosts.query_devices().data:
+            print(device)
+    ```
+    - `_auth_object/_uber_interface.py`
+    - `_service_class/_service_class.py`
++ Added: `app_id` keyword added to _CreateSavedSearchesIngestV1_ operation.
+    - `foundry_logscale.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_foundry_logscale.py`
+
+## Issues resolved
++ Fixed: _update_policy_container_ operation payload handler is missing the `policy_id` key. Closes #1068.
+    - `_payload/_firewall.py`
+    > Expanded unit testing to complete code coverage.
+    - `tests/test_firewall_management.py`
++ Fixed: `after` property is missing from the __Meta__ object. Closes #1069.
+    - `_result/_meta.py`
+    - `_result/_result.py`
++ Fixed: Payload handler for _tokens_update_ operation is not properly passing the `revoked` key. Closes #1074.
+    - `installation_tokens.py`
++ Fixed: API operations generating leveraging the raw attribute are not properly displaying results when leveraging result object expansion. Closes #1076.
+    - `_result/_result.py`
++ Fixed: Per-operation pythonic override is not working as expected. Closes #1078.
+    - `_util/_functions.py`
+
+# Other
++ Changed: Updated field mapping for Uber Class path variables to a cleaner solution.
+    - `_util/_uber.py`
++ Removed: The unsupported actions `add-rule-group` and `remove-rule-group` are removed from the _performFirewallPoliciesAction_ operation. Relates to #1059.
+    - `firewall_policies.py`
+
+---
+
 # Version 1.3.3
 ## Added features and functionality
 + Added: Deprecation warnings for deprecated classes and operations. Closes #1055.
diff --git a/samples/README.md b/samples/README.md
index b80bcd186..0a3e8a7d5 100644
--- a/samples/README.md
+++ b/samples/README.md
@@ -24,41 +24,87 @@ In order to expedite sample delivery, examples will follow one of three standard
 > Please note: These are not the only methods for providing these values. 
 
 # Samples by API service collection
-The following samples are categorized by CrowdStrike Falcon API service collection. Some samples have specific FalconPy version requirements, check documentation maintained within the source or the sample `README.md` for more details.
+The following samples are categorized by CrowdStrike product, and further categorized by Falcon API service collection. Some samples have specific FalconPy version requirements, check documentation maintained within the source or the sample `README.md` for more details.
 
 ![Total samples](https://img.shields.io/endpoint?url=https%3A%2F%2Ffalconpy.io%2F_samples.json&style=for-the-badge)
 
-| Service Collection | Samples |
-| :--- | :--- |
-| [Authentication](#authentication) | [AES Authentication](#aes-authentication)<BR/>[AES File Crypt](#aes-file-crypt)<BR/>[Token Authentication](#token-authentication) |
-| [Custom IOA](#custom-ioa) | [Custom IOA Cloner](#custom-ioa-cloner) |
-| [Detects](#detects) | [Detects Advisor](#detects-advisor) |
-| [Event Streams](#event-streams) | [Send detections to AWS Security Hub](#send-detections-to-aws-security-hub) |
-| [Falcon Discover](#falcon-discover) | [List discovered hosts](#list-discovered-hosts)<BR/>[Spyglass](#spyglass) |
-| [Falcon Discover for Cloud and Containers](#falcon-discover-for-cloud-and-containers-aws-accounts) | [Manage Discover accounts (AWS)](#manage-discover-accounts) |
-| [Falcon Horizon](#falcon-horizon) | [Get CSPM policies](#get-cspm-policies) |
-| [Falcon Flight Control](#falcon-flight-control) | [Find child CID](#find-child-cid)<BR/>[Get Child Prevention Policies](#get-child-prevention-policies)<BR/>[Host Group Duplicator](#host-group-duplicator)<BR/>[Execute a command on hosts across multiple children](#execute-a-command-on-hosts-across-multiple-children) |
-| [Falcon Intelligence](#falcon-intelligence) | [Manage sandbox uploads](#manage-sandbox-uploads)<BR/>[Falcon Intelligence sandbox scan](#falcon-intelligence-sandbox-scan)<BR/>[Get all artifacts](#get-all-artifacts)<BR/>[Quick Scan a target](#quick-scan-a-target)<BR/>[Quick Scan quota check](#quick-scan-quota-check)<BR/>[S3 Bucket Protection](#s3-bucket-protection) |
-| [Firewall Management](#firewall-management) | [Export Firewall events to a file](#export-firewall-events-to-a-file) |
-| [Hosts](#hosts) | [List sensors by hostname](#list-sensors-by-hostname)<BR/>[Manage duplicate sensors](#manage-duplicate-sensors)<BR/>[CUSSED (Manage stale sensors)](#cussed-manage-stale-sensors)<BR/>[Match usernames to hosts](#match-usernames-to-hosts)<BR/>[Offset vs. Token](#offset-vs-token)<BR/>[Prune Hosts by Hostname or AID](#prune-hosts-by-hostname-or-aid)<BR/>[Quarantine a host](#quarantine-a-host)<BR/>[Quarantine a host (updated version)](#quarantine-a-host-updated-version) |
-| [Identity Protection](#identity-protection) | [GraphQL Pagination](#graphql-pagination) |
-| [Incidents](#incidents) | [CrowdScore QuickChart](#crowdscore-quickchart)<BR/>[Incident Triage](#incident-triage) |
-| [Intel](#intel) | [MISP Import](#misp-import)<BR/>[Intel Search](#intel-search) |
-| [IOC](#ioc) | [Create indicators](#create-indicators) |
-| [MalQuery](#malquery) | [Malqueryinator](#malqueryinator) |
-| [Prevention Policy](#prevention-policy) | [Prevention Policy Hawk](#prevention-policy-hawk) |
-| [Quarantine](#quarantine) | [Get Quarantined Files](#get-quarantined-files)
-| [Real Time Response](#real-time-response) | [Bulk execute a command](#bulk-execute-a-command)<BR/>[Bulk execute a command (queued)](#bulk-execute-a-command-queued)<BR/>[Get host uptime](#get-host-uptime)<BR/>[Get RTR result](#get-rtr-result)<BR/>[Dump memory for a running process](#dump-memory-for-a-running-process)<BR/>[My Little RTR](#my-little-rtr)<BR/>[ProxyTool](#proxytool) |
-| [Recon](#recon) | [Create monitoring rules for an email list](#create-monitoring-rules-for-an-email-list) |
-| [Report Executions](#report-executions) | [Retrieve all report results](#retrieve-all-report-results) |
-| [Sensor Download](#sensor-download) | [Download the CrowdStrike sensor](#download-the-crowdstrike-sensor) |
-| [Sensor Update Policies](#sensor-update-policies) | [Policy Wonk](#policy-wonk) |
-| [Spotlight](#spotlight) | [Find vulnerable hosts by CVE ID](#find-vulnerable-hosts-by-cve-id)<BR/>[CISA DHS Known Exploited Vulnerabilities](#cisa-dhs-known-exploited-vulnerabilities)<BR/>[Spotlight Quick Report](#spotlight-quick-report) |
-| [User Management](#user-management) | [Bulk user administration](#bulk-user-administration)<BR/>[Get user grants](#get-user-grants) |
-
-
-##### Class type legend
-Provided examples are further categorized by the type of class used to interact with the CrowdStrike API.
+<a id="toc"></a>
+<details open>
+<summary><h2>Table of Contents</h2></summary>
+
+<a id="general-toc"></a>
+
+### [General](#general-apis)
+| Topic | Samples |
+| :-- | :-- |
+| [Authentication](#authentication) | AES Authentication<BR/>AES File Crypt<BR/>Token Authentication |
+
+<a id="deployment-and-management-toc"></a>
+
+### [Deployment and Management](#deployment-and-management-apis) 
+
+| Topic | Samples |
+| :-- | :-- |
+| [Hosts](#hosts-samples)<BR/>[Host Groups](#hosts-samples)<BR/> | List sensors by hostname<BR/>Manage duplicate sensors<BR/>CUSSED (Manage stale sensors)<BR/>Match usernames to hosts<BR/>Offset vs. Token<BR/>Prune Hosts by Hostname or AID<BR/>Quarantine a host<BR/>Quarantine a host (updated version) |
+| [Report Executions](#report-executions-samples) | Retrieve all report results |
+| [Sensor Download](#sensor-download-samples) | Download the CrowdStrike sensor |
+| [Sensor Update Policies](#sensor-update-policies-samples) | Policy Wonk |
+| [Installation Tokens](#installation-tokens-samples) | Token Dispenser |
+| [Quarantine](#quarantine-samples) | Get Quarantined Files | 
+| [User Management](#user-management-samples) | Bulk user administration<BR/>Get user grants | 
+| [Event Streams](#event-streams-samples) | Send detections to AWS Security Hub |
+| [Flight Control (MSSP)](#flight-control-samples) | Find child CID<BR/>Get Child Prevention Policies<BR/>Host Group Duplicator<BR/>Execute a command on hosts across multiple children |
+
+<a id="endpoint-security-toc"></a>
+
+### [Endpoint Security](#endpoint-security-apis)
+
+| Topic | Samples |
+| :-- | :-- |
+| [Custom IOA](#custom-ioa-samples) | Custom IOA Cloner |
+| [Detects](#detects-samples) | Detects Advisor |
+| [IOC](#ioc-samples) | Create indicators |
+| [Prevention Policies](#prevention-policies-samples) | Prevention Policy Hawk |
+| [Incidents](#incidents-samples) | CrowdScore QuickChart<BR/>Incident Triage |
+| [Real Time Response](#real-time-response-samples) | Bulk execute a command<BR/>Bulk execute a command (queued)<BR/>Get host uptime<BR/>Get RTR result<BR/>Dump memory for a running process<BR/>My Little RTR<BR/>ProxyTool | 
+| [Firewall Management](#firewall-management-samples) | Export Firewall events to a file |
+
+<a id="cloud-security-toc"></a>
+
+### [Cloud Security](#cloud-security-apis)
+| Topic | Samples |
+| :-- | :-- |
+| [Cloud Workload Protection](#cloud-workload-protection-samples) | Manage Discover accounts (AWS) |
+| [CSPM Registration](#horizon-samples) | Get CSPM policies |
+
+<a id="identity-protection-toc"></a>
+
+### [Identity Protection](#identity-protection-apis)
+| Topic | Samples |
+| :-- | :-- |
+| [Identity Protection](#identity-protection-samples) | GraphQL Pagination |
+
+<a id="exposure-management-toc"></a>
+
+### [Exposure Management](#exposure-management-apis) 
+| Topic | Samples |
+| :-- | :-- |
+| [Asset Management (Discover)](#asset-management-samples) | List discovered hosts<BR/>Spyglass |
+| [Vulnerability Management (Spotlight)](#vulnerability-management-samples) | Find vulnerable hosts by CVE ID<BR/>CISA DHS Known Exploited Vulnerabilities<BR/>Spotlight Quick Report |
+
+<a id="threat-intelligence-toc"></a>
+
+### [Threat Intelligence](#threat-intelligence-apis)
+| Topic | Samples |
+| :-- | :-- |
+| [Falcon Intelligence (includes MalQuery)](#falcon-intelligence-samples) | Intel Search<BR/>MISP Import<BR/>Malqueryinator |
+| [Falcon Intelligence Sandbox (includes QuickScan)](#falcon-intelligence-sandbox-samples) | Manage sandbox uploads<BR/>Falcon Intelligence sandbox scan<BR/>Get all artifacts<BR/>Quick Scan a target<BR/>Quick Scan quota check<BR/>S3 Bucket Protection |
+| [Falcon Intelligence Recon](#recon-samples) | Create monitoring rules for an email list |
+
+</details>
+
+#### Class type legend
+Provided examples are additionally labeled by the type of class used to interact with the CrowdStrike API and if the solution supports MSSP usage scenarios.
 
 | Indicator | Detail |
 | :--- | :--- |
@@ -67,15 +113,22 @@ Provided examples are further categorized by the type of class used to interact
 | [![MSSP Usage supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](https://falconpy.io/Usage/Authenticating-to-the-API.html#mssp-examples-hosts) | These samples support MSSP usage scenarios.
 
 
-## Authentication
-This group of samples discuss different variations of authentication to CrowdStrike's OAuth2 API.
+<!--General-->
+
+<a id="general-apis"></a>
+<details open>
+<summary><h2>General</h2></summary>
+<a id="authentication-samples"></a>
+<details>
+<summary><h3>Authentication</h3> <small>(click to expand)</small><br/>
+This group of samples discuss different variations of authentication to CrowdStrike's OAuth2 API.</summary>
 
-### AES Authentication
+#### AES Authentication
 The AES authentication example demonstrates the technical aspects of implementing a cryptographic solution for storing and retrieving credentials from the file system. Upon successful decryption, a simple API connectivity test is performed.
 
 [![AES Authentication](https://img.shields.io/badge/Service%20Class-AES_Authentication-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](authentication#aes-authentication)
 
-#### API operations discussed
+##### API operations discussed
 This sample leverages the Hosts API to perform a connectivity test.
 
 | Operation | Description |
@@ -84,541 +137,625 @@ This sample leverages the Hosts API to perform a connectivity test.
 
 ---
 
-### AES File Crypt
+#### AES File Crypt
 The AES file crypt example builds on the code developed for the [AES Authentication](#aes-authentication) example to encrypt arbitrary files.
 
 [![AES File Crypt](https://img.shields.io/badge/Just_Because-AES_File_Crypt-silver?style=for-the-badge&labelColor=teal&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](authentication#aes-file-crypt)
 
-#### API operations discussed
+##### API operations discussed
 This sample does not communicate with the CrowdStrike API.
 
 ---
 
-### Token Authentication
+#### Token Authentication
 This sample demonstrates [Token Authentication](https://www.falconpy.io/Usage/Authenticating-to-the-API.html#legacy-authentication) (also known as Legacy Authentication) and how it can be leveraged to interact with multiple Service Classes.
 
 [![Token Authentication](https://img.shields.io/badge/Service%20Class-Token_Authentication-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](authentication#token-authentication)
 
 
-#### API operations discussed
+##### API operations discussed
 This sample interacts with seven different Service Classes to authenticate and perform a connectivity test using multiple Service Classes.
 
 | Service Class | Operation | Description |
 | :--- | :--- | :--- |
 | CloudConnectAWS | [QueryAWSAccounts](https://www.falconpy.io/Service-Collections/Cloud-Connect-AWS.html#queryawsaccounts) | Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria. |
 | Detects | [QueryDetects](https://www.falconpy.io/Service-Collections/Detects.html#querydetects) | Search for detection IDs that match a given query. |
-| Hosts | [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) (using the `query_devices` alias). | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
+| Hosts | [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) (using the `query_devices` alias) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
 | Incidents | [QueryIncidents](https://www.falconpy.io/Service-Collections/Incidents.html#queryincidents) | Search for incidents by providing a FQL filter, sorting, and paging details. |
 | Intel | [QueryIntelActorEntities](https://www.falconpy.io/Service-Collections/Intel.html#queryintelactorentities) | Get info about actors that match provided FQL filters. |
 | IOC | [indicator_combined_v1](https://www.falconpy.io/Service-Collections/IOC.html#indicator_combined_v1) | Get combined for indicators. |
 | OAuth2 | [token](https://www.falconpy.io/Service-Collections/OAuth2.html#oauth2accesstoken) | Generate an OAuth2 access token. |
 
+</details>
 
----
-
-## Custom IOA
-This category demonstrates using CrowdStrike's Custom IOA service collection.
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#general-toc)
 
-### Custom IOA Cloner
-The [Custom IOA Cloner](custom_ioa#custom-ioa-cloner) demonstrates displaying, deleting and cloning Custom IOA rule groups.
+---
 
-[![Custom IOA](https://img.shields.io/badge/Service%20Class-Custom_IOA_Cloner-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](custom_ioa#custom-ioa-cloner)
+</details>
 
-#### Custom IOA API operations discussed
-This sample demonstrates the following CrowdStrike Custom IOA API operations:
+<!--Deployment and Management-->
 
-| Operation | Description |
-| :--- | :--- |
-| [create_rule](https://www.falconpy.io/Service-Collections/Custom-IOA.html#create_rule) | Create a rule within a rule group. Returns the rule. |
-| [create_rule_groupMixin0](https://www.falconpy.io/Service-Collections/Custom-IOA.html#create_rule_groupmixin0) | Create a rule group for a platform with a name and an optional description. Returns the rule group. |
-| [delete_rule_groupsMixin0](https://www.falconpy.io/Service-Collections/Custom-IOA.html#delete_rule_groupsmixin0) | Delete rule groups by ID. |
-| [query_rule_groups_full](https://www.falconpy.io/Service-Collections/Custom-IOA.html#query_rule_groups_full) | Find all rule groups matching the query with optional filter. |
+<a id="deployment-and-management-apis"></a>
+<details open>
+<summary><h2>Deployment and Management</h2></summary>
 
----
+<a id="hosts-samples"></a>
+<details>
+<summary><h3>Hosts</h3> <small>(click to expand)</small><br/>
+The samples collected in this section demonstrate leveraging CrowdStrike's Hosts and Host Group API service collections to secure your endpoints.
+</summary>
 
-## Detects
-The CrowdStrike Detects API service collection is the sole focus of this category.
+- [List sensors by hostname](#list-sensors-by-hostname)
+- [CUSSED (Stale sensor detector)](#cussed-manage-stale-sensors)
+- [Match usernames to hosts](#match-usernames-to-hosts)
+- [Offset vs. Token](#offset-vs-token)
+- [Quarantine a host](#quarantine-a-host)
+- [Quarantine a host (updated)](#quarantine-a-host-updated-version)
 
-### Detects Advisor
-[Detects Advisor](detects#detects-advisor) is an example application for triaging inbound detections in your CrowdStrike Falcon tenant.
+#### List sensors by hostname
+This [example](hosts#list-sensors-by-hostname) will demonstrate how to retrieve a list of sensors by hostname.
 
-[![Detects](https://img.shields.io/badge/Service%20Class-Detects%20Advisor-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](detects#detects-advisor)
+[![Hosts](https://img.shields.io/badge/Service%20Class-List%20Sensors%20By%20Hostname-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](hosts#list-sensors-by-hostname) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](hosts#list-sensors-by-hostname)
 
-#### Detects API operations discussed
-This sample demonstrates the following CrowdStrike Detects API operations:
+##### Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Hosts API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetDetectSummaries](https://falconpy.io/Service-Collections/Detects.html#getdetectsummaries) | View information about detections. |
-| [QueryDetects](https://falconpy.io/Service-Collections/Detects.html#querydetects) | Search for detection IDs that match a given query. |
-| [UpdateDetectsByIdsV2](https://falconpy.io/Service-Collections/Detects.html#updatedetectsbyidsv2) | Modify the state, assignee, and visibility of detections. |
+| [GetDeviceDetails](https://falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) operation, the Falcon console or the Streaming API. |
+| [QueryDevicesByFilter](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
 
 ---
 
-## Event Streams
-This category is focused on the CrowdStrike Event Streams API service collection.
-
-### Send detections to AWS Security Hub
-This [example](https://github.com/CrowdStrike/Cloud-AWS/tree/main/Security-Hub) demonstrates publishing AWS Security Hub findings from CrowdStrike Falcon Event Streams API.
+#### Manage duplicate sensors
+Identify and optionally remove duplicate sensors using this [example](https://github.com/CrowdStrike/falconpy/tree/main/samples/hosts#list-duplicate-sensors).
 
-[![Event Streams](https://img.shields.io/badge/Uber%20Class-Send%20Detections%20to%20AWS%20Security%20Hub-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/Cloud-AWS/tree/main/Security-Hub)
+[![Hosts](https://img.shields.io/badge/Service%20Class-Find%20Duplicate%20Sensors-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/hosts#list-duplicate-sensors) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](https://github.com/CrowdStrike/falconpy/tree/main/samples/hosts#list-duplicate-sensors)
 
-#### Event Streams API operations discussed
-This sample demonstrates the following CrowdStrike Event Streams API operations:
+##### Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Hosts API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [listAvailableStreamsOAuth2](https://falconpy.io/Service-Collections/Event-Streams.html#listavailablestreamsoauth2) | Discover all event streams in your environment. |
-| [refreshActiveStreamSession](https://falconpy.io/Service-Collections/Event-Streams.html#refreshactivestreamsession) | Refresh an active event stream. Use the URL shown in a [listAvailableStreamsOAuth2](https://falconpy.io/Service-Collections/Event-Streams.html#listavailablestreamsoauth2) response. |
+| [GetDeviceDetails](https://falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) operation, the Falcon console or the Streaming API. |
+| [PerformActionV2](https://falconpy.io/Service-Collections/Hosts.html#performactionv2) | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
+| [QueryDevicesByFilterScroll](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
 
 ---
 
-## Falcon Discover
-The samples in this section focus on the CrowdStrike Falcon Discover API service collection.
-
-### List discovered hosts
-
-In this [example](discover/list_discovered_hosts.py), we demonstrate listing up to the first 100 hosts identified by Falcon Discover.
+#### CUSSED (Manage stale sensors)
+Identify and optionally remove stale sensors using this [example](hosts#list-stale-sensors).
 
-[![Falcon Discover](https://img.shields.io/badge/Service%20Class-List%20Discovered%20Hosts-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](discover/list_discovered_hosts.py) 
+[![Hosts](https://img.shields.io/badge/Service%20Class-Find%20Stale%20Sensors-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](hosts#list-stale-sensors) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](hosts#list-stale-sensors)
 
-#### Discover API operations discussed
-This sample demonstrates the following CrowdStrike Discover API operations:
+##### Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Hosts API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [get_hosts](https://falconpy.io/Service-Collections/Discover.html#get_hosts) | Get details on assets by providing one or more IDs. |
-| [query_hosts](https://falconpy.io/Service-Collections/Discover.html#query_hosts) | Search for assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria. |
+| [GetDeviceDetails](https://falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) operation, the Falcon console or the Streaming API. |
+| [PerformActionV2](https://falconpy.io/Service-Collections/Hosts.html#performactionv2) | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
+| [QueryDevicesByFilterScroll](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
 
 ---
 
-### Spyglass
-
-In this [example](discover/spyglass.py), we demonstrate running a full Falcon Discover audit report (accounts, applications, hosts and logins).
+#### Match usernames to hosts
+Submitted by `@micgoetz`, the [Match Username to Host](hosts#match-usernames-to-hosts) sample demonstrates mapping usernames to hosts with Falcon Grouping tags.
 
-[![Falcon Discover](https://img.shields.io/badge/Service%20Class-Spyglass-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/discover#spyglass) 
+[![Hosts](https://img.shields.io/badge/Service%20Class-Match_Username_to_Host-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](hosts#match-usernames-to-hosts) 
 
-#### Discover API operations discussed
-This sample demonstrates the following CrowdStrike Discover API operations:
+##### Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Hosts API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [get_accounts](https://falconpy.io/Service-Collections/Discover.html#get_accounts) | Get details on accounts by providing one or more IDs. |
-| [get_applications](https://falconpy.io/Service-Collections/Discover.html#get_applications) | Get details on applications by providing one or more IDs. |
-| [get_hosts](https://falconpy.io/Service-Collections/Discover.html#get_hosts) | Get details on assets by providing one or more IDs. |
-| [get_logins](https://falconpy.io/Service-Collections/Discover.html#get_logins) | Get details on logins by providing one or more IDs. |
-| [query_accounts](https://falconpy.io/Service-Collections/Discover.html#query_accounts) | Search for accounts in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria. |
-| [query_applications](https://falconpy.io/Service-Collections/Discover.html#query_applications) | Search for applications in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of application IDs which match the filter criteria. |
-| [query_hosts](https://falconpy.io/Service-Collections/Discover.html#query_hosts) | Search for assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria. |
-| [query_logins](https://falconpy.io/Service-Collections/Discover.html#query_logins) | Search for logins in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria. |
+| [GetDeviceDetails](https://falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) operation, the Falcon console or the Streaming API. |
+| [QueryDevicesByFilter](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
+| [QueryDeviceLoginHistory](https://www.falconpy.io/Service-Collections/Hosts.html#querydeviceloginhistory) | Retrieve details about recent login sessions for a set of devices. |
+| [UpdateDeviceTags](https://www.falconpy.io/Service-Collections/Hosts.html#updatedevicetags) | Append or remove one or more Falcon Grouping Tags on one or more hosts. |
 
 ---
 
-## Falcon Discover for Cloud and Containers (AWS Accounts)
-This section discusses Falcon Discover for Cloud and Containers, and the two API service collections, Cloud Connect AWS and D4C Registration.
-
-### Manage Discover accounts
-This example demonstrates using FalconPy to register and remove accounts managed by CrowdStrike Falcon Discover for Cloud (AWS). Both [Service Class](discover_aws/manage_discover_accounts_service.py) and [Uber Class](discover_aws/manage_discover_accounts_uber.py) examples are provided.
+#### Offset vs. Token
+This [demonstration](hosts#comparing-querydevicesbyfilter-and-querydevicesbyfilterscroll-offset-vs-token) discusses the [pagination](https://falconpy.io/Usage/Response-Handling.html#paginating-json-responses) differences when using [`QueryDevicesByFilter`](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) versus [`QueryDevicesByFilterScroll`](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll).
 
-[![Falcon Discover for Cloud (AWS)](https://img.shields.io/badge/Service%20Class-Manage%20Discover%20Accounts-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](discover_aws/manage_discover_accounts_service.py) 
-[![Falcon Discover for Cloud (AWS)](https://img.shields.io/badge/Uber%20Class-Manage%20Discover%20Accounts-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](discover_aws/manage_discover_accounts_uber.py)
+[![Hosts](https://img.shields.io/badge/Service%20Class-Offset%20vs.%20Token-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](hosts#comparing-querydevicesbyfilter-and-querydevicesbyfilterscroll-offset-vs-token) 
 
-#### Cloud Connect AWS API operations discussed
-These samples demonstrate the following CrowdStrike Cloud Connect AWS (Discover for Cloud and Containers) API operations:
+##### Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Hosts API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [DeleteAWSAccounts](https://falconpy.io/Service-Collections/Cloud-Connect-AWS.html#deleteawsaccounts) | Delete a set of AWS Accounts by specifying their IDs. |
-| [ProvisionAWSAccounts](https://falconpy.io/Service-Collections/Cloud-Connect-AWS.html#provisionawsaccounts) | Provision AWS Accounts by specifying details about the accounts to provision. |
-| [QueryAWSAccounts](https://falconpy.io/Service-Collections/Cloud-Connect-AWS.html#queryawsaccounts) | Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria. |
-| [UpdateAWSAccounts](https://falconpy.io/Service-Collections/Cloud-Connect-AWS.html#updateawsaccounts) | Update AWS Accounts by specifying the ID of the account and details to update. |
-| [VerifyAWSAccountAccess](https://falconpy.io/Service-Collections/Cloud-Connect-AWS.html#verifyawsaccountaccess) | Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria. |
+| [QueryDevicesByFilter](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
+| [QueryDevicesByFilterScroll](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
 
 ---
 
-## Falcon Horizon
-These samples focus on CrowdStrike Falcon Horizon and the available API operations within the CSPM Registration service collection.
-
-### Get CSPM policies
-Submitted by `@mccbryan3`, this [example](cspm_registration/get_cspm_policies.py) uses FalconPy to report or export as CSV, all or selective Falcon Horizon CSPM Policies.
+#### Prune Hosts by Hostname or AID
+This sample demonstrates [removing and restoring hosts by hostname or AID](hosts/prune_hosts.py).
 
-[![Falcon Horizon](https://img.shields.io/badge/Service%20Class-Report%20Horizon%20Policies-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](cspm_registration/get_cspm_policies.py) 
+[![Hosts](https://img.shields.io/badge/Service%20Class-Hosts_Pruner-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/hosts#prune-hosts-by-hostname-or-aid) 
 
-#### CSPM Registration API operations discussed
-This sample demonstrates the following CrowdStrike CSPM Registration (Horizon) API operations:
+##### Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Hosts API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetCSPMPolicySettings](https://falconpy.io/Service-Collections/CSPM-Registration.html#getcspmpolicysettings) | Returns information about current policy settings. |
+| [PerformActionV2](https://falconpy.io/Service-Collections/Hosts.html#performactionv2) | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
+| [GetDeviceDetails](https://falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) operation, the Falcon console or the Streaming API. |
+| [QueryDevicesByFilterScroll](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
 
 ---
 
-## Falcon Flight Control
-The samples in this category demonstrate functionality for MSSP scenarios using the Falcon Flight Control API service collection.
-
-### Find child CID
-This [example](flight_control/find_child_cid.py) demonstrates retrieving a child CID using the CrowdStrike Falcon Flight Control API.
+#### Quarantine a host
+Developed by one of our maintainers `@soggysec`, this example demonstrates how to [quarantine target hosts](rtr/quarantine_hosts.py).
 
-[![Falcon Flight Control](https://img.shields.io/badge/Service%20Class-Find%20Child%20CID-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](flight_control/find_child_cid.py) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](flight_control/find_child_cid.py)
+[![Hosts](https://img.shields.io/badge/Service%20Class-Quarantine%20Target%20Host-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/quarantine_hosts.py)
 
-#### Flight Control API operations discussed
-This sample demonstrates the following CrowdStrike Flight Control API operations:
+##### Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Hosts API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [QueryChildren](https://falconpy.io/Service-Collections/MSSP.html#querychildren) | Query for customers linked as children. |
+| [PerformActionV2](https://falconpy.io/Service-Collections/Hosts.html#performactionv2) | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
+| [QueryDevicesByFilter](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
 
 ---
 
-### Get Child Prevention Policies
-This [example](flight_control/get_child_prevention_policies.py) uses the Flight Control and Prevention Policies Host Group APIs to demonstrate retrieving prevention policies for some or all child tenants.
+#### Quarantine a host (updated version)
+This is the same solution, but [updated](hosts/quarantine_hosts_new.py) to demonstrate [Direct Authentication](https://www.falconpy.io/Usage/Authenticating-to-the-API.html#direct-authentication), [Body Payload Abstraction](https://www.falconpy.io/Usage/Payload-Handling.html#body-payload-abstraction) and [Parameter Abstraction](https://www.falconpy.io/Usage/Payload-Handling.html#parameter-abstraction).
 
-[![Falcon Flight Control](https://img.shields.io/badge/Service%20Class-Get_Child_Prevention_Policies-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](flight_control/get_child_prevention_policies.py) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](flight_control/get_child_prevention_policies.py)
+[![Hosts](https://img.shields.io/badge/Service%20Class-Quarantine%20Target%20Host%20(Updated)-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](hosts/quarantine_hosts_new.py)
 
-#### Flight Control and Prevention Policies API operations discussed
-This sample demonstrates the following CrowdStrike Flight Control and Prevention Policies API operations:
+##### Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Hosts API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [QueryChildren](https://falconpy.io/Service-Collections/MSSP.html#querychildren) | Query for customers linked as children. |
-| [queryCombinedPreventionPolicies](https://www.falconpy.io/Service-Collections/Prevention-Policy.html#querycombinedpreventionpolicies) | Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria. |
+| [PerformActionV2](https://falconpy.io/Service-Collections/Hosts.html#performactionv2) | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
+| [QueryDevicesByFilter](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#deployment-and-management-toc)
 
 ---
 
-### Host Group Duplicator
-This [example](flight_control/host_group_duplicator.py) uses the Flight Control and Host Group APIs to demonstrate duplicating a Host Group from a Parent to all Children.
+<a id="report-executions-samples"></a>
+<details>
+<summary><h3>Report Executions</h3> <small>(click to expand)</small><br/>
+These samples focus on CrowdStrike's Falcon Report Executions API service collection.
+</summary>
 
-[![Falcon Flight Control](https://img.shields.io/badge/Service%20Class-Host_Group_Duplicator-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](flight_control/host_group_duplicator.py) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](flight_control/host_group_duplicator.py)
+- [Retrieve all report results](#retrieve-all-report-results)
 
-#### Flight Control and Host Group API operations discussed
-This sample demonstrates the following CrowdStrike Flight Control and Host Group API operations:
+#### Retrieve all report results
+This sample will accept a schedule report ID and download all results for every successful execution of the report.
+
+[![Report Executions](https://img.shields.io/badge/Service%20Class-Retrieve_all_report_results-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](report_executions/get_report_results.py)
+
+##### Report Executions API operations discussed
+This sample demonstrates the following CrowdStrike Report Executions API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [QueryChildren](https://falconpy.io/Service-Collections/MSSP.html#querychildren) | Query for customers linked as children. |
-| [createHostGroups](https://www.falconpy.io/Service-Collections/Host-Group.html#createhostgroups) | Create Host Groups by specifying details about the group to create. |
-| [queryCombinedHostGroups](https://www.falconpy.io/Service-Collections/Host-Group.html#querycombinedhostgroups) | Search for Host Groups in your environment by providing a FQL filter and paging details. Returns a set of Host Groups which match the filter criteria. |
+| [report_executions_download_get](https://www.falconpy.io/Service-Collections/Report-Executions.html#report_executions_download_get) | Get report entity download. |
+| [report_executions_get](https://www.falconpy.io/Service-Collections/Report-Executions.html#report_executions_get) | Retrieve report details for the provided report IDs. |
+| [report_executions_query](https://www.falconpy.io/Service-Collections/Report-Executions.html#report_executions_query) | Find all report execution IDs matching the query with filter. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#deployment-and-management-toc)
 
 ---
 
-### Execute a command on hosts across multiple children
-Execute a single RTR command across multiple hosts within multiple child tenants. This demonstration leverages operations from the Hosts, Flight Control, Real Time Response and Real Time Response APIs.
+<a id="sensor-download-samples"></a>
+<details>
+<summary><h3>Sensor Download</h3> <small>(click to expand)</small><br/>
+The samples in this section focus on CrowdStrike Sensor Download API service collection.
+</summary>
 
-[![Falcon Flight Control](https://img.shields.io/badge/Service%20Class-Execute_Command_Across_Child_Hosts-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](flight_control/multicid.py) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](flight_control/multicid.py)
+#### Download the CrowdStrike sensor
+Use the Uber Class to [list or download versions of the CrowdStrike sensor](sensor_download/download_sensor.py).
 
-#### Flight Control, Hosts, and Real Time Response API operations discussed
-This sample demonstrates the following CrowdStrike Flight Control, Hosts and Real Time Response API operations:
+[![Sensor Download](https://img.shields.io/badge/Uber%20Class-List%20or%20Download%20Falcon%20Sensor-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](sensor_download/download_sensor.py)
+
+##### Sensor Download API operations discussed
+This sample demonstrates the following CrowdStrike Sensor Download API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [QueryChildren](https://falconpy.io/Service-Collections/MSSP.html#querychildren) | Query for customers linked as children. |
-| [BatchInitSessions](https://www.falconpy.io/Service-Collections/Real-Time-Response.html#batchinitsessions) | Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. |
-| [RTR_DeleteSession](https://www.falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a RTR session. |
-| [BatchAdminCmd](https://www.falconpy.io/Service-Collections/Real-Time-Response-Admin.html#batchadmincmd) | Batch executes a RTR administrator command across the hosts mapped to the given batch ID. |
-| [RTR_CheckAdminCommandStatus](https://www.falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
-| [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria.|
+| [DownloadSensorInstallerById](https://falconpy.io/Service-Collections/Sensor-Download.html#downloadsensorinstallerbyid) | Get sensor installer details by providing a query. |
+| [GetCombinedSensorInstallersByQuery](https://falconpy.io/Service-Collections/Sensor-Download.html#getcombinedsensorinstallersbyquery) | Download sensor installer by SHA256 ID. |
 
----
+</details>
 
-## Falcon Intelligence
-This category is dedicated to Falcon Intelligence, and discusses the Falcon Intelligence Sandbox, Quick Scan, and Sample Uploads API service collections.
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#deployment-and-management-toc)
 
-- [Manage sandbox uploads](#manage-sandbox-uploads)
-- [Falcon Intelligence Sandbox scan](#falcon-intelligence-sandbox-scan)
-- [Get all artifacts](#get-all-artifacts)
-- [Quick Scan a target](#quick-scan-a-target)
-- [S3 Bucket Protection](#s3-bucket-protection)
+---
 
-### Manage sandbox uploads
-These samples use the CrowdStrike Sample Uploads API to upload, retrieve and delete files from Falcon Intelligence Sandbox. An example for using the [Service Class](sample_uploads/sample_uploads_service.py) and the [Uber Class](sample_uploads/sample_uploads_uber.py) is provided.
+<a id="sensor-update-policies-samples"></a>
+<details>
+<summary><h3>Sensor Update Policies</h3> <small>(click to expand)</small><br/>
+This section has samples that focus on the CrowdStrike Sensor Update Policies API service collection.
+</summary>
 
-[![Sample Uploads](https://img.shields.io/badge/Service%20Class-Handle%20Sandbox%20Files-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](sample_uploads/sample_uploads_service.py) 
-[![Sample Uploads](https://img.shields.io/badge/Uber%20Class-Handle%20Sandbox%20Files-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](sample_uploads/sample_uploads_uber.py)
+#### Policy Wonk
+Manage your sensor update policies with our [Policy Wonk](sensor_update_policies#manage-sensor-update-policies-with-policy-wonk) sample.
 
-#### Sample Uploads API operations discussed
-These samples demonstrate the following CrowdStrike Sample Uploads API operations:
+[![Sensor Update Policies](https://img.shields.io/badge/Service%20Class-Policy%20Wonk-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](sensor_update_policies#manage-sensor-update-policies-with-policy-wonk) 
+
+##### Sensor Update Policies API operations discussed
+This sample demonstrates the following CrowdStrike Sensor Update Policies API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#getsamplev3) | Retrieves the file associated with the given ID (SHA256). |
-| [UploadSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#uploadsamplev3) | Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. |
-| [DeleteSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#deletesamplev3) | Removes a sample, including file, meta and submissions from the collection. |
+| [createSensorUpdatePoliciesV2](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#createsensorupdatepoliciesv2) | Create Sensor Update Policies by specifying details about the policy to create. |
+| [deleteSensorUpdatePolicies](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#deletesensorupdatepolicies) | Delete a set of Sensor Update Policies by specifying their IDs. |
+| [performSensorUpdatePoliciesAction](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#performsensorupdatepoliciesaction) | Perform the specified action on the Sensor Update Policies specified in the request. |
+| [queryCombinedSensorUpdateBuilds](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#querycombinedsensorupdatebuilds) | Retrieve available builds for use with Sensor Update Policies. |
+| [queryCombinedSensorUpdateKernels](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#querycombinedsensorupdatekernels) | Retrieve kernel compatibility info for Sensor Update Builds. |
+| [queryCombinedSensorUpdatePolicyMembers](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#querycombinedsensorupdatepolicymembers) | Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria. |
+| [queryCombinedSensorUpdatePoliciesV2](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#querycombinedsensorupdatepoliciesv2) | Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria. |
+| [revealUninstallToken](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#revealuninstalltoken) | Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value `MAINTENANCE` as the value for `device_id`. |
+| [setSensorUpdatePoliciesPrecedence](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#setsensorupdatepoliciesprecedence) | Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence. |
+| [updateSensorUpdatePoliciesV2](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#updatesensorupdatepolicies) | Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#deployment-and-management-toc)
 
 ---
 
-### Falcon Intelligence Sandbox scan
+<a id="installation-tokens-samples"></a>
+<details>
+<summary><h3>Installation Tokens</h3> <small>(click to expand)</small><br/>
+This category is dedicated to demonstrating the functionality provided by the CrowdStrike Installation Tokens API service collection.
+</summary>
 
-Analyze a single file for malware using the Falcon Intelligence Sandbox API with these [examples](falconx_sandbox/single_scan). A sample using the [Service Class](https://github.com/CrowdStrike/falconpy/blob/samples/samples/falconx_sandbox/single_scan/falconx_scan_example.py) and one using the [Uber Class](https://github.com/CrowdStrike/falconpy/blob/samples/samples/falconx_sandbox/single_scan/falconx_scan_example_uber.py) is provided.
+#### Token Dispenser
+Easily manage installation tokens within your tenant or across child tenants with the [Token Dispenser](installation_tokens#token-dispenser).
 
-[![Falcon Intelligence Sandbox](https://img.shields.io/badge/Service%20Class-Analyze%20a%20Single%20file-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](falconx_sandbox/single_scan) 
-[![Falcon Intelligence Sandbox](https://img.shields.io/badge/Uber%20Class-Analyze%20a%20Single%20File-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](falconx_sandbox/single_scan)
+[![Installation Tokens](https://img.shields.io/badge/Service%20Class-Token_Dispenser-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](installation_tokens#token-dispenser)
+[![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](installation_tokens#token-dispenser)
 
-#### Falcon Intelligence Sandbox API operations discussed
-These samples demonstrates the following CrowdStrike Falcon Intelligence Sandbox API operations:
+##### Installation Tokens API operations discussed
+This sample demonstrates the following CrowdStrike Installation Tokens API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [DeleteSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#deletesamplev3) | Removes a sample, including file, meta and submissions from the collection. |
-| [GetReports](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#getreports) | Get a full sandbox report. |
-| [GetSubmissions](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#getsubmissions) | Check the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes. |
-| [UploadSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#uploadsamplev3) | Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. |
-| [Submit](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#submit) | Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes. |
+| [tokens_create](https://www.falconpy.io/Service-Collections/Installation-Tokens.html#tokens_create) | Creates a token. |
+| [tokens_delete](https://www.falconpy.io/Service-Collections/Installation-Tokens.html#tokens_delete) | Deletes a token immediately. To revoke a token, use `token_update` instead. |
+| [tokens_read](https://www.falconpy.io/Service-Collections/Installation-Tokens.html#tokens_read) | Get the details of one or more tokens by ID. |
+| [tokens_update](https://www.falconpy.io/Service-Collections/Installation-Tokens.html#tokens_update) | Updates one or more tokens. Use this endpoint to edit labels, change expiration, revoke, or restore. |
+
+##### Flight Control API operations discussed
+This sample demonstrates the following CrowdStrike Flight Control API operations:
+| Operation | Description |
+| :--- | :--- |
+| [queryChildren](https://www.falconpy.io/Service-Collections/MSSP.html#querychildren) | Query for customers linked as children. |
+
+##### Sensor Download API operations discussed
+This sample demonstrates the following CrowdStrike Sensor Download API operations:
+| Operation | Description |
+| :--- | :--- |
+| [GetSensorInstallersCCIDByQuery](https://www.falconpy.io/Service-Collections/Sensor-Download.html#getsensorinstallersccidbyquery) | Get CCID to use with sensor installers. |
 
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#deployment-and-management-toc)
 
 ---
 
-### Get all artifacts
+<a id="quarantine-samples"></a>
+<details>
+<summary><h3>Quarantine</h3> <small>(click to expand)</small><br/>
+This category provides samples that demonstrate the CrowdStrike Falcon Quarantine API service collection.
+</summary>
+
+#### Get Quarantined Files
+Contributed by @tsullivan06, this sample leverages the Quarantine and Sample Upload APIs to retrieve all quarantined files within your environment and then stores them to a subfolder.
+Files can be downloaded raw, or archived with a password (`infected`).
 
-This [example](falconx_sandbox/get_all_artifacts.py) demonstrates retrieving all artifacts for all reports (in all supported formats).
+[![Quarantine](https://img.shields.io/badge/Uber%20Class-Get_Quarantined_Files-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/quarantine#get-quarantined-files)
 
-[![Falcon Intelligence Sandbox](https://img.shields.io/badge/Service%20Class-Get%20All%20Artifacts-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](falconx_sandbox/get_all_artifacts.py) 
 
-#### Falcon Intelligence Sandbox API operations discussed
-This sample demonstrates the following CrowdStrike Falcon Intelligence Sandbox API operations:
+##### Quarantine and Sample Uploads API operations discussed
+This sample demonstrates the following CrowdStrike Quarantine and Sample Uploads API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetArtifacts](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#getartifacts) | Download IOC packs, PCAP files, and other analysis artifacts. |
-| [GetReports](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#getreports) | Get a full sandbox report. |
-| [QueryReports](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#queryreports) | Find sandbox reports by providing a FQL filter and paging details. Returns a set of report IDs that match your criteria. |
+| [GetQuarantineFiles](https://www.falconpy.io/Service-Collections/Quarantine.html#getquarantinefiles) | Get quarantine file metadata for specified ids. |
+| [QueryQuarantineFiles](https://www.falconpy.io/Service-Collections/Quarantine.html#queryquarantinefiles) | Get quarantine file ids that match the provided filter criteria. |
+| [GetSampleV3](https://www.falconpy.io/Service-Collections/Sample-Uploads.html#getsamplev3) | Retrieves the file associated with the given ID (SHA256). |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#deployment-and-management-toc)
 
 ---
 
-### Quick Scan a target
+<a id="user-management-samples"></a>
+<details>
+<summary><h3>User Management</h3> <small>(click to expand)</small><br/>
+This sample category is focused on examples that leverage CrowdStrike's User Management API service collection.
+</summary>
 
-This [demonstration](quick_scan/scan_target.py) leverages the Falcon Quick Scan and Sample Uploads APIs to scan the contents of a target folder. (Either on the local filesystem or a bucket in S3.)
+- [Bulk user administration](#bulk-user-administration)
+- [Get user grants](#get-user-grants)
 
-[![Quick Scan / Sample Uploads](https://img.shields.io/badge/Service%20Class-Scan%20a%20target-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](quick_scan/scan_target.py)
+#### Bulk user administration
+This [sample](user_management#bulk-import-update-and-remove-users) demonstrates adding, updating and removing users in bulk using the User Management Service Class.
 
-#### Quick Scan and Sample Uploads API operations discussed
-This sample demonstrates the following CrowdStrike Quick Scan and Sample Uploads API operations:
+[![User Management](https://img.shields.io/badge/Service%20Class-Bulk%20Edit%20Users-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](user_management#bulk-import-update-and-remove-users) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](user_management#bulk-import-update-and-remove-users)
+
+##### User Management API operations discussed
+This sample demonstrates the following CrowdStrike User Management API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [DeleteSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#deletesamplev3) | Removes a sample, including file, meta and submissions from the collection. |
-| [GetScans](https://falconpy.io/Service-Collections/Quick-Scan.html#getscans) | Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute. |
-| [ScanSamples](https://falconpy.io/Service-Collections/Quick-Scan.html#scansamples) | Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute. |
-| [UploadSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#uploadsamplev3) | Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. |
+| [CreateUser](https://falconpy.io/Service-Collections/User-Management.html#createuser) | Create a new user. After creating a user, assign one or more roles with [GrantUserRoleIds](https://falconpy.io/Service-Collections/User-Management.html#grantuserroleids). |
+| [DeleteUser](https://falconpy.io/Service-Collections/User-Management.html#deleteuser) | Delete a user permanently. |
+| [GetAvailableRoleIds](https://falconpy.io/Service-Collections/User-Management.html#getavailableroleids) | Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to [GetRoles](https://falconpy.io/Service-Collections/User-Management.html#getroles). |
+| [GetUserRoleIds](https://falconpy.io/Service-Collections/User-Management.html#getuserroleids) | Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to [GetRoles](https://falconpy.io/Service-Collections/User-Management.html#getroles). |
+| [GrantUserRoleIds](https://falconpy.io/Service-Collections/User-Management.html#grantuserroleids) | Assign one or more roles to a user. |
+| [RetrieveUser](https://falconpy.io/Service-Collections/User-Management.html#retrieveuser) | Get info about a user. |
+| [RetrieveUserUUID](https://falconpy.io/Service-Collections/User-Management.html#retrieveuseruuid) | Get a user's ID by providing a username (usually an email address). |
+| [RetrieveUserUUIDsByCID](https://falconpy.io/Service-Collections/User-Management.html#retrieveuseruuidsbycid) | List user IDs for all users in your customer account. For more information on each user, provide the user ID to [RetrieveUser](https://falconpy.io/Service-Collections/User-Management.html#retrieveuser). |
+| [RevokeUserRoleIds](https://falconpy.io/Service-Collections/User-Management.html#revokeuserroleids) | Revoke one or more roles from a user. |
 
 ---
 
-### Quick Scan quota check
-
-This [demonstration](quick_scan/quota_check.py) will report your current scan quota.
+#### Get user grants
+This [sample](user_management#get-user-grants) demonstrates retrieving a list of all user grants asynchronously using the User Management Service Class.
 
-[![Quick Scan](https://img.shields.io/badge/Service%20Class-Quota_Check-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/quick_scan#quota-check)
+[![User Management](https://img.shields.io/badge/Service%20Class-Get_User_Grants-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](user_management#get-user-grants) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](user_management#get-user-grants)
 
-#### Quick Scan API operations discussed
-This sample demonstrates the following CrowdStrike Quick Scan API operations:
+##### User Management API operations discussed
+This sample demonstrates the following CrowdStrike User Management API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetScans](https://falconpy.io/Service-Collections/Quick-Scan.html#getscans) | Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute. |
-
----
-
-### S3 Bucket Protection
-
-Building on the previous example, this [solution](https://github.com/CrowdStrike/Cloud-AWS/tree/main/s3-bucket-protection) demonstrates a complete integration with AWS Lambda, AWS S3 and AWS Security Hub that scans files as they are uploaded to the bucket. Files that are found to be malicious are removed from the bucket and a finding is published to AWS Security Hub.
-
-[![Quick Scan / Sample Uploads](https://img.shields.io/badge/Service%20Class-S3%20Bucket%20Protection-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/Cloud-AWS/tree/main/s3-bucket-protection)
+| [queryUserV1](https://falconpy.io/Service-Collections/User-Management.html#queryuserv1) | List user IDs for all users in your customer account. |
+| [combinedUserRolesV1](https://falconpy.io/Service-Collections/User-Management.html#combineduserrolesv1) | Get User Grant(s). This operation lists both direct as well as flight control grants between a user and a customer. |
+| [retrieveUsersGETV1](https://falconpy.io/Service-Collections/User-Management.html#retrieveusersgetv1) | Get information about users including their name, UID, and CID by providing user UUIDs. |
 
-#### Quick Scan and Sample Uploads API operations discussed
-This sample demonstrates the following CrowdStrike Quick Scan and Sample Uploads API operations:
+</details>
 
-| Operation | Description |
-| :--- | :--- |
-| [DeleteSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#deletesamplev3) | Removes a sample, including file, meta and submissions from the collection. |
-| [GetScans](https://falconpy.io/Service-Collections/Quick-Scan.html#getscans) | Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute. |
-| [ScanSamples](https://falconpy.io/Service-Collections/Quick-Scan.html#scansamples) | Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute. |
-| [UploadSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#uploadsamplev3) | Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. |
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#deployment-and-management-toc)
 
 ---
 
-## Firewall Management
-The CrowdStrike Falcon Firewall Management and Firewall Policies APIs are the focus of this section.
+<a id="event-streams-samples"></a>
+<details>
+<summary><h3>Event Streams</h3> <small>(click to expand)</small><br/>
+This category is focused on the CrowdStrike Event Streams API service collection.
+</summary>
 
-### Export Firewall events to a file
-Developed by `@wozboz`, this [example](firewall_management/get_firewall_events.py) demonstrates exporting Firewall events using the Firewall Management Service Class. This sample also provides an example of _tokenized pagination_ leveraging the `after` return parameter found in the `meta` branch.  More details regarding this style of pagination can be found [here](https://falconpy.io/Usage/Response-Handling.html#paginating-json-responses).
+#### Send detections to AWS Security Hub
+This [example](https://github.com/CrowdStrike/Cloud-AWS/tree/main/Security-Hub) demonstrates publishing AWS Security Hub findings from CrowdStrike Falcon Event Streams API.
 
-[![Firewall Management](https://img.shields.io/badge/Service%20Class-Export_Firewall_Events-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](firewall_management/get_firewall_events.py)
+[![Event Streams](https://img.shields.io/badge/Uber%20Class-Send%20Detections%20to%20AWS%20Security%20Hub-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/Cloud-AWS/tree/main/Security-Hub)
 
-#### Firewall Management operations discussed
-This sample demonstrates the following CrowdStrike Firewall Management API operations:
+##### Event Streams API operations discussed
+This sample demonstrates the following CrowdStrike Event Streams API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [get_events](https://falconpy.io/Service-Collections/Firewall-Management.html#get_events) | Get events entities by ID and optionally version. |
-| [query_events](https://falconpy.io/Service-Collections/Firewall-Management.html#query_events) | Find all event IDs matching the query with filter. |
+| [listAvailableStreamsOAuth2](https://falconpy.io/Service-Collections/Event-Streams.html#listavailablestreamsoauth2) | Discover all event streams in your environment. |
+| [refreshActiveStreamSession](https://falconpy.io/Service-Collections/Event-Streams.html#refreshactivestreamsession) | Refresh an active event stream. Use the URL shown in a [listAvailableStreamsOAuth2](https://falconpy.io/Service-Collections/Event-Streams.html#listavailablestreamsoauth2) response. |
 
----
+</details>
 
-## Hosts
-The samples collected in this section demonstrate leveraging CrowdStrike's Hosts and Host Group API service collections to secure your endpoints.
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#deployment-and-management-toc)
 
-- [List sensors by hostname](#list-sensors-by-hostname)
-- [CUSSED (Stale sensor detector)](#cussed-manage-stale-sensors)
-- [Match usernames to hosts](#match-usernames-to-hosts)
-- [Offset vs. Token](#offset-vs-token)
-- [Quarantine a host](#quarantine-a-host)
-- [Quarantine a host (updated)](#quarantine-a-host-updated-version)
+---
 
-### List sensors by hostname
-This [example](hosts#list-sensors-by-hostname) will demonstrate how to retrieve a list of sensors by hostname.
+<a id="flight-control-samples"></a>
+<details>
+<summary><h3>Flight Control</h3> <small>(click to expand)</small><br/>
+The samples in this category demonstrate functionality for MSSP scenarios using the Falcon Flight Control API service collection.
+</summary>
 
-[![Hosts](https://img.shields.io/badge/Service%20Class-List%20Sensors%20By%20Hostname-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](hosts#list-sensors-by-hostname) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](hosts#list-sensors-by-hostname)
+#### Find child CID
+This [example](flight_control/find_child_cid.py) demonstrates retrieving a child CID using the CrowdStrike Falcon Flight Control API.
 
-#### Hosts API operations discussed
-This sample demonstrates the following CrowdStrike Hosts API operations:
+[![Falcon Flight Control](https://img.shields.io/badge/Service%20Class-Find%20Child%20CID-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](flight_control/find_child_cid.py) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](flight_control/find_child_cid.py)
+
+##### Flight Control API operations discussed
+This sample demonstrates the following CrowdStrike Flight Control API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetDeviceDetails](https://falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) operation, the Falcon console or the Streaming API. |
-| [QueryDevicesByFilter](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
+| [QueryChildren](https://falconpy.io/Service-Collections/MSSP.html#querychildren) | Query for customers linked as children. |
 
 ---
 
-### Manage duplicate sensors
-Identify and optionally remove duplicate sensors using this [example](https://github.com/CrowdStrike/falconpy/tree/main/samples/hosts#list-duplicate-sensors).
+#### Get Child Prevention Policies
+This [example](flight_control/get_child_prevention_policies.py) uses the Flight Control and Prevention Policies Host Group APIs to demonstrate retrieving prevention policies for some or all child tenants.
 
-[![Hosts](https://img.shields.io/badge/Service%20Class-Find%20Duplicate%20Sensors-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/hosts#list-duplicate-sensors) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](https://github.com/CrowdStrike/falconpy/tree/main/samples/hosts#list-duplicate-sensors)
+[![Falcon Flight Control](https://img.shields.io/badge/Service%20Class-Get_Child_Prevention_Policies-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](flight_control/get_child_prevention_policies.py) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](flight_control/get_child_prevention_policies.py)
 
-#### Hosts API operations discussed
-This sample demonstrates the following CrowdStrike Hosts API operations:
+##### Flight Control and Prevention Policies API operations discussed
+This sample demonstrates the following CrowdStrike Flight Control and Prevention Policies API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetDeviceDetails](https://falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) operation, the Falcon console or the Streaming API. |
-| [PerformActionV2](https://falconpy.io/Service-Collections/Hosts.html#performactionv2) | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
-| [QueryDevicesByFilterScroll](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
+| [QueryChildren](https://falconpy.io/Service-Collections/MSSP.html#querychildren) | Query for customers linked as children. |
+| [queryCombinedPreventionPolicies](https://www.falconpy.io/Service-Collections/Prevention-Policy.html#querycombinedpreventionpolicies) | Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria. |
 
 ---
 
-### CUSSED (Manage stale sensors)
-Identify and optionally remove stale sensors using this [example](hosts#list-stale-sensors).
+#### Host Group Duplicator
+This [example](flight_control/host_group_duplicator.py) uses the Flight Control and Host Group APIs to demonstrate duplicating a Host Group from a Parent to all Children.
 
-[![Hosts](https://img.shields.io/badge/Service%20Class-Find%20Stale%20Sensors-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](hosts#list-stale-sensors) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](hosts#list-stale-sensors)
+[![Falcon Flight Control](https://img.shields.io/badge/Service%20Class-Host_Group_Duplicator-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](flight_control/host_group_duplicator.py) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](flight_control/host_group_duplicator.py)
 
-#### Hosts API operations discussed
-This sample demonstrates the following CrowdStrike Hosts API operations:
+##### Flight Control and Host Group API operations discussed
+This sample demonstrates the following CrowdStrike Flight Control and Host Group API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetDeviceDetails](https://falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) operation, the Falcon console or the Streaming API. |
-| [PerformActionV2](https://falconpy.io/Service-Collections/Hosts.html#performactionv2) | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
-| [QueryDevicesByFilterScroll](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
+| [QueryChildren](https://falconpy.io/Service-Collections/MSSP.html#querychildren) | Query for customers linked as children. |
+| [createHostGroups](https://www.falconpy.io/Service-Collections/Host-Group.html#createhostgroups) | Create Host Groups by specifying details about the group to create. |
+| [queryCombinedHostGroups](https://www.falconpy.io/Service-Collections/Host-Group.html#querycombinedhostgroups) | Search for Host Groups in your environment by providing a FQL filter and paging details. Returns a set of Host Groups which match the filter criteria. |
 
 ---
 
-### Match usernames to hosts
-Submitted by `@micgoetz`, the [Match Username to Host](hosts#match-usernames-to-hosts) sample demonstrates mapping usernames to hosts with Falcon Grouping tags.
+#### Execute a command on hosts across multiple children
+Execute a single RTR command across multiple hosts within multiple child tenants. This demonstration leverages operations from the Hosts, Flight Control, Real Time Response and Real Time Response APIs.
 
-[![Hosts](https://img.shields.io/badge/Service%20Class-Match_Username_to_Host-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](hosts#match-usernames-to-hosts) 
+[![Falcon Flight Control](https://img.shields.io/badge/Service%20Class-Execute_Command_Across_Child_Hosts-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](flight_control/multicid.py) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](flight_control/multicid.py)
 
-#### Hosts API operations discussed
-This sample demonstrates the following CrowdStrike Hosts API operations:
+##### Flight Control, Hosts, and Real Time Response API operations discussed
+This sample demonstrates the following CrowdStrike Flight Control, Hosts and Real Time Response API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetDeviceDetails](https://falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) operation, the Falcon console or the Streaming API. |
-| [QueryDevicesByFilter](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
-| [QueryDeviceLoginHistory](https://www.falconpy.io/Service-Collections/Hosts.html#querydeviceloginhistory) | Retrieve details about recent login sessions for a set of devices. |
-| [UpdateDeviceTags](https://www.falconpy.io/Service-Collections/Hosts.html#updatedevicetags) | Append or remove one or more Falcon Grouping Tags on one or more hosts. |
+| [QueryChildren](https://falconpy.io/Service-Collections/MSSP.html#querychildren) | Query for customers linked as children. |
+| [BatchInitSessions](https://www.falconpy.io/Service-Collections/Real-Time-Response.html#batchinitsessions) | Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. |
+| [RTR_DeleteSession](https://www.falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a RTR session. |
+| [BatchAdminCmd](https://www.falconpy.io/Service-Collections/Real-Time-Response-Admin.html#batchadmincmd) | Batch executes a RTR administrator command across the hosts mapped to the given batch ID. |
+| [RTR_CheckAdminCommandStatus](https://www.falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
+| [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria.|
 
----
+</details>
 
-### Offset vs. Token
-This [demonstration](hosts#comparing-querydevicesbyfilter-and-querydevicesbyfilterscroll-offset-vs-token) discusses the [pagination](https://falconpy.io/Usage/Response-Handling.html#paginating-json-responses) differences when using [`QueryDevicesByFilter`](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) versus [`QueryDevicesByFilterScroll`](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll).
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#deployment-and-management-toc)
 
-[![Hosts](https://img.shields.io/badge/Service%20Class-Offset%20vs.%20Token-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](hosts#comparing-querydevicesbyfilter-and-querydevicesbyfilterscroll-offset-vs-token) 
+---
 
-#### Hosts API operations discussed
-This sample demonstrates the following CrowdStrike Hosts API operations:
+</details>
 
-| Operation | Description |
-| :--- | :--- |
-| [QueryDevicesByFilter](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
-| [QueryDevicesByFilterScroll](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
 
----
+<!--Endpoint Security-->
 
-### Prune Hosts by Hostname or AID
-This sample demonstrates [removing and restoring hosts by hostname or AID](hosts/prune_hosts.py).
+<a id="endpoint-security-apis"></a>
+<details open>
+<summary><h2>Endpoint Security</h2></summary>
+<a id="custom-ioa-samples"></a>
+<details>
+<summary><h3>Custom IOA</h3> <small>(click to expand)</small><br/>
+These samples demonstrate using CrowdStrike's Custom IOA service collection.
+</summary>
 
-[![Hosts](https://img.shields.io/badge/Service%20Class-Hosts_Pruner-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/hosts#prune-hosts-by-hostname-or-aid) 
+#### Custom IOA Cloner
+The [Custom IOA Cloner](custom_ioa#custom-ioa-cloner) demonstrates displaying, deleting and cloning Custom IOA rule groups.
 
-#### Hosts API operations discussed
-This sample demonstrates the following CrowdStrike Hosts API operations:
+[![Custom IOA](https://img.shields.io/badge/Service%20Class-Custom_IOA_Cloner-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](custom_ioa#custom-ioa-cloner)
+
+##### Custom IOA API operations discussed
+This sample demonstrates the following CrowdStrike Custom IOA API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [PerformActionV2](https://falconpy.io/Service-Collections/Hosts.html#performactionv2) | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
-| [GetDeviceDetails](https://falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the [QueryDevicesByFilter](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) operation, the Falcon console or the Streaming API. |
-| [QueryDevicesByFilterScroll](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
+| [create_rule](https://www.falconpy.io/Service-Collections/Custom-IOA.html#create_rule) | Create a rule within a rule group. Returns the rule. |
+| [create_rule_groupMixin0](https://www.falconpy.io/Service-Collections/Custom-IOA.html#create_rule_groupmixin0) | Create a rule group for a platform with a name and an optional description. Returns the rule group. |
+| [delete_rule_groupsMixin0](https://www.falconpy.io/Service-Collections/Custom-IOA.html#delete_rule_groupsmixin0) | Delete rule groups by ID. |
+| [query_rule_groups_full](https://www.falconpy.io/Service-Collections/Custom-IOA.html#query_rule_groups_full) | Find all rule groups matching the query with optional filter. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#endpoint-security-toc)
 
 ---
 
-### Quarantine a host
-Developed by one of our maintainers `@soggysec`, this example demonstrates how to [quarantine target hosts](rtr/quarantine_hosts.py).
+<a id="detects-samples"></a>
+<details>
+<summary><h3>Detects</h3> <small>(click to expand)</small><br/>
+The CrowdStrike Detects API service collection is the sole focus of these samples.
+</summary>
 
-[![Hosts](https://img.shields.io/badge/Service%20Class-Quarantine%20Target%20Host-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/quarantine_hosts.py)
+#### Detects Advisor
+[Detects Advisor](detects#detects-advisor) is an example application for triaging inbound detections in your CrowdStrike Falcon tenant.
 
-#### Hosts API operations discussed
-This sample demonstrates the following CrowdStrike Hosts API operations:
+[![Detects](https://img.shields.io/badge/Service%20Class-Detects%20Advisor-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](detects#detects-advisor)
+
+##### Detects API operations discussed
+This sample demonstrates the following CrowdStrike Detects API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [PerformActionV2](https://falconpy.io/Service-Collections/Hosts.html#performactionv2) | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
-| [QueryDevicesByFilter](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
+| [GetDetectSummaries](https://falconpy.io/Service-Collections/Detects.html#getdetectsummaries) | View information about detections. |
+| [QueryDetects](https://falconpy.io/Service-Collections/Detects.html#querydetects) | Search for detection IDs that match a given query. |
+| [UpdateDetectsByIdsV2](https://falconpy.io/Service-Collections/Detects.html#updatedetectsbyidsv2) | Modify the state, assignee, and visibility of detections. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#endpoint-security-toc)
 
 ---
 
-### Quarantine a host (updated version)
-This is the same solution, but [updated](hosts/quarantine_hosts_new.py) to demonstrate [Direct Authentication](https://www.falconpy.io/Usage/Authenticating-to-the-API.html#direct-authentication), [Body Payload Abstraction](https://www.falconpy.io/Usage/Payload-Handling.html#body-payload-abstraction) and [Parameter Abstraction](https://www.falconpy.io/Usage/Payload-Handling.html#parameter-abstraction).
+<a id="ioc-samples"></a>
+<details>
+<summary><h3>IOC</h3> <small>(click to expand)</small><br/>
+The samples in this section focus on the CrowdStrike IOC API service collection.
+</summary>
 
-[![Hosts](https://img.shields.io/badge/Service%20Class-Quarantine%20Target%20Host%20(Updated)-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](hosts/quarantine_hosts_new.py)
+#### Create indicators
+Use this example to [create an Indicator of Compromise](ioc/create_ioc.py) (IOC). This example demonstrates the same operation using both the Service Class and the Uber Class. The Uber Class solution does not make use of [Body Payload Abstraction](https://falconpy.io/Usage/Payload-Handling.html#body-payload-abstraction).
 
-#### Hosts API operations discussed
-This sample demonstrates the following CrowdStrike Hosts API operations:
+[![IOC](https://img.shields.io/badge/Service%20Class-Create%20An%20IOC-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](ioc/create_ioc.py) 
+[![IOC](https://img.shields.io/badge/Uber%20Class-Create%20An%20IOC-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](ioc/create_ioc.py)
+
+##### IOC API operations discussed
+This sample demonstrates the following CrowdStrike IOC API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [PerformActionV2](https://falconpy.io/Service-Collections/Hosts.html#performactionv2) | Take various actions on the hosts in your environment. Contain or lift containment on a host. Delete or restore a host. |
-| [QueryDevicesByFilter](https://falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilter) | Search for hosts in your environment by platform, hostname, IP, and other criteria. |
+| [indicator_create_v1](https://falconpy.io/Service-Collections/IOC.html#indicator_create_v1) | Create indicators. |
 
----
+</details>
 
-## Identity Protection
-This category is dedicated to demonstrating the functionality provided by the CrowdStrike Identity Protection API service collection.
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#endpoint-security-toc)
 
-- [GraphQL Pagination](#graphql-pagination)
+---
 
-### GraphQL Pagination
-This sample demonstrates pagination using GraphQL within the Identity Protection service collection.
+<a id="prevention-policies-samples"></a>
+<details>
+<summary><h3>Prevention Policy</h3> <small>(click to expand)</small><br/>
+The samples in this section demonstrate using CrowdStrike's Prevention Policy API service collection.
+</summary>
 
-[![Identity Protection](https://img.shields.io/badge/Service%20Class-GraphQL_Pagination-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/identity#graphql-pagination)
+#### Prevention Policy Hawk
+Manage your CrowdStrike prevention policy settings using the [Prevention Policy Hawk](prevention_policy#manage-prevention-policies-with-prevention-policy-hawk) sample.
 
-#### Identity Protection API operations discussed
-This sample demonstrates the following CrowdStrike Identity Protection API operations:
+[![Prevention Policy](https://img.shields.io/badge/Service%20Class-Prevention_Policy_Hawk-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](prevention_policy#manage-prevention-policies-with-prevention-policy-hawk)
+
+##### Prevention Policy API operations discussed
+This sample demonstrates the following CrowdStrike Prevention Policy API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [api_preempt_proxy_post_graphql](https://www.falconpy.io/Service-Collections/Identity-Protection.html#api_preempt_proxy_post_graphql) | Identity Protection GraphQL API. Allows for retrieving entities, timeline activities, identity-based incidents and security assessment. Allows for performing actions on entities and identity-based incidents. |
+| [deletePreventionPolicies](https://falconpy.io/Service-Collections/Prevention-Policy.html#deletepreventionpolicies) | Delete a set of Prevention Policies by specifying their IDs. |
+| [performPreventionPoliciesAction](https://falconpy.io/Service-Collections/Prevention-Policy.html#performpreventionpoliciesaction) | Perform the specified action on the Prevention Policies specified in the request. |
+| [queryCombinedPreventionPolicies](https://falconpy.io/Service-Collections/Prevention-Policy.html#querycombinedpreventionpolicies) | Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria. |
+| [getPreventionPolicies](https://falconpy.io/Service-Collections/Prevention-Policy.html#getpreventionpolicies) | Retrieve a set of Prevention Policies by specifying their IDs. |
+| [queryPreventionPolicies](https://falconpy.io/Service-Collections/Prevention-Policy.html#querypreventionpolicies) | Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria. |
+| [updatePreventionPolicies](https://falconpy.io/Service-Collections/Prevention-Policy.html#updatepreventionpolicies) | Update Prevention Policies by specifying the ID of the policy and details to update. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#endpoint-security-toc)
 
 ---
 
-## Incidents
+<a id="incidents-samples"></a>
+<details>
+<summary><h3>Incidents</h3> <small>(click to expand)</small><br/>
 This category is dedicated to demonstrating the functionality provided by the CrowdStrike Incidents API service collection.
+</summary>
 
 - [CrowdScore QuickChart](#crowdscore-quickchart)
 - [Incidents Triage](#incident-triage)
 
-### CrowdScore QuickChart
+#### CrowdScore QuickChart
 Quickly chart your past 24 hours of CrowdScore results with the [CrowdScore QuickChart](incidents#chart-your-crowdscore-for-the-past-day) sample.
 
 [![Incidents](https://img.shields.io/badge/Service%20Class-CrowdScore_QuickChart-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](incidents#chart-your-crowdscore-for-the-past-day)
 
-#### Incidents API operations discussed
+##### Incidents API operations discussed
 This sample demonstrates the following CrowdStrike Incidents API operations:
 
 | Operation | Description |
@@ -627,12 +764,12 @@ This sample demonstrates the following CrowdStrike Incidents API operations:
 
 ---
 
-### Incident Triage
+#### Incident Triage
 This example demonstrates triaging Incidents. You can assign / unassign responders, add / remove tags, and change name, description and status of an incident using the [Incident Triage](incidents#incident-triage) utility.
 
 [![Incidents](https://img.shields.io/badge/Service%20Class-Incident_Triage-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](incidents#incident-triage)
 
-#### Incidents API operations discussed
+##### Incidents API operations discussed
 This sample demonstrates the following CrowdStrike Incidents API operations:
 
 | Operation | Description |
@@ -641,490 +778,674 @@ This sample demonstrates the following CrowdStrike Incidents API operations:
 | [GetIncidents](https://falconpy.io/Service-Collections/Incidents.html#getincidents) | Get details on incidents by providing incident IDs. |
 | [QueryIncidents](https://falconpy.io/Service-Collections/Incidents.html#queryincidents) | Search for incidents by providing a FQL filter, sorting, and paging details. |
 
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#endpoint-security-toc)
+
 ---
 
-## Intel
-This category provides samples that demonstrate the CrowdStrike Falcon Intel API service collection.
+<a id="real-time-response-samples"></a>
+<details>
+<summary><h3>Real Time Response</h3> <small>(click to expand)</small><br/>
+These samples focus on CrowdStrike's Real Time Response and Real Time Response Admin API service collections.
+</summary>
 
-### Get MITRE ATT&CK Reports
-Retrieve some or all available adversary MITRE ATT&CK reports.
+- [Bulk execute a command](#bulk-execute-a-command)
+- [Bulk execute a command (queued)](#bulk-execute-a-command-queued)
+- [Get RTR result](#get-rtr-result)
+- [Dump memory for a running process](#dump-memory-for-a-running-process)
+- [My Little RTR](#my-little-rtr)
+- [ProxyTool](#proxytool)
 
-[![Intel](https://img.shields.io/badge/Service%20Class-Get_MITRE_ATT&CK_Reports-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/intel#get-mitre-attck-reports)
+#### Bulk execute a command
+Using this [demonstration](rtr#bulk-execute-a-command-on-matched-hosts), you can execute a command on multiple hosts that have a hostname matching a search string you provide.
 
-#### Intel API operations discussed
-This sample demonstrates the following CrowdStrike Intel API operations:
+[![Real Time Response](https://img.shields.io/badge/Service%20Class-Bulk%20execute%20a%20command-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr#bulk-execute-a-command-on-matched-hosts)
+
+##### Real Time Response API operations discussed
+This sample demonstrates the following CrowdStrike Real Time Response and Real Time Response Admin API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetIntelActorEntities](https://falconpy.io/Service-Collections/Intel.html#getintelactorentities) | Retrieve specific actors using their actor IDs. |
-| [GetMitreReport](https://www.falconpy.io/Service-Collections/Intel.html#getmitrereport) | Export Mitre ATT&CK information for a given actor. |
-| [QueryMitreAttacks](https://www.falconpy.io/Service-Collections/Intel.html#querymitreattacks) | Gets MITRE tactics and techniques for the given actor. |
+| [BatchAdminCmd](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#batchadmincmd) | Batch executes a RTR administrator command across the hosts mapped to the given batch ID. |
+| [BatchInitSessions](https://falconpy.io/Service-Collections/Real-Time-Response.html#batchinitsessions) | Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. |
+| [RTR_DeleteSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a session. |
 
+---
 
-### Intel Search
-Quickly search CrowdStrike Falcon Intelligence data for string matches.
-Displays lists of matches and extended details for individual records when only one result is returned.
-When a value for output prefix (`-o`) is provided, results will also be written to individual files in CSV format.
+#### Bulk execute a command (queued)
 
-[![Intel](https://img.shields.io/badge/Service%20Class-Intel_Search-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/intel#intel-search)
+Building on the previous demonstration, this [sample](rtr/queued_execute.py) also executes a command on multiple hosts that have a hostname matching a search string, with the addition of queuing the commands for later processing should the host be offline.
 
-#### Intel API operations discussed
-This sample demonstrates the following CrowdStrike Intel API operations:
+[![Real Time Response](https://img.shields.io/badge/Service%20Class-Bulk%20execute%20a%20command_with_queuing-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/queued_execute.py)
+
+##### Real Time Response API operations discussed
+This sample demonstrates the following CrowdStrike Real Time Response and Real Time Response Admin API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [QueryIntelActorEntites](https://www.falconpy.io/Service-Collections/Intel.html#queryintelactorentities) | Get info about actors that match provided FQL filters. |
-| [QueryIntelIndicatorEntities](https://www.falconpy.io/Service-Collections/Intel.html#queryintelindicatorentities) | Get info about indicators that match provided FQL filters. |
-| [QueryIntelReportEntities](https://www.falconpy.io/Service-Collections/Intel.html#queryintelreportentities) | Get info about reports that match provided FQL filters. |
-| [GetIntelActorEntities](https://falconpy.io/Service-Collections/Intel.html#getintelactorentities) | Retrieve specific actors using their actor IDs. |
-| [GetIntelIndicatorEntities](https://www.falconpy.io/Service-Collections/Intel.html#getintelindicatorentities) | Retrieve specific indicators using their indicator IDs. |
-| [GetIntelReportEntities](https://www.falconpy.io/Service-Collections/Intel.html#queryintelreportentities) | Retrieve specific reports using their report IDs. |
+| [BatchAdminCmd](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#batchadmincmd) | Batch executes a RTR administrator command across the hosts mapped to the given batch ID. |
+| [BatchInitSessions](https://falconpy.io/Service-Collections/Real-Time-Response.html#batchinitsessions) | Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. |
+| [RTR_CheckAdminCommandStatus](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
+| [RTR_DeleteSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a session. |
+| [RTR_ListQueuedSessions](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_listqueuedsessions) | Get queued session metadata by session ID. |
 
 ---
 
-### MISP Import
-This [utility](https://github.com/CrowdStrike/MISP-tools#manual-import) will import CrowdStrike Intel Threat indicators (Actors, Indicators and Reports) into your instance of [MISP](https://github.com/MISP/MISP).
+#### Get host uptime
+Use the `runscript` command to retrieve host uptime.
 
-[![Intel](https://img.shields.io/badge/Service%20Class-MISP_Import-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/MISP-tools#manual-import)
+[![Real Time Response](https://img.shields.io/badge/Service%20Class-Get_Host_Uptime-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/get_host_uptime.py)
 
-#### Intel API operations discussed
-This sample demonstrates the following CrowdStrike Intel API operations:
+##### Real Time Response, Real Time Response Admin and Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Hosts, Real Time Response and Real Time Response Admin API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetIntelActorEntities](https://falconpy.io/Service-Collections/Intel.html#getintelactorentities) | Retrieve specific actors using their actor IDs. |
-| [GetIntelIndicatorEntities](https://falconpy.io/Service-Collections/Intel.html#getintelindicatorentities) | Retrieve specific indicators using their indicator IDs. |
-| [GetIntelReportEntities](https://falconpy.io/Service-Collections/Intel.html#getintelreportentities) | Retrieve specific reports using their report IDs. |
-| [QueryIntelActorEntities](https://falconpy.io/Service-Collections/Intel.html#queryintelactorentities) | Get info about actors that match provided FQL filters. |
-| [QueryIntelIndicatorEntities](https://falconpy.io/Service-Collections/Intel.html#queryintelindicatorentities) | Get info about indicators that match provided FQL filters. |
-| [QueryIntelReportEntities](https://falconpy.io/Service-Collections/Intel.html#queryintelreportentities) | Get info about reports that match provided FQL filters. |
+| [GetDeviceDetails](https://www.falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the QueryDevicesByFilterScroll operation, the Falcon console or the Streaming API. |
+| [QueryDevicesByFilterScroll](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
+| [RTR_CheckAdminCommandStatus](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
+| [RTR_DeleteSession](https://www.falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a session. |
+| [RTR_ExecuteAdminCommand](https://www.falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_executeadmincommand) | Execute a RTR administrator command on a single host. |
+| [RTR_InitSession](https://www.falconpy.io/Service-Collections/Real-Time-Response.html#rtr_initsession) | Initialize a new session with the RTR cloud. |
 
 ---
 
-## IOC
-The samples in this section focus on the CrowdStrike IOC API service collection.
-
-### Create indicators
-Use this example to [create an Indicator of Compromise](ioc/create_ioc.py) (IOC). This example demonstrates the same operation using both the Service Class and the Uber Class. The Uber Class solution does not make use of [Body Payload Abstraction](https://falconpy.io/Usage/Payload-Handling.html#body-payload-abstraction).
+#### Get RTR result
+Retrieve the results for previously executed RTR commands.
 
-[![IOC](https://img.shields.io/badge/Service%20Class-Create%20An%20IOC-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](ioc/create_ioc.py) 
-[![IOC](https://img.shields.io/badge/Uber%20Class-Create%20An%20IOC-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](ioc/create_ioc.py)
+[![Real Time Response](https://img.shields.io/badge/Service%20Class-Get_RTR_Result-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/get_rtr_result.py)
 
-#### IOC API operations discussed
-This sample demonstrates the following CrowdStrike IOC API operations:
+##### Real Time Response API operations discussed
+This sample demonstrates the following CrowdStrike Real Time Response Admin API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [indicator_create_v1](https://falconpy.io/Service-Collections/IOC.html#indicator_create_v1) | Create indicators. |
+| [RTR_CheckAdminCommandStatus](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
 
 ---
 
-## MalQuery
-This section is dedicated to the CrowdStrike MalQuery API service collection.
+#### Dump memory for a running process
+This [example](rtr/pid-dump) demonstrates using the CrowdStrike Real Time Response API to dump the memory contents of a specific process on the target host using the PID.
 
-### Malqueryinator
-Coded by our [**Purveyor of Lint**](https://xkcd.com/1513/) `@jlangdev`, [Malqueryinator](malquery#search-and-download-samples-from-malquery) demonstrates how to use the CrowdStrike MalQuery API to search and download malware samples.
+[![Real Time Response](https://img.shields.io/badge/Service%20Class-Dump%20memory%20for%20a%20running%20process-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/pid-dump)
 
-[![MalQuery](https://img.shields.io/badge/Uber%20Class-Download%20Malware%20Samples%20with%20Malqueryinator-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](malquery#search-and-download-samples-from-malquery)
+##### Real Time Response API operations discussed
+This sample demonstrates the following CrowdStrike Real Time Response and Real Time Response Admin API operations:
 
-> This sample has been used in other integrations! You can check out the related integration [here](https://github.com/CrowdStrike/Cloud-AWS/blob/main/s3-bucket-protection/demo/instance.tf#L45).
+| Operation | Description |
+| :--- | :--- |
+| [RTR_CheckAdminCommandStatus](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
+| [RTR_CreatePut_Files](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_createput_files) | Upload a new put-file to use for the RTR `put` command. |
+| [RTR_CreateScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_createscripts) | Upload a new custom-script to use for the RTR `runscript` command. |
+| [RTR_DeletePut_Files](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_deleteput_files) | Delete a put-file based on the ID given. Can only delete one file at a time. |
+| [RTR_DeleteScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_deletescripts) | Delete a custom-script based on the ID given. Can only delete one script at a time. |
+| [RTR_DeleteSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a session. |
+| [RTR_ExecuteAdminCommand](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_executeadmincommand) | Execute a RTR administrator command on a single host. |
+| [RTR_GetExtractedFileContents](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_getextractedfilecontents) | Get RTR extracted file contents for specified session and sha256. |
+| [RTR_InitSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_initsession) | Initialize a new session with the RTR cloud. |
+| [RTR_ListPut_Files](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_listput_files) | Get a list of put-file ID's that are available to the user for the `put` command. |
+| [RTR_ListScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_listscripts) | Get a list of custom-script ID's that are available to the user for the `runscript` command. |
 
-#### MalQuery API operations discussed
-This sample demonstrates the following CrowdStrike MalQuery API operations:
+---
+
+#### My Little RTR
+This [demonstration](rtr/pony) leverages the [ASCII-Pony](https://gitlab.com/mattia.basaglia/ASCII-Pony) open source project to retrieve basic system information from a target host (and draw My Little Ponies).
+
+[![Real Time Response](https://img.shields.io/badge/Service%20Class-My%20Little%20RTR-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/pony)
+
+
+##### Real Time Response API operations discussed
+This sample demonstrates the following CrowdStrike Real Time Response and Real Time Response Admin API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetMalQueryEntitiesSamplesFetchV1](https://falconpy.io/Service-Collections/MalQuery.html#getmalqueryentitiessamplesfetchv1) | Fetch a zip archive with password 'infected' containing the samples. Call this once the /entities/samples-multidownload request has finished processing. |
-| [GetMalQueryRequestV1](https://falconpy.io/Service-Collections/MalQuery.html#getmalqueryrequestv1) | Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time. |
-| [PostMalQueryEntitiesSamplesMultidownloadV1](https://falconpy.io/Service-Collections/MalQuery.html#postmalqueryentitiessamplesmultidownloadv1) | Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip. |
-| [PostMalQueryFuzzySearchV1](https://falconpy.io/Service-Collections/MalQuery.html#postmalqueryfuzzysearchv1) | Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. |
+| [RTR_CreateScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_createscripts) | Upload a new custom-script to use for the RTR `runscript` command. |
+| [RTR_CheckAdminCommandStatus](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
+| [RTR_DeleteSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a session. |
+| [RTR_DeleteScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_deletescripts) | Delete a custom-script based on the ID given. Can only delete one script at a time. |
+| [RTR_ExecuteAdminCommand](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_executeadmincommand) | Execute a RTR administrator command on a single host. |
+| [RTR_InitSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_initsession) | Initialize a new session with the RTR cloud. |
+| [RTR_ListScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_listscripts) | Get a list of custom-script ID's that are available to the user for the `runscript` command. |
 
 ---
 
-## Prevention Policy
-The samples in this section demonstrate using CrowdStrike's Prevention Policy API service collection.
+#### ProxyTool
+This [demonstration](proxytool) leverages the Hosts, Host Groups, Sensor Download, and Real-Time Response API to fetch CID or Host Group hosts, and uses the batch command and offline queuing of Real-Time Response API to centrally and conveniently issue Falcon sensor proxy configuration changes.
 
-### Prevention Policy Hawk
-Manage your CrowdStrike prevention policy settings using the [Prevention Policy Hawk](prevention_policy#manage-prevention-policies-with-prevention-policy-hawk) sample.
+[![Real Time Response](https://img.shields.io/badge/Service%20Class-ProxyTool-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](proxytool)
 
-[![Prevention Policy](https://img.shields.io/badge/Service%20Class-Prevention_Policy_Hawk-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](prevention_policy#manage-prevention-policies-with-prevention-policy-hawk)
+##### Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Hosts API operations:
 
-#### Prevention Policy API operations discussed
-This sample demonstrates the following CrowdStrike Prevention Policy API operations:
+| Operation | Description |
+| :--- | :--- |
+| [QueryDevicesByFilterScroll](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
+
+##### Host Group API operations discussed
+This sample demonstrates the following CrowdStrike Host Group API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [deletePreventionPolicies](https://falconpy.io/Service-Collections/Prevention-Policy.html#deletepreventionpolicies) | Delete a set of Prevention Policies by specifying their IDs. |
-| [performPreventionPoliciesAction](https://falconpy.io/Service-Collections/Prevention-Policy.html#performpreventionpoliciesaction) | Perform the specified action on the Prevention Policies specified in the request. |
-| [queryCombinedPreventionPolicies](https://falconpy.io/Service-Collections/Prevention-Policy.html#querycombinedpreventionpolicies) | Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policies which match the filter criteria. |
-| [getPreventionPolicies](https://falconpy.io/Service-Collections/Prevention-Policy.html#getpreventionpolicies) | Retrieve a set of Prevention Policies by specifying their IDs. |
-| [queryPreventionPolicies](https://falconpy.io/Service-Collections/Prevention-Policy.html#querypreventionpolicies) | Search for Prevention Policies in your environment by providing a FQL filter and paging details. Returns a set of Prevention Policy IDs which match the filter criteria. |
-| [updatePreventionPolicies](https://falconpy.io/Service-Collections/Prevention-Policy.html#updatepreventionpolicies) | Update Prevention Policies by specifying the ID of the policy and details to update. |
+| [queryGroupMembers](https://www.falconpy.io/Service-Collections/Host-Group.html#querygroupmembers) | Search for members of a Host Group in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria. |
 
----
+##### Sensor Download API operations discussed
+This sample demonstrates the following CrowdStrike Sensor Download API operations:
 
-## Quarantine
-This category provides samples that demonstrate the CrowdStrike Falcon Quarantine API service collection.
+| Operation | Description |
+| :--- | :--- |
+| [GetSensorInstallersCCIDByQuery](https://falconpy.io/Service-Collections/Sensor-Download.html#getsensorinstallersccidbyquery) | Get CCID to use with sensor installers. |
 
-### Get Quarantined Files
-Contributed by @tsullivan06, this sample leverages the Quarantine and Sample Upload APIs to retrieve all quarantined files within your environment and then stores them to a subfolder.
-Files can be downloaded raw, or archived with a password (`infected`).
+##### Real Time Response API operations discussed
+This sample demonstrates the following CrowdStrike Real Time Response API operations:
 
-[![Quarantine](https://img.shields.io/badge/Uber%20Class-Get_Quarantined_Files-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/quarantine#get-quarantined-files)
+| Operation | Description |
+| :--- | :--- |
+| [BatchInitSessions](https://falconpy.io/Service-Collections/Real-Time-Response.html#batchinitsessions) | Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. |
+| [BatchActiveResponderCmd](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#batchactiverespondercmd) | Batch executes a RTR active-responder command across the hosts mapped to the given batch ID. |
 
+</details>
 
-#### Quarantine and Sample Uploads API operations discussed
-This sample demonstrates the following CrowdStrike Quarantine and Sample Uploads API operations:
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#endpoint-security-toc)
+
+---
+
+<a id="firewall-management-samples"></a>
+<details>
+<summary><h3>Firewall Management</h3> <small>(click to expand)</small><br/>
+The CrowdStrike Falcon Firewall Management and Firewall Policies APIs are the focus of this section.
+</summary>
+
+#### Export Firewall events to a file
+Developed by `@wozboz`, this [example](firewall_management/get_firewall_events.py) demonstrates exporting Firewall events using the Firewall Management Service Class. This sample also provides an example of _tokenized pagination_ leveraging the `after` return parameter found in the `meta` branch.  More details regarding this style of pagination can be found [here](https://falconpy.io/Usage/Response-Handling.html#paginating-json-responses).
+
+[![Firewall Management](https://img.shields.io/badge/Service%20Class-Export_Firewall_Events-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](firewall_management/get_firewall_events.py)
+
+##### Firewall Management operations discussed
+This sample demonstrates the following CrowdStrike Firewall Management API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetQuarantineFiles](https://www.falconpy.io/Service-Collections/Quarantine.html#getquarantinefiles) | Get quarantine file metadata for specified ids. |
-| [QueryQuarantineFiles](https://www.falconpy.io/Service-Collections/Quarantine.html#queryquarantinefiles) | Get quarantine file ids that match the provided filter criteria. |
-| [GetSampleV3](https://www.falconpy.io/Service-Collections/Sample-Uploads.html#getsamplev3) | Retrieves the file associated with the given ID (SHA256). |
+| [get_events](https://falconpy.io/Service-Collections/Firewall-Management.html#get_events) | Get events entities by ID and optionally version. |
+| [query_events](https://falconpy.io/Service-Collections/Firewall-Management.html#query_events) | Find all event IDs matching the query with filter. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#endpoint-security-toc)
 
 ---
 
+</details>
 
-## Real Time Response
-These samples focus on CrowdStrike's Real Time Response and Real Time Response Admin API service collections.
+<!--Cloud Security-->
 
-- [Bulk execute a command](#bulk-execute-a-command)
-- [Bulk execute a command (queued)](#bulk-execute-a-command-queued)
-- [Get RTR result](#get-rtr-result)
-- [Dump memory for a running process](#dump-memory-for-a-running-process)
-- [My Little RTR](#my-little-rtr)
-- [ProxyTool](#proxytool)
+<a id="cloud-security-apis"></a>
+<details open>
+<summary><h2>Cloud Security</h2></summary>
 
-### Bulk execute a command
-Using this [demonstration](rtr#bulk-execute-a-command-on-matched-hosts), you can execute a command on multiple hosts that have a hostname matching a search string you provide.
+<a id="cloud-workload-protection-samples"></a>
+<details>
+<summary><h3>Cloud Workload Protection</h3> <small>(click to expand)</small><br/>
+This section discusses Falcon Discover for Cloud and Containers, and the two API service collections, Cloud Connect AWS and D4C Registration.
+</summary>
 
-[![Real Time Response](https://img.shields.io/badge/Service%20Class-Bulk%20execute%20a%20command-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr#bulk-execute-a-command-on-matched-hosts)
+#### Manage Discover accounts
+This example demonstrates using FalconPy to register and remove accounts managed by CrowdStrike Falcon Discover for Cloud (AWS). Both [Service Class](discover_aws/manage_discover_accounts_service.py) and [Uber Class](discover_aws/manage_discover_accounts_uber.py) examples are provided.
 
-#### Real Time Response API operations discussed
-This sample demonstrates the following CrowdStrike Real Time Response and Real Time Response Admin API operations:
+[![Falcon Discover for Cloud (AWS)](https://img.shields.io/badge/Service%20Class-Manage%20Discover%20Accounts-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](discover_aws/manage_discover_accounts_service.py) 
+[![Falcon Discover for Cloud (AWS)](https://img.shields.io/badge/Uber%20Class-Manage%20Discover%20Accounts-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](discover_aws/manage_discover_accounts_uber.py)
+
+##### Cloud Connect AWS API operations discussed
+These samples demonstrate the following CrowdStrike Cloud Connect AWS (Discover for Cloud and Containers) API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [BatchAdminCmd](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#batchadmincmd) | Batch executes a RTR administrator command across the hosts mapped to the given batch ID. |
-| [BatchInitSessions](https://falconpy.io/Service-Collections/Real-Time-Response.html#batchinitsessions) | Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. |
-| [RTR_DeleteSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a session. |
+| [DeleteAWSAccounts](https://falconpy.io/Service-Collections/Cloud-Connect-AWS.html#deleteawsaccounts) | Delete a set of AWS Accounts by specifying their IDs. |
+| [ProvisionAWSAccounts](https://falconpy.io/Service-Collections/Cloud-Connect-AWS.html#provisionawsaccounts) | Provision AWS Accounts by specifying details about the accounts to provision. |
+| [QueryAWSAccounts](https://falconpy.io/Service-Collections/Cloud-Connect-AWS.html#queryawsaccounts) | Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS accounts which match the filter criteria. |
+| [UpdateAWSAccounts](https://falconpy.io/Service-Collections/Cloud-Connect-AWS.html#updateawsaccounts) | Update AWS Accounts by specifying the ID of the account and details to update. |
+| [VerifyAWSAccountAccess](https://falconpy.io/Service-Collections/Cloud-Connect-AWS.html#verifyawsaccountaccess) | Search for provisioned AWS Accounts by providing a FQL filter and paging details. Returns a set of AWS account IDs which match the filter criteria. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#cloud-security-toc)
 
 ---
 
-### Bulk execute a command (queued)
+<a id="horizon-samples"></a>
+<details>
+<summary><h3>Horizon</h3> <small>(click to expand)</small><br/>
+These samples focus on CrowdStrike Falcon Horizon and the available API operations within the CSPM Registration service collection.
+</summary>
 
-Building on the previous demonstration, this [sample](rtr/queued_execute.py) also executes a command on multiple hosts that have a hostname matching a search string, with the addition of queuing the commands for later processing should the host be offline.
+#### Get CSPM policies
+Submitted by `@mccbryan3`, this [example](cspm_registration/get_cspm_policies.py) uses FalconPy to report or export as CSV, all or selective Falcon Horizon CSPM Policies.
 
-[![Real Time Response](https://img.shields.io/badge/Service%20Class-Bulk%20execute%20a%20command_with_queuing-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/queued_execute.py)
+[![Falcon Horizon](https://img.shields.io/badge/Service%20Class-Report%20Horizon%20Policies-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](cspm_registration/get_cspm_policies.py) 
 
-#### Real Time Response API operations discussed
-This sample demonstrates the following CrowdStrike Real Time Response and Real Time Response Admin API operations:
+##### CSPM Registration API operations discussed
+This sample demonstrates the following CrowdStrike CSPM Registration (Horizon) API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [BatchAdminCmd](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#batchadmincmd) | Batch executes a RTR administrator command across the hosts mapped to the given batch ID. |
-| [BatchInitSessions](https://falconpy.io/Service-Collections/Real-Time-Response.html#batchinitsessions) | Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. |
-| [RTR_CheckAdminCommandStatus](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
-| [RTR_DeleteSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a session. |
-| [RTR_ListQueuedSessions](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_listqueuedsessions) | Get queued session metadata by session ID. |
+| [GetCSPMPolicySettings](https://falconpy.io/Service-Collections/CSPM-Registration.html#getcspmpolicysettings) | Returns information about current policy settings. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#cloud-security-toc)
 
 ---
 
-### Get host uptime
-Use the `runscript` command to retrieve host uptime.
+</details>
 
-[![Real Time Response](https://img.shields.io/badge/Service%20Class-Get_Host_Uptime-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/get_host_uptime.py)
+<!--Identity Protection-->
 
-#### Real Time Response, Real Time Response Admin and Hosts API operations discussed
-This sample demonstrates the following CrowdStrike Hosts, Real Time Response and Real Time Response Admin API operations:
+<a id="identity-protection-apis"></a>
+<details open>
+<summary><h2>Identity Protection</h2></summary>
+
+<a id="identity-protection-samples"></a>
+<details>
+<summary><h3>Identity Protection</h3> <small>(click to expand)</small><br/>
+This category is dedicated to demonstrating the functionality provided by the CrowdStrike Identity Protection API service collection.
+</summary>
+
+#### GraphQL Pagination
+This sample demonstrates pagination using GraphQL within the Identity Protection service collection.
+
+[![Identity Protection](https://img.shields.io/badge/Service%20Class-GraphQL_Pagination-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/identity#graphql-pagination)
+
+##### Identity Protection API operations discussed
+This sample demonstrates the following CrowdStrike Identity Protection API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetDeviceDetails](https://www.falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the QueryDevicesByFilterScroll operation, the Falcon console or the Streaming API. |
-| [QueryDevicesByFilterScroll](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
-| [RTR_CheckAdminCommandStatus](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
-| [RTR_DeleteSession](https://www.falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a session. |
-| [RTR_ExecuteAdminCommand](https://www.falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_executeadmincommand) | Execute a RTR administrator command on a single host. |
-| [RTR_InitSession](https://www.falconpy.io/Service-Collections/Real-Time-Response.html#rtr_initsession) | Initialize a new session with the RTR cloud. |
+| [api_preempt_proxy_post_graphql](https://www.falconpy.io/Service-Collections/Identity-Protection.html#api_preempt_proxy_post_graphql) | Identity Protection GraphQL API. Allows for retrieving entities, timeline activities, identity-based incidents and security assessment. Allows for performing actions on entities and identity-based incidents. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#identity-protection-toc)
 
 ---
 
-### Get RTR result
-Retrieve the results for previously executed RTR commands.
+</details>
 
-[![Real Time Response](https://img.shields.io/badge/Service%20Class-Get_RTR_Result-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/get_rtr_result.py)
 
-#### Real Time Response API operations discussed
-This sample demonstrates the following CrowdStrike Real Time Response Admin API operations:
+<!--Exposure Management-->
+
+<a id="exposure-management-apis"></a>
+<details open>
+<summary><h2>Exposure Management</h2></summary>
+
+<a id="asset-management-samples"></a>
+<details>
+<summary><h3>Asset Management</h3> <small>(click to expand)</small><br/>
+The samples in this section focus on the CrowdStrike Falcon Discover API service collection.
+</summary>
+
+- [List discovered hosts](#list-discovered-hosts)
+- [Spyglass](#spyglass)
+
+#### List discovered hosts
+
+In this [example](discover/list_discovered_hosts.py), we demonstrate listing up to the first 100 hosts identified by Falcon Discover.
+
+[![Falcon Discover](https://img.shields.io/badge/Service%20Class-List%20Discovered%20Hosts-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](discover/list_discovered_hosts.py) 
+
+##### Discover API operations discussed
+This sample demonstrates the following CrowdStrike Discover API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [RTR_CheckAdminCommandStatus](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
+| [get_hosts](https://falconpy.io/Service-Collections/Discover.html#get_hosts) | Get details on assets by providing one or more IDs. |
+| [query_hosts](https://falconpy.io/Service-Collections/Discover.html#query_hosts) | Search for assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria. |
 
 ---
 
-### Dump memory for a running process
-This [example](rtr/pid-dump) demonstrates using the CrowdStrike Real Time Response API to dump the memory contents of a specific process on the target host using the PID.
+#### Spyglass
 
-[![Real Time Response](https://img.shields.io/badge/Service%20Class-Dump%20memory%20for%20a%20running%20process-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/pid-dump)
+In this [example](discover/spyglass.py), we demonstrate running a full Falcon Discover audit report (accounts, applications, hosts and logins).
 
-#### Real Time Response API operations discussed
-This sample demonstrates the following CrowdStrike Real Time Response and Real Time Response Admin API operations:
+[![Falcon Discover](https://img.shields.io/badge/Service%20Class-Spyglass-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/discover#spyglass) 
+
+##### Discover API operations discussed
+This sample demonstrates the following CrowdStrike Discover API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [RTR_CheckAdminCommandStatus](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
-| [RTR_CreatePut_Files](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_createput_files) | Upload a new put-file to use for the RTR `put` command. |
-| [RTR_CreateScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_createscripts) | Upload a new custom-script to use for the RTR `runscript` command. |
-| [RTR_DeletePut_Files](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_deleteput_files) | Delete a put-file based on the ID given. Can only delete one file at a time. |
-| [RTR_DeleteScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_deletescripts) | Delete a custom-script based on the ID given. Can only delete one script at a time. |
-| [RTR_DeleteSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a session. |
-| [RTR_ExecuteAdminCommand](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_executeadmincommand) | Execute a RTR administrator command on a single host. |
-| [RTR_GetExtractedFileContents](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_getextractedfilecontents) | Get RTR extracted file contents for specified session and sha256. |
-| [RTR_InitSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_initsession) | Initialize a new session with the RTR cloud. |
-| [RTR_ListPut_Files](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_listput_files) | Get a list of put-file ID's that are available to the user for the `put` command. |
-| [RTR_ListScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_listscripts) | Get a list of custom-script ID's that are available to the user for the `runscript` command. |
+| [get_accounts](https://falconpy.io/Service-Collections/Discover.html#get_accounts) | Get details on accounts by providing one or more IDs. |
+| [get_applications](https://falconpy.io/Service-Collections/Discover.html#get_applications) | Get details on applications by providing one or more IDs. |
+| [get_hosts](https://falconpy.io/Service-Collections/Discover.html#get_hosts) | Get details on assets by providing one or more IDs. |
+| [get_logins](https://falconpy.io/Service-Collections/Discover.html#get_logins) | Get details on logins by providing one or more IDs. |
+| [query_accounts](https://falconpy.io/Service-Collections/Discover.html#query_accounts) | Search for accounts in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of account IDs which match the filter criteria. |
+| [query_applications](https://falconpy.io/Service-Collections/Discover.html#query_applications) | Search for applications in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of application IDs which match the filter criteria. |
+| [query_hosts](https://falconpy.io/Service-Collections/Discover.html#query_hosts) | Search for assets in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of asset IDs which match the filter criteria. |
+| [query_logins](https://falconpy.io/Service-Collections/Discover.html#query_logins) | Search for logins in your environment by providing a FQL (Falcon Query Language) filter and paging details. Returns a set of login IDs which match the filter criteria. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#exposure-management-toc)
+
 
 ---
 
-### My Little RTR
-This [demonstration](rtr/pony) leverages the [ASCII-Pony](https://gitlab.com/mattia.basaglia/ASCII-Pony) open source project to retrieve basic system information from a target host (and draw My Little Ponies).
+<!--Vulnerability Management-->
 
-[![Real Time Response](https://img.shields.io/badge/Service%20Class-My%20Little%20RTR-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](rtr/pony)
+<a id="vulnerability-management-samples"></a>
+<details>
+<summary><h3>Vulnerability Management</h3> <small>(click to expand)</small><br/>
+These samples discuss leveraging the CrowdStrike Spotlight Evaluation Logic and Spotlight Vulnerabilities API service collections.
+</summary>
 
+- [Find vulnerable hosts by CVE ID](#find-vulnerable-hosts-by-cve-id)
+- [CISA DHS Known Exploited Vulnerabilities](#cisa-dhs-known-exploited-vulnerabilities)
+- [Spotlight Quick Report](#spotlight-quick-report)
 
-#### Real Time Response API operations discussed
-This sample demonstrates the following CrowdStrike Real Time Response and Real Time Response Admin API operations:
+#### Find vulnerable hosts by CVE ID
+In this [example](spotlight#identify-hosts-with-vulnerabilities-by-cve) we demonstrate searching Falcon Spotlight for vulnerable hosts based upon CVE ID.
+
+[![Spotlight Vulnerabilities](https://img.shields.io/badge/Service%20Class-Identify%20Vulnerable%20Hosts%20by%20CVE-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](spotlight#identify-hosts-with-vulnerabilities-by-cve) 
+
+##### Spotlight Vulnerabilities API operations discussed
+This sample demonstrates the following CrowdStrike Spotlight Vulnerability API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [RTR_CreateScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_createscripts) | Upload a new custom-script to use for the RTR `runscript` command. |
-| [RTR_CheckAdminCommandStatus](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_checkadmincommandstatus) | Get status of an executed RTR administrator command on a single host. |
-| [RTR_DeleteSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_deletesession) | Delete a session. |
-| [RTR_DeleteScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_deletescripts) | Delete a custom-script based on the ID given. Can only delete one script at a time. |
-| [RTR_ExecuteAdminCommand](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_executeadmincommand) | Execute a RTR administrator command on a single host. |
-| [RTR_InitSession](https://falconpy.io/Service-Collections/Real-Time-Response.html#rtr_initsession) | Initialize a new session with the RTR cloud. |
-| [RTR_ListScripts](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#rtr_listscripts) | Get a list of custom-script ID's that are available to the user for the `runscript` command. |
+| [getRemediationsV2](https://falconpy.io/Service-Collections/Spotlight-Vulnerabilities.html#getremediationsv2) | Get details on remediation by providing one or more IDs. |
+| [getVulnerabilities](https://falconpy.io/Service-Collections/Spotlight-Vulnerabilities.html#getvulnerabilities) | Get details on vulnerabilities by providing one or more IDs. |
+| [queryVulnerabilities](https://falconpy.io/Service-Collections/Spotlight-Vulnerabilities.html#queryvulnerabilities) | Search for Vulnerabilities in your environment by providing a FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria. |
 
 ---
 
-### ProxyTool
-This [demonstration](proxytool) leverages the Hosts, Host Groups, Sensor Download, and Real-Time Response API to fetch CID or Host Group hosts, and uses the batch command and offline queuing of Real-Time Response API to centrally and conveniently issue Falcon sensor proxy configuration changes.
+#### CISA DHS Known Exploited Vulnerabilities
+Developed and submitted by `@ciberesponce`, this [solution](spotlight/CISA_known_exploited_vulns) provides simple CSV formatted output, sorting by DHS CISA's Due Date field, to allow for prioritization of mitigation actions across hosts. This is particularly useful for Departments and agencies (D/a) who are subject to CISA's due dates.
 
-[![Real Time Response](https://img.shields.io/badge/Service%20Class-ProxyTool-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](proxytool)
+[![Spotlight Vulnerabilities](https://img.shields.io/badge/Service%20Class-CISA%20Known%20Exploited%20Vulnerabilities-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](spotlight/CISA_known_exploited_vulns) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](spotlight/CISA_known_exploited_vulns)
 
-#### Hosts API operations discussed
-This sample demonstrates the following CrowdStrike Hosts API operations:
+##### Spotlight Vulnerabilities API operations discussed
+This sample demonstrates the following CrowdStrike Spotlight Vulnerability API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [QueryDevicesByFilterScroll](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
+| [queryVulnerabilities](https://falconpy.io/Service-Collections/Spotlight-Vulnerabilities.html#queryvulnerabilities) | Search for Vulnerabilities in your environment by providing a FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria. |
 
-#### Host Group API operations discussed
-This sample demonstrates the following CrowdStrike Host Group API operations:
+---
+
+#### Spotlight Quick Report
+In this [example](spotlight#spotlight-quick-report) we demonstrate generating a report of CVE matches within a Falcon tenant using the Spotlight and Hosts service collections.
+
+[![Spotlight Vulnerabilities](https://img.shields.io/badge/Service%20Class-Spotlight_Quick_report-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](spotlight#spotlight-quick-report) 
+
+##### Spotlight Vulnerabilities / Hosts API operations discussed
+This sample demonstrates the following CrowdStrike Spotlight Vulnerability API and Hosts API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [queryGroupMembers](https://www.falconpy.io/Service-Collections/Host-Group.html#querygroupmembers) | Search for members of a Host Group in your environment by providing a FQL filter and paging details. Returns a set of Agent IDs which match the filter criteria. |
+| [combinedQueryVulnerabilities](https://www.falconpy.io/Service-Collections/Spotlight-Vulnerabilities.html#combinedqueryvulnerabilities) | Search for Vulnerabilities in your environment by providing a FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria. |
+| [GetDeviceDetails](https://www.falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the QueryDevicesByFilterScroll operation, the Falcon console or the Streaming API. |
+| [QueryDevicesByFilterScroll](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#exposure-management-toc)
+
+---
+
+</details>
+
+
+<!--Threat Intelligence-->
 
-#### Sensor Download API operations discussed
-This sample demonstrates the following CrowdStrike Sensor Download API operations:
+
+<a id="threat-intelligence-apis"></a>
+<details open>
+<summary><h2>Threat Intelligence</h2></summary>
+<a id="falcon-intelligence-samples"></a>
+<details>
+<summary><h3>Falcon Intelligence</h3> <small>(click to expand)</small><br/>
+This category is dedicated to Falcon Intelligence, and discusses the Falcon Intelligence and MalQuery API service collections.
+</summary>
+
+- [Get MITRE ATT&CK Reports](#get-mitre-attck-reports)
+- [Intel Search](#intel-search)
+- [MISP Import](#misp-import)
+- [Malqueryinator](#malqueryinator)
+
+#### Get MITRE ATT&CK Reports
+Retrieve some or all available adversary MITRE ATT&CK reports.
+
+[![Intel](https://img.shields.io/badge/Service%20Class-Get_MITRE_ATT&CK_Reports-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/intel#get-mitre-attck-reports)
+
+##### Intel API operations discussed
+This sample demonstrates the following CrowdStrike Intel API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [GetSensorInstallersCCIDByQuery](https://falconpy.io/Service-Collections/Sensor-Download.html#getsensorinstallersccidbyquery) | Get CCID to use with sensor installers. |
+| [GetIntelActorEntities](https://falconpy.io/Service-Collections/Intel.html#getintelactorentities) | Retrieve specific actors using their actor IDs. |
+| [GetMitreReport](https://www.falconpy.io/Service-Collections/Intel.html#getmitrereport) | Export Mitre ATT&CK information for a given actor. |
+| [QueryMitreAttacks](https://www.falconpy.io/Service-Collections/Intel.html#querymitreattacks) | Gets MITRE tactics and techniques for the given actor. |
 
-#### Real Time Response API operations discussed
-This sample demonstrates the following CrowdStrike Real Time Response API operations:
+
+#### Intel Search
+Quickly search CrowdStrike Falcon Intelligence data for string matches.
+Displays lists of matches and extended details for individual records when only one result is returned.
+When a value for output prefix (`-o`) is provided, results will also be written to individual files in CSV format.
+
+[![Intel](https://img.shields.io/badge/Service%20Class-Intel_Search-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/intel#intel-search)
+
+##### Intel API operations discussed
+This sample demonstrates the following CrowdStrike Intel API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [BatchInitSessions](https://falconpy.io/Service-Collections/Real-Time-Response.html#batchinitsessions) | Batch initialize a RTR session on multiple hosts. Before any RTR commands can be used, an active session is needed on the host. |
-| [BatchActiveResponderCmd](https://falconpy.io/Service-Collections/Real-Time-Response-Admin.html#batchactiverespondercmd) | Batch executes a RTR active-responder command across the hosts mapped to the given batch ID. |
+| [QueryIntelActorEntites](https://www.falconpy.io/Service-Collections/Intel.html#queryintelactorentities) | Get info about actors that match provided FQL filters. |
+| [QueryIntelIndicatorEntities](https://www.falconpy.io/Service-Collections/Intel.html#queryintelindicatorentities) | Get info about indicators that match provided FQL filters. |
+| [QueryIntelReportEntities](https://www.falconpy.io/Service-Collections/Intel.html#queryintelreportentities) | Get info about reports that match provided FQL filters. |
+| [GetIntelActorEntities](https://falconpy.io/Service-Collections/Intel.html#getintelactorentities) | Retrieve specific actors using their actor IDs. |
+| [GetIntelIndicatorEntities](https://www.falconpy.io/Service-Collections/Intel.html#getintelindicatorentities) | Retrieve specific indicators using their indicator IDs. |
+| [GetIntelReportEntities](https://www.falconpy.io/Service-Collections/Intel.html#queryintelreportentities) | Retrieve specific reports using their report IDs. |
 
 ---
 
-## Recon
-These samples focus on CrowdStrike's Falcon Intelligence Recon API service collection.
-
-- [Create monitoring rules for an email list](#create-monitoring-rules-for-an-email-list)
-
-### Create monitoring rules for an email list
-Provided by `@wozboz`, this example demonstrates creating Falcon Intelligence Recon monitoring rules for a list of email addresses provided in CSV format.
+#### MISP Import
+This [utility](https://github.com/CrowdStrike/MISP-tools#manual-import) will import CrowdStrike Intel Threat indicators (Actors, Indicators and Reports) into your instance of [MISP](https://github.com/MISP/MISP).
 
-[![Recon](https://img.shields.io/badge/Service%20Class-Create_Monitoring_Rules_For_a_List-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](recon/email_monitoring_recon.py)
+[![Intel](https://img.shields.io/badge/Service%20Class-MISP_Import-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/MISP-tools#manual-import)
 
-#### Recon API operations discussed
-This sample demonstrates the following CrowdStrike Recon API operations:
+##### Intel API operations discussed
+This sample demonstrates the following CrowdStrike Intel API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [CreateRulesV1](https://www.falconpy.io/Service-Collections/Recon.html#createrulesv1) | Create monitoring rules. |
+| [GetIntelActorEntities](https://falconpy.io/Service-Collections/Intel.html#getintelactorentities) | Retrieve specific actors using their actor IDs. |
+| [GetIntelIndicatorEntities](https://falconpy.io/Service-Collections/Intel.html#getintelindicatorentities) | Retrieve specific indicators using their indicator IDs. |
+| [GetIntelReportEntities](https://falconpy.io/Service-Collections/Intel.html#getintelreportentities) | Retrieve specific reports using their report IDs. |
+| [QueryIntelActorEntities](https://falconpy.io/Service-Collections/Intel.html#queryintelactorentities) | Get info about actors that match provided FQL filters. |
+| [QueryIntelIndicatorEntities](https://falconpy.io/Service-Collections/Intel.html#queryintelindicatorentities) | Get info about indicators that match provided FQL filters. |
+| [QueryIntelReportEntities](https://falconpy.io/Service-Collections/Intel.html#queryintelreportentities) | Get info about reports that match provided FQL filters. |
 
 ---
 
-## Report Executions
-These samples focus on CrowdStrike's Falcon Report Executions API service collection.
-
-- [Retrieve all report results](#retrieve-all-report-results)
+#### Malqueryinator
+Coded by our [**Purveyor of Lint**](https://xkcd.com/1513/) `@jlangdev`, [Malqueryinator](malquery#search-and-download-samples-from-malquery) demonstrates how to use the CrowdStrike MalQuery API to search and download malware samples.
 
-### Retrieve all report results
-This sample will accept a schedule report ID and download all results for every successful execution of the report.
+[![MalQuery](https://img.shields.io/badge/Uber%20Class-Download%20Malware%20Samples%20with%20Malqueryinator-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](malquery#search-and-download-samples-from-malquery)
 
-[![Report Executions](https://img.shields.io/badge/Service%20Class-Retrieve_all_report_results-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](report_executions/get_report_results.py)
+> This sample has been used in other integrations! You can check out the related integration [here](https://github.com/CrowdStrike/Cloud-AWS/blob/main/s3-bucket-protection/demo/instance.tf#L45).
 
-#### Report Executions API operations discussed
-This sample demonstrates the following CrowdStrike Report Executions API operations:
+##### MalQuery API operations discussed
+This sample demonstrates the following CrowdStrike MalQuery API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [report_executions_download_get](https://www.falconpy.io/Service-Collections/Report-Executions.html#report_executions_download_get) | Get report entity download. |
-| [report_executions_get](https://www.falconpy.io/Service-Collections/Report-Executions.html#report_executions_get) | Retrieve report details for the provided report IDs. |
-| [report_executions_query](https://www.falconpy.io/Service-Collections/Report-Executions.html#report_executions_query) | Find all report execution IDs matching the query with filter. |
+| [GetMalQueryEntitiesSamplesFetchV1](https://falconpy.io/Service-Collections/MalQuery.html#getmalqueryentitiessamplesfetchv1) | Fetch a zip archive with password 'infected' containing the samples. Call this once the /entities/samples-multidownload request has finished processing. |
+| [GetMalQueryRequestV1](https://falconpy.io/Service-Collections/MalQuery.html#getmalqueryrequestv1) | Check the status and results of an asynchronous request, such as hunt or exact-search. Supports a single request id at this time. |
+| [PostMalQueryEntitiesSamplesMultidownloadV1](https://falconpy.io/Service-Collections/MalQuery.html#postmalqueryentitiessamplesmultidownloadv1) | Schedule samples for download. Use the result id with the /request endpoint to check if the download is ready after which you can call the /entities/samples-fetch to get the zip. |
+| [PostMalQueryFuzzySearchV1](https://falconpy.io/Service-Collections/MalQuery.html#postmalqueryfuzzysearchv1) | Search Falcon MalQuery quickly, but with more potential for false positives. Search for a combination of hex patterns and strings in order to identify samples based upon file content at byte level granularity. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#threat-intelligence-toc)
 
 ---
 
-## Sensor Download
-The samples in this section focus on CrowdStrike Sensor Download API service collection.
 
-### Download the CrowdStrike sensor
-Use the Uber Class to [list or download versions of the CrowdStrike sensor](sensor_download/download_sensor.py).
+<a id="falcon-intelligence-sandbox-samples"></a>
+<details>
+<summary><h3>Falcon Intelligence Sandbox</h3> <small>(click to expand)</small><br/>
+These samples focus on CrowdStrike's Falcon Intelligence Sandbox API service collections.
+</summary>
 
-[![Sensor Download](https://img.shields.io/badge/Uber%20Class-List%20or%20Download%20Falcon%20Sensor-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](sensor_download/download_sensor.py)
+- [Manage sandbox uploads](#manage-sandbox-uploads)
+- [Falcon Intelligence Sandbox scan](#falcon-intelligence-sandbox-scan)
+- [Get all artifacts](#get-all-artifacts)
+- [Quick Scan a target](#quick-scan-a-target)
+- [S3 Bucket Protection](#s3-bucket-protection)
 
-#### Sensor Download API operations discussed
-This sample demonstrates the following CrowdStrike Sensor Download API operations:
+#### Manage sandbox uploads
+These samples use the CrowdStrike Sample Uploads API to upload, retrieve and delete files from Falcon Intelligence Sandbox. An example for using the [Service Class](sample_uploads/sample_uploads_service.py) and the [Uber Class](sample_uploads/sample_uploads_uber.py) is provided.
+
+[![Sample Uploads](https://img.shields.io/badge/Service%20Class-Handle%20Sandbox%20Files-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](sample_uploads/sample_uploads_service.py) 
+[![Sample Uploads](https://img.shields.io/badge/Uber%20Class-Handle%20Sandbox%20Files-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](sample_uploads/sample_uploads_uber.py)
+
+##### Sample Uploads API operations discussed
+These samples demonstrate the following CrowdStrike Sample Uploads API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [DownloadSensorInstallerById](https://falconpy.io/Service-Collections/Sensor-Download.html#downloadsensorinstallerbyid) | Get sensor installer details by providing a query. |
-| [GetCombinedSensorInstallersByQuery](https://falconpy.io/Service-Collections/Sensor-Download.html#getcombinedsensorinstallersbyquery) | Download sensor installer by SHA256 ID. |
+| [GetSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#getsamplev3) | Retrieves the file associated with the given ID (SHA256). |
+| [UploadSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#uploadsamplev3) | Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. |
+| [DeleteSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#deletesamplev3) | Removes a sample, including file, meta and submissions from the collection. |
 
 ---
 
-## Sensor Update Policies
-This section has samples that focus on the CrowdStrike Sensor Update Policies API service collection.
+#### Falcon Intelligence Sandbox scan
 
-### Policy Wonk
-Manage your sensor update policies with our [Policy Wonk](sensor_update_policies#manage-sensor-update-policies-with-policy-wonk) sample.
+Analyze a single file for malware using the Falcon Intelligence Sandbox API with these [examples](falconx_sandbox/single_scan). A sample using the [Service Class](https://github.com/CrowdStrike/falconpy/blob/samples/samples/falconx_sandbox/single_scan/falconx_scan_example.py) and one using the [Uber Class](https://github.com/CrowdStrike/falconpy/blob/samples/samples/falconx_sandbox/single_scan/falconx_scan_example_uber.py) is provided.
 
-[![Sensor Update Policies](https://img.shields.io/badge/Service%20Class-Policy%20Wonk-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](sensor_update_policies#manage-sensor-update-policies-with-policy-wonk) 
+[![Falcon Intelligence Sandbox](https://img.shields.io/badge/Service%20Class-Analyze%20a%20Single%20file-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](falconx_sandbox/single_scan) 
+[![Falcon Intelligence Sandbox](https://img.shields.io/badge/Uber%20Class-Analyze%20a%20Single%20File-silver?style=for-the-badge&labelColor=maroon&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](falconx_sandbox/single_scan)
 
-#### Sensor Update Policies API operations discussed
-This sample demonstrates the following CrowdStrike Sensor Update Policies API operations:
+##### Falcon Intelligence Sandbox API operations discussed
+These samples demonstrates the following CrowdStrike Falcon Intelligence Sandbox API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [createSensorUpdatePoliciesV2](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#createsensorupdatepoliciesv2) | Create Sensor Update Policies by specifying details about the policy to create. |
-| [deleteSensorUpdatePolicies](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#deletesensorupdatepolicies) | Delete a set of Sensor Update Policies by specifying their IDs. |
-| [performSensorUpdatePoliciesAction](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#performsensorupdatepoliciesaction) | Perform the specified action on the Sensor Update Policies specified in the request. |
-| [queryCombinedSensorUpdateBuilds](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#querycombinedsensorupdatebuilds) | Retrieve available builds for use with Sensor Update Policies. |
-| [queryCombinedSensorUpdateKernels](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#querycombinedsensorupdatekernels) | Retrieve kernel compatibility info for Sensor Update Builds. |
-| [queryCombinedSensorUpdatePolicyMembers](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#querycombinedsensorupdatepolicymembers) | Search for members of a Sensor Update Policy in your environment by providing a FQL filter and paging details. Returns a set of host details which match the filter criteria. |
-| [queryCombinedSensorUpdatePoliciesV2](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#querycombinedsensorupdatepoliciesv2) | Search for Sensor Update Policies with additional support for uninstall protection in your environment by providing a FQL filter and paging details. Returns a set of Sensor Update Policies which match the filter criteria. |
-| [revealUninstallToken](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#revealuninstalltoken) | Reveals an uninstall token for a specific device. To retrieve the bulk maintenance token pass the value `MAINTENANCE` as the value for `device_id`. |
-| [setSensorUpdatePoliciesPrecedence](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#setsensorupdatepoliciesprecedence) | Sets the precedence of Sensor Update Policies based on the order of IDs specified in the request. The first ID specified will have the highest precedence and the last ID specified will have the lowest. You must specify all non-Default Policies for a platform when updating precedence. |
-| [updateSensorUpdatePoliciesV2](https://falconpy.io/Service-Collections/Sensor-Update-Policy.html#updatesensorupdatepolicies) | Update Sensor Update Policies by specifying the ID of the policy and details to update with additional support for uninstall protection. |
+| [DeleteSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#deletesamplev3) | Removes a sample, including file, meta and submissions from the collection. |
+| [GetReports](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#getreports) | Get a full sandbox report. |
+| [GetSubmissions](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#getsubmissions) | Check the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes. |
+| [UploadSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#uploadsamplev3) | Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. |
+| [Submit](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#submit) | Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes. |
 
----
 
-## Spotlight
-These samples discuss leveraging the CrowdStrike Spotlight Evaluation Logic and Spotlight Vulnerabilities API service collections.
+---
 
-- [Find vulnerable hosts by CVE ID](#find-vulnerable-hosts-by-cve-id)
-- [CISA DHS Known Exploited Vulnerabilities](#cisa-dhs-known-exploited-vulnerabilities)
-- [Spotlight Quick Report](#spotlight-quick-report)
+#### Get all artifacts
 
-### Find vulnerable hosts by CVE ID
-In this [example](spotlight#identify-hosts-with-vulnerabilities-by-cve) we demonstrate searching Falcon Spotlight for vulnerable hosts based upon CVE ID.
+This [example](falconx_sandbox/get_all_artifacts.py) demonstrates retrieving all artifacts for all reports (in all supported formats).
 
-[![Spotlight Vulnerabilities](https://img.shields.io/badge/Service%20Class-Identify%20Vulnerable%20Hosts%20by%20CVE-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](spotlight#identify-hosts-with-vulnerabilities-by-cve) 
+[![Falcon Intelligence Sandbox](https://img.shields.io/badge/Service%20Class-Get%20All%20Artifacts-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](falconx_sandbox/get_all_artifacts.py) 
 
-#### Spotlight Vulnerabilities API operations discussed
-This sample demonstrates the following CrowdStrike Spotlight Vulnerability API operations:
+##### Falcon Intelligence Sandbox API operations discussed
+This sample demonstrates the following CrowdStrike Falcon Intelligence Sandbox API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [getRemediationsV2](https://falconpy.io/Service-Collections/Spotlight-Vulnerabilities.html#getremediationsv2) | Get details on remediation by providing one or more IDs. |
-| [getVulnerabilities](https://falconpy.io/Service-Collections/Spotlight-Vulnerabilities.html#getvulnerabilities) | Get details on vulnerabilities by providing one or more IDs. |
-| [queryVulnerabilities](https://falconpy.io/Service-Collections/Spotlight-Vulnerabilities.html#queryvulnerabilities) | Search for Vulnerabilities in your environment by providing a FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria. |
+| [GetArtifacts](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#getartifacts) | Download IOC packs, PCAP files, and other analysis artifacts. |
+| [GetReports](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#getreports) | Get a full sandbox report. |
+| [QueryReports](https://falconpy.io/Service-Collections/Falconx-Sandbox.html#queryreports) | Find sandbox reports by providing a FQL filter and paging details. Returns a set of report IDs that match your criteria. |
 
 ---
 
-### CISA DHS Known Exploited Vulnerabilities
-Developed and submitted by `@ciberesponce`, this [solution](spotlight/CISA_known_exploited_vulns) provides simple CSV formatted output, sorting by DHS CISA's Due Date field, to allow for prioritization of mitigation actions across hosts. This is particularly useful for Departments and agencies (D/a) who are subject to CISA's due dates.
+#### Quick Scan a target
 
-[![Spotlight Vulnerabilities](https://img.shields.io/badge/Service%20Class-CISA%20Known%20Exploited%20Vulnerabilities-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](spotlight/CISA_known_exploited_vulns) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](spotlight/CISA_known_exploited_vulns)
+This [demonstration](quick_scan/scan_target.py) leverages the Falcon Quick Scan and Sample Uploads APIs to scan the contents of a target folder. (Either on the local filesystem or a bucket in S3.)
 
-#### Spotlight Vulnerabilities API operations discussed
-This sample demonstrates the following CrowdStrike Spotlight Vulnerability API operations:
+[![Quick Scan / Sample Uploads](https://img.shields.io/badge/Service%20Class-Scan%20a%20target-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](quick_scan/scan_target.py)
+
+##### Quick Scan and Sample Uploads API operations discussed
+This sample demonstrates the following CrowdStrike Quick Scan and Sample Uploads API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [queryVulnerabilities](https://falconpy.io/Service-Collections/Spotlight-Vulnerabilities.html#queryvulnerabilities) | Search for Vulnerabilities in your environment by providing a FQL filter and paging details. Returns a set of Vulnerability IDs which match the filter criteria. |
+| [DeleteSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#deletesamplev3) | Removes a sample, including file, meta and submissions from the collection. |
+| [GetScans](https://falconpy.io/Service-Collections/Quick-Scan.html#getscans) | Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute. |
+| [ScanSamples](https://falconpy.io/Service-Collections/Quick-Scan.html#scansamples) | Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute. |
+| [UploadSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#uploadsamplev3) | Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. |
 
 ---
 
-### Spotlight Quick Report
-In this [example](spotlight#spotlight-quick-report) we demonstrate generating a report of CVE matches within a Falcon tenant using the Spotlight and Hosts service collections.
+#### Quick Scan quota check
 
-[![Spotlight Vulnerabilities](https://img.shields.io/badge/Service%20Class-Spotlight_Quick_report-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](spotlight#spotlight-quick-report) 
+This [demonstration](quick_scan/quota_check.py) will report your current scan quota.
 
-#### Spotlight Vulnerabilities / Hosts API operations discussed
-This sample demonstrates the following CrowdStrike Spotlight Vulnerability API and Hosts API operations:
+[![Quick Scan](https://img.shields.io/badge/Service%20Class-Quota_Check-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/falconpy/tree/main/samples/quick_scan#quota-check)
+
+##### Quick Scan API operations discussed
+This sample demonstrates the following CrowdStrike Quick Scan API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [combinedQueryVulnerabilities](https://www.falconpy.io/Service-Collections/Spotlight-Vulnerabilities.html#combinedqueryvulnerabilities) | Search for Vulnerabilities in your environment by providing a FQL filter and paging details. Returns a set of Vulnerability entities which match the filter criteria. |
-| [GetDeviceDetails](https://www.falconpy.io/Service-Collections/Hosts.html#getdevicedetails) | Get details on one or more hosts by providing agent IDs (AID). You can get a host's agent IDs (AIDs) from the QueryDevicesByFilterScroll operation, the Falcon console or the Streaming API. |
-| [QueryDevicesByFilterScroll](https://www.falconpy.io/Service-Collections/Hosts.html#querydevicesbyfilterscroll) | Search for hosts in your environment by platform, hostname, IP, and other criteria with continuous pagination capability (based on offset pointer which expires after 2 minutes with no maximum limit). |
+| [GetScans](https://falconpy.io/Service-Collections/Quick-Scan.html#getscans) | Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute. |
 
-## User Management
-This sample category is focused on examples that leverage CrowdStrike's User Management API service collection.
+---
 
-### Bulk user administration
-This [sample](user_management#bulk-import-update-and-remove-users) demonstrates adding, updating and removing users in bulk using the User Management Service Class.
+#### S3 Bucket Protection
 
-[![User Management](https://img.shields.io/badge/Service%20Class-Bulk%20Edit%20Users-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](user_management#bulk-import-update-and-remove-users) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](user_management#bulk-import-update-and-remove-users)
+Building on the previous example, this [solution](https://github.com/CrowdStrike/Cloud-AWS/tree/main/s3-bucket-protection) demonstrates a complete integration with AWS Lambda, AWS S3 and AWS Security Hub that scans files as they are uploaded to the bucket. Files that are found to be malicious are removed from the bucket and a finding is published to AWS Security Hub.
 
-#### User Management API operations discussed
-This sample demonstrates the following CrowdStrike User Management API operations:
+[![Quick Scan / Sample Uploads](https://img.shields.io/badge/Service%20Class-S3%20Bucket%20Protection-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](https://github.com/CrowdStrike/Cloud-AWS/tree/main/s3-bucket-protection)
+
+##### Quick Scan and Sample Uploads API operations discussed
+This sample demonstrates the following CrowdStrike Quick Scan and Sample Uploads API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [CreateUser](https://falconpy.io/Service-Collections/User-Management.html#createuser) | Create a new user. After creating a user, assign one or more roles with [GrantUserRoleIds](https://falconpy.io/Service-Collections/User-Management.html#grantuserroleids). |
-| [DeleteUser](https://falconpy.io/Service-Collections/User-Management.html#deleteuser) | Delete a user permanently. |
-| [GetAvailableRoleIds](https://falconpy.io/Service-Collections/User-Management.html#getavailableroleids) | Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to [GetRoles](https://falconpy.io/Service-Collections/User-Management.html#getroles). |
-| [GetUserRoleIds](https://falconpy.io/Service-Collections/User-Management.html#getuserroleids) | Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to [GetRoles](https://falconpy.io/Service-Collections/User-Management.html#getroles). |
-| [GrantUserRoleIds](https://falconpy.io/Service-Collections/User-Management.html#grantuserroleids) | Assign one or more roles to a user. |
-| [RetrieveUser](https://falconpy.io/Service-Collections/User-Management.html#retrieveuser) | Get info about a user. |
-| [RetrieveUserUUID](https://falconpy.io/Service-Collections/User-Management.html#retrieveuseruuid) | Get a user's ID by providing a username (usually an email address). |
-| [RetrieveUserUUIDsByCID](https://falconpy.io/Service-Collections/User-Management.html#retrieveuseruuidsbycid) | List user IDs for all users in your customer account. For more information on each user, provide the user ID to [RetrieveUser](https://falconpy.io/Service-Collections/User-Management.html#retrieveuser). |
-| [RevokeUserRoleIds](https://falconpy.io/Service-Collections/User-Management.html#revokeuserroleids) | Revoke one or more roles from a user. |
+| [DeleteSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#deletesamplev3) | Removes a sample, including file, meta and submissions from the collection. |
+| [GetScans](https://falconpy.io/Service-Collections/Quick-Scan.html#getscans) | Check the status of a volume scan. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute. |
+| [ScanSamples](https://falconpy.io/Service-Collections/Quick-Scan.html#scansamples) | Submit a volume of files for ml scanning. Time required for analysis increases with the number of samples in a volume but usually it should take less than 1 minute. |
+| [UploadSampleV3](https://falconpy.io/Service-Collections/Sample-Uploads.html#uploadsamplev3) | Upload a file for further cloud analysis. After uploading, call the specific analysis API endpoint. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#threat-intelligence-toc)
 
 ---
 
-### Get user grants
-This [sample](user_management#get-user-grants) demonstrates retrieving a list of all user grants asynchronously using the User Management Service Class.
+<a id="recon-samples"></a>
+<details>
+<summary><h3>Falcon Intelligence Recon</h3> <small>(click to expand)</small><br/>
+These samples focus on CrowdStrike's Falcon Intelligence Recon API service collection.
+</summary>
 
-[![User Management](https://img.shields.io/badge/Service%20Class-Get_User_Grants-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](user_management#get-user-grants) [![MSSP Use supported](https://img.shields.io/badge/-Supports%20MSSP-darkblue?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==&style=for-the-badge)](user_management#get-user-grants)
+#### Create monitoring rules for an email list
+Provided by `@wozboz`, this example demonstrates creating Falcon Intelligence Recon monitoring rules for a list of email addresses provided in CSV format.
 
-#### User Management API operations discussed
-This sample demonstrates the following CrowdStrike User Management API operations:
+[![Recon](https://img.shields.io/badge/Service%20Class-Create_Monitoring_Rules_For_a_List-silver?style=for-the-badge&labelColor=red&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==)](recon/email_monitoring_recon.py)
+
+##### Recon API operations discussed
+This sample demonstrates the following CrowdStrike Recon API operations:
 
 | Operation | Description |
 | :--- | :--- |
-| [queryUserV1](https://falconpy.io/Service-Collections/User-Management.html#queryuserv1) | List user IDs for all users in your customer account. |
-| [combinedUserRolesV1](https://falconpy.io/Service-Collections/User-Management.html#combineduserrolesv1) | Get User Grant(s). This operation lists both direct as well as flight control grants between a user and a customer. |
-| [retrieveUsersGETV1](https://falconpy.io/Service-Collections/User-Management.html#retrieveusersgetv1) | Get information about users including their name, UID, and CID by providing user UUIDs. |
+| [CreateRulesV1](https://www.falconpy.io/Service-Collections/Recon.html#createrulesv1) | Create monitoring rules. |
+
+</details>
+
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#threat-intelligence-toc)
 
 ---
 
+</details>
+
+
 ## Suggestions
 Do you have a suggestion for an example you'd like to see? Are one of the examples not working as expected? Let us know by posting a message to our [discussion board](https://github.com/CrowdStrike/falconpy/discussions).
 
 Have an example you've developed yourself that you'd like to share?  **_Excellent!_** Please review our [contributing guidelines](/CONTRIBUTING.md) and then submit a pull request.
 
+[Back to top](#falconpy-sample-library) | [How to authenticate](#authentication-for-these-examples) | [Table of Contents](#toc)
+
 ---
 
 <p align="center"><img src="https://raw.githubusercontent.com/CrowdStrike/falconpy/main/docs/asset/cs-logo-footer.png"><BR/><img width="450px" src="https://raw.githubusercontent.com/CrowdStrike/falconpy/main/docs/asset/turbine-panda-lines.png"></P>
diff --git a/samples/installation_tokens/README.md b/samples/installation_tokens/README.md
new file mode 100644
index 000000000..10c7a96e0
--- /dev/null
+++ b/samples/installation_tokens/README.md
@@ -0,0 +1,908 @@
+![CrowdStrike Falcon](https://raw.githubusercontent.com/CrowdStrike/falconpy/main/docs/asset/cs-logo.png)
+
+[![CrowdStrike Subreddit](https://img.shields.io/badge/-r%2Fcrowdstrike-white?logo=reddit&labelColor=gray&link=https%3A%2F%2Freddit.com%2Fr%2Fcrowdstrike)](https://reddit.com/r/crowdstrike)
+
+# Installation Tokens examples
+The examples in this folder focus on leveraging CrowdStrike's Installation Tokens API to manage sensor installation tokens.
+- [Token Dispenser](#token-dispenser)
+
+## Token Dispenser
+This application displays and manages installation tokens within your CrowdStrike tenant.
+> [!NOTE]
+> This solution supports Flight Control (MSSP) usage for all functionality, allowing administrators to manage multiple tokens across child tenants with a single command.
+
+- [Requirements](#requirements)
+- [Running the program](#running-the-program)
+- [Execution syntax](#execution-syntax)
+- [Commands](#commands)
+- [Source code](#example-source-code)
+
+### Requirements
+- [Python 3.7 or greater](https://www.python.org)
+- [CrowdStrike FalconPy v1.3.4 or greater](https://github.com/CrowdStrike/falconpy/releases/tag/v1.3.4)
+- [pyfiglet](https://pypi.org/project/pyfiglet/)
+- [tabulate](https://pypi.org/project/tabulate/)
+
+### Running the program
+In order to run this demonstration, you will need access to CrowdStrike API keys with the following scope:
+| Service Collection | Scope |
+| :---- | :---- |
+| Installation Tokens | __READ__, __WRITE__ |
+
+To take advantage of MSSP mode (Flight Control) functionality, you will also need the following scopes:
+| Service Collection | Scope |
+| :---- | :---- |
+| Flight Control | __READ__ |
+| Sensor Downloads | __READ__ |
+
+> [!NOTE]
+> All operations within the Installation Tokens service collection maintain low rate limits. This application automatically backs off and retries the request when these limits are exceeded.
+
+### Execution syntax
+This application provides multiple commands, each with unique options.
+
+```shell
+python3 token_dispenser.py [-h] command [options]
+```
+
+##### Command line help
+The menu of commands can be retrieved by providing `-h` on the command line with no other arguments.
+
+```shell
+Installation Token management utility.
+
+ _______                        __ _______ __        __ __
+|   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
+|.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
+|.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
+|:  1   |                         |:  1   |
+|::.. . |                         |::.. . |       FalconPy v1.3.4
+`-------'                         `-------'
+
+_______  _____  _     _ _______ __   _
+   |    |     | |____/  |______ | \  |
+   |    |_____| |    \_ |______ |  \_|
+
+______  _____ _______  _____  _______ __   _ _______ _______  ______
+|     \   |   |______ |_____] |______ | \  | |______ |______ |_____/
+|_____/ __|__ ______| |       |______ |  \_| ______| |______ |    \_
+
+               .-------.            with    ________)
+               |Jackpot|                   (, /     /) ,     /)
+   ____________|_______|____________         /___, //    _  (/  _/_
+  |  __    __    ___  _____   __    |     ) /     (/__(_(_/_/ )_(__
+  | / _\  / /   /___\/__   \ / _\   |    (_/           .-/
+  | \ \  / /   //  //  / /\ \\ \  25|                 (_/  )   ___
+  | _\ \/ /___/ \_//  / /  \/_\ \ []|  __                 (__/_____)                   /)
+  | \__/\____/\___/   \/     \__/ []| (__)                  /       _____  _/_ __  ___//
+  |===_______===_______===_______===|  ||                  /       (_) / (_(__/ (_(_)(/_
+  ||*| _____ |*|       |*|  ___  |*||  ||                 (______)
+  ||*||     ||*|  /\ _ |*| |_  | |*||  ||
+  ||*||*BAR*||*|  \_(_)|*|  / /  |*||  ||
+  ||*||_____||*|  (_)  |*| /_/   |*||  ||
+  ||*|_______|*|_______|*|_______|*||_//                 Creation date: 11.15.2023
+  | \=___________________________=/ |_/                       jshcodes@CrowdStrike
+ _|    \_______________________/    |_                            WE STOP BREACHES
+(_____________________________________)
+
+positional arguments:
+  Token command  Command description
+    list (l)     List all tokens [default]
+    create (c)   Create tokens
+    revoke (x)   Revoke tokens
+    restore (r)  Restore tokens
+    update (u)   Update tokens
+    delete (d)   Delete tokens
+
+optional arguments:
+  -h, --help     show this help message and exit
+```
+
+### Commands
+The token dispenser supports 6 primary commands, each accepting optional arguments that alter how the command is performed.
+When using [MSSP mode](#flight-control-mssp-mode-arguments) operations performed cross all tenants.
+> Example: Calling the `list` command while also enabling MSSP mode with the `-m` command line argument will show tokens for the parent and all children.
+
+- [List](#list-tokens) - List all tokens within the environment.
+- [Create](#create-tokens) - Create one or multiple tokens with a specified expiration and label.
+- [Revoke](#revoke-tokens) - Revoke one or multiple tokens by label or ID.
+- [Restore](#restore-tokens) - Restore one or multiple tokens by label or ID.
+- [Update](#update-tokens) - Update the label or expiration for one or multiple tokens by label or ID.
+- [Delete](#delete-tokens) - Delete one or multiple tokens by label or ID.
+
+#### Authentication, display and saving results to a file
+All commands accept universal arguments that may be mixed with command-specific arguments.
+These arguments control configuration elements that are shared across all available commands such as:
+- Authentication
+- Flight Control (MSSP mode)
+- Display options (such as filtering, sorting and formatting)
+- Outputting displayed results to CSV or JSON format
+
+##### Universal arguments
+The following options are available as command line arguments regardless of command performed.
+Universal arguments may be provided in any order.
+
+###### General, display and output arguments
+These arguments allow users to control debug and result display settings.
+Results can also be exported to a file in JSON or CSV format using these options.
+
+| Argument | Long Argument | Description | Category |
+| :-- | :-- | :-- | :-- |
+ | `-h` | `--help` | Show help for the specified command and exit. | General |
+ | `-d` | `--debug` | Enable debug. | General |
+ | `-f` FILTER | `--filter` FILTER | Filter results by searching token labels (stemmed search). | Display |
+ | `-o` ORDER_BY | `--order-by` ORDER_BY | Sort key to use for tabular displays. | Display |
+ | `-r` | `--reverse` | Reverses the sort order. | Display |
+ | `-t` TABLE_FORMAT | `--table-format` TABLE_FORMAT | Format to use for tabular output. | Display |
+ | `-v` | `--show-version` | Show FalconPy version in output. | Display |
+ | | `--output-file` OUTPUT_FILE | Output token list results to a CSV or JSON file. | Output |
+ | | `--output-format` OUTPUT_FORMAT | Set output file format.<BR/><BR/>Allowed options:<UL><LI>csv</LI><LI>json</LI></UL> | Output |
+
+###### Authentication arguments
+> [!NOTE]
+> The following arguments are not required when you are using [environment authentication](https://www.falconpy.io/Usage/Authenticating-to-the-API.html#environment-authentication).
+
+| Argument | Long Argument | Description | Category |
+| :-- | :-- | :-- | :-- |
+| `-k` CLIENT_ID | `--client_id` CLIENT_ID | Falcon API client ID. | Authentication |
+| `-s` CLIENT_SECRET | `--client_secret` CLIENT_SECRET | Falcon API client secret. | Authentication
+
+###### Flight Control (MSSP mode) arguments
+> [!NOTE]
+> The following arguments are not required when you are not using Flight Control.
+
+| Argument | Long Argument | Description | Category |
+| :-- | :-- | :-- | :-- |
+| `-c` CHILD | `--child` CHILD | CID of the child tenant to target. | MSSP |
+| `-m` | `--mssp` | Flight Control (MSSP) mode.<BR/>Commands executed are performed within every tenant unless the parent is explicitly skipped. | MSSP |
+| | `--skip-parent`| Do not execute commands within the parent tenant. | MSSP |
+| | `--show-tenant` | Display tenant CID values as part of execution. | MSSP |
+
+##### Examples
+The following examples demonstrate different universal argument variations.
+
+###### Enable debugging
+Passing the `-d` (`--debug`) argument will enable API debugging for every operation performed.
+
+```shell
+python3 token_dispenser.py -d
+```
+
+###### Filter display results by label
+The `-f` (`--filter`) option will only display results that include the word "Example" in any position within the label.
+
+```shell
+python3 token_dispenser.py -f Example
+```
+
+###### Sort display results
+You can sort results by any column in the display results using the `-o` (`order-by`) argument.
+Using the `-r` (`--reverse`) argument will reverse the sort.
+
+```shell
+python3 token_dispenser.py -o status -r
+```
+
+###### Change the display table format
+You can change the format of the display table to any of the following options using the `-t` (`table-format`) argument.
+
+```shell
+python3 token_dispenser.py -t fancy_grid
+```
+
+###### *Available table format options*
+| | | | | | |
+| :-- | :-- | :-- | :-- | :-- | :-- |
+| `plain` | `simple` | `github` | `grid` | `simple_grid` | `rounded_grid` |
+| `heavy_grid` | `mixed_grid` | `double_grid` | `fancy_grid` | `outline` | `simple_outline` |
+| `rounded_outline` | `heavy_outline` | `mixed_outline` | `double_outline` | `fancy_outline` | `pipe` |
+| `orgtbl` | `asciidoc` | `jira` | `presto` | `pretty` | `psql` |
+| `rst` | `mediawiki` | `moinmoin` | `youtrack` | `html` | `unsafehtml` |
+| `latex` | `latex_raw` | `latex_booktabs` | `latex_longtable` | `textile` | `tsv` |
+
+
+###### Authenticating to a single tenant
+If you are not using [Environment Authentication](https://www.falconpy.io/Usage/Authenticating-to-the-API.html#environment-authentication), you will need to provide authentication detail on the command line using the `-k` (`--client-id`) and `-s` (`--client-secret`) arguments.
+
+```shell
+python3 token_dispenser.py -k $FALCON_CLIENT_ID -s $FALCON_CLIENT_SECRET
+```
+
+###### Authenticating to a parent tenant and enabling MSSP mode
+MSSP mode will perform commands against all child tenants and the parent (if not explicitly skipped using the `--skip-parent` argument).
+This includes API calls used to create display results.
+
+```shell
+python3 token_dispenser.py -k $PARENT_CLIENT_ID -s $PARENT_CLIENT_SECRET -m
+```
+
+###### Authenticating as a parent to a single child
+You can also directly authenticate (as a parent) to the child tenant using the `-c` (`--child`) argument.
+This argument does not require MSSP mode and may be provided with or without the `-m` argument.
+
+```shell
+python3 token_dispenser.py -k $PARENT_CLIENT_ID -s $PARENT_CLIENT_SECRET -c $CHILD_TENANT_CID
+```
+
+###### Displaying the tenant ID
+You can display the tenant ID for the parent and child tenants before the operation is performed with the `--show-tenant` argument.
+
+```shell
+python3 token_dispenser.py --show-tenant
+```
+
+---
+
+#### List tokens
+The list command is the default command, and is executed when no command is specified.
+After the execution of any other command, the list command is executed to display the results generated.
+
+There are no list command-specific arguments. All universal arguments are accepted.
+
+##### Command line help (list)
+Command-line help for this command is available when the command is called along with the `-h` argument.
+
+```shell
+usage: token_dispenser.py list [-h] [-d] [-f FILTER] [-o ORDER_BY] [-r] [-t TABLE_FORMAT] [-v] [--output-file OUTPUT_FILE] [--output-format {csv,json}] [-k CLIENT_ID] [-s CLIENT_SECRET] [-c CHILD] [-m] [--skip-parent]
+                               [--show-tenant]
+
+ _      _     _
+| |    (_)   | |
+| |     _ ___| |_
+| |    | / __| __|
+| |____| \__ \ |_
+|______|_|___/\__|
+
+
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -d, --debug           Enable debug.
+  -f FILTER, --filter FILTER
+                        Filter results by searching token labels (stemmed search).
+  -o ORDER_BY, --order-by ORDER_BY
+                        Sort key to use for tabular displays.
+  -r, --reverse         Reverses the sort order.
+  -t TABLE_FORMAT, --table-format TABLE_FORMAT
+                        Format to use for tabular output.
+  -v, --show-version    Show FalconPy version in output.
+  --output-file OUTPUT_FILE
+                        Output token list results to a CSV or JSON file.
+  --output-format {csv,json}
+                        Set output file format.
+
+authentication arguments (not required if using environment authentication):
+  -k CLIENT_ID, --client_id CLIENT_ID
+                        Falcon API client ID
+  -s CLIENT_SECRET, --client_secret CLIENT_SECRET
+                        Falcon API client secret
+
+mssp arguments:
+  -c CHILD, --child CHILD
+                        CID of the child tenant to target.
+  -m, --mssp            Flight Control (MSSP) mode.
+  --skip-parent         Do not take action within the parent tenant.
+  --show-tenant         Display tenant CID values.
+```
+
+---
+
+#### Create tokens
+Create tokens within your tenant, or across parent and child tenants simultaneously. Supports the creation of multiple tokens with specified expiration dates.
+Expiration may be set by number of days or by specifying a specific date in UTC format.
+
+##### Create command arguments
+There are two create command-specific required arguments (`token-label` and `expiration`). There are also two optional arguments `count` and `force`.
+All [universal arguments](#universal-arguments) are supported and can be mixed with create command arguments in any order or combination.
+
+| Argument | Long Argument | Description | Category |
+| :-- | :-- | :-- | :-- |
+| | `--force` | Perform the operation without asking for confirmation. | General |
+| `-l` TOKEN_LABEL | `--token-label` TOKEN_LABEL | Label for the token. | Create |
+| `-e` EXPIRATION | `--expiration` EXPIRATION | Token expiration.<BR/>(number of days or a specific date in `YYYY-mm-ddTHH:MM:SSZ` format). | Create |
+| `-n` COUNT | `--count` COUNT | Number of tokens to create. | Create |
+
+##### Examples
+The following examples demonstrate different create command variations.
+
+###### Create a single token in a standard tenant
+This example will create a token labeled "ExampleToken" with an expiration of 5 days from now.
+
+```shell
+python3 token_dispenser.py create -l ExampleToken -e 5
+```
+
+##### Flight Control examples
+> [!IMPORTANT]
+> You must provide either the MSSP mode (`-m`) or the child (`-c`) argument in order to execute operations within child tenants.
+
+###### Create a single token across the parent and child tenants
+This example will create a token labeled "ExampleToken" with an expiration 10 days from now in the parent and every child tenant.
+
+```shell
+python3 token_dispenser.py create -l ExampleToken -e 10 -m
+```
+
+###### Create multiple tokens in all child tenants but do not create one in the parent
+This example will create three tokens with a specific expiration date, labeled "ExampleToken1", "ExampleToken2", and "ExampleToken3" within child tenants.
+The parent tenant will remain unchanged as the `skip-parent` argument has been provided.
+
+```shell
+python3 token_dispenser.py create -l ExampleToken -e 2025-01-01T00:00:01Z -n 3 -m --skip-parent
+```
+
+> [!NOTE]
+> To skip the confirmation dialog presented when performing multi-tenant operations, provide the `--force` argument. This argument has no impact on operations where a confirmation dialog is not normally presented.
+
+##### Command line help (create)
+Command-line help for this command is available when the command is called along with the `-h` argument.
+
+```shell
+usage: token_dispenser.py create [-h] -l TOKEN_LABEL -e EXPIRATION [-n COUNT] [--force] [-d] [-f FILTER] [-o ORDER_BY] [-r] [-t TABLE_FORMAT] [-v] [--output-file OUTPUT_FILE] [--output-format {csv,json}] [-k CLIENT_ID]
+                                 [-s CLIENT_SECRET] [-c CHILD] [-m] [--skip-parent] [--show-tenant]
+
+  _____                _
+ / ____|              | |
+| |     _ __ ___  __ _| |_ ___
+| |    | '__/ _ \/ _` | __/ _ \
+| |____| | |  __/ (_| | ||  __/
+ \_____|_|  \___|\__,_|\__\___|
+
+
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -n COUNT, --count COUNT
+                        Number of tokens to create
+  --force               Perform the operation without asking for confirmation.
+  -d, --debug           Enable debug.
+  -f FILTER, --filter FILTER
+                        Filter results by searching token labels (stemmed search).
+  -o ORDER_BY, --order-by ORDER_BY
+                        Sort key to use for tabular displays.
+  -r, --reverse         Reverses the sort order.
+  -t TABLE_FORMAT, --table-format TABLE_FORMAT
+                        Format to use for tabular output.
+  -v, --show-version    Show FalconPy version in output.
+  --output-file OUTPUT_FILE
+                        Output token list results to a CSV or JSON file.
+  --output-format {csv,json}
+                        Set output file format.
+
+required arguments:
+  -l TOKEN_LABEL, --token-label TOKEN_LABEL
+                        Label for the token.
+  -e EXPIRATION, --expiration EXPIRATION
+                        Token expiration (number of days or YYYY-mm-ddTHH:MM:SSZ).
+
+authentication arguments (not required if using environment authentication):
+  -k CLIENT_ID, --client_id CLIENT_ID
+                        Falcon API client ID
+  -s CLIENT_SECRET, --client_secret CLIENT_SECRET
+                        Falcon API client secret
+
+mssp arguments:
+  -c CHILD, --child CHILD
+                        CID of the child tenant to target.
+  -m, --mssp            Flight Control (MSSP) mode.
+  --skip-parent         Do not take action within the parent tenant.
+  --show-tenant         Display tenant CID values.
+```
+
+---
+
+#### Revoke tokens
+Revoke tokens within your tenant, or across parent and child tenants simultaneously. Supports the revocation of multiple tokens.
+
+##### Revoke command arguments
+There are two revoke command-specific required arguments (`token-id` and `token-label`). These arguments are mutually exclusive. There is one optional argument `force`.
+All [universal arguments](#universal-arguments) are supported and can be mixed with create command arguments in any order or combination.
+
+| Argument | Long Argument | Description | Category |
+| :-- | :-- | :-- | :-- |
+| | `--force` | Perform the operation without asking for confirmation. | General |
+| `-i` TOKEN_ID | `--token-id` TOKEN_ID | ID of the token to revoke. | Revoke |
+| `-l` TOKEN_LABEL | `--token-label` TOKEN_LABEL | Label of the token to revoke (starts with match). | Revoke |
+
+##### Examples
+The following examples demonstrate different revoke command variations.
+
+###### Revoke tokens in a standard tenant
+This example will revoke any token with a label starting with "ExampleToken".
+
+```shell
+python3 token_dispenser.py revoke -l ExampleToken
+```
+
+You can also revoke specific tokens by ID.
+
+```shell
+python3 token_dispenser.py delete -i $TOKEN_ID
+```
+
+##### Flight Control examples
+> [!IMPORTANT]
+> You must provide the MSSP mode (`-m`) argument in order to access child tenants. If you wish processing to only occur within child tenants, you must provide the `--skip-parent` argument.
+
+###### Revoke a single token in a child tenant
+This example will revoke a single token within a child tenant.
+
+```shell
+python3 token_dispenser.py revoke -i $TOKEN_ID -c $CHILD_TENANT_CID
+```
+
+You can also accomplish this leveraging MSSP mode. All child tenants will be searched for a token that matches the ID.
+
+```shell
+python3 token_dispenser.py revoke -i $TOKEN_ID -m
+```
+
+###### Revoke tokens in a child tenant that have a label starting with a specific string
+This example will revoke tokens labeled "ExampleToken" (or any variation starting with this string) within child tenants.
+
+```shell
+python3 token_dispenser.py revoke -l ExampleToken -c $CHILD_TENANT_CID
+```
+
+You can also accomplish this leveraging MSSP mode. All child tenants will be searched for labels that match the specified string.
+
+```shell
+python3 token_dispenser.py revoke -l ExampleToken -m
+```
+
+> [!NOTE]
+> To skip the confirmation dialog presented when performing multi-tenant operations, provide the `--force` argument. This argument has no impact on operations where a confirmation dialog is not normally presented.
+
+##### Command line help (revoke)
+Command-line help for this command is available when the command is called along with the `-h` argument.
+
+```shell
+usage: token_dispenser.py revoke [-h] (-i TOKEN_ID | -l TOKEN_LABEL) [--force] [-d] [-f FILTER] [-o ORDER_BY] [-r] [-t TABLE_FORMAT] [-v] [--output-file OUTPUT_FILE] [--output-format {csv,json}] [-k CLIENT_ID]
+                                 [-s CLIENT_SECRET] [-c CHILD] [-m] [--skip-parent] [--show-tenant]
+
+ _____                 _
+|  __ \               | |
+| |__) |_____   _____ | | _____
+|  _  // _ \ \ / / _ \| |/ / _ \
+| | \ \  __/\ V / (_) |   <  __/
+|_|  \_\___| \_/ \___/|_|\_\___|
+
+
+
+optional arguments:
+  -h, --help            show this help message and exit
+  --force               Perform the operation without asking for confirmation.
+  -d, --debug           Enable debug.
+  -f FILTER, --filter FILTER
+                        Filter results by searching token labels (stemmed search).
+  -o ORDER_BY, --order-by ORDER_BY
+                        Sort key to use for tabular displays.
+  -r, --reverse         Reverses the sort order.
+  -t TABLE_FORMAT, --table-format TABLE_FORMAT
+                        Format to use for tabular output.
+  -v, --show-version    Show FalconPy version in output.
+  --output-file OUTPUT_FILE
+                        Output token list results to a CSV or JSON file.
+  --output-format {csv,json}
+                        Set output file format.
+
+required arguments (mutually exclusive):
+  -i TOKEN_ID, --token-id TOKEN_ID
+                        ID of the token to revoke.
+  -l TOKEN_LABEL, --token-label TOKEN_LABEL
+                        Label of the token to revoke (starts with match).
+
+authentication arguments (not required if using environment authentication):
+  -k CLIENT_ID, --client_id CLIENT_ID
+                        Falcon API client ID
+  -s CLIENT_SECRET, --client_secret CLIENT_SECRET
+                        Falcon API client secret
+
+mssp arguments:
+  -c CHILD, --child CHILD
+                        CID of the child tenant to target.
+  -m, --mssp            Flight Control (MSSP) mode.
+  --skip-parent         Do not take action within the parent tenant.
+  --show-tenant         Display tenant CID values.
+```
+
+---
+
+#### Restore tokens
+Restore tokens within your tenant, or across parent and child tenants simultaneously. Supports the restoration of multiple tokens.
+
+##### Restore command arguments
+There are two restore command-specific required arguments (`token-id` and `token-label`). These arguments are mutually exclusive. There is one optional argument `force`.
+All [universal arguments](#universal-arguments) are supported and can be mixed with create command arguments in any order or combination.
+
+| Argument | Long Argument | Description | Category |
+| :-- | :-- | :-- | :-- |
+| | `--force` | Perform the operation without asking for confirmation. | General |
+| `-i` TOKEN_ID | `--token-id` TOKEN_ID | ID of the token to restore. | Restore |
+| `-l` TOKEN_LABEL | `--token-label` TOKEN_LABEL | Label of the token to restore (starts with match). | Restore |
+
+##### Examples
+The following examples demonstrate different restore command variations.
+
+###### Restore tokens in a standard tenant
+This example will restore any token with a label starting with "ExampleToken".
+
+```shell
+python3 token_dispenser.py restore -l ExampleToken
+```
+
+You can also restore specific tokens by ID.
+
+```shell
+python3 token_dispenser.py restore -i $TOKEN_ID
+```
+
+##### Flight Control examples
+> [!IMPORTANT]
+> You must provide the MSSP mode (`-m`) argument in order to access child tenants. If you wish processing to only occur within child tenants, you must provide the `--skip-parent` argument.
+
+###### Restore a single token in a child tenant
+This example will restore a single token within a child tenant.
+
+```shell
+python3 token_dispenser.py restore -i $TOKEN_ID -c $CHILD_TENANT_CID
+```
+
+You can also accomplish this leveraging MSSP mode. All child tenants will be searched for a token that matches the ID.
+
+```shell
+python3 token_dispenser.py restore -i $TOKEN_ID -m
+```
+
+###### Restore tokens in a child tenant that have a label starting with a specific string
+This example will restore tokens labeled "ExampleToken" (or any variation starting with this string) within child tenants.
+
+```shell
+python3 token_dispenser.py restore -l ExampleToken -c $CHILD_TENANT_CID
+```
+
+You can also accomplish this leveraging MSSP mode. All child tenants will be searched for labels that match the specified string.
+
+```shell
+python3 token_dispenser.py restore -l ExampleToken -m
+```
+
+> [!NOTE]
+> To skip the confirmation dialog presented when performing multi-tenant operations, provide the `--force` argument. This argument has no impact on operations where a confirmation dialog is not normally presented.
+
+##### Command line help (restore)
+Command-line help for this command is available when the command is called along with the `-h` argument.
+
+```shell
+usage: token_dispenser.py restore [-h] (-i TOKEN_ID | -l TOKEN_LABEL) [--force] [-d] [-f FILTER] [-o ORDER_BY] [-r] [-t TABLE_FORMAT] [-v] [--output-file OUTPUT_FILE] [--output-format {csv,json}] [-k CLIENT_ID]
+                                  [-s CLIENT_SECRET] [-c CHILD] [-m] [--skip-parent] [--show-tenant]
+
+ _____           _
+|  __ \         | |
+| |__) |___  ___| |_ ___  _ __ ___
+|  _  // _ \/ __| __/ _ \| '__/ _ \
+| | \ \  __/\__ \ || (_) | | |  __/
+|_|  \_\___||___/\__\___/|_|  \___|
+
+
+
+optional arguments:
+  -h, --help            show this help message and exit
+  --force               Perform the operation without asking for confirmation.
+  -d, --debug           Enable debug.
+  -f FILTER, --filter FILTER
+                        Filter results by searching token labels (stemmed search).
+  -o ORDER_BY, --order-by ORDER_BY
+                        Sort key to use for tabular displays.
+  -r, --reverse         Reverses the sort order.
+  -t TABLE_FORMAT, --table-format TABLE_FORMAT
+                        Format to use for tabular output.
+  -v, --show-version    Show FalconPy version in output.
+  --output-file OUTPUT_FILE
+                        Output token list results to a CSV or JSON file.
+  --output-format {csv,json}
+                        Set output file format.
+
+required arguments (mutually exclusive):
+  -i TOKEN_ID, --token-id TOKEN_ID
+                        ID of the token to restore.
+  -l TOKEN_LABEL, --token-label TOKEN_LABEL
+                        Label of the token to restore (starts with match).
+
+authentication arguments (not required if using environment authentication):
+  -k CLIENT_ID, --client_id CLIENT_ID
+                        Falcon API client ID
+  -s CLIENT_SECRET, --client_secret CLIENT_SECRET
+                        Falcon API client secret
+
+mssp arguments:
+  -c CHILD, --child CHILD
+                        CID of the child tenant to target.
+  -m, --mssp            Flight Control (MSSP) mode.
+  --skip-parent         Do not take action within the parent tenant.
+  --show-tenant         Display tenant CID values.
+```
+
+---
+
+#### Update tokens
+Update tokens within your tenant, or across parent and child tenants simultaneously. Supports the restoration of multiple tokens.
+
+##### Update command arguments
+There are two sets of update command-specific required arguments. The first set includes `token-id` and `token-label` which are mutually exclusive to each other.
+The second set of required arguments includes `add-days`, `expiration` and `new_token_label`. These three are mutually exclusive to each other. There is one optional argument `force`.
+All [universal arguments](#universal-arguments) are supported and can be mixed with create command arguments in any order or combination.
+
+| Argument | Long Argument | Description | Category |
+| :-- | :-- | :-- | :-- |
+| | `--force` | Perform the operation without asking for confirmation. | General |
+| `-i` TOKEN_ID | `--token-id` TOKEN_ID | ID of the token to update. | Update |
+| `-l` TOKEN_LABEL | `--token-label` TOKEN_LABEL | Label of the token to update (starts with match). | Update |
+| `-a` ADD_DAYS | `--add-days` ADD_DAYS | Add specified number of days to token expiration. |
+| `-e` EXPIRATION | `--expiration` EXPIRATION | Token expiration (`YYYY-mm-ddTHH:MM:SSZ` format). | Update |
+| `-n` NEW_TOKEN_LABEL | `--new-label` NEW_TOKEN_LABEL | New label for the token. | Update |
+
+##### Examples
+The following examples demonstrate different update command variations.
+
+###### Update tokens in a standard tenant to extend the expiration
+This example will update all tokens with a label starting with "ExampleToken" and add 5 days to the expiration.
+
+```shell
+python3 token_dispenser.py update -l ExampleToken -a 5
+```
+
+You can also update specific tokens by ID.
+
+```shell
+python3 token_dispenser.py update -i $TOKEN_ID -a 5
+```
+
+###### Update tokens in a standard tenant to a specific expiration
+This example will update all tokens with a label starting with "ExampleToken" to have the specified expiration date.
+
+```shell
+python3 token_dispenser.py update -l ExampleToken -e 2025-01-01T12:01:01Z
+```
+
+You can also perform this update on a specific token by providing the ID.
+
+```shell
+python3 token_dispenser.py update -i $TOKEN_ID -e 2025-01-01T12:01:01Z
+```
+
+###### Change the label of tokens within a standard tenant
+This example will change the label for any token with a label starting with "ExampleToken" to be "NewExampleToken". If multiple tokens are renamed within a tenant, a number will be appended at the end of each.
+
+```shell
+python3 token_dispenser.py update -l ExampleToken -n NewExampleToken
+```
+
+You can also update a token label by providing the specific token ID.
+
+```shell
+python3 token_dispenser.py delete -i $TOKEN_ID -n NewExampleToken
+```
+
+##### Flight Control examples
+> [!IMPORTANT]
+> You must provide the MSSP mode (`-m`) argument in order to access child tenants. If you wish processing to only occur within child tenants, you must provide the `--skip-parent` argument.
+
+###### Update a single token to extend the expiration
+This example will update a single token within a parent or child tenant to add 5 days to the expiration.
+
+```shell
+python3 token_dispenser.py update -i $TOKEN_ID -c $CHILD_TENANT_CID -a 5
+```
+
+You can also accomplish this leveraging MSSP mode. All child tenants will be searched for the token with the matching ID.
+
+```shell
+python3 token_dispenser.py update -i $TOKEN_ID -m -a 5
+```
+
+###### Update tokens that have a label starting with a specific string to a specific expiration
+This example will update tokens labeled "ExampleToken" (or any variation starting with this string) within the parent and child tenants to have the specified expiration date.
+
+```shell
+python3 token_dispenser.py update -l ExampleToken -c $CHILD_TENANT_CID -e 2025-01-01T12:01:01Z
+```
+
+You can also accomplish this leveraging MSSP mode. All child tenants will be searched for labels that match the specified string.
+
+```shell
+python3 token_dispenser.py update -l ExampleToken -m -e 2025-01-01T12:01:01Z
+```
+
+###### Changing the label of a token
+This example will change the label for the token "ExampleToken" to be "NewExampleToken" within the tenant it is found.
+
+```shell
+python3 token_dispenser.py update -i $TOKEN_ID -m -n NewExampleToken
+```
+
+This example will change the label for any token matching "ExampleToken" to be "NewExampleToken" within the tenant it is found. If multiple tokens are updated within a tenant, a number will be appended to the end of each.
+
+```shell
+python3 token_dispenser.py update -l ExampleToken -m -n NewExampleToken
+```
+
+> [!NOTE]
+> To skip the confirmation dialog presented when performing multi-tenant operations, provide the `--force` argument. This argument has no impact on operations where a confirmation dialog is not normally presented.
+
+##### Command line help (update)
+Command-line help for this command is available when the command is called along with the `-h` argument.
+
+```shell
+usage: token_dispenser.py update [-h] (-i TOKEN_ID | -l TOKEN_LABEL) (-a ADD_DAYS | -e EXPIRATION | -n NEW_TOKEN_LABEL) [--force] [-d] [-f FILTER] [-o ORDER_BY] [-r] [-t TABLE_FORMAT] [-v] [--output-file OUTPUT_FILE]
+                                 [--output-format {csv,json}] [-k CLIENT_ID] [-s CLIENT_SECRET] [-c CHILD] [-m] [--skip-parent] [--show-tenant]
+
+ _    _           _       _
+| |  | |         | |     | |
+| |  | |_ __   __| | __ _| |_ ___
+| |  | | '_ \ / _` |/ _` | __/ _ \
+| |__| | |_) | (_| | (_| | ||  __/
+ \____/| .__/ \__,_|\__,_|\__\___|
+       | |
+       |_|
+
+optional arguments:
+  -h, --help            show this help message and exit
+  --force               Perform the operation without asking for confirmation.
+  -d, --debug           Enable debug.
+  -f FILTER, --filter FILTER
+                        Filter results by searching token labels (stemmed search).
+  -o ORDER_BY, --order-by ORDER_BY
+                        Sort key to use for tabular displays.
+  -r, --reverse         Reverses the sort order.
+  -t TABLE_FORMAT, --table-format TABLE_FORMAT
+                        Format to use for tabular output.
+  -v, --show-version    Show FalconPy version in output.
+  --output-file OUTPUT_FILE
+                        Output token list results to a CSV or JSON file.
+  --output-format {csv,json}
+                        Set output file format.
+
+required arguments:
+  -i TOKEN_ID, --token-id TOKEN_ID
+                        ID of the token to update.
+  -l TOKEN_LABEL, --token-label TOKEN_LABEL
+                        Label of the token to update (starts with match).
+  -a ADD_DAYS, --add-days ADD_DAYS
+                        Add specified number of days to token expiration.
+  -e EXPIRATION, --expiration EXPIRATION
+                        Token expiration (YYYY-mm-ddTHH:MM:SSZ).
+  -n NEW_TOKEN_LABEL, --new-label NEW_TOKEN_LABEL
+                        New label for the token.
+
+authentication arguments (not required if using environment authentication):
+  -k CLIENT_ID, --client_id CLIENT_ID
+                        Falcon API client ID
+  -s CLIENT_SECRET, --client_secret CLIENT_SECRET
+                        Falcon API client secret
+
+mssp arguments:
+  -c CHILD, --child CHILD
+                        CID of the child tenant to target.
+  -m, --mssp            Flight Control (MSSP) mode.
+  --skip-parent         Do not take action within the parent tenant.
+  --show-tenant         Display tenant CID values.
+```
+
+#### Delete tokens
+Delete tokens within your tenant, or across parent and child tenants simultaneously. Supports the restoration of multiple tokens.
+
+##### Delete command arguments
+There are two delete command-specific required arguments (`token-id` and `token-label`). These arguments are mutually exclusive. There is one optional argument `force`.
+All [universal arguments](#universal-arguments) are supported and can be mixed with create command arguments in any order or combination.
+
+| Argument | Long Argument | Description | Category |
+| :-- | :-- | :-- | :-- |
+| | `--force` | Perform the operation without asking for confirmation. | General |
+| `-i` TOKEN_ID | `--token-id` TOKEN_ID | ID of the token to delete. | Delete |
+| `-l` TOKEN_LABEL | `--token-label` TOKEN_LABEL | Label of the token to delete (starts with match). | Delete |
+
+##### Examples
+The following examples demonstrate different delete command variations.
+
+###### Delete tokens in a standard tenant
+This example will delete any token with a label starting with "ExampleToken".
+
+```shell
+python3 token_dispenser.py delete -l ExampleToken
+```
+
+You can also delete specific tokens by ID.
+
+```shell
+python3 token_dispenser.py delete -i $TOKEN_ID
+```
+
+##### Flight Control examples
+> [!IMPORTANT]
+> You must provide the MSSP mode (`-m`) argument in order to access child tenants. If you wish processing to only occur within child tenants, you must provide the `--skip-parent` argument.
+
+###### Delete a single token in a child tenant
+This example will delete a single token within a child tenant.
+
+```shell
+python3 token_dispenser.py delete -i $TOKEN_ID -c $CHILD_TENANT_CID
+```
+
+You can also accomplish this leveraging MSSP mode. All child tenants will be searched for a token that matches the ID.
+
+```shell
+python3 token_dispenser.py delete -i $TOKEN_ID -m
+```
+
+###### Delete tokens in a child tenant that have a label starting with a specific string
+This example will delete tokens labeled "ExampleToken" (or any variation starting with this string) within child tenants.
+
+```shell
+python3 token_dispenser.py delete -l ExampleToken -c $CHILD_TENANT_CID
+```
+
+You can also accomplish this leveraging MSSP mode. All child tenants will be searched for labels that match the specified string.
+
+```shell
+python3 token_dispenser.py delete -l ExampleToken -m
+```
+
+> [!NOTE]
+> To skip the confirmation dialog presented when performing multi-tenant operations, provide the `--force` argument. This argument has no impact on operations where a confirmation dialog is not normally presented.
+
+##### Command line help (delete)
+Command-line help for this command is available when the command is called along with the `-h` argument.
+
+```shell
+usage: token_dispenser.py delete [-h] (-i TOKEN_ID | -l TOKEN_LABEL) [--force] [-d] [-f FILTER] [-o ORDER_BY] [-r] [-t TABLE_FORMAT] [-v] [--output-file OUTPUT_FILE] [--output-format {csv,json}] [-k CLIENT_ID]
+                                 [-s CLIENT_SECRET] [-c CHILD] [-m] [--skip-parent] [--show-tenant]
+
+ _____       _      _
+|  __ \     | |    | |
+| |  | | ___| | ___| |_ ___
+| |  | |/ _ \ |/ _ \ __/ _ \
+| |__| |  __/ |  __/ ||  __/
+|_____/ \___|_|\___|\__\___|
+
+
+
+optional arguments:
+  -h, --help            show this help message and exit
+  --force               Perform the operation without asking for confirmation.
+  -d, --debug           Enable debug.
+  -f FILTER, --filter FILTER
+                        Filter results by searching token labels (stemmed search).
+  -o ORDER_BY, --order-by ORDER_BY
+                        Sort key to use for tabular displays.
+  -r, --reverse         Reverses the sort order.
+  -t TABLE_FORMAT, --table-format TABLE_FORMAT
+                        Format to use for tabular output.
+  -v, --show-version    Show FalconPy version in output.
+  --output-file OUTPUT_FILE
+                        Output token list results to a CSV or JSON file.
+  --output-format {csv,json}
+                        Set output file format.
+
+required arguments (mutually exclusive):
+  -i TOKEN_ID, --token-id TOKEN_ID
+                        ID of the token to remove.
+  -l TOKEN_LABEL, --token-label TOKEN_LABEL
+                        Label of the token to remove (starts with match).
+
+authentication arguments (not required if using environment authentication):
+  -k CLIENT_ID, --client_id CLIENT_ID
+                        Falcon API client ID
+  -s CLIENT_SECRET, --client_secret CLIENT_SECRET
+                        Falcon API client secret
+
+mssp arguments:
+  -c CHILD, --child CHILD
+                        CID of the child tenant to target.
+  -m, --mssp            Flight Control (MSSP) mode.
+  --skip-parent         Do not take action within the parent tenant.
+  --show-tenant         Display tenant CID values.
+```
+
+### Example source code
+The source code for this example can be found [here](token_dispenser.py).
\ No newline at end of file
diff --git a/samples/installation_tokens/token_dispenser.py b/samples/installation_tokens/token_dispenser.py
new file mode 100644
index 000000000..f9c42220f
--- /dev/null
+++ b/samples/installation_tokens/token_dispenser.py
@@ -0,0 +1,999 @@
+r"""Installation Token management utility.
+
+ _______                        __ _______ __        __ __
+|   _   .----.-----.--.--.--.--|  |   _   |  |_.----|__|  |--.-----.
+|.  1___|   _|  _  |  |  |  |  _  |   1___|   _|   _|  |    <|  -__|
+|.  |___|__| |_____|________|_____|____   |____|__| |__|__|__|_____|
+|:  1   |                         |:  1   |
+|::.. . |                         |::.. . |       FalconPy v1.3.4
+`-------'                         `-------'
+
+_______  _____  _     _ _______ __   _
+   |    |     | |____/  |______ | \  |
+   |    |_____| |    \_ |______ |  \_|
+
+______  _____ _______  _____  _______ __   _ _______ _______  ______
+|     \   |   |______ |_____] |______ | \  | |______ |______ |_____/
+|_____/ __|__ ______| |       |______ |  \_| ______| |______ |    \_
+
+               .-------.            with    ________)
+               |Jackpot|                   (, /     /) ,     /)
+   ____________|_______|____________         /___, //    _  (/  _/_
+  |  __    __    ___  _____   __    |     ) /     (/__(_(_/_/ )_(__
+  | / _\  / /   /___\/__   \ / _\   |    (_/           .-/
+  | \ \  / /   //  //  / /\ \\ \  25|                 (_/  )   ___
+  | _\ \/ /___/ \_//  / /  \/_\ \ []|  __                 (__/_____)                   /)
+  | \__/\____/\___/   \/     \__/ []| (__)                  /       _____  _/_ __  ___//
+  |===_______===_______===_______===|  ||                  /       (_) / (_(__/ (_(_)(/_
+  ||*| _____ |*|       |*|  ___  |*||  ||                 (______)
+  ||*||     ||*|  /\ _ |*| |_  | |*||  ||
+  ||*||*BAR*||*|  \_(_)|*|  / /  |*||  ||
+  ||*||_____||*|  (_)  |*| /_/   |*||  ||
+  ||*|_______|*|_______|*|_______|*||_//                 Creation date: 11.15.2023
+  | \=___________________________=/ |_/                       jshcodes@CrowdStrike
+ _|    \_______________________/    |_                            WE STOP BREACHES
+(_____________________________________)
+"""
+#  _____ _______  _____   _____   ______ _______ _______
+#    |   |  |  | |_____] |     | |_____/    |    |______
+#  __|__ |  |  | |       |_____| |    \_    |    ______|
+#
+import sys
+from argparse import ArgumentParser, Namespace, RawTextHelpFormatter, _SubParsersAction
+from copy import deepcopy
+from csv import writer
+from datetime import datetime, timedelta
+from json import dump
+from logging import basicConfig, DEBUG
+from os import getenv
+from secrets import randbelow
+from time import sleep
+from typing import Tuple, Callable, List, Dict
+try:
+    from pyfiglet import figlet_format
+except ImportError as no_figlet:
+    raise SystemExit("The pyfiglet library is required to use this program.") from no_figlet
+try:
+    from tabulate import tabulate
+except ImportError as no_tabulate:
+    raise SystemExit("The tabulate library is required to use this program.") from no_tabulate
+try:
+    from falconpy import (
+        APIError,
+        InstallationTokens,
+        SensorDownload,
+        FlightControl,
+        Result,
+        version
+        )
+except ImportError as no_falconpy:
+    raise SystemExit("The CrowdStrike FalconPy library (version 1.3.4 or greater) is required "
+                     "to use this program."
+                     ) from no_falconpy
+
+
+#   _____   _____  _______ _____  _____  __   _ _______
+#  |     | |_____]    |      |   |     | | \  | |_____| |
+#  |_____| |          |    __|__ |_____| |  \_| |     | |_____
+#  _______  ______  ______ _     _ _______ _______ __   _ _______ _______
+#  |_____| |_____/ |  ____ |     | |  |  | |______ | \  |    |    |______
+#  |     | |    \_ |_____| |_____| |  |  | |______ |  \_|    |    ______|
+#
+def add_opt_arguments(sbp: ArgumentParser) -> ArgumentParser:
+    """Add shared optional arguments to the provided command line argument subparser."""
+    sbp.add_argument("-d", "--debug", help="Enable debug.", default=False, action="store_true")
+    sbp.add_argument("-f", "--filter",
+                     help="Filter results by searching token labels (stemmed search)."
+                     )
+    sbp.add_argument("-o", "--order-by",
+                     help="Sort key to use for tabular displays.",
+                     dest="order_by",
+                     default="label"
+                     )
+    sbp.add_argument("-r", "--reverse",
+                     help="Reverses the sort order.",
+                     default=False,
+                     action="store_true"
+                     )
+    sbp.add_argument("-t", "--table-format",
+                     dest="table_format",
+                     help="Format to use for tabular output.",
+                     default="simple"
+                     )
+    sbp.add_argument("-v", "--show-version",
+                     dest="show_version",
+                     help="Show FalconPy version in output.",
+                     default=False,
+                     action="store_true"
+                     )
+    sbp.add_argument("--output-file",
+                     dest="output_file",
+                     help="Output token list results to a CSV or JSON file.",
+                     default=None
+                     )
+    sbp.add_argument("--output-format",
+                     dest="output_format",
+                     help="Set output file format.",
+                     default="csv",
+                     choices=["csv", "json"]
+                     )
+    auth = sbp.add_argument_group("authentication arguments "
+                                  "(not required if using environment authentication)")
+    auth.add_argument("-k", "--client_id",
+                      help="Falcon API client ID",
+                      default=getenv("FALCON_CLIENT_ID")
+                      )
+    auth.add_argument("-s", "--client_secret",
+                      help="Falcon API client secret",
+                      default=getenv("FALCON_CLIENT_SECRET")
+                      )
+    mssp = sbp.add_argument_group("mssp arguments")
+    mssp.add_argument("-c", "--child",
+                      dest="child",
+                      help="CID of the child tenant to target.",
+                      default=None
+                      )
+    mssp.add_argument("-m", "--mssp",
+                      dest="mssp",
+                      help="Flight Control (MSSP) mode.",
+                      default=False,
+                      action="store_true"
+                      )
+    mssp.add_argument("--skip-parent",
+                      dest="skip_parent",
+                      help="Do not take action within the parent tenant.",
+                      action="store_true",
+                      default=False
+                      )
+    mssp.add_argument("--show-tenant",
+                      dest="show_tenant",
+                      help="Display tenant CID values.",
+                      action="store_true",
+                      default=False
+                      )
+    return sbp
+
+
+def add_force_argument(sbp: ArgumentParser) -> ArgumentParser:
+    """Add shared optional arguments to the provided command line argument subparser."""
+    sbp.add_argument("--force",
+                     help="Perform the operation without asking for confirmation.",
+                     action="store_true",
+                     default=False
+                     )
+    return sbp
+
+
+def extra_args(subp: ArgumentParser) -> ArgumentParser:
+    """Add in optional arguments along with the force argument."""
+    subp = add_force_argument(subp)
+    subp = add_opt_arguments(subp)
+    return subp
+
+
+#  |      _____ _______ _______
+#  |        |   |______    |
+#  |_____ __|__ ______|    |
+#  _______  ______  ______ _     _ _______ _______ __   _ _______ _______
+#  |_____| |_____/ |  ____ |     | |  |  | |______ | \  |    |    |______
+#  |     | |    \_ |_____| |_____| |  |  | |______ |  \_|    |    ______|
+#
+def handle_list_arguments(sub: _SubParsersAction, head: str) -> ArgumentParser:
+    """Handle list command arguments."""
+    do_list: ArgumentParser = sub.add_parser("list",
+                                             help="List all tokens [default]",
+                                             aliases=["l"],
+                                             description=figlet_format("List", font=head),
+                                             formatter_class=RawTextHelpFormatter
+                                             )
+    do_list = add_opt_arguments(do_list)
+    return do_list
+
+
+def show_tenant_list(arg_list: Namespace, cids_to_show: list):
+    """Show CIDs for all tenants searched."""
+    if arg_list.mssp and arg_list.show_tenant:
+        parent = False
+        for kid in cids_to_show:
+            if not parent:
+                print(f"Tenant: {kid}")
+                parent = True
+            else:
+                print(f"Child tenant: {kid}")
+
+
+#  |      _____ _______ _______
+#  |        |   |______    |
+#  |_____ __|__ ______|    |
+#
+def show_all_tokens(sdk: InstallationTokens, cmdline: str, filter_str: str = None):
+    """Display every token in the tenant (or across all tenants)."""
+    hold_creds = sdk.auth_object.creds
+    this_cid, cid_list = get_cid_ids(sdk, cmdline)
+    show_tenant_list(cmdline, cid_list)
+    token_details = []
+    ptokens = []
+    for cid in cid_list:
+        if cid != this_cid:
+            hold_creds["member_cid"] = cid
+        api = sdk
+        if cmdline.mssp and (len(cid_list) > 1 and ptokens):
+            api = InstallationTokens(creds=hold_creds, pythonic=True, debug=cmdline.debug)
+        token_details = get_all_tokens(api, cmdline, filter_str, cid, token_details)
+        if cid == this_cid and not ptokens:
+            ptokens = deepcopy(token_details)
+    display_tokens(token_details, cmdline, ptokens)
+
+
+#  _______  ______ _______ _______ _______ _______
+#  |       |_____/ |______ |_____|    |    |______
+#  |_____  |    \_ |______ |     |    |    |______
+#  _______  ______  ______ _     _ _______ _______ __   _ _______ _______
+#  |_____| |_____/ |  ____ |     | |  |  | |______ | \  |    |    |______
+#  |     | |    \_ |_____| |_____| |  |  | |______ |  \_|    |    ______|
+#
+def handle_create_arguments(sub: _SubParsersAction, head: str) -> ArgumentParser:
+    """Handle create command arguments."""
+    do_create: ArgumentParser = sub.add_parser("create",
+                                               help="Create tokens",
+                                               aliases=["c"],
+                                               description=figlet_format("Create", font=head),
+                                               formatter_class=RawTextHelpFormatter
+                                               )
+    create_req = do_create.add_argument_group("required arguments")
+    create_req.add_argument("-l", "--token-label",
+                            dest="token_label",
+                            help="Label for the token.",
+                            required=True
+                            )
+    create_req.add_argument("-e", "--expiration",
+                            help="Token expiration (number of days or YYYY-mm-ddTHH:MM:SSZ).",
+                            required=True
+                            )
+    do_create.add_argument("-n", "--count", help="Number of tokens to create.", type=int, default=1)
+    do_create = extra_args(do_create)
+    return do_create
+
+
+#  _______  ______ _______ _______ _______ _______
+#  |       |_____/ |______ |_____|    |    |______
+#  |_____  |    \_ |______ |     |    |    |______
+#
+def create_token(sdk: InstallationTokens, cmdline: Namespace):
+    """Create a token with the specified expiration and label."""
+    hold_creds = sdk.auth_object.creds
+    this_cid, cids = get_cid_ids(sdk, cmdline)
+    token_expiration = cmdline.expiration
+    cids_to_process = [
+        c for c in cids if (cmdline.skip_parent and not c == this_cid) or not cmdline.skip_parent
+        ]
+    for cid in cids_to_process:
+        if cid != this_cid:
+            hold_creds["member_cid"] = cid
+        api = sdk
+        if cmdline.mssp and len(cids) > 1:
+            api = InstallationTokens(creds=hold_creds, pythonic=True, debug=cmdline.debug)
+        try:
+            if int(cmdline.expiration) > 0:
+                token_expiration = (
+                    datetime.now() + timedelta(days=int(cmdline.expiration))
+                    ).strftime("%Y-%m-%dT%H:%M:%SZ")
+            else:
+                raise SystemExit("Token expiration days must be an integer greater than zero.")
+        except ValueError:
+            pass
+
+        for num in range(1, cmdline.count+1):
+            label = f"{cmdline.token_label}{num if cmdline.count > 1 else ''}"
+            create_result = sdk_operation(api.tokens_create,
+                                          LONG_WAIT,
+                                          cmdline.debug,
+                                          label=label,
+                                          expires_timestamp=token_expiration
+                                          )
+        if create_result.errors:
+            for error in create_result.errors:
+                print(f"NONFATAL {error['code']} ERROR: {error['message']}")
+
+
+#   ______ _______ _    _  _____  _     _ _______
+#  |_____/ |______  \  /  |     | |____/  |______
+#  |    \_ |______   \/   |_____| |    \_ |______
+#  _______  ______  ______ _     _ _______ _______ __   _ _______ _______
+#  |_____| |_____/ |  ____ |     | |  |  | |______ | \  |    |    |______
+#  |     | |    \_ |_____| |_____| |  |  | |______ |  \_|    |    ______|
+#
+def handle_revoke_arguments(sub: _SubParsersAction, head: str) -> ArgumentParser:
+    """Handle revoke command arguments."""
+    do_revoke: ArgumentParser = sub.add_parser("revoke",
+                                               help="Revoke tokens",
+                                               aliases=["x"],
+                                               description=figlet_format("Revoke", font=head),
+                                               formatter_class=RawTextHelpFormatter
+                                               )
+    revoke_req = do_revoke.add_argument_group("required arguments (mutually exclusive)")
+    revoke_grp = revoke_req.add_mutually_exclusive_group(required=True)
+    revoke_grp.add_argument("-i", "--token-id", dest="token_id", help="ID of the token to revoke.")
+    revoke_grp.add_argument("-l", "--token-label",
+                            dest="token_label",
+                            help="Label of the token to revoke (starts with match)."
+                            )
+    do_revoke = extra_args(do_revoke)
+    return do_revoke
+
+
+#   ______ _______ _______ _______  _____   ______ _______
+#  |_____/ |______ |______    |    |     | |_____/ |______
+#  |    \_ |______ ______|    |    |_____| |    \_ |______
+#  _______  ______  ______ _     _ _______ _______ __   _ _______ _______
+#  |_____| |_____/ |  ____ |     | |  |  | |______ | \  |    |    |______
+#  |     | |    \_ |_____| |_____| |  |  | |______ |  \_|    |    ______|
+#
+def handle_restore_arguments(sub: _SubParsersAction, head: str) -> ArgumentParser:
+    """Handle restore command arguments."""
+    do_restore: ArgumentParser = sub.add_parser("restore",
+                                                help="Restore tokens",
+                                                aliases=["r"],
+                                                description=figlet_format("Restore", font=head),
+                                                formatter_class=RawTextHelpFormatter
+                                                )
+    restore_req = do_restore.add_argument_group("required arguments (mutually exclusive)")
+    restore_grp = restore_req.add_mutually_exclusive_group(required=True)
+    restore_grp.add_argument("-i", "--token-id",
+                             dest="token_id",
+                             help="ID of the token to restore."
+                             )
+    restore_grp.add_argument("-l", "--token-label",
+                             dest="token_label",
+                             help="Label of the token to restore (starts with match)."
+                             )
+    do_restore = extra_args(do_restore)
+    return do_restore
+
+
+#   ______ _______ _    _  _____  _     _ _______      _______ __   _ ______
+#  |_____/ |______  \  /  |     | |____/  |______      |_____| | \  | |     \
+#  |    \_ |______   \/   |_____| |    \_ |______      |     | |  \_| |_____/
+#   ______ _______ _______ _______  _____   ______ _______
+#  |_____/ |______ |______    |    |     | |_____/ |______
+#  |    \_ |______ ______|    |    |_____| |    \_ |______
+#
+def token_revocation(sdk: InstallationTokens, cmdline: Namespace, revoking: bool = False):
+    """Revoke a token by ID or name."""
+    hold_creds = sdk.auth_object.creds
+    this_cid, cids = get_cid_ids(sdk, cmdline)
+    cids_to_process = [
+        c for c in cids if (cmdline.skip_parent and not c == this_cid) or not cmdline.skip_parent
+        ]
+    for cid in cids_to_process:
+        if cid != this_cid:
+            hold_creds["member_cid"] = cid
+        api = sdk
+        if cmdline.mssp and len(cids) > 1:
+            api = InstallationTokens(creds=hold_creds, pythonic=True, debug=cmdline.debug)
+
+        if cmdline.token_id:
+            revoke_result = sdk_operation(api.tokens_update,
+                                          SHORT_WAIT,
+                                          cmdline.debug,
+                                          ids=cmdline.token_id,
+                                          revoked=revoking
+                                          )
+            if revoke_result.errors:
+                for error in revoke_result.errors:
+                    print(f"NONFATAL {error['code']} ERROR: {error['message']} ({error['id']})")
+        if cmdline.token_label:
+            token_lookup = sdk_operation(api.tokens_query,
+                                         LONG_WAIT,
+                                         cmdline.debug,
+                                         filter=f"label:*'{cmdline.token_label}*'"
+                                         )
+            if token_lookup.status_code == 200 and len(token_lookup.data):
+                for returned_token_id in token_lookup.data:
+                    sdk_operation(api.tokens_update,
+                                  LONG_WAIT,
+                                  cmdline.debug,
+                                  ids=returned_token_id,
+                                  revoked=revoking
+                                  )
+            else:
+                print(f"NONFATAL 404 ERROR: Not Found ({cmdline.token_label})")
+
+
+#  _     _  _____  ______  _______ _______ _______
+#  |     | |_____] |     \ |_____|    |    |______
+#  |_____| |       |_____/ |     |    |    |______
+#  _______  ______  ______ _     _ _______ _______ __   _ _______ _______
+#  |_____| |_____/ |  ____ |     | |  |  | |______ | \  |    |    |______
+#  |     | |    \_ |_____| |_____| |  |  | |______ |  \_|    |    ______|
+#
+def handle_update_arguments(sub: _SubParsersAction, head: str) -> ArgumentParser:
+    """Handle update command arguments."""
+    do_update: ArgumentParser = sub.add_parser("update",
+                                               help="Update tokens",
+                                               aliases=["u"],
+                                               description=figlet_format("Update", font=head),
+                                               formatter_class=RawTextHelpFormatter
+                                               )
+    update_req = do_update.add_argument_group("required arguments")
+    update_grp1 = update_req.add_mutually_exclusive_group(required=True)
+    update_grp1.add_argument("-i", "--token-id",
+                             dest="token_id",
+                             help="ID of the token to update."
+                             )
+    update_grp1.add_argument("-l", "--token-label",
+                             dest="token_label",
+                             help="Label of the token to update (starts with match)."
+                             )
+    update_grp2 = update_req.add_mutually_exclusive_group(required=True)
+    update_grp2.add_argument("-a", "--add-days",
+                             help="Add specified number of days to token expiration."
+                             )
+    update_grp2.add_argument("-e", "--expiration", help="Token expiration (YYYY-mm-ddTHH:MM:SSZ).")
+    update_grp2.add_argument("-n", "--new-label",
+                             dest="new_token_label",
+                             help="New label for the token."
+                             )
+    do_update = extra_args(do_update)
+    return do_update
+
+
+#  _     _  _____  ______  _______ _______ _______      ______  __   __     _____ ______
+#  |     | |_____] |     \ |_____|    |    |______      |_____]   \_/         |   |     \
+#  |_____| |       |_____/ |     |    |    |______      |_____]    |        __|__ |_____/
+#
+def update_token_by_id(sdk: InstallationTokens, cmdline: Namespace):
+    """Update a token by ID."""
+    hold_creds = sdk.auth_object.creds
+    this_cid, cids = get_cid_ids(sdk, cmdline)
+    cids_to_process = [
+        c for c in cids if (cmdline.skip_parent and not c == this_cid) or not cmdline.skip_parent
+        ]
+    for cid in cids_to_process:
+        if cid != this_cid:
+            hold_creds["member_cid"] = cid
+        api = sdk
+        if cmdline.mssp and len(cids) > 1:
+            api = InstallationTokens(creds=hold_creds, pythonic=True, debug=cmdline.debug)
+        updates = {}
+        if cmdline.new_token_label:
+            updates["label"] = cmdline.new_token_label
+        if cmdline.expiration:
+            updates["expires_timestamp"] = cmdline.expiration
+        if cmdline.add_days:
+            exp = sdk_operation(api.tokens_read,
+                                LONG_WAIT,
+                                cmdline.debug,
+                                ids=cmdline.token_id
+                                )
+            if exp.status_code == 200 and len(exp.data):
+                new_exp = datetime.strptime(exp.data[0]["expires_timestamp"], "%Y-%m-%dT%H:%M:%SZ")
+                updates["expires_timestamp"] = (
+                    new_exp + timedelta(days=int(cmdline.add_days))
+                    ).strftime("%Y-%m-%dT%H:%M:%SZ")
+        if updates:
+            updates["ids"] = cmdline.token_id
+            update_result = sdk_operation(api.tokens_update, SHORT_WAIT, cmdline.debug, **updates)
+            if update_result.errors:
+                for error in update_result.errors:
+                    print(f"NONFATAL {error['code']} ERROR: {error['message']} ({error['id']})")
+
+
+#  _     _  _____  ______  _______ _______ _______
+#  |     | |_____] |     \ |_____|    |    |______
+#  |_____| |       |_____/ |     |    |    |______
+#  ______  __   __            _______ ______  _______
+#  |_____]   \_/       |      |_____| |_____] |______ |
+#  |_____]    |        |_____ |     | |_____] |______ |_____
+#
+def update_token_by_label(sdk: InstallationTokens, cmdline: Namespace):
+    """Update a token by label."""
+    hold_creds = sdk.auth_object.creds
+    this_cid, cids = get_cid_ids(sdk, cmdline)
+    cids_to_process = [
+        c for c in cids if (cmdline.skip_parent and not c == this_cid) or not cmdline.skip_parent
+        ]
+    for cid in cids_to_process:
+        if cid != this_cid:
+            hold_creds["member_cid"] = cid
+        api = sdk
+        if cmdline.mssp and len(cids) > 1:
+            api = InstallationTokens(creds=hold_creds, pythonic=True, debug=cmdline.debug)
+        updates = {}
+        if cmdline.new_token_label:
+            updates["label"] = cmdline.new_token_label
+        if cmdline.expiration:
+            updates["expires_timestamp"] = cmdline.expiration
+        token_lookup = sdk_operation(api.tokens_query,
+                                     LONG_WAIT,
+                                     cmdline.debug,
+                                     filter=f"label:*'{cmdline.token_label}*'"
+                                     )
+        if token_lookup.status_code == 200 and len(token_lookup.data):
+            loop = 1
+            for returned_token_id in token_lookup.data:
+                if cmdline.add_days:
+                    exp = sdk_operation(api.tokens_read,
+                                        LONG_WAIT,
+                                        cmdline.debug,
+                                        ids=returned_token_id
+                                        )
+                    if exp.status_code == 200 and len(exp.data):
+                        new_exp = datetime.strptime(exp.data[0]["expires_timestamp"],
+                                                    "%Y-%m-%dT%H:%M:%SZ"
+                                                    )
+                        updates["expires_timestamp"] = (
+                            new_exp + timedelta(days=int(cmdline.add_days))
+                            ).strftime("%Y-%m-%dT%H:%M:%SZ")
+                if cmdline.new_token_label and len(token_lookup.data) > 1:
+                    updates["label"] = f"{cmdline.new_token_label}{loop}"
+                if updates:
+                    updates["ids"] = returned_token_id
+                    sdk_operation(api.tokens_update, LONG_WAIT, cmdline.debug, **updates)
+                    loop += 1
+        else:
+            print(f"NONFATAL 404 ERROR: Not Found ({cmdline.token_label})")
+
+
+#  ______  _______        _______ _______ _______
+#  |     \ |______ |      |______    |    |______
+#  |_____/ |______ |_____ |______    |    |______
+#  _______  ______  ______ _     _ _______ _______ __   _ _______ _______
+#  |_____| |_____/ |  ____ |     | |  |  | |______ | \  |    |    |______
+#  |     | |    \_ |_____| |_____| |  |  | |______ |  \_|    |    ______|
+#
+def handle_delete_arguments(sub: _SubParsersAction, head: str) -> ArgumentParser:
+    """Handle delete command arguments."""
+    do_delete: ArgumentParser = sub.add_parser("delete",
+                                               help="Delete tokens",
+                                               aliases=["d"],
+                                               description=figlet_format("Delete", font=head),
+                                               formatter_class=RawTextHelpFormatter
+                                               )
+    delete_req = do_delete.add_argument_group("required arguments (mutually exclusive)")
+    delete_grp = delete_req.add_mutually_exclusive_group(required=True)
+    delete_grp.add_argument("-i", "--token-id", dest="token_id", help="ID of the token to remove.")
+    delete_grp.add_argument("-l", "--token-label",
+                            dest="token_label",
+                            help="Label of the token to remove (starts with match)."
+                            )
+    do_delete = extra_args(do_delete)
+    return do_delete
+
+
+#  ______  _______        _______ _______ _______
+#  |     \ |______ |      |______    |    |______
+#  |_____/ |______ |_____ |______    |    |______
+#
+def delete_token(sdk: InstallationTokens, cmdline: Namespace):
+    """Delete a token by ID or name."""
+    hold_creds = sdk.auth_object.creds
+    this_cid, cids = get_cid_ids(sdk, cmdline)
+    cids_to_process = [
+        c for c in cids if (cmdline.skip_parent and not c == this_cid) or not cmdline.skip_parent
+        ]
+    for cid in cids_to_process:
+        if cid != this_cid:
+            hold_creds["member_cid"] = cid
+        api = sdk
+        if cmdline.mssp and len(cids) > 1:
+            api = InstallationTokens(creds=hold_creds, pythonic=True, debug=cmdline.debug)
+        if cmdline.token_id:
+            delete_result = sdk_operation(api.tokens_delete,
+                                          SHORT_WAIT,
+                                          cmdline.debug,
+                                          ids=cmdline.token_id
+                                          )
+            if delete_result.errors:
+                for error in delete_result.errors:
+                    print(f"NONFATAL {error['code']} ERROR: {error['message']} ({error['id']})")
+        if cmdline.token_label:
+            token_lookup = sdk_operation(api.tokens_query,
+                                         LONG_WAIT,
+                                         cmdline.debug,
+                                         filter=f"label:*'{cmdline.token_label}*'"
+                                         )
+            if token_lookup.status_code == 200 and len(token_lookup.data):
+                for returned_token_id in token_lookup.data:
+                    sdk_operation(api.tokens_delete,
+                                  LONG_WAIT,
+                                  cmdline.debug,
+                                  ids=returned_token_id
+                                  )
+            else:
+                print(f"NONFATAL 404 ERROR: Not Found ({cmdline.token_label})")
+
+
+#   _____  _______  ______ _______ _______
+#  |_____] |_____| |_____/ |______ |______
+#  |       |     | |    \_ ______| |______
+#  _______  _____  _______ _______ _______ __   _ ______              _____ __   _ _______
+#  |       |     | |  |  | |  |  | |_____| | \  | |     \      |        |   | \  | |______
+#  |_____  |_____| |  |  | |  |  | |     | |  \_| |_____/      |_____ __|__ |  \_| |______
+#  _______  ______  ______ _     _ _______ _______ __   _ _______ _______
+#  |_____| |_____/ |  ____ |     | |  |  | |______ | \  |    |    |______
+#  |     | |    \_ |_____| |_____| |  |  | |______ |  \_|    |    ______|
+#
+def consume_arguments() -> Tuple[Namespace, ArgumentParser]:
+    """Retrieve any provided command line arguments."""
+    subcommands = [
+        "create", "c", "list", "l", "delete", "d", "revoke", "x", "restore", "r", "update", "u"
+        ]
+    parser = ArgumentParser(description=__doc__, formatter_class=RawTextHelpFormatter)
+    header_font = "big"
+    subparsers = parser.add_subparsers(help="Command description",
+                                       dest="subcommand",
+                                       required=False,
+                                       metavar="Token command"
+                                       )
+    handle_list_arguments(subparsers, header_font)  # List
+    handle_create_arguments(subparsers, header_font)  # Create
+    handle_revoke_arguments(subparsers, header_font)  # Revoke
+    handle_restore_arguments(subparsers, header_font)  # Restore
+    handle_update_arguments(subparsers, header_font)  # Update
+    handle_delete_arguments(subparsers, header_font)  # Delete
+    # Force "list" as the default subcommand without breaking the help processor
+    if len(sys.argv) == 1:
+        sys.argv.append("list")
+    if sys.argv[1].lower() not in subcommands and "-h" not in sys.argv:
+        sys.argv.insert(1, "list")
+    else:
+        if sys.argv[1].lower() not in subcommands:
+            sys.argv = [sys.argv[0], "-h"]
+    return parser.parse_args(), parser
+
+
+#   ______ _______ _______ _______             _____ _______ _____ _______
+#  |_____/ |_____|    |    |______      |        |   |  |  |   |      |
+#  |    \_ |     |    |    |______      |_____ __|__ |  |  | __|__    |
+#  _     _ _______ __   _ ______         _______  ______
+#  |_____| |_____| | \  | |     \ |      |______ |_____/
+#  |     | |     | |  \_| |_____/ |_____ |______ |    \_
+#
+def rate_delay(wait_time: int):
+    """Wait for the specified amount of time while informing the user."""
+    for wait in range(wait_time, 0, -1):
+        print(f" Rate limit exceeded, sleeping for {wait} seconds. ", end="\r")
+        sleep(1)
+    print(" " * 80, end="\r")
+
+
+def sdk_operation(operation: Callable, delay_time: int, debugging: bool, **kwargs) -> Result:
+    """Perform an operation against the CrowdStrike API, gracefully handling rate limit errors."""
+    rate_limited = True
+    while rate_limited:
+        try:
+            operation_result: Result = operation(**kwargs)
+            rate_limited = False
+        except APIError as rate_limit_met:
+            if rate_limit_met.code == 429:
+                rate_delay(delay_time)
+            elif debugging:
+                raise rate_limit_met
+            else:
+                failure = FAIL if randbelow(3000) % 2 == 0 else FAIL2
+                raise SystemExit(
+                    failure.format(rate_limit_met.code, rate_limit_met.message)
+                    ) from rate_limit_met
+    return operation_result
+
+
+#  _     _ _______         _____  _______  ______ _______
+#  |_____| |______ |      |_____] |______ |_____/ |______
+#  |     | |______ |_____ |       |______ |    \_ ______|
+#
+def reorganize_token_dictionary(tenant: str, record: dict) -> Dict[str, str]:
+    """Reorganize a token record dictionary to include the CID column."""
+    cid_key = {"cid": tenant}
+    cid_list = list(cid_key.items())
+    token_keys = list(record.keys())
+    token_values = list(record.values())
+    token_keys.insert(token_keys.index("id")+1, cid_list[0][0])
+    token_values.insert(token_keys.index("id")+1, cid_list[0][1])
+    return {
+        token_keys[i]: token_values[i]
+        for i in range(0, len(token_keys))
+    }
+
+
+def get_all_tokens(api_sdk: InstallationTokens,
+                   cmd_args: Namespace,
+                   filt: str,
+                   cur_cid: str,
+                   returning: List[Dict[str, str]]
+                   ) -> List[Dict[str, str]]:
+    """Retrieve all tokens across all tenants."""
+    offset = None
+    running = True
+    while running:
+        token_lookup = sdk_operation(api_sdk.tokens_query,
+                                     LONG_WAIT,
+                                     cmd_args.debug,
+                                     limit=1000,
+                                     offset=offset,
+                                     filter=f"label:*'*{filt}*'" if filt else None
+                                     )
+        if not token_lookup.data:
+            running = False
+        batches = [token_lookup.data[i:i+100] for i in range(0, len(token_lookup.data), 100)]
+        for batch in batches:
+            token_detail = sdk_operation(api_sdk.tokens_read, LONG_WAIT, cmd_args.debug, ids=batch)
+            found = token_detail.data
+            if cmd_args.mssp:
+                found = []
+                for token_det in token_detail.data:
+                    new_dict = reorganize_token_dictionary(cur_cid, token_det)
+                    found.append(new_dict)
+            returning.extend(found)
+
+        offset = len(returning)
+        if token_lookup.total <= len(returning):
+            running = False
+    return returning
+
+
+def confirm(msg: str):
+    """Request confirmation from the user and return a boolean of the response."""
+    return input(msg) in ["y", "yes", "Y", "YES"]
+
+
+def get_this_cid(auth: InstallationTokens, debug_mode: bool = False):
+    """Retrieve the CID for the current tenant."""
+    my_id = "Not available"
+    running = True
+    while running:
+        try:
+            my_id = sdk_operation(
+                SensorDownload(auth_object=auth).get_sensor_installer_ccid,
+                SHORT_WAIT,
+                debug_mode
+            ).data[0][:-3].lower()
+            running = False
+        except APIError as no_sensor_dl:
+            if no_sensor_dl.code != 429:
+                print("NONFATAL 403 ERROR: This API client is not scoped for Sensor Downloads.")
+                running = False
+            else:
+                rate_delay(SHORT_WAIT)
+    return my_id
+
+
+def check_mssp_scope(auth: InstallationTokens):
+    """Confirm if this API client has access to Flight Control."""
+    valid = False
+    running = True
+    while running:
+        try:
+            valid = bool(FlightControl(auth_object=auth).query_children(limit=1).status_code == 200)
+            running = False
+        except APIError as rate_limit_met:
+            if rate_limit_met.code != 429:
+                running = False
+                raise rate_limit_met
+            rate_delay(SHORT_WAIT)
+    return valid
+
+
+def get_cid_ids(interface: InstallationTokens, arguments: Namespace) -> Tuple[str, List[str]]:
+    """Return all CIDs associated with the API client (if MSSP mode is enabled)."""
+    this_cid = "NonMSSP"
+    cid_list = [this_cid]
+    if arguments.mssp:
+        this_cid = get_this_cid(interface, arguments.debug)
+        cid_list = [this_cid]
+        try:
+            mssp = FlightControl(auth_object=interface)
+            cid_list.extend(mssp.query_children().data)
+        except APIError:
+            pass
+    return this_cid, cid_list
+
+
+def write_output_results(cmdline_args: Namespace, tresults: list):
+    """Write the displayed token results to the requested file."""
+    if cmdline_args.output_file:
+        if cmdline_args.output_format.lower() == "csv":
+            with open(cmdline_args.output_file, "w", newline="", encoding="utf-8") as csv_file:
+                csv_writer = writer(csv_file)
+                if tresults:
+                    csv_writer.writerow(tresults[0].keys())
+                    for token_row in tresults:
+                        csv_writer.writerow(token_row.values())
+                    print(f"CSV results output to {cmdline_args.output_file}.")
+        elif cmdline_args.output_format.lower() == "json":
+            with open(cmdline_args.output_file, "w", encoding="utf-8") as json_file:
+                dump(tresults, json_file, indent=4)
+            print(f"JSON results output to {cmdline_args.output_file}.")
+
+
+def display_tokens(token_results: list, cmd_args: Namespace, parent_tokens: list):
+    """Display the retrieved tokens in a tabular format."""
+    new_token_results = token_results
+    if cmd_args.mssp:
+        new_token_results = []
+        for tok in token_results:
+            matched = False
+            for ptok in parent_tokens:
+                if ptok["cid"] == tok["cid"]:
+                    if tok["id"] == ptok["id"] and tok["value"] == ptok["value"]:
+                        matched = True
+                elif ptok["cid"] != tok["cid"]:
+                    matched = True
+            if matched:
+                new_token_results.append(tok)
+
+    token_results = sorted(new_token_results,
+                           key=lambda x: x[cmd_args.order_by],
+                           reverse=cmd_args.reverse
+                           )
+    vers = ""
+    if cmd_args.show_version:
+        vers = f" (FalconPy v{version(agent_string=False)})"
+    if token_results:
+        tabular_display = tabulate(tabular_data=[t.values() for t in token_results],
+                                   headers=token_results[0].keys(),
+                                   tablefmt=cmd_args.table_format
+                                   )
+        print(tabular_display)
+        print(f"{len(token_results)} total tokens found{vers}")
+        write_output_results(cmd_args, token_results)
+    else:
+        print(NOT_FOUND.format(vers.replace("(", "").replace(")", "")))
+
+
+def cross_tenant_action(action: Callable, msg: str, **kwargs):
+    """Check and warn if this action impacts multiple CIDs."""
+    proceed = True
+    if not kwargs.get("cmdline").force:
+        if kwargs.get("cmdline").mssp and check_mssp_scope(kwargs.get("sdk")):
+            parent_to = "the parent and "
+            if kwargs.get("cmdline").skip_parent:
+                parent_to = ""
+            proceed = confirm(WARNING.format(msg, parent_to))
+    if proceed:
+        action(**kwargs)
+    else:
+        print("Operation cancelled.")
+        sys.exit(0)
+
+
+#  _______  _____  __   _ _______ _______ _______ __   _ _______ _______
+#  |       |     | | \  | |______    |    |_____| | \  |    |    |______
+#  |_____  |_____| |  \_| ______|    |    |     | |  \_|    |    ______|
+#
+LONG_WAIT = 10
+SHORT_WAIT = 5
+FAIL = r"""
+     ,     ,
+    (\____/)   FATAL {} {}
+     (_oo_)  /
+       (O)
+     __||__    \)
+  []/______\[] /
+  / \______/ \/
+ /    /__\
+(\   /____\
+"""
+FAIL2 = r"""
+       _
+      [ ]     FATAL {} {}
+     (   )  /
+      |>|
+   __/===\__
+  //| o=o |\\
+<]  | o=o |  [>
+    \=====/
+   / / | \ \
+  <_________>
+"""
+NOT_FOUND = r"""
+         __  No tokens found!
+ _(\    |@@|  /
+(__/\__ \--/ __
+   \___|----|  |   __
+       \ CS /\ )_ / _\
+       /\__/\ \__O (__
+      (--/\--)    \__/
+      _)(  )(_
+     `---''---` {}
+"""
+WARNING = r"""
+   __,_,
+  [_|_/   ⚠️  Warning ⚠️
+   //     This action will {} multiple tokens
+ _//    __  /   across {}child tenants.
+(_|)   |@@|
+ \ \__ \--/ __
+  \o__|----|  |   __
+      \ CS /\ )_ / _\
+      /\__/\ \__O (__
+     (--/\--)    \__/
+     _)(  )(_
+    `---''---`
+
+Are you sure you wish to proceed? (y/n) => """
+#  _______ _______ _____ __   _       ______  _____  _     _ _______ _____ __   _ _______
+#  |  |  | |_____|   |   | \  |      |_____/ |     | |     |    |      |   | \  | |______
+#  |  |  | |     | __|__ |  \_|      |    \_ |_____| |_____|    |    __|__ |  \_| |______
+#
+if __name__ == "__main__":
+    begin = datetime.now().timestamp()  # Start the timer
+    if sys.version_info <= (3, 7):  # Make sure we're running the minimum version of Python
+        raise SystemExit("This application only supports Python 3.7 or greater.")
+    if not version(compare="1.3.4"):  # Check for 1.3.4 or greater
+        raise SystemExit("In order to use this sample application, the CrowdStrike FalconPy "
+                         "library (version 1.3.4 or greater) must be installed."
+                         )
+    parsed, handler = consume_arguments()  # Retrieve command line arguments and the parser
+    # There are no credentials in the environment or command line, show help and quit
+    if not parsed.client_id or not parsed.client_secret:
+        handler.print_help()
+        raise SystemExit(
+                "\nYou must provide API credentials via the environment variables\n"
+                "FALCON_CLIENT_ID and FALCON_CLIENT_SECRET or you must provide\n"
+                "these values using the '-k' and '-s' command line arguments."
+                )
+    if parsed.debug:  # Enable debug logging to the console if requested
+        basicConfig(level=DEBUG)
+    # Construct an instance of the InstallationTokens Service Class
+    tokens = InstallationTokens(client_id=parsed.client_id,
+                                client_secret=parsed.client_secret,
+                                debug=parsed.debug,
+                                pythonic=True,
+                                member_cid=parsed.child
+                                )
+    default_action_args = [tokens, parsed]  # We display all tokens regardless of command executed
+    tcommand = parsed.subcommand.lower()  # Selected token command
+    if tcommand in ["create", "c"]:  # Create
+        cross_tenant_action(create_token, "create", sdk=tokens, cmdline=parsed)
+    elif tcommand in ["delete", "d"]:  # Delete
+        if parsed.token_label:
+            cross_tenant_action(delete_token, "delete", sdk=tokens, cmdline=parsed)
+        else:
+            delete_token(tokens, parsed)
+    elif tcommand in ["revoke", "x", "restore", "r"]:  # Revoke and Restore
+        if parsed.token_label:
+            cross_tenant_action(token_revocation,
+                                "restore" if tcommand in ["restore", "r"] else "revoke",
+                                sdk=tokens,
+                                cmdline=parsed,
+                                revoking=tcommand in ["revoke", "x"]
+                                )
+        else:
+            token_revocation(tokens, parsed, tcommand in ["revoke", "x"])
+    elif tcommand in ["update", "u"]:  # Update
+        if parsed.token_id:
+            update_token_by_id(tokens, parsed)
+        elif parsed.token_label:
+            cross_tenant_action(update_token_by_label, "update", sdk=tokens, cmdline=parsed)
+    if parsed.filter:  # List / all commands
+        # Add any provided command line filters to the arguments for the default action
+        default_action_args.append(parsed.filter)
+    show_all_tokens(*default_action_args)  # After all processing, display the list of tokens
+
+
+#    █                                                                                           █
+#     █                                                                                        ██
+#      ██                 _  _  _ _______      _______ _______  _____   _____                 ▓█
+#      ▒▒███              |  |  | |______      |______    |    |     | |_____]             ██▓▒▓
+#     ▒░▒▓████            |__|__| |______      ______|    |    |_____| |                █████▒▒▒▓
+#    █▒▒▓████▒▓███                                                                   ▓██▓▓████▒░▒
+#    ▒░▒████▒░░▒▒▓▓█▓▓                                                           ████▒▒▒░░▓███▓▒░▒
+#   ▓░▒▒███▓░░▒▒▒▓██▓▒█▓█▓▓                                                 ▒▓█▓▓▒███▒▒▒▒░▒████▒░▒
+#   ▒░▒▓███▓░░▒▒▒███▒░░░▓███▓█▓                                        █▓█▓███▒░░░▓██▓▒▒▒░▒████▒░▒
+#   ▒░▒▓███▓░░▒▒▒███▒░░░▓███░░▒▓▓█▓                                 ▓██▒▒░▒███▒░░░▓██▓▒▒▒░▒████▒░▒
+#   ▓░▒▒███▓░░▒▒▒▒██▓░░░░░░░░▒▒▒█████▓                           ▓█████░▒░░░░░░░░░███▒▒▒▒░▒████▒░▒
+#    ▒░▒████▒░░▒▒▒▓███▒░▒▒▒▒░░████▒▒▒▓██                       █▓▓▒▒▓███▒░▒▒▒▒░░▓███▒▒▒▒░░▓███▓▒░▒
+#    █▒▒▒████▒░▒▒▒▒▒████████████▓▒▒▒▒▒▒███                   █▓▒░▒▒▒▒▒████████████▓▒▒▒▒░░▓████▒▒▒
+#     ▒░▒▓████▒░░▒▒▒▒▒▓███████▒▒▒▒▒▒░░▓███                  ████▒░▒▒▒▒▒▒▓███████▒▒▒▒▒▒░░▓████▒▒░▒
+#      ▒░▒▓████▓▒░░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒█▓███▓█               █▓████▓▒░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░▒█▓███▒▒▒▓
+#       ▒░▒▒██████▒░░░▒▒▒▒▒▒▒▒▒░░▒▒█▓███▓▒▒▓█             █▒▒▒██████▒░░▒▒▒▒▒▒▒▒▒▒░░▒▒█▓███▓▒▒▒▒
+#        ▓▒▒▒▒███████▒▒▒▒▒▒▒▒▒▒▓███████▒▒▒▒                 ▒▒▒▒███████▒▒▒▒▒░▒▒▒▒▓███████▒▒░▒
+#          ▒▒▒▒▒▓█████████▓█████████▒▒▒▒▒                    ▓▒▒▒▒▓█████████▓█████████▒▒▒░▒
+#            ▓▒▒▒▒▒▒████████████▓▒▒▒▒▒▓                        █▒▒▒▒▒▒████████████▓▒▒▒▒░▒
+#               ▓▒░▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒                              █▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒░▓
+#                     ▓▒▓▓▓▓▒▓█                                         █▒░▓▓▓▒▓█
+#
+#                   ______   ______ _______ _______ _______ _     _ _______ _______
+#                   |_____] |_____/ |______ |_____| |       |_____| |______ |______
+#                   |_____] |    \_ |______ |     | |_____  |     | |______ ______|
diff --git a/samples/malquery/README.md b/samples/malquery/README.md
index 787d33690..95cf13779 100644
--- a/samples/malquery/README.md
+++ b/samples/malquery/README.md
@@ -9,6 +9,10 @@ The examples in this folder focus on leveraging CrowdStrike's MalQuery API to pe
 Downloads a specified number of examples from MalQuery that match the search term and type you specify.
 Results will be stored in _zip_ archive format with the password of `infected`.
 
+> [!WARNING]
+> Samples downloaded from MalQuery have been confirmed as __malware__. 
+> __*Handle with extreme caution*__.
+
 ### Running the program
 In order to run this demonstration, you will need access to CrowdStrike API keys with the following scopes:
 | Service Collection | Scope |
diff --git a/src/falconpy/_auth_object/_uber_interface.py b/src/falconpy/_auth_object/_uber_interface.py
index 7ffcbd520..b23e61b11 100644
--- a/src/falconpy/_auth_object/_uber_interface.py
+++ b/src/falconpy/_auth_object/_uber_interface.py
@@ -150,6 +150,15 @@ def logout(self) -> bool:
 
         return bool(result["status_code"] == 200)
 
+    def __enter__(self):
+        """Allow for entry as a context manager."""
+        return self
+
+    def __exit__(self, *args):
+        """Discard our token when we exit the context."""
+        self.logout()
+        return args
+
     # Legacy property getters maintained for backwards functionality.
     def authenticated(self) -> bool:
         """Return the current authentication status."""
diff --git a/src/falconpy/_payload/_firewall.py b/src/falconpy/_payload/_firewall.py
index 263898fd9..dc6a7e283 100644
--- a/src/falconpy/_payload/_firewall.py
+++ b/src/falconpy/_payload/_firewall.py
@@ -85,18 +85,12 @@ def firewall_container_payload(passed_keywords: dict) -> dict:
     }
     """
     returned_payload = {}
-    keys = ["default_inbound", "default_outbound", "platform_id", "tracking"]
+    keys = ["default_inbound", "default_outbound", "platform_id", "policy_id", "tracking",
+            "enforce", "is_default_policy", "local_logging", "test_mode"
+            ]
     for key in keys:
-        if passed_keywords.get(key, None):
+        if passed_keywords.get(key, None) is not None:
             returned_payload[key] = passed_keywords.get(key, None)
-    if passed_keywords.get("enforce", None) is not None:
-        returned_payload["enforce"] = passed_keywords.get("enforce", None)
-    if passed_keywords.get("is_default_policy", None) is not None:
-        returned_payload["is_default_policy"] = passed_keywords.get("is_default_policy", None)
-    if passed_keywords.get("local_logging", None) is not None:
-        returned_payload["local_logging"] = passed_keywords.get("local_logging", None)
-    if passed_keywords.get("test_mode", None) is not None:
-        returned_payload["test_mode"] = passed_keywords.get("test_mode", None)
     rg_list = passed_keywords.get("rule_group_ids", None)
     if rg_list:
         if isinstance(rg_list, str):
diff --git a/src/falconpy/_result/_meta.py b/src/falconpy/_result/_meta.py
index 5341657db..ef7dfc9d3 100644
--- a/src/falconpy/_result/_meta.py
+++ b/src/falconpy/_result/_meta.py
@@ -52,6 +52,11 @@ def query_time(self) -> Optional[float]:
         """Return the the contents of the query_time key."""
         return self.get_property("query_time", None)
 
+    @property
+    def after(self) -> Optional[Union[int, str, float]]:
+        """Return the the contents of the after key."""
+        return self.pagination.get("after", None)
+
     @property
     def offset(self) -> Optional[Union[int, str, float]]:
         """Return the the contents of the offset key."""
diff --git a/src/falconpy/_result/_result.py b/src/falconpy/_result/_result.py
index 5cbc72bdb..6fdeac295 100644
--- a/src/falconpy/_result/_result.py
+++ b/src/falconpy/_result/_result.py
@@ -258,6 +258,14 @@ def total(self) -> Optional[Union[int, str, float]]:
             _returned = self.meta.total
         return _returned
 
+    @property
+    def after(self) -> Optional[Union[int, str, float]]:
+        """Return the record after from the underlying Meta object."""
+        _returned: Optional[Union[int, str, float]] = None
+        if self.meta:
+            _returned = self.meta.after
+        return _returned
+
     @property
     def offset(self) -> Optional[Union[int, str, float]]:
         """Return the record offset from the underlying Meta object."""
@@ -360,6 +368,8 @@ def tupled(self) -> Tuple[int,               # \o_
         _content: Optional[Union[Dict[str, Union[dict, list]], bytes]] = None
         if self.resources.binary:
             _content = bytes(self.resources)
+        elif self.raw:
+            _content = self.raw
         else:
             _content = {
                 "meta": self.meta.data,
diff --git a/src/falconpy/_service_class/_service_class.py b/src/falconpy/_service_class/_service_class.py
index a11a4df5b..6d98def7c 100644
--- a/src/falconpy/_service_class/_service_class.py
+++ b/src/falconpy/_service_class/_service_class.py
@@ -230,6 +230,15 @@ def override(self,
                                                           exp=expand_result
                                                           ))
 
+    def __enter__(self):
+        """Allow for entry as a context manager."""
+        return self
+
+    def __exit__(self, *args):
+        """Discard our token when we exit the context."""
+        self.logout()
+        return args
+
     # ___  ____ ____ ___  ____ ____ ___ _ ____ ____
     # |__] |__/ |  | |__] |___ |__/  |  | |___ [__
     # |    |  \ |__| |    |___ |  \  |  | |___ ___]
diff --git a/src/falconpy/_util/_functions.py b/src/falconpy/_util/_functions.py
index 43016515e..012276482 100644
--- a/src/falconpy/_util/_functions.py
+++ b/src/falconpy/_util/_functions.py
@@ -667,6 +667,9 @@ def process_service_request(calling_object,  # pylint: disable=R0914 # (19/15)
                                        calling_object.pythonic
                                        )
     expand_result = passed_keywords.get("expand_result", False) if passed_keywords else kwargs.get("expand_result", False)
+    do_pythonic = calling_object.pythonic
+    if passed_keywords.get("pythonic", None) is not None:
+        do_pythonic = passed_keywords.get("pythonic")
     new_keywords = {
         "caller": calling_object,
         "method": target_endpoint[1],
@@ -681,7 +684,7 @@ def process_service_request(calling_object,  # pylint: disable=R0914 # (19/15)
         "body_required": kwargs.get("body_required", None),
         "expand_result": expand_result,
         "container": container,
-        "pythonic": calling_object.pythonic,
+        "pythonic": do_pythonic,
         "perform": True
     }
 
diff --git a/src/falconpy/_util/_uber.py b/src/falconpy/_util/_uber.py
index 6ce666d10..b7e77e0e4 100644
--- a/src/falconpy/_util/_uber.py
+++ b/src/falconpy/_util/_uber.py
@@ -81,19 +81,18 @@ def handle_body_payload_ids(kwa: dict) -> dict:
 def scrub_target(oper: str, scrubbed: str, kwas: dict) -> str:
     """Scrubs the endpoint target by performing any outstanding string replacements."""
     field_mapping = {
-        "DeleteImageDetails": "image_id",
-        "refreshActiveStreamSession": "partition",
-        "querySensorUpdateKernelsDistinct": "distinct_field",
-        "ListObjects": "collection_name",
-        "SearchObjects": "collection_name",
-        "GetObject": "collection_name~object_key",
-        "PutObject": "collection_name~object_key",
-        "DeleteObject": "collection_name~object_key",
-        "GetObjectMetadata": "collection_name~object_key"
+        "DeleteImageDetails": ["image_id"],
+        "refreshActiveStreamSession": ["partition"],
+        "querySensorUpdateKernelsDistinct": ["distinct_field"],
+        "ListObjects": ["collection_name"],
+        "SearchObjects": ["collection_name"],
+        "GetObject": ["collection_name", "object_key"],
+        "PutObject": ["collection_name", "object_key"],
+        "DeleteObject": ["collection_name", "object_key"],
+        "GetObjectMetadata": ["collection_name", "object_key"]
     }
-    for field_value, field_name in field_mapping.items():
+    for field_value, field_names in field_mapping.items():
         if oper == field_value:  # Only perform replacements on mapped operation IDs.
-            field_names = field_name.split("~")
             if len(field_names) == 1:
                 scrubbed = handle_field(scrubbed, kwas, field_names[0])
             else:
diff --git a/src/falconpy/_version.py b/src/falconpy/_version.py
index 6542247cd..aa90211c5 100644
--- a/src/falconpy/_version.py
+++ b/src/falconpy/_version.py
@@ -35,7 +35,7 @@
 
 For more information, please refer to <https://unlicense.org>
 """
-_VERSION = '1.3.3'
+_VERSION = '1.3.4'
 _MAINTAINER = 'Joshua Hiller'
 _AUTHOR = 'CrowdStrike'
 _AUTHOR_EMAIL = 'falconpy@crowdstrike.com'
diff --git a/src/falconpy/firewall_policies.py b/src/falconpy/firewall_policies.py
index 7f11da473..0dfb8a93e 100644
--- a/src/falconpy/firewall_policies.py
+++ b/src/falconpy/firewall_policies.py
@@ -131,8 +131,8 @@ def perform_action(self: object, body: dict = None, parameters: dict = None, **k
         """Perform the specified action on the Firewall Policies specified in the request.
 
         Keyword arguments:
-        action_name -- action to perform: 'add-host-group', 'add-rule-group', 'disable', 'enable',
-                       'remove-rule-group' or 'remove-host-group'.
+        action_name -- action to perform: 'add-host-group', 'disable', 'enable',
+                       or 'remove-host-group'.
         action_parameters -- Action specific parameter options. List of dictionaries.
                              {
                                  "name": "string",
@@ -164,8 +164,8 @@ def perform_action(self: object, body: dict = None, parameters: dict = None, **k
         Swagger URL
         https://assets.falcon.crowdstrike.com/support/api/swagger.html#/firewall-policies/performFirewallPoliciesAction
         """
-        _allowed_actions = ['add-host-group', 'disable', 'enable',
-                            'remove-host-group', 'add-rule-group', 'remove-rule-group'
+        _allowed_actions = ['add-host-group', 'disable', 'enable', 'remove-host-group',
+                            # 'add-rule-group', 'remove-rule-group'  # Currently unsupported
                             ]
         operation_id = "performFirewallPoliciesAction"
         parameter_payload = args_to_params(parameters, kwargs, Endpoints, operation_id)
diff --git a/src/falconpy/foundry_logscale.py b/src/falconpy/foundry_logscale.py
index 8e7ff3bb7..60c3d1c79 100644
--- a/src/falconpy/foundry_logscale.py
+++ b/src/falconpy/foundry_logscale.py
@@ -36,7 +36,7 @@
 For more information, please refer to <https://unlicense.org>
 """
 from typing import Dict, Union
-from ._util import force_default, process_service_request
+from ._util import force_default, process_service_request, handle_single_argument
 from ._payload import foundry_execute_search_payload, foundry_dynamic_search_payload
 from ._service_class import ServiceClass
 from ._endpoint._foundry_logscale import _foundry_logscale_endpoints as Endpoints
@@ -282,13 +282,15 @@ def execute(self: object,
             params=parameters
             )
 
-    def populate(self: object) -> Dict[str, Union[int, dict]]:
+    @force_default(defaults=["parameters"], default_types=["dict"])
+    def populate(self: object, *args, parameters: dict = None, **kwargs) -> Dict[str, Union[int, dict]]:
         """Populate a saved search.
 
         Keyword arguments:
-        This method does not accept keyword arguments.
+        app_id -- Application ID. String.
 
-        This method does not accept arguments.
+        Arguments: When not specified, the first argument to this method is assumed to be 'app_id'.
+                   All others are ignored.
 
         Returns: dict object containing API response.
 
@@ -300,7 +302,9 @@ def populate(self: object) -> Dict[str, Union[int, dict]]:
         return process_service_request(
             calling_object=self,
             endpoints=Endpoints,
-            operation_id="CreateSavedSearchesIngestV1"
+            operation_id="CreateSavedSearchesIngestV1",
+            keywords=kwargs,
+            params=handle_single_argument(args, parameters, "app_id")
             )
 
     @force_default(defaults=["parameters"], default_types=["dict"])
diff --git a/src/falconpy/installation_tokens.py b/src/falconpy/installation_tokens.py
index b21f0aff7..e59881d47 100644
--- a/src/falconpy/installation_tokens.py
+++ b/src/falconpy/installation_tokens.py
@@ -216,7 +216,7 @@ def tokens_update(self: object, body: dict, parameters: dict = None, **kwargs) -
         """
         if not body:
             body = installation_token_payload(passed_keywords=kwargs)
-            if kwargs.get("revoked", None):
+            if kwargs.get("revoked", None) is not None:
                 body["revoked"] = kwargs.get("revoked", None)
 
         return process_service_request(
diff --git a/tests/test_firewall_management.py b/tests/test_firewall_management.py
index 7fe42c077..45359bb14 100644
--- a/tests/test_firewall_management.py
+++ b/tests/test_firewall_management.py
@@ -59,23 +59,22 @@ def firewall_test_all_code_paths(self):
             "update_policy_container": falcon.update_policy_container(default_inbound="something",
                                                                       default_outbound="something_else",
                                                                       platform_id="linux",
-                                                                      tracking="Bob",
-                                                                      cs_username="BillTheCat",
                                                                       enforce=False,
                                                                       is_default_policy=False,
                                                                       test_mode=True,
-                                                                      rule_group_ids="12345,67890",
-                                                                      local_logging=False
+                                                                      rule_group_ids=["12345", "67890"],
+                                                                      local_logging=False,
+                                                                      policy_id="987123"
                                                                       ),
             "update_policy_container_v1": falcon.update_policy_container_v1(default_inbound="something",
                                                                             default_outbound="something_else",
                                                                             platform_id="linux",
-                                                                            tracking="Bob",
-                                                                            cs_username="BillTheCat",
                                                                             enforce=False,
+                                                                            local_logging=False,
                                                                             is_default_policy=False,
                                                                             test_mode=True,
-                                                                            rule_group_ids="12345,67890"
+                                                                            rule_group_ids="12345,67890",
+                                                                            policy_id="987123"
                                                                             ),
             "create_rule_group": self.set_rule_group_id(),
             "create_rule_group_fail_one": falcon.create_rule_group(rules={"whatever": "bro"}),
diff --git a/tests/test_foundry_logscale.py b/tests/test_foundry_logscale.py
index 3d6e12d04..97972ca59 100644
--- a/tests/test_foundry_logscale.py
+++ b/tests/test_foundry_logscale.py
@@ -29,7 +29,7 @@ def run_all_tests(self):
             "CreateSavedSearchesDynamicExecuteV1" : falcon.execute_dynamic(end="10", start="1"),
             "GetSavedSearchesExecuteV1" : falcon.get_search_results(job_id="12345"),
             "CreateSavedSearchesExecuteV1" : falcon.execute(search_parameters={"something": "somethingElse"}, end="10", start="1"),
-            "CreateSavedSearchesIngestV1" : falcon.populate(),
+            "CreateSavedSearchesIngestV1" : falcon.populate(app_id="pommegranate"),
             "GetSavedSearchesJobResultsDownloadV1" : falcon.download_results(job_id="12345", result_format="json"),
         }
         for key in tests:
diff --git a/tests/test_service_class.py b/tests/test_service_class.py
index 23c691c0b..7e884bcb9 100644
--- a/tests/test_service_class.py
+++ b/tests/test_service_class.py
@@ -114,13 +114,22 @@ def test_log_setup(self):
     @not_supported
     def test_property_debug_record_count(self):
         global _CLEAN
-        _CLEAN = Hosts(creds=config.creds, user_agent="clean/1.0", timeout=120, proxy={})
+        _CLEAN = Hosts(creds=config.creds, user_agent="clean/1.0", timeout=120, proxy={}, base_url=config.base_url)
         if _CLEAN.token_status == 429:
             global _RATE_LIMITED
             _RATE_LIMITED = True
 
         assert bool(_CLEAN.debug_record_count)
 
+    @rate_limited
+    @not_supported
+    def test_service_class_context_manager(self):
+        _success = False
+        with _CLEAN as sdk:
+            if sdk.query_devices()["status_code"] == 200:
+                _success = True
+        assert _success
+
     @rate_limited
     @not_supported
     def test_property_refreshable(self):
@@ -193,6 +202,7 @@ def test_disable_ssl_verify_dynamic(self):
         _CLEAN.ssl_verify = False
         assert bool(not _CLEAN.ssl_verify)
 
+
     @rate_limited
     @not_supported
     def test_property_base_service_class_proxy(self):
diff --git a/tests/test_spotlight_vulnerabilities.py b/tests/test_spotlight_vulnerabilities.py
index 426ae15b2..fd29a3189 100644
--- a/tests/test_spotlight_vulnerabilities.py
+++ b/tests/test_spotlight_vulnerabilities.py
@@ -20,11 +20,13 @@
 
 class TestSpotlight:
     def spotlight_queryVulnerabilities(self):
-        if falcon.queryVulnerabilities(
-                                       parameters={"limit": 1,
-                                                   "filter": "created_timestamp:>'2021-01-01T00:00:01Z'"
-                                                   }
-                                       )["status_code"] in AllowedResponses:
+        result = falcon.queryVulnerabilities(parameters={"limit": 1,
+                                                         "filter": "created_timestamp:>'2021-01-01T00:00:01Z'"
+                                                         },
+                                             pythonic=True
+                                             )
+        if result.status_code in AllowedResponses:
+            _ = result.after
             return True
         else:
             return False
@@ -69,6 +71,9 @@ def spotlight_GenerateErrors(self):
             errorChecks = False
         return errorChecks
 
+    @pytest.mark.skipif(config.base_url == "https://api.laggar.gcw.crowdstrike.com",
+                        reason="Unit testing unavailable on US-GOV-1"
+                        )
     def test_queryVulnerabilities(self):
         assert self.spotlight_queryVulnerabilities() is True
 
diff --git a/tests/test_uber.py b/tests/test_uber.py
index d6d9f4055..c905bca31 100644
--- a/tests/test_uber.py
+++ b/tests/test_uber.py
@@ -45,6 +45,13 @@
 
 
 class TestUber:
+    def test_uber_context_manager(self):
+        _success = False
+        with falcon as sdk:
+            if sdk.command("QueryDevicesByFilterScroll")["status_code"] == 200:
+                _success = True
+        assert _success
+
     def uberCCAWS_GetAWSSettings(self):
         returned = False
         authenticated = falcon.authenticated()
@@ -388,3 +395,4 @@ def test_pythonic_failure(self):
         except APIError:
             _success = True
         assert _success
+