FalconPy v1.2
This version provides the following updates:
- Adds
GetDeviceDetailsV2
andPostDeviceDetailsV2
operations within the Hosts Service Collection. Legacy requests to the old operationGetDeviceDetails
are gracefully redirected to the new operationPostDeviceDetailsV2
.The legacy endpoint can still be called using the
GetDeviceDetailsV1
operation. - Adds three new operations to the Falcon Container Service Collection,
GetImageAssessmentReport
,DeleteImageDetails
andImageMatchesPolicy
.- A new enumerator,
ContainerBaseURL
is added for retrieving the Falcon Container Registry url base.
- A new enumerator,
- The default NoneType preference is updated for the
RTR_ListFiles
andRTR_ListFilesV2
operations when called by the Uber Class. - Adds the
host_timeout_duration
parameter toBatchActiveResponderCmd
,BatchCmd
,BatchGetCmd
andBatchInitSessions
operations within the Real Time Response Service Collection. - Multiple data quality updates within the
_endpoint
module. - Comment updates.
- Enhancement
- Bug fixes
- Updated unit tests
Unit test coverage
Name Stmts Miss Cover
------------------------------------------------------------------------------------
src/falconpy/__init__.py 69 0 100%
src/falconpy/_base_url.py 7 0 100%
src/falconpy/_container_base_url.py 6 0 100%
src/falconpy/_endpoint/__init__.py 125 0 100%
src/falconpy/_endpoint/_alerts.py 1 0 100%
src/falconpy/_endpoint/_cloud_connect_aws.py 1 0 100%
src/falconpy/_endpoint/_cspm_registration.py 1 0 100%
src/falconpy/_endpoint/_custom_ioa.py 1 0 100%
src/falconpy/_endpoint/_d4c_registration.py 1 0 100%
src/falconpy/_endpoint/_detects.py 1 0 100%
src/falconpy/_endpoint/_device_control_policies.py 1 0 100%
src/falconpy/_endpoint/_discover.py 1 0 100%
src/falconpy/_endpoint/_event_streams.py 1 0 100%
src/falconpy/_endpoint/_falcon_complete_dashboard.py 1 0 100%
src/falconpy/_endpoint/_falcon_container.py 1 0 100%
src/falconpy/_endpoint/_falconx_sandbox.py 1 0 100%
src/falconpy/_endpoint/_filevantage.py 1 0 100%
src/falconpy/_endpoint/_firewall_management.py 1 0 100%
src/falconpy/_endpoint/_firewall_policies.py 1 0 100%
src/falconpy/_endpoint/_host_group.py 1 0 100%
src/falconpy/_endpoint/_hosts.py 1 0 100%
src/falconpy/_endpoint/_identity_protection.py 1 0 100%
src/falconpy/_endpoint/_incidents.py 1 0 100%
src/falconpy/_endpoint/_installation_tokens.py 1 0 100%
src/falconpy/_endpoint/_intel.py 1 0 100%
src/falconpy/_endpoint/_ioa_exclusions.py 1 0 100%
src/falconpy/_endpoint/_ioc.py 1 0 100%
src/falconpy/_endpoint/_iocs.py 1 0 100%
src/falconpy/_endpoint/_kubernetes_protection.py 1 0 100%
src/falconpy/_endpoint/_malquery.py 1 0 100%
src/falconpy/_endpoint/_message_center.py 1 0 100%
src/falconpy/_endpoint/_ml_exclusions.py 1 0 100%
src/falconpy/_endpoint/_mobile_enrollment.py 1 0 100%
src/falconpy/_endpoint/_mssp.py 1 0 100%
src/falconpy/_endpoint/_oauth2.py 1 0 100%
src/falconpy/_endpoint/_overwatch_dashboard.py 1 0 100%
src/falconpy/_endpoint/_prevention_policies.py 1 0 100%
src/falconpy/_endpoint/_quarantine.py 1 0 100%
src/falconpy/_endpoint/_quick_scan.py 1 0 100%
src/falconpy/_endpoint/_real_time_response.py 1 0 100%
src/falconpy/_endpoint/_real_time_response_admin.py 1 0 100%
src/falconpy/_endpoint/_recon.py 1 0 100%
src/falconpy/_endpoint/_report_executions.py 1 0 100%
src/falconpy/_endpoint/_response_policies.py 1 0 100%
src/falconpy/_endpoint/_sample_uploads.py 1 0 100%
src/falconpy/_endpoint/_scheduled_reports.py 1 0 100%
src/falconpy/_endpoint/_sensor_download.py 1 0 100%
src/falconpy/_endpoint/_sensor_update_policies.py 1 0 100%
src/falconpy/_endpoint/_sensor_visibility_exclusions.py 1 0 100%
src/falconpy/_endpoint/_spotlight_evaluation_logic.py 1 0 100%
src/falconpy/_endpoint/_spotlight_vulnerabilities.py 1 0 100%
src/falconpy/_endpoint/_user_management.py 1 0 100%
src/falconpy/_endpoint/_zero_trust_assessment.py 1 0 100%
src/falconpy/_endpoint/deprecated/__init__.py 24 0 100%
src/falconpy/_endpoint/deprecated/_custom_ioa.py 1 0 100%
src/falconpy/_endpoint/deprecated/_discover.py 1 0 100%
src/falconpy/_endpoint/deprecated/_firewall_management.py 1 0 100%
src/falconpy/_endpoint/deprecated/_hosts.py 1 0 100%
src/falconpy/_endpoint/deprecated/_identity_protection.py 1 0 100%
src/falconpy/_endpoint/deprecated/_installation_tokens.py 1 0 100%
src/falconpy/_endpoint/deprecated/_ioc.py 1 0 100%
src/falconpy/_endpoint/deprecated/_iocs.py 1 0 100%
src/falconpy/_endpoint/deprecated/_real_time_response.py 1 0 100%
src/falconpy/_endpoint/deprecated/_real_time_response_admin.py 1 0 100%
src/falconpy/_endpoint/deprecated/_report_executions.py 1 0 100%
src/falconpy/_endpoint/deprecated/_scheduled_reports.py 1 0 100%
src/falconpy/_payload/__init__.py 26 0 100%
src/falconpy/_payload/_alerts.py 11 0 100%
src/falconpy/_payload/_cloud_connect_aws.py 22 0 100%
src/falconpy/_payload/_cspm_registration.py 40 0 100%
src/falconpy/_payload/_d4c_registration.py 10 0 100%
src/falconpy/_payload/_detects.py 13 0 100%
src/falconpy/_payload/_device_control_policy.py 13 0 100%
src/falconpy/_payload/_falconx.py 25 0 100%
src/falconpy/_payload/_firewall.py 98 0 100%
src/falconpy/_payload/_generic.py 65 0 100%
src/falconpy/_payload/_host_group.py 30 0 100%
src/falconpy/_payload/_incidents.py 15 0 100%
src/falconpy/_payload/_ioa.py 29 0 100%
src/falconpy/_payload/_ioc.py 36 0 100%
src/falconpy/_payload/_malquery.py 56 0 100%
src/falconpy/_payload/_message_center.py 22 0 100%
src/falconpy/_payload/_mssp.py 15 0 100%
src/falconpy/_payload/_prevention_policy.py 19 0 100%
src/falconpy/_payload/_real_time_response.py 27 0 100%
src/falconpy/_payload/_recon.py 72 0 100%
src/falconpy/_payload/_reports.py 18 0 100%
src/falconpy/_payload/_response_policy.py 19 0 100%
src/falconpy/_payload/_sensor_update_policy.py 24 0 100%
src/falconpy/_result.py 17 0 100%
src/falconpy/_service_class.py 68 0 100%
src/falconpy/_token_fail_reason.py 4 0 100%
src/falconpy/_uber_default_preference.py 3 0 100%
src/falconpy/_util.py 228 0 100%
src/falconpy/_version.py 10 0 100%
src/falconpy/alerts.py 31 0 100%
src/falconpy/api_complete.py 154 0 100%
src/falconpy/cloud_connect_aws.py 47 0 100%
src/falconpy/cspm_registration.py 122 0 100%
src/falconpy/custom_ioa.py 85 0 100%
src/falconpy/d4c_registration.py 51 0 100%
src/falconpy/detects.py 31 0 100%
src/falconpy/device_control_policies.py 68 0 100%
src/falconpy/discover.py 22 0 100%
src/falconpy/event_streams.py 19 0 100%
src/falconpy/falcon_complete_dashboard.py 76 0 100%
src/falconpy/falcon_container.py 21 0 100%
src/falconpy/falconx_sandbox.py 67 0 100%
src/falconpy/filevantage.py 13 0 100%
src/falconpy/firewall_management.py 81 0 100%
src/falconpy/firewall_policies.py 70 0 100%
src/falconpy/host_group.py 60 0 100%
src/falconpy/hosts.py 90 0 100%
src/falconpy/identity_protection.py 13 0 100%
src/falconpy/incidents.py 40 0 100%
src/falconpy/installation_tokens.py 37 0 100%
src/falconpy/intel.py 63 0 100%
src/falconpy/ioa_exclusions.py 32 0 100%
src/falconpy/ioc.py 49 0 100%
src/falconpy/iocs.py 39 0 100%
src/falconpy/kubernetes_protection.py 49 0 100%
src/falconpy/malquery.py 49 0 100%
src/falconpy/message_center.py 74 0 100%
src/falconpy/ml_exclusions.py 34 0 100%
src/falconpy/mobile_enrollment.py 17 0 100%
src/falconpy/mssp.py 130 0 100%
src/falconpy/oauth2.py 69 0 100%
src/falconpy/overwatch_dashboard.py 30 0 100%
src/falconpy/prevention_policy.py 61 0 100%
src/falconpy/quarantine.py 45 0 100%
src/falconpy/quick_scan.py 26 0 100%
src/falconpy/real_time_response.py 126 0 100%
src/falconpy/real_time_response_admin.py 74 0 100%
src/falconpy/recon.py 97 0 100%
src/falconpy/report_executions.py 23 0 100%
src/falconpy/response_policies.py 60 0 100%
src/falconpy/sample_uploads.py 24 0 100%
src/falconpy/scheduled_reports.py 19 0 100%
src/falconpy/sensor_download.py 32 0 100%
src/falconpy/sensor_update_policy.py 109 0 100%
src/falconpy/sensor_visibility_exclusions.py 32 0 100%
src/falconpy/spotlight_evaluation_logic.py 22 0 100%
src/falconpy/spotlight_vulnerabilities.py 30 0 100%
src/falconpy/user_management.py 137 0 100%
src/falconpy/zero_trust_assessment.py 12 0 100%
------------------------------------------------------------------------------------
TOTAL 4089 0 100%
Bandit analysis
[main] INFO running on Python 3.9.9
Run started:2022-08-30 06:01:37.408828
Test results:
No issues identified.
Code scanned:
Total lines of code: 37299
Total lines skipped (#nosec): 0
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 0
Medium: 0
High: 0
Total issues (by confidence):
Undefined: 0
Low: 0
Medium: 0
High: 0
Files skipped (0):
Added features and functionality
-
Updated: Updated operation payload parameter datatype details.
_endpoint/_ioc.py
_endpoint/_recon.py
_endpoint/_sample_uploads.py
-
Updated: Updated operation payload parameter data location details.
_endpoint/_falconx_sandbox.py
_endpoint/_sample_uploads.py
-
Added: New
host_timeout_duration
parameter toBatchActiveResponderCmd
,BatchCmd
,BatchGetCmd
andBatchInitSessions
operations within the Real Time Response Service Collection._endpoint/_real_time_response.py
-
Added: New
GetDeviceDetailsV2
andPostDeviceDetailsV2
operations to Hosts Service Collection.The operation
GetDeviceDetails
is now deprecated, and will eventually be removed from the CrowdStrike API. Due to backwards compatibility considerations, and the added functionality provided by the new endpoint, FalconPy will continue to support this operation ID by redirecting requests toPostDeviceDetailsV2
. IDs that are provided in incorrect payload destinations due to the differences between a GET and POST operation are migrated to the appropriate dictionary before the request is made. This solution is implemented within the Hosts Service Class (GetDeviceDetails
,get_device_details
) and within the Uber Class. Developers must upgrade installations to FalconPy v1.2.0 to benefit from this new functionality. Administrators and end users are strongly urged to consider upgrading to v1.2.0 before this endpoint is removed._endpoint/_hosts.py
_uber_default_preference.py
api_complete.py
hosts.py
tests/test_get_device_details.py
-
Added: Falcon Container registry functionality to Falcon Container Service Class.
This solution implements three "mock" operation IDs;
GetImageAssessmentReport
(get_assessment
),DeleteImageDetails
(delete_image_details
), andImageMatchesPolicy
(image_matches_policy
). All mocked operations are available from both the Service and Uber classes. The Falcon Container Registry base URL is calculated based upon the base URL used for authentication._endpoint/_falcon_container.py
__init__.py
_container_base_url.py
_uber_default_preference.py
_util.py
api_complete.py
falcon_container.py
tests/test_falcon_container.py
Issues resolved
-
Fixed: Default NoneType preference for body payloads sent to the
RTR_ListFiles
andRTR_ListFilesV2
operations. Closes #750._uber_default_preference.py
- Special thanks to @hiddenillusion for identifying this issue! 😄
-
Removed: Unused header payload parameters from operation payloads.
_endpoint/_falconx_sandbox.py
_endpoint/_firewall_management.py
_endpoint/_recon.py
_endpoint/_report_executions.py
_endpoint/_sample_uploads.py
-
Removed: Duplicate parameter definition (
after
) fromindicator_combined_v1
operation._endpoint/_ioc.py
Other
- Updated: Comment updates.
_endpoint/_d4c_registration.py
- Updated: Fixed docstring typo within
userActionV1
operation. Closes #763.user_management.py