rusty_falcon 0.5.0

Rust bindings for CrowdStrike Falcon API
Documentation

CrowdStrike Falcon Twitter URL

rusty_falcon

Build CI Latest version Documentation

Rust-based SDK to CrowdStrike's Falcon APIs

rusty_falcon documentation is available on docs.rs. Users are advised to consult this rusty_falcon documentation together with the comprehensive CrowdStrike API documentation published on Developer Center. The easiest way to learn about the SDK is to consult the set of examples built on top of the SDK.

Quick Start

To get you started quickly, the easiest and highest-level way to establish API client is to instantiate easy::client::FalconHandle. The most convenient way is to use easy::client::FalconHandle::from_env function that will read the following environment variables to authenticate with falcon cloud: FALCON_CLIENT_ID, FALCON_CLIENT_SECRET, and FALCON_CLOUD. Unless you already have a CrowdStrike key pair you can establish a new one in Falcon Portal.

use rusty_falcon::apis::sensor_download_api;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    // Fetch credentials from environment variables and establish OAuth2 connection
    let falcon = FalconHandle::from_env()
        .await
        .expect("Could not authenticate with CrowdStrike API");

    // Call one particular API end-point using the authenticated client
    let response = sensor_download_api::get_sensor_installers_ccidby_query(&falcon.cfg)
        .await
        .expect("Could not fetch CCID");

    // Response objects returned from APIs usually follow the same pattern of having
    // 'errors', 'meta', and 'resources' fields. It is recommended to check for possible
    // application errors:
    if !response.errors.is_empty() {
        eprintln!("Errors occurred while getting Falcon CCID: {:?}", response.errors);
    }

    // Print response from the API:
    println!("{:?}", response.resources)
}

Examples

Ready-made examples can be found in git repo.

There's a handy script that can be used to (sequentially) run and test the examples. This script will show the status (pass / fail) of each example.

# Run all examples
./scripts/run-examples.sh

# Run a single example
./scripts/run-examples.sh falcon_custom_ioas

[WIP] Project Documentation

This project uses mdbook to serve its documentation, to run it locally:

cd docs
mdbook build
mdbook serve

Generating models from OpenApi Specification

This api model is generated from OpenApi specification using OpenApi Generator for Rust language.

Note: In the OpenApi specification please update version to `rolling``, if required and update version on the list below. This will prevent crazy long PRs with updates.

An example command to generate api and model:

openapi-generator generate -g rust -i swagger.json -o ./new

OpenApi Specification Version

2025-09-19T00:00:03Z

Getting Help

rusty_falcon is an open source project, not a CrowdStrike product. As such it carries no formal support, expressed or implied.

If you encounter any issues while using rusty_falcon, you can create an issue on our Github repo for bugs, enhancements, or other requests.

rusty_falcon project is periodically refreshed to reflect the newest additions to the CrowdStrike API. Users of the SDK are advised to track the latest releases rather closely to ensure proper function in the unlikely event of an incompatible change to a CrowdStrike API.