pypi crowdstrike-falconpy 1.2.0
Version 1.2.0

latest releases: 1.4.6, 1.4.5, 1.4.4...
2 years ago

FalconPy v1.2

This version provides the following updates:

  • Adds GetDeviceDetailsV2 and PostDeviceDetailsV2 operations within the Hosts Service Collection. Legacy requests to the old operation GetDeviceDetails are gracefully redirected to the new operation PostDeviceDetailsV2.

    The legacy endpoint can still be called using the GetDeviceDetailsV1 operation.

  • Adds three new operations to the Falcon Container Service Collection, GetImageAssessmentReport, DeleteImageDetails and ImageMatchesPolicy.
    • A new enumerator, ContainerBaseURL is added for retrieving the Falcon Container Registry url base.
  • The default NoneType preference is updated for the RTR_ListFiles and RTR_ListFilesV2 operations when called by the Uber Class.
  • Adds the host_timeout_duration parameter to BatchActiveResponderCmd, BatchCmd, BatchGetCmd and BatchInitSessions operations within the Real Time Response Service Collection.
  • Multiple data quality updates within the _endpoint module.
  • Comment updates.
  • Enhancement
  • Bug fixes
  • Updated unit tests

Unit test coverage

Name                                                             Stmts   Miss  Cover
------------------------------------------------------------------------------------
src/falconpy/__init__.py                                            69      0   100%
src/falconpy/_base_url.py                                            7      0   100%
src/falconpy/_container_base_url.py                                  6      0   100%
src/falconpy/_endpoint/__init__.py                                 125      0   100%
src/falconpy/_endpoint/_alerts.py                                    1      0   100%
src/falconpy/_endpoint/_cloud_connect_aws.py                         1      0   100%
src/falconpy/_endpoint/_cspm_registration.py                         1      0   100%
src/falconpy/_endpoint/_custom_ioa.py                                1      0   100%
src/falconpy/_endpoint/_d4c_registration.py                          1      0   100%
src/falconpy/_endpoint/_detects.py                                   1      0   100%
src/falconpy/_endpoint/_device_control_policies.py                   1      0   100%
src/falconpy/_endpoint/_discover.py                                  1      0   100%
src/falconpy/_endpoint/_event_streams.py                             1      0   100%
src/falconpy/_endpoint/_falcon_complete_dashboard.py                 1      0   100%
src/falconpy/_endpoint/_falcon_container.py                          1      0   100%
src/falconpy/_endpoint/_falconx_sandbox.py                           1      0   100%
src/falconpy/_endpoint/_filevantage.py                               1      0   100%
src/falconpy/_endpoint/_firewall_management.py                       1      0   100%
src/falconpy/_endpoint/_firewall_policies.py                         1      0   100%
src/falconpy/_endpoint/_host_group.py                                1      0   100%
src/falconpy/_endpoint/_hosts.py                                     1      0   100%
src/falconpy/_endpoint/_identity_protection.py                       1      0   100%
src/falconpy/_endpoint/_incidents.py                                 1      0   100%
src/falconpy/_endpoint/_installation_tokens.py                       1      0   100%
src/falconpy/_endpoint/_intel.py                                     1      0   100%
src/falconpy/_endpoint/_ioa_exclusions.py                            1      0   100%
src/falconpy/_endpoint/_ioc.py                                       1      0   100%
src/falconpy/_endpoint/_iocs.py                                      1      0   100%
src/falconpy/_endpoint/_kubernetes_protection.py                     1      0   100%
src/falconpy/_endpoint/_malquery.py                                  1      0   100%
src/falconpy/_endpoint/_message_center.py                            1      0   100%
src/falconpy/_endpoint/_ml_exclusions.py                             1      0   100%
src/falconpy/_endpoint/_mobile_enrollment.py                         1      0   100%
src/falconpy/_endpoint/_mssp.py                                      1      0   100%
src/falconpy/_endpoint/_oauth2.py                                    1      0   100%
src/falconpy/_endpoint/_overwatch_dashboard.py                       1      0   100%
src/falconpy/_endpoint/_prevention_policies.py                       1      0   100%
src/falconpy/_endpoint/_quarantine.py                                1      0   100%
src/falconpy/_endpoint/_quick_scan.py                                1      0   100%
src/falconpy/_endpoint/_real_time_response.py                        1      0   100%
src/falconpy/_endpoint/_real_time_response_admin.py                  1      0   100%
src/falconpy/_endpoint/_recon.py                                     1      0   100%
src/falconpy/_endpoint/_report_executions.py                         1      0   100%
src/falconpy/_endpoint/_response_policies.py                         1      0   100%
src/falconpy/_endpoint/_sample_uploads.py                            1      0   100%
src/falconpy/_endpoint/_scheduled_reports.py                         1      0   100%
src/falconpy/_endpoint/_sensor_download.py                           1      0   100%
src/falconpy/_endpoint/_sensor_update_policies.py                    1      0   100%
src/falconpy/_endpoint/_sensor_visibility_exclusions.py              1      0   100%
src/falconpy/_endpoint/_spotlight_evaluation_logic.py                1      0   100%
src/falconpy/_endpoint/_spotlight_vulnerabilities.py                 1      0   100%
src/falconpy/_endpoint/_user_management.py                           1      0   100%
src/falconpy/_endpoint/_zero_trust_assessment.py                     1      0   100%
src/falconpy/_endpoint/deprecated/__init__.py                       24      0   100%
src/falconpy/_endpoint/deprecated/_custom_ioa.py                     1      0   100%
src/falconpy/_endpoint/deprecated/_discover.py                       1      0   100%
src/falconpy/_endpoint/deprecated/_firewall_management.py            1      0   100%
src/falconpy/_endpoint/deprecated/_hosts.py                          1      0   100%
src/falconpy/_endpoint/deprecated/_identity_protection.py            1      0   100%
src/falconpy/_endpoint/deprecated/_installation_tokens.py            1      0   100%
src/falconpy/_endpoint/deprecated/_ioc.py                            1      0   100%
src/falconpy/_endpoint/deprecated/_iocs.py                           1      0   100%
src/falconpy/_endpoint/deprecated/_real_time_response.py             1      0   100%
src/falconpy/_endpoint/deprecated/_real_time_response_admin.py       1      0   100%
src/falconpy/_endpoint/deprecated/_report_executions.py              1      0   100%
src/falconpy/_endpoint/deprecated/_scheduled_reports.py              1      0   100%
src/falconpy/_payload/__init__.py                                   26      0   100%
src/falconpy/_payload/_alerts.py                                    11      0   100%
src/falconpy/_payload/_cloud_connect_aws.py                         22      0   100%
src/falconpy/_payload/_cspm_registration.py                         40      0   100%
src/falconpy/_payload/_d4c_registration.py                          10      0   100%
src/falconpy/_payload/_detects.py                                   13      0   100%
src/falconpy/_payload/_device_control_policy.py                     13      0   100%
src/falconpy/_payload/_falconx.py                                   25      0   100%
src/falconpy/_payload/_firewall.py                                  98      0   100%
src/falconpy/_payload/_generic.py                                   65      0   100%
src/falconpy/_payload/_host_group.py                                30      0   100%
src/falconpy/_payload/_incidents.py                                 15      0   100%
src/falconpy/_payload/_ioa.py                                       29      0   100%
src/falconpy/_payload/_ioc.py                                       36      0   100%
src/falconpy/_payload/_malquery.py                                  56      0   100%
src/falconpy/_payload/_message_center.py                            22      0   100%
src/falconpy/_payload/_mssp.py                                      15      0   100%
src/falconpy/_payload/_prevention_policy.py                         19      0   100%
src/falconpy/_payload/_real_time_response.py                        27      0   100%
src/falconpy/_payload/_recon.py                                     72      0   100%
src/falconpy/_payload/_reports.py                                   18      0   100%
src/falconpy/_payload/_response_policy.py                           19      0   100%
src/falconpy/_payload/_sensor_update_policy.py                      24      0   100%
src/falconpy/_result.py                                             17      0   100%
src/falconpy/_service_class.py                                      68      0   100%
src/falconpy/_token_fail_reason.py                                   4      0   100%
src/falconpy/_uber_default_preference.py                             3      0   100%
src/falconpy/_util.py                                              228      0   100%
src/falconpy/_version.py                                            10      0   100%
src/falconpy/alerts.py                                              31      0   100%
src/falconpy/api_complete.py                                       154      0   100%
src/falconpy/cloud_connect_aws.py                                   47      0   100%
src/falconpy/cspm_registration.py                                  122      0   100%
src/falconpy/custom_ioa.py                                          85      0   100%
src/falconpy/d4c_registration.py                                    51      0   100%
src/falconpy/detects.py                                             31      0   100%
src/falconpy/device_control_policies.py                             68      0   100%
src/falconpy/discover.py                                            22      0   100%
src/falconpy/event_streams.py                                       19      0   100%
src/falconpy/falcon_complete_dashboard.py                           76      0   100%
src/falconpy/falcon_container.py                                    21      0   100%
src/falconpy/falconx_sandbox.py                                     67      0   100%
src/falconpy/filevantage.py                                         13      0   100%
src/falconpy/firewall_management.py                                 81      0   100%
src/falconpy/firewall_policies.py                                   70      0   100%
src/falconpy/host_group.py                                          60      0   100%
src/falconpy/hosts.py                                               90      0   100%
src/falconpy/identity_protection.py                                 13      0   100%
src/falconpy/incidents.py                                           40      0   100%
src/falconpy/installation_tokens.py                                 37      0   100%
src/falconpy/intel.py                                               63      0   100%
src/falconpy/ioa_exclusions.py                                      32      0   100%
src/falconpy/ioc.py                                                 49      0   100%
src/falconpy/iocs.py                                                39      0   100%
src/falconpy/kubernetes_protection.py                               49      0   100%
src/falconpy/malquery.py                                            49      0   100%
src/falconpy/message_center.py                                      74      0   100%
src/falconpy/ml_exclusions.py                                       34      0   100%
src/falconpy/mobile_enrollment.py                                   17      0   100%
src/falconpy/mssp.py                                               130      0   100%
src/falconpy/oauth2.py                                              69      0   100%
src/falconpy/overwatch_dashboard.py                                 30      0   100%
src/falconpy/prevention_policy.py                                   61      0   100%
src/falconpy/quarantine.py                                          45      0   100%
src/falconpy/quick_scan.py                                          26      0   100%
src/falconpy/real_time_response.py                                 126      0   100%
src/falconpy/real_time_response_admin.py                            74      0   100%
src/falconpy/recon.py                                               97      0   100%
src/falconpy/report_executions.py                                   23      0   100%
src/falconpy/response_policies.py                                   60      0   100%
src/falconpy/sample_uploads.py                                      24      0   100%
src/falconpy/scheduled_reports.py                                   19      0   100%
src/falconpy/sensor_download.py                                     32      0   100%
src/falconpy/sensor_update_policy.py                               109      0   100%
src/falconpy/sensor_visibility_exclusions.py                        32      0   100%
src/falconpy/spotlight_evaluation_logic.py                          22      0   100%
src/falconpy/spotlight_vulnerabilities.py                           30      0   100%
src/falconpy/user_management.py                                    137      0   100%
src/falconpy/zero_trust_assessment.py                               12      0   100%
------------------------------------------------------------------------------------
TOTAL                                                             4089      0   100%

Bandit analysis

[main]	INFO	running on Python 3.9.9
Run started:2022-08-30 06:01:37.408828

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 37299
	Total lines skipped (#nosec): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
Files skipped (0):

Added features and functionality

  • Updated: Updated operation payload parameter datatype details.

    • _endpoint/_ioc.py
    • _endpoint/_recon.py
    • _endpoint/_sample_uploads.py
  • Updated: Updated operation payload parameter data location details.

    • _endpoint/_falconx_sandbox.py
    • _endpoint/_sample_uploads.py
  • Added: New host_timeout_duration parameter to BatchActiveResponderCmd, BatchCmd, BatchGetCmd and BatchInitSessions operations within the Real Time Response Service Collection.

    • _endpoint/_real_time_response.py
  • Added: New GetDeviceDetailsV2 and PostDeviceDetailsV2 operations to Hosts Service Collection.

    The operation GetDeviceDetails is now deprecated, and will eventually be removed from the CrowdStrike API. Due to backwards compatibility considerations, and the added functionality provided by the new endpoint, FalconPy will continue to support this operation ID by redirecting requests to PostDeviceDetailsV2. IDs that are provided in incorrect payload destinations due to the differences between a GET and POST operation are migrated to the appropriate dictionary before the request is made. This solution is implemented within the Hosts Service Class (GetDeviceDetails, get_device_details) and within the Uber Class. Developers must upgrade installations to FalconPy v1.2.0 to benefit from this new functionality. Administrators and end users are strongly urged to consider upgrading to v1.2.0 before this endpoint is removed.

    • _endpoint/_hosts.py
    • _uber_default_preference.py
    • api_complete.py
    • hosts.py
    • tests/test_get_device_details.py
  • Added: Falcon Container registry functionality to Falcon Container Service Class.

    This solution implements three "mock" operation IDs; GetImageAssessmentReport (get_assessment), DeleteImageDetails (delete_image_details), and ImageMatchesPolicy (image_matches_policy). All mocked operations are available from both the Service and Uber classes. The Falcon Container Registry base URL is calculated based upon the base URL used for authentication.

    • _endpoint/_falcon_container.py
    • __init__.py
    • _container_base_url.py
    • _uber_default_preference.py
    • _util.py
    • api_complete.py
    • falcon_container.py
    • tests/test_falcon_container.py

Issues resolved

  • Fixed: Default NoneType preference for body payloads sent to the RTR_ListFiles and RTR_ListFilesV2 operations. Closes #750.

    • _uber_default_preference.py
    • Special thanks to @hiddenillusion for identifying this issue! 😄
  • Removed: Unused header payload parameters from operation payloads.

    • _endpoint/_falconx_sandbox.py
    • _endpoint/_firewall_management.py
    • _endpoint/_recon.py
    • _endpoint/_report_executions.py
    • _endpoint/_sample_uploads.py
  • Removed: Duplicate parameter definition (after) from indicator_combined_v1 operation.

    • _endpoint/_ioc.py

Other

  • Updated: Comment updates.
    • _endpoint/_d4c_registration.py
  • Updated: Fixed docstring typo within userActionV1 operation. Closes #763.
    • user_management.py

Don't miss a new crowdstrike-falconpy release

NewReleases is sending notifications on new releases.