FalconPy v1.2
This version provides the following updates:
- Adds
GetDeviceDetailsV2andPostDeviceDetailsV2operations within the Hosts Service Collection. Legacy requests to the old operationGetDeviceDetailsare gracefully redirected to the new operationPostDeviceDetailsV2.The legacy endpoint can still be called using the
GetDeviceDetailsV1operation. - Adds three new operations to the Falcon Container Service Collection,
GetImageAssessmentReport,DeleteImageDetailsandImageMatchesPolicy.- A new enumerator,
ContainerBaseURLis added for retrieving the Falcon Container Registry url base.
- A new enumerator,
- The default NoneType preference is updated for the
RTR_ListFilesandRTR_ListFilesV2operations when called by the Uber Class. - Adds the
host_timeout_durationparameter toBatchActiveResponderCmd,BatchCmd,BatchGetCmdandBatchInitSessionsoperations within the Real Time Response Service Collection. - Multiple data quality updates within the
_endpointmodule. - Comment updates.
- Enhancement
- Bug fixes
- Updated unit tests
Unit test coverage
Name Stmts Miss Cover
------------------------------------------------------------------------------------
src/falconpy/__init__.py 69 0 100%
src/falconpy/_base_url.py 7 0 100%
src/falconpy/_container_base_url.py 6 0 100%
src/falconpy/_endpoint/__init__.py 125 0 100%
src/falconpy/_endpoint/_alerts.py 1 0 100%
src/falconpy/_endpoint/_cloud_connect_aws.py 1 0 100%
src/falconpy/_endpoint/_cspm_registration.py 1 0 100%
src/falconpy/_endpoint/_custom_ioa.py 1 0 100%
src/falconpy/_endpoint/_d4c_registration.py 1 0 100%
src/falconpy/_endpoint/_detects.py 1 0 100%
src/falconpy/_endpoint/_device_control_policies.py 1 0 100%
src/falconpy/_endpoint/_discover.py 1 0 100%
src/falconpy/_endpoint/_event_streams.py 1 0 100%
src/falconpy/_endpoint/_falcon_complete_dashboard.py 1 0 100%
src/falconpy/_endpoint/_falcon_container.py 1 0 100%
src/falconpy/_endpoint/_falconx_sandbox.py 1 0 100%
src/falconpy/_endpoint/_filevantage.py 1 0 100%
src/falconpy/_endpoint/_firewall_management.py 1 0 100%
src/falconpy/_endpoint/_firewall_policies.py 1 0 100%
src/falconpy/_endpoint/_host_group.py 1 0 100%
src/falconpy/_endpoint/_hosts.py 1 0 100%
src/falconpy/_endpoint/_identity_protection.py 1 0 100%
src/falconpy/_endpoint/_incidents.py 1 0 100%
src/falconpy/_endpoint/_installation_tokens.py 1 0 100%
src/falconpy/_endpoint/_intel.py 1 0 100%
src/falconpy/_endpoint/_ioa_exclusions.py 1 0 100%
src/falconpy/_endpoint/_ioc.py 1 0 100%
src/falconpy/_endpoint/_iocs.py 1 0 100%
src/falconpy/_endpoint/_kubernetes_protection.py 1 0 100%
src/falconpy/_endpoint/_malquery.py 1 0 100%
src/falconpy/_endpoint/_message_center.py 1 0 100%
src/falconpy/_endpoint/_ml_exclusions.py 1 0 100%
src/falconpy/_endpoint/_mobile_enrollment.py 1 0 100%
src/falconpy/_endpoint/_mssp.py 1 0 100%
src/falconpy/_endpoint/_oauth2.py 1 0 100%
src/falconpy/_endpoint/_overwatch_dashboard.py 1 0 100%
src/falconpy/_endpoint/_prevention_policies.py 1 0 100%
src/falconpy/_endpoint/_quarantine.py 1 0 100%
src/falconpy/_endpoint/_quick_scan.py 1 0 100%
src/falconpy/_endpoint/_real_time_response.py 1 0 100%
src/falconpy/_endpoint/_real_time_response_admin.py 1 0 100%
src/falconpy/_endpoint/_recon.py 1 0 100%
src/falconpy/_endpoint/_report_executions.py 1 0 100%
src/falconpy/_endpoint/_response_policies.py 1 0 100%
src/falconpy/_endpoint/_sample_uploads.py 1 0 100%
src/falconpy/_endpoint/_scheduled_reports.py 1 0 100%
src/falconpy/_endpoint/_sensor_download.py 1 0 100%
src/falconpy/_endpoint/_sensor_update_policies.py 1 0 100%
src/falconpy/_endpoint/_sensor_visibility_exclusions.py 1 0 100%
src/falconpy/_endpoint/_spotlight_evaluation_logic.py 1 0 100%
src/falconpy/_endpoint/_spotlight_vulnerabilities.py 1 0 100%
src/falconpy/_endpoint/_user_management.py 1 0 100%
src/falconpy/_endpoint/_zero_trust_assessment.py 1 0 100%
src/falconpy/_endpoint/deprecated/__init__.py 24 0 100%
src/falconpy/_endpoint/deprecated/_custom_ioa.py 1 0 100%
src/falconpy/_endpoint/deprecated/_discover.py 1 0 100%
src/falconpy/_endpoint/deprecated/_firewall_management.py 1 0 100%
src/falconpy/_endpoint/deprecated/_hosts.py 1 0 100%
src/falconpy/_endpoint/deprecated/_identity_protection.py 1 0 100%
src/falconpy/_endpoint/deprecated/_installation_tokens.py 1 0 100%
src/falconpy/_endpoint/deprecated/_ioc.py 1 0 100%
src/falconpy/_endpoint/deprecated/_iocs.py 1 0 100%
src/falconpy/_endpoint/deprecated/_real_time_response.py 1 0 100%
src/falconpy/_endpoint/deprecated/_real_time_response_admin.py 1 0 100%
src/falconpy/_endpoint/deprecated/_report_executions.py 1 0 100%
src/falconpy/_endpoint/deprecated/_scheduled_reports.py 1 0 100%
src/falconpy/_payload/__init__.py 26 0 100%
src/falconpy/_payload/_alerts.py 11 0 100%
src/falconpy/_payload/_cloud_connect_aws.py 22 0 100%
src/falconpy/_payload/_cspm_registration.py 40 0 100%
src/falconpy/_payload/_d4c_registration.py 10 0 100%
src/falconpy/_payload/_detects.py 13 0 100%
src/falconpy/_payload/_device_control_policy.py 13 0 100%
src/falconpy/_payload/_falconx.py 25 0 100%
src/falconpy/_payload/_firewall.py 98 0 100%
src/falconpy/_payload/_generic.py 65 0 100%
src/falconpy/_payload/_host_group.py 30 0 100%
src/falconpy/_payload/_incidents.py 15 0 100%
src/falconpy/_payload/_ioa.py 29 0 100%
src/falconpy/_payload/_ioc.py 36 0 100%
src/falconpy/_payload/_malquery.py 56 0 100%
src/falconpy/_payload/_message_center.py 22 0 100%
src/falconpy/_payload/_mssp.py 15 0 100%
src/falconpy/_payload/_prevention_policy.py 19 0 100%
src/falconpy/_payload/_real_time_response.py 27 0 100%
src/falconpy/_payload/_recon.py 72 0 100%
src/falconpy/_payload/_reports.py 18 0 100%
src/falconpy/_payload/_response_policy.py 19 0 100%
src/falconpy/_payload/_sensor_update_policy.py 24 0 100%
src/falconpy/_result.py 17 0 100%
src/falconpy/_service_class.py 68 0 100%
src/falconpy/_token_fail_reason.py 4 0 100%
src/falconpy/_uber_default_preference.py 3 0 100%
src/falconpy/_util.py 228 0 100%
src/falconpy/_version.py 10 0 100%
src/falconpy/alerts.py 31 0 100%
src/falconpy/api_complete.py 154 0 100%
src/falconpy/cloud_connect_aws.py 47 0 100%
src/falconpy/cspm_registration.py 122 0 100%
src/falconpy/custom_ioa.py 85 0 100%
src/falconpy/d4c_registration.py 51 0 100%
src/falconpy/detects.py 31 0 100%
src/falconpy/device_control_policies.py 68 0 100%
src/falconpy/discover.py 22 0 100%
src/falconpy/event_streams.py 19 0 100%
src/falconpy/falcon_complete_dashboard.py 76 0 100%
src/falconpy/falcon_container.py 21 0 100%
src/falconpy/falconx_sandbox.py 67 0 100%
src/falconpy/filevantage.py 13 0 100%
src/falconpy/firewall_management.py 81 0 100%
src/falconpy/firewall_policies.py 70 0 100%
src/falconpy/host_group.py 60 0 100%
src/falconpy/hosts.py 90 0 100%
src/falconpy/identity_protection.py 13 0 100%
src/falconpy/incidents.py 40 0 100%
src/falconpy/installation_tokens.py 37 0 100%
src/falconpy/intel.py 63 0 100%
src/falconpy/ioa_exclusions.py 32 0 100%
src/falconpy/ioc.py 49 0 100%
src/falconpy/iocs.py 39 0 100%
src/falconpy/kubernetes_protection.py 49 0 100%
src/falconpy/malquery.py 49 0 100%
src/falconpy/message_center.py 74 0 100%
src/falconpy/ml_exclusions.py 34 0 100%
src/falconpy/mobile_enrollment.py 17 0 100%
src/falconpy/mssp.py 130 0 100%
src/falconpy/oauth2.py 69 0 100%
src/falconpy/overwatch_dashboard.py 30 0 100%
src/falconpy/prevention_policy.py 61 0 100%
src/falconpy/quarantine.py 45 0 100%
src/falconpy/quick_scan.py 26 0 100%
src/falconpy/real_time_response.py 126 0 100%
src/falconpy/real_time_response_admin.py 74 0 100%
src/falconpy/recon.py 97 0 100%
src/falconpy/report_executions.py 23 0 100%
src/falconpy/response_policies.py 60 0 100%
src/falconpy/sample_uploads.py 24 0 100%
src/falconpy/scheduled_reports.py 19 0 100%
src/falconpy/sensor_download.py 32 0 100%
src/falconpy/sensor_update_policy.py 109 0 100%
src/falconpy/sensor_visibility_exclusions.py 32 0 100%
src/falconpy/spotlight_evaluation_logic.py 22 0 100%
src/falconpy/spotlight_vulnerabilities.py 30 0 100%
src/falconpy/user_management.py 137 0 100%
src/falconpy/zero_trust_assessment.py 12 0 100%
------------------------------------------------------------------------------------
TOTAL 4089 0 100%Bandit analysis
[main] INFO running on Python 3.9.9
Run started:2022-08-30 06:01:37.408828
Test results:
No issues identified.
Code scanned:
Total lines of code: 37299
Total lines skipped (#nosec): 0
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 0
Medium: 0
High: 0
Total issues (by confidence):
Undefined: 0
Low: 0
Medium: 0
High: 0
Files skipped (0):Added features and functionality
-
Updated: Updated operation payload parameter datatype details.
_endpoint/_ioc.py_endpoint/_recon.py_endpoint/_sample_uploads.py
-
Updated: Updated operation payload parameter data location details.
_endpoint/_falconx_sandbox.py_endpoint/_sample_uploads.py
-
Added: New
host_timeout_durationparameter toBatchActiveResponderCmd,BatchCmd,BatchGetCmdandBatchInitSessionsoperations within the Real Time Response Service Collection._endpoint/_real_time_response.py
-
Added: New
GetDeviceDetailsV2andPostDeviceDetailsV2operations to Hosts Service Collection.The operation
GetDeviceDetailsis now deprecated, and will eventually be removed from the CrowdStrike API. Due to backwards compatibility considerations, and the added functionality provided by the new endpoint, FalconPy will continue to support this operation ID by redirecting requests toPostDeviceDetailsV2. IDs that are provided in incorrect payload destinations due to the differences between a GET and POST operation are migrated to the appropriate dictionary before the request is made. This solution is implemented within the Hosts Service Class (GetDeviceDetails,get_device_details) and within the Uber Class. Developers must upgrade installations to FalconPy v1.2.0 to benefit from this new functionality. Administrators and end users are strongly urged to consider upgrading to v1.2.0 before this endpoint is removed._endpoint/_hosts.py_uber_default_preference.pyapi_complete.pyhosts.pytests/test_get_device_details.py
-
Added: Falcon Container registry functionality to Falcon Container Service Class.
This solution implements three "mock" operation IDs;
GetImageAssessmentReport(get_assessment),DeleteImageDetails(delete_image_details), andImageMatchesPolicy(image_matches_policy). All mocked operations are available from both the Service and Uber classes. The Falcon Container Registry base URL is calculated based upon the base URL used for authentication._endpoint/_falcon_container.py__init__.py_container_base_url.py_uber_default_preference.py_util.pyapi_complete.pyfalcon_container.pytests/test_falcon_container.py
Issues resolved
-
Fixed: Default NoneType preference for body payloads sent to the
RTR_ListFilesandRTR_ListFilesV2operations. Closes #750._uber_default_preference.py- Special thanks to @hiddenillusion for identifying this issue! 😄
-
Removed: Unused header payload parameters from operation payloads.
_endpoint/_falconx_sandbox.py_endpoint/_firewall_management.py_endpoint/_recon.py_endpoint/_report_executions.py_endpoint/_sample_uploads.py
-
Removed: Duplicate parameter definition (
after) fromindicator_combined_v1operation._endpoint/_ioc.py
Other
- Updated: Comment updates.
_endpoint/_d4c_registration.py
- Updated: Fixed docstring typo within
userActionV1operation. Closes #763.user_management.py