- Added: Enhanced payload handler for
create_ruleoperation to allow for passing a list of dictionaries for thefield_valueskeyword. Closes #916._payload/_ioa.pytests/test_custom_ioa.py
- Added: 5 new operations added to the KubernetesProtection Service Class,
GetAzureInstallScript,GetAzureTenantConfig,GetAzureTenantIDs,GetCombinedCloudClusters, andGetStaticScripts._endpoint/_kubernetes_protection.pykubernetes_protection.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_protection.py
- Fixed: Updated docstring comments to properly reflect syntax for providing a trusted certificate bundle for API requests. Closes #910.
_service_class.pyapi_complete.py
- Pinned: IPython version pinned to 8.10.0 to avoid
SNYK-PYTHON-IPYTHON-3318382.requirements-dev.txt
- Fixed: Added missing
idskeyword handlers for Uber Class operation calls. Closes #919._uber_default_preferences.py
- Fixed: Updated docstrings for
combinedQueryVulnerabilitiesoperation to properly list request limit of 5000. Closes #922.spotlight_vulnerabilities.py
- Updated: Removed unnecessary
sourceparameter from endpoint module forArchiveUploadV2operation._endpoint/_sample_uploads.py
- Added: Two new operations added to the Discover Service Class,
query_applicationsandget_applications.discover.py
Unit testing expanded to complete code coverage.
tests/test_discover.py
-
Fixed: Added
variableskeyword toGraphQLwithin IdentityProtection Service Class. Closes #902.identity_protection.py
Unit testing expanded to complete code coverage.
tests/test_identity_protection.py- Thanks go out to @cl6227 for identifying and reporting this issue! 🙇
-
Fixed: Missing default value for
file_datakeyword argument of theupload_samplemethod of the SampleUploads Service Class. Closes #898.falconx_sandbox.py- Thanks go out to @awhogan for identifying and reporting this issue! 🙇
- Added: Two new operations added to the DeviceControlPolicies Service Class,
getDefaultDeviceControlPoliciesandupdateDefaultDeviceControlPolicies.device_control_policies.py
Adds one new payload handler.
_payload/__init__.py_payload/_device_control_policy.py
Unit testing expanded to complete code coverage.
tests/test_device_control_policies.py
- Added: Three new operations to the Intel Service Class,
GetMitreReport,PostMitreAttacksandQueryMitreAttacks.intel.py
Unit testing expanded to complete code coverage.
tests/test_intel.py
- Fixed: Error handling
idargument within the body payload handler for theupdateDeviceControlPoliciesoperation._payload/_device_control_policy.py- Special thanks go out to @CommonVulnerability for reporting this issue and submitting the fix! 🙇
- Updated: Removed
scans_reportoperation from the new ODS Service Class.ods.py
Unit testing updated.
tests/test_ods.py
- Fixed: Authentication object synchronization issue for certain scenarios. Relates to #829.
_util.py- Thanks go out to @davidt99 for contributing this fix!
- Fixed: Add missing operation IDs to
PREFER_IDS_IN_BODYconstant to trigger Uber Class body payload abstraction for theidskeyword. Closes #864._uber_default_preference.py- Thanks to @tsullivan06 for identifying this issue!
- Added: One operation added to the SampleUploads Service Class,
ArchiveUploadV1.sample_uploads.py
Unit testing expanded to complete code coverage.
tests/test_sample_uploads.py
- Added: Four new operations to the KubernetesProtection Service Class,
ListAzureAccounts,CreateAzureSubscription,DeleteAzureSubscription, andPatchAzureServicePrincipal.kubernetes_protection.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_protection.py
-
Fixed: Missing redirection endpoints for legacy operations within the MSSP Service Class. (
getCIDGroupMembersByV1,getCIDGroupByIdV1,getUserGroupMembersByIDV1andgetUserGroupsByIDV1) Calls to the generic operation ID (ex:getUserGroupsByID) are redirected to the v2 equivalent. Closes #859.mssp.py
-
Fixed: Added missing redirection for
update_policy_container_v2operation to the FirewallManagement Service Class. Closes #856.firewall_management.py
-
Added: Nine new operations added to the FirewallManagement Service Class. (
get_network_location_details,update_network_locations_metadata,update_network_locations_precedence,get_network_locations,create_network_locations,update_network_locations,upsert_network_locations,delete_network_locations,query_network_locations)firewall_management.py_endpoint/_firewall_management.py
Adds two new payload handlers.
_payload/_firewall.py
Unit testing expanded to complete code coverage.
tests/test_firewall_management.py
-
Added: Five new operations added to the Flight Control (MSSP) Service Class. (
getChildrenV2,getCIDGroupMembersByV2,getCIDGroupByIdV2,getUserGroupMembersByIDV2,getUserGroupsByIDV2)mssp.py_endpoint/_mssp.py
Unit testing expanded to complete code coverage.
tests/test_mssp.py
-
Added: One new operation added to the Hosts Service Class. (
entities_perform_action)hosts.py_endpoint/_hosts.py
One new payload handler was added.
_payload/_generic.py
Unit testing expanded to complete code coverage.
tests/test_hosts.py
-
Added: One new operation added to the InstallationTokens Service Class. (
customer_settings_update)installation_tokens.py_endpoint/_installation_tokens.py
One new payload handler was added.
_payload/_generic.py
Unit testing expanded to complete code coverage.
tests/test_installation_tokens.py
-
Added: Two new operations added to the Intel Service Class. (
GetVulnerabilities,QueryVulnerabilities)intel.py_endpoint/_intel.py
Unit testing expanded to complete code coverage.
tests/test_intel.py
-
Added: New ODS Service Class (On Demand Scan) with fifteen new operations. (
aggregate_scans,aggregate_scheduled_scans,get_malicious_files_by_id,cancel_scans,get_scan_host_metadata_by_ids,scans_report,get_scans_by_scan_ids,scans_report,get_scheduled_scans_by_scan_ids,schedule_scan,delete_scheduled_scans,query_malicious_files,query_scan_host_metadata,query_scans,query_scheduled_scans)__init__.pyods.py_endpoint/__init__.py_endpoint/_ods.py_endpoint/deprecated/__init__.py_endpoint/deprecated/_ods.py
Two new payload handlers were added.
_payload/_ods.py
New unit testing implemented to confirm functionality and complete code coverage.
tests/test_ods.py
-
Added: Seven new operations added to the Recon Service Class. (
AggregateNotificationsExposedDataRecordsV1,GetFileContentForExportJobsV1,GetExportJobsV1,CreateExportJobsV1,DeleteExportJobsV1,GetNotificationsExposedDataRecordsV1,QueryNotificationsExposedDataRecordsV1)recon.py_endpoint/_recon.py
One new payload handler was added.
_payload/_recon.py
Unit testing expanded to complete code coverage.
tests/test_recon.py
-
Added: Seven new operations added to the SampleUploads Service Class. (
ArchiveListV1,ArchiveGetV1,ArchiveDeleteV1,ArchiveUploadV2,ExtractionListV1,ExtractionGetV1,ExtractionCreateV1)sample_uploads.py_endpoint/_sample_uploads.py
One new payload handler was added.
_payload/_sample_uploads.py
Unit testing expanded to complete code coverage.
tests/test_sample_uploads.pytests/testfile.zip
- Changed: Due to updates in the latest Ubuntu version used in GitHub actions, unit testing for Python 3.6 has been split off to a stand alone workflow.
- Added: Python 3.11 support.
setup.py
- Fixed: Invalid
bodypayload when leveraging the Uber Class to call theRTR_DeleteSessionoperation. Closes #839._uber_default_preference.py
- Added: New TailoredIntelligence Service Class.
__init__.pytailored_intelligence.py_endpoint/__init__.py_endpoint/_tailored_intelligence.pytests/test_tailored_intelligence.py
Unit testing expanded to complete code coverage.
- Added:
GetD4CAwsAccount,CreateD4CAwsAccount,DeleteD4CAwsAccount,GetD4CAwsConsoleSetupURLs,GetD4CAWSAccountScriptsAttachment, andGetHorizonD4CScriptsoperations to the D4CRegistration Service Class.d4c_registration.py_endpoint/_d4c_registration.py_payload/__init__.py_payload/_d4c_registration.py
Adds one new payload handler.
tests/test_d4c_registration.py
Unit testing expanded to complete code coverage.
- Added:
update_policy_container_v1,create_rule_group_validation,update_rule_group_validation, andvalidate_filepath_patternoperations to the FirewallManagement Service Class.firewall_management.py_endpoint/_firewall_management.py
The legacy operation
update_policy_containernow points to the updated endpoint/fwmgr/entities/policies/v2._payload/__init__.py_payload/_firewall.py
Adds two new payload handlers.
tests/test_firewall_management.py
Unit testing expanded to complete code coverage.
- Added:
indicator_aggregate_v1,action_get_v1,GetIndicatorsReport,action_query_v1,ioc_type_query_v1,platform_query_v1, andseverity_query_v1operations to the IOC Service Class.ioc.py_endpoint/_ioc.py_payload/__init__.py_payload/_ioc.py
Adds one new payload handler.
tests/test_ioc.py
Unit testing expanded to complete code coverage.
- Added: from_parent parameter to the
indicator_delete_v1operation within the IOC Service Class.ioc.py_endpoint/_ioc.py
- Added: timeout and timeout_duration parameters to the
RTR_InitSessionoperation within the RealTimeResponse Service Class.real_time_response.py_endpoint/_real_time_response.py
- Added: host_timeout_duration parameter to the
BatchAdminCmdoperation within the RealTimeResponseAdmin Service Class.real_time_response_admin.py_endpoint/_real_time_response_admin.py
- Added: Maximum and minimum limits for the limit parameter used by the
QueryNotificationsV1operation within the Recon Service Class._endpoint/_recon.py
- Added: New
ReadImageVulnerabilitiesoperation to the FalconContainer Service Class.falcon_container.py_endpoint/_falcon_container.py_payload/__init__.py_payload/_container.py
Adds one new payload handler.
tests/test_falcon_container.py
Unit testing expanded to complete code coverage.
- Updated: Updated the description, changed datatype from
stringtointand added maximum / minimum limits for the offset parameter used by theQueryActionsV1operation within the Recon Service Class._endpoint/_recon.py
- Removed:
X-CS-USERNAMEparameter from all operations within the IOC Service Class._endpoint/_ioc.py
- Updated: query_rule_groups_full and query_rule_groupsMixin0 operations - Removed
descriptionas an available field from enum. Updated operation description._endpoint/_custom_ioa.py
- Updated: Changed collectionFormat value from
csvtomultifor multiple operations within the_endpointmodule._endpoint/_ioa_exclusions.py(getIOAExclusionsV1, deleteIOAExclusionsV1)_endpoint/_ml_exclusions.py(getMLExclusionsV1, deleteMLExclusionsV1)_endpoint/_sensor_visibility_exclusions.py(getSensorVisibilityExclusionsV1, deleteSensorVisibilityExclusionsV1)
- Updated: Removed maxLength and minLength values for multiple operations within the
_endpointmodule._endpoint/_device_control_policies.py(getDeviceControlPolicies, deleteDeviceControlPolicies)_endpoint/_firewall_policies.py(getFirewallPolicies, deleteFirewallPolicies)_endpoint/_host_group.py(getHostGroups, deleteHostGroups)_endpoint/_prevention_policies.py(getPreventionPolicies, deletePreventionPolicies)_endpoint/_response_policies.py(getRTResponsePolicies, deleteRTResponsePolicies)_endpoint/_sensor_update_policies.py(getSensorUpdatePolicies, deleteSensorUpdatePolicies, getSensorUpdatePoliciesV2)
- Updated: GovCloud headers are now returned when providing GovCloud credentials to a commercial cloud region. Deprecated fallback handler within
autodiscover_regionmethod._util.py
This code will be retained for now. As of this version, GovCloud region autodiscovery is not supported.
- Updated: Pinned
setuptoolsversion to 65.5.1 (SNYK-PYTHON-SETUPTOOLS-3113904).requirements-dev.txt
- Added: Specify
N-1andN-2within the Sensor Download sample. Closes #793.samples/sensor_download/download_sensor.py
-
Fixed: Invalid
bodypayload passed when leveraging the Uber Class to call theRTR_GetExtractedFileContentsoperation. Closes #788._uber_default_preference.py
-
Fixed: Invalid data type comparison in RTR dump memory sample.
samples/rtr/pid-dump/rtr_dump_memory.py
-
Fixed: Invalid arguments provided to
execute_admin_commandmethod within RTR dump memory sample. Closes #789.samples/rtr/pid-dump/rtr_dump_memory.py
- Added: Easy Object Authentication syntax. You no longer need to specify the
auth_objectattribute of the Service Class you are using to authenticate to subsequent Service Classes. Legacy Object Authentication is still (and will always be) fully supported.import os from falconpy import Hosts from falconpy import HostGroup # Old Syntax hosts = Hosts(client_id=os.getenv("FALCON_CLIENT_ID"), client_secret=os.getenv("FALCON_CLIENT_SECRET") ) hostgroups = HostGroup(auth_object=hosts.auth_object) # New Syntax hosts = Hosts(client_id=os.getenv("FALCON_CLIENT_ID"), client_secret=os.getenv("FALCON_CLIENT_SECRET") ) hostgroups = HostGroup(auth_object=hosts)
_service_class.pytests/test_authentications.py
- Changed: Updated development package module name to be
falconpydevto prevent confusion with the production package module name.dev_setup.py
- Added: Added alias for
post_device_details_v2to Hosts Service Class. Closes #773.hosts.pytests/manual/test_get_device_details.py
- Fixed: Typo in docstring for
perform_incident_actionmethod. Closes #776.incidents.py
- Fixed: Added
host_timeout_durationdocumentation to docstrings within operations in the Real Time Response Service Class.real_time_response.py
- Updated: Adjusted unit testing to cover new API returns.
tests/falcon_container.pytests/kubernetes_protection.py
-
Updated: Updated operation payload parameter datatype details.
_endpoint/_ioc.py_endpoint/_recon.py_endpoint/_sample_uploads.py
-
Updated: Updated operation payload parameter data location details.
_endpoint/_falconx_sandbox.py_endpoint/_sample_uploads.py
-
Added: New
host_timeout_durationparameter toBatchActiveResponderCmd,BatchCmd,BatchGetCmdandBatchInitSessionsoperations within the Real Time Response Service Collection._endpoint/_real_time_response.py
-
Added: New
GetDeviceDetailsV2andPostDeviceDetailsV2operations to Hosts Service Collection.The operation
GetDeviceDetailsis now deprecated, and will eventually be removed from the CrowdStrike API. Due to backwards compatibility considerations, and the added functionality provided by the new endpoint, FalconPy will continue to support this operation ID by redirecting requests toPostDeviceDetailsV2. IDs that are provided in incorrect payload destinations due to the differences between a GET and POST operation are migrated to the appropriate dictionary before the request is made. This solution is implemented within the Hosts Service Class (GetDeviceDetails,get_device_details) and within the Uber Class. Developers must upgrade installations to FalconPy v1.2.0 to benefit from this new functionality. Administrators and end users are strongly urged to consider upgrading to v1.2.0 before this endpoint is removed._endpoint/_hosts.py_uber_default_preference.pyapi_complete.pyhosts.pytests/test_get_device_details.py
-
Added: Falcon Container registry functionality to Falcon Container Service Class.
This solution implements three "mock" operation IDs;
GetImageAssessmentReport(get_assessment),DeleteImageDetails(delete_image_details), andImageMatchesPolicy(image_matches_policy). All mocked operations are available from both the Service and Uber classes. The Falcon Container Registry base URL is calculated based upon the base URL used for authentication._endpoint/_falcon_container.py__init__.py_container_base_url.py_uber_default_preference.py_util.pyapi_complete.pyfalcon_container.pytests/test_falcon_container.py
-
Fixed: Default NoneType preference for body payloads sent to the
RTR_ListFilesandRTR_ListFilesV2operations. Closes #750._uber_default_preference.py
-
Removed: Unused header payload parameters from operation payloads.
_endpoint/_falconx_sandbox.py_endpoint/_firewall_management.py_endpoint/_recon.py_endpoint/_report_executions.py_endpoint/_sample_uploads.py
-
Removed: Duplicate parameter definition (
after) fromindicator_combined_v1operation._endpoint/_ioc.py
- Updated: Comment updates.
_endpoint/_d4c_registration.py
- Updated: Fixed docstring typo within
userActionV1operation. Closes #763.user_management.py
-
Added: New Alerts service collection operation -
PatchEntitiesAlertsV2(update_alerts_v2)._endpoint/_alerts.py_payload/_alerts.pyalerts.pytests/test_alerts.py
-
Added: New Service Collection - Mobile Enrollment. Matching Service Class / Uber Class functionality. Unit testing expanded to cover new methods.
_endpoint/_mobile_enrollment.pymobile_enrollment.pytests/test_mobile_enrollment.py
-
Added: New User Management service collection operations
- combinedUserRolesV1 -
get_user_grants - get_user_roles -
get_user_grants - get_user_roles_combined -
get_user_grants - entitiesRolesV1 -
get_roles_mssp - userActionV1 -
user_action - userRolesActionV1 -
user_roles_action - retrieveUsersGETV1 -
retrieve_users - createUserV1 -
create_user_mssp - deleteUserV1 -
delete_user_mssp - updateUserV1 -
update_user_mssp - queryRolesV1 -
query_roles - queriesRolesV1 -
query_roles - queryUserV1 -
query_users
user_management.pytests/test_user_management.py
- combinedUserRolesV1 -
-
Added: Extended custom headers (
ext_headers) functionality for Service Classes._service_class.py
- Added: Alias for
get_online_state_v1. Closes #739.hosts.py
- Added: New Service Collection - Alerts. Matching Service Class / Uber class functionality. Unit testing expanded to cover new methods.
_endpoint/__init__.py_endpoint/_alerts.py_payload/__init__.py_payload/_alerts.pyalerts.py__init__.pytests/test_alerts.py
- Added: Expanded IdentityProtection unit testing to cover
US-2.tests/test_identity_protection.py
- Fixed: Uber Class override keyword requires a null action parameter. Closes #706.
api_complete.py
- Fixed: Responses containing charset are not parsed as JSON. This impacted responses from the Identity Protection service collection. Closes #708.
_util.pytests/test_identity_protection.py- Thanks to @hod-alpert for identifying and resolving this issue!
- Moved: Abstracted Cloud Region autodiscovery functionality into a standalone method to reduce code segment size.
_util.py
- Added: New operation - AzureDownloadCertificate (CSPMRegistration)
_endpoint/_cspm_registration.pycspm_registration.pytests/test_cspm_registration.py
- Added: New operation - DiscoverCloudAzureDownloadCertificate (D4CRegistration)
_endpoint/_d4c_registration.pyd4c_registation.pytests/test_d4c_registration.py
- Added: New parameter -
disable_hostname_check(QueryString) in performGroupAction (HostGroup)_endpoint/_host_group.pyhost_group.py
- Added: New operation - GetOnlineState_V1 (Hosts)
_endpoint/_hosts.pyhosts.pytests/test_hosts.py
- Added: New parameter -
include_relationsin QueryIntelIndicatorEntities and QueryIntelIndicatorIds (Intel)_endpoint/_intel.pyintel.py
- Added: New operations - RTR_GetPut_FilesV2 and RTR_GetScriptsV2 (RTR Administration)
_endpoint/_real_time_response_admin.pyreal_time_response_admin.pytests/test_real_time_response_admin.py
- Updated: DataType -
csv->multifor thefacetparameter in combinedQueryVulnerabilities (SpotlightVulnerabilities)_endpoint/_spotlight_vulnerabilities.py
- Fixed: Docstring typo in
create_rule_groupmethod (FirewallManagement)firewall_management.py
- Fixed: Typo in supported values definition for combinedQueryVulnerabilities endpoint definition.
_
_endpoint/_spotlight_vulnerabilities.py
- Added: Firewall rules payload abstraction for the
create_rule_groupmethod. Firewall diff_operations payload abstraction for theupdate_rule_groupmethod._payload/_firewall.pyfirewall_management.pytests/test_firewall_management.py
- Fixed: Resolved issue with aggregate payload generation within the Detects, MessageCenter and Recon Service Classes. Closes #664.
detects.pymessage_center.pyrecon.py
- Updated: Added macOS environment detail to docstring in
submitmethod of the Falcon X Sandbox Service Class. Closes #651.falconx_sandbox.py
- Bug fix: Resolved issue impacting the creation of certain action parameters used within payloads for the
perform_incident_actionmethod of the Incidents Service Class. Closes #656._payload/_incidents.py
-
Added: Results object expansion - expanded results are returned as a tuple, Ex:
(status_code, headers, content). This allows for headers and status to be checked on binary API returns. Expanded results are supported for all calls to the API and can be requested from any Service Class method or the Uber Class command method using the keywordexpand_result._result.py_util.pyapi_complete.pytest_sample_uploads.py
Example
# Pass a boolean True to the `expand_result` keyword to request expanded results. download_result = samples.get_sample(ids=file_sha, expand_result=True) # We're returned a tuple (status, headers, content) # Status will be in 0 print(f"Status returned: {download_result[0]}") # Headers will be in 1 print(f"Headers returned: {download_result[1]}") # File content will be in 2 with open(example_file, "wb") as download_file: download_file.write(download_result[2])
-
Added: Specify action_parameters keys for perform operations using keywords instead of a list of dictionaries.
- Keyword:
group_iddevice_control_policies.py(perform_action method)firewall_policies.py(perform_action method)prevention_policy.py(perform_policies_action method)response_policies.py(perform_policies_action method)sensor_update_policy.py(perform_policies_action method)
- Keyword:
filterhost_group.py(perform_group_action method)
- Keywords:
add_tag,delete_tag,unassign,update_name,update_assigned_to_v2,update_description,update_status_payload/__init__.py_payload/_incidents.pyincidents.py(perform_incident_action method)
- Keyword:
- Fixed: Docstring typo in sort options for
query_accountsandquery_loginsmethods within the Discover Service Class.discover.py
- Fixed: Docstring typo not listing
idrequirements for keyword submissions to theindicator_updatemethod within the IOC Service Class.ioc.py
- Fixed: Docstring typo listing an incorrect return type for the
get_downloadoperation within the ReportExecutions Service Class.report_executions.py
- Fixed: Docstring typo in Real Time Response Service Class referencing non-existent
action_parameterspayload element.real_time_response.py
- Added: Babel fish operation ID to endpoint translator.
util/babel_fish.py
- Added: FalconPy terminal word search utility.
util/find-strings.sh
- Added: FalconPy module listing utility.
util/public-modules.sh
- Added: FalconPy version check utility.
util/vcheck.sh
- Added: New versions of two operations within the Real Time Response Service Class.
list_files_v2anddelete_file_v2are used the same as the original methods, but provide more results detail. You should leveragedelete_file_v2if you are retrieving files usinglist_files_v2._endpoint/_real_time_response.pyreal_time_response.pytests/test_real_time_response.py
- Added: New Discover service collection endpoints, matching Service Class operations and unit testing.
- New method:
get_accounts - New method:
get_logins - New method:
query_accounts - New method:
query_logins
_endpoint/_discover.pydiscover.pytests/test_discover.py
- New method:
- Fixed: Docstring typo for the
combinedQueryVulnerabilitiesoperation within the Spotlight Vulnerabilities Service Class. Closes #608.spotlight_vulnerabilities.py
- Added: Spotlight Evaluation Logic Service Class, related service collection endpoints and related unit tests.
_endpoint/__init__.py_endpoint/_spotlight_evaluation_logic.py__init__.pyspotlight_evaluation_logic.pytests/test_spotlight_evaluation_logic.py
- Fixed: Invalid empty payload sent by
report_executions_download_getoperation when leveraging the Uber Class. Closes #596._util.pyapi_complete.pytests/test_uber_api_complete.py- Thanks to @tsullivan06 for his assistance in identifying this issue!
- Fixed: Typo in docstring - cspm_registration.py#571,
recurring->reoccurring. Closes #592.cspm_registration.py
- Added: Updated docstring to reflect newly available host actions. Closes #585.
hosts.py
- Added: Return headers on failed authorization (401) when using the Uber class. Closes #578.
_util.pyapi_complete.py- Thank you to @tsullivan06 for this enhancement suggestion!
- Added: Allow dashed base url specifiers when creating instances of any class. Closes #580.
_util.py- Thanks to @jhseceng for this enhancement suggestion!
- Fixed: Bandit false positive introduced by changes to hard-coded password scanning in v1.7.3. Relates to PyCQA/bandit#843.
_token_fail_reason.pyapi_complete.pyoauth2.py
- Updated: Docstrings updated to reflect newly available platform names (
android,iOS). Closes #582.prevention_policy.py
- Added: Argument check in
update_detects_by_ids(UpdateDetectsByIdsV2). When only acommentkeyword is provided,show_in_uiis appended to the request with aTruevalue, which satisfies update requirements.detects.pytests/test_detects.py
- Added: Default value of
0forsequence_idkeyword incheck_command_status,check_active_responder_command_statusandcheck_admin_command_statusmethods within Real Time Response Service Classes.real_time_response.pyreal_time_response_admin.py
- Added: Publicly exposed
confirm_base_region,confirm_base_urlmethods andBaseURLenumerator.__init__.py
- Fixed: Missing alias for
api_preempt_proxy_post_graphql(Operation ID syntax) in Identity Protection Service Class. Closes #567.identity_protection.py- Thanks to @tsullivan06 for identifying and reporting this issue!
- Fixed: Incorrect variable used for dictionary key on boolean values within
command_payloadbody payload handler. Closes #568._payload/_real_time_response.py- Relates to discussion #415
-
Added: Token renewal window customization. Developers may now customize the length of time between token expiration and token renewal. (Max: 20 minutes)
from falconpy import APIHarness from falconpy import OAuth2 uber = APIHarness(client_id="CLIENT_ID", client_secret="CLIENT_SECRET", renew_window=300) service = OAuth2(client_id="CLIENT_ID", client_secret="CLIENT_SECRET", renew_window=60)
_service_class.pyapi_complete.pyoauth2.pytests/test_authentications.py- Thank you to @tsullivan06 for this contribution!
-
Added: Error handling for when calling
query_vulnerabilities_combined(combinedQueryVulnerabilities) without specifying afilterargument. (Must be present as a keyword or as part of theparametersdictionary.)spotlight_vulnerabilities.pytests/test_spotlight_vulnerabilities.py- Thank you to @tsullivan06 for this contribution!
-
Added: Export of
ServiceClassgeneric base class as part of__all__within__init__.py. This change will allow developers to inherit from the Service Class base class without importing a protected module (which generates a warning in some editors).from falconpy import ServiceClass
__init__.py- Thank you to @morcef for this contribution!
- Fixed: Authentication issue when provided a base_url containing a trailing backslash.
_util.pytests/test_authorizations.py- Thanks to @mwb8 for identifying and reporting this issue!
- Fixed: Bug in
process_service_request(_util.py) impacting thepartitionkeyword argument of therefresh_active_streammethod in the Event Streams Service Class. Closes #547._util.pytests/test_event_streams.py- Thanks go out to @kra-ts for contributing this fix!
- Added: New queryCombinedSensorUpdateKernels and querySensorUpdateKernelsDistinct operations. (SensorUpdatePolicy Service Class, Uber Class)
_endpoint/_sensor_update_policies.py_util.py_version.pyapi_complete.pysensor_update_policy.pytests/test_sensor_update_policy.pytests/test_uber_api_complete.py
- Fixed: Parameter abstraction handling issue with the
organization_idskeyword of thedelete_aws_accountandget_aws_accountmethods within the CSPMRegistration Service Class. Closes #539.cspm_registration.pytests/test_cspm_registration.py
Stable Release
- Updated: Author information,
AUTHORS.md - Updated: Contributor documentation,
CONTRIBUTING.md - Formatting: Code of Conduct,
CODE_OF_CONDUCT.md - Updated: Documentation primer,
docs/README.md - Updated: Package metadata and classifiers,
setup.py - Updated: Package information and repository overview,
README.md - Updated: Pull Request template,
.github/pull_request_template.md - Updated: Samples documentation,
samples/README.md - Updated: Security Policy,
SECURITY.md - Updated: Support documentation,
SUPPORT.md - Added: Unit testing documentation,
tests/README.md - Updated: Utilities documentation,
util/README.md - Fixed: Minor comment typo in Offset vs. Token sample,
samples/hosts/offset_vs_token.py
Release Candidate
-
Added: Token generation failure reason tracking to Service and Uber classes. Closes #501.
_service_class.pyapi_complete.pyoauth2.py
Example usage
from falconpy import Detects detects = Detects(client_id="bad ID", client_secret="bad secret") if detects.token_status != 201: print(detects.token_fail_reason)
- Fixed: Code hint warning in PyCharm for missing auth_object definition within _service_class.py.
- Added: FileVantage Service Class and all related endpoints.
_endpoint/_filevantage.py_endpoint/__init__.pyfilevantage.pytests/test_filevantage.py
- Added: MessageCenter Service Class and all related endpoints.
_endpoint/_message_center.py_endpoint/__init__.py_payload/_message_center.py_payload/__init__.pymessage_center.py__init.py__tests/test_message_center.py.github/wordlist.txt
- Fixed: Argument passed to a keyword argument only method error handling.
_util.pytests/test_hosts.py
- Fixed: Added non-keyword argument handler for
get_samplemethod.sample_uploads.py
- Updated: Minor linting adjustments.
sample_uploads.pytests/test_overwatch_dashboard.pytests/test_prevention_policy.py
- Updated: README files updated to reflect new service collection.
- Added: New operations (GetBehaviorDetections, GetConfigurationDetections) to both the CSPMRegistration Service Class and the Uber Class. Closes #482.
_endpoint/_cspm_registration.pycspm_registration.pytests/test_cspm_registration.py
- Fixed: Added missing payload parameters to body payload handler for
update_policy_settingsmethod (UpdateCSPMPolicySettings operation) within the CSPMRegistration Service Class. Closes #473.cspm_registration.py_payload/_cspm_registration.pytests/test_cspm_registration.py
- Fixed: Stemmed vs. exact comparison for endpoint operation lookup within
args_to_paramsmethod. Closes #467._util.py
- Added: Cloud Region Autodiscovery - Automatically select the correct cloud region for US1, US2 and EU1 users.
- When using a valid login for US1, US2, and EU1, developers will no longer need to specify
base_urlwhen creating an instance of any Service Class, or the Uber Class. Upon successful login, your correct region will be identified and used for all subsequent requests. If you specify the wrong region for your instance, this will be corrected as part of authentication. _base_url.py_util.py_service_class.pyapi_complete.pyoauth2.pytest_authentications.pytest_authorization.py- All unit testing workflows updated to leverage new cross-region testing parameters.
- When using a valid login for US1, US2, and EU1, developers will no longer need to specify
Please note: This functionality does not support the GovCloud region or GovCloud API credentials.
- Fixed: Issue when passing comma-delimited strings or boolean values as keywords to the body payload handler for
indicator_object. Closes #447._payload/_ioc.pytests/test_ioc.py
- Fixed: Issue when passing comma-delimited string for the
groupskeyword to the body payload handler forioa_exclusion_payload. Closes #448._payload/_ioa.pytests/test_ioa_exclusions.py
- Fixed: Issue when passing comma-delimited string for the
idskeyword to the body payload handler forupdate_detects_payload. Resolved boolean handling ofshow_in_uikeyword. Closes #449._payload/_detects.pytests/test_detects.py
- Fixed: Issue when passing comma-delimited string for
user_tagskeyword to the body payload handler forsubmit. Closes #450._payload/_falconx.pytests/test_falconx_sandbox.py
- Fixed: Issue when passing comma-delimited string for
role_idskeyword to the body payload handler for Flight Control POST / PATCH operations. Closed #451._payload/_mssp.pytests/test_mssp.py
- Fixed: Issue when passing comma-delimited strings or boolean False to certain keywords within the
command_payloadbody payload handler. Closes #452._payload/_real_time_response.pytests/test_real_time_response.py
- Fixed: Issue when passing comma-delimited strings to MalQuery Service Class body payload handlers. Closes #453.
_payload/_malquery.pytests/test_malquery.py
- Fixed: Issue with passing comma-delimited string for
recipientswithin body payload handler forupdate_actionmethod within Recon Service Class. Closes #454._payload/_recon.pytests/test_recon.py
- Fixed: Issue with passing comma-delimited strings for
rule_idsandrule_versionskeywords within FirewallManagement Service Class body payload handlers. Closes #455._payload/firewall.pytests/test_firewall_management.py
- Fixed: Issue with passing comma-delimited string for the
groupskeyword within the generic exclusion body payload handler. Closes #456._payload/_generic.pytests/test_ml_exclusions.py
- Fixed: TypeError when using a valid credential in the wrong cloud environment. (GOV -> US1 only). Closes #433.
oauth2.pytest_authentications.py- Gratz to @tsullivan06 for his assistance in identifying and resolving this issue.
- Fixed: Missing method aliases in OAuth2 Service Class. Closes #432.
oauth2.py- Kudos to @tsullivan06 for identifying this issue.
- Fixed: Docstring typos in Custom IOA Service Class source.
custom_ioa.py
- Added: MSSP Direct Authentication - Additional authentication keyword is now available,
member_cid, allowing developers targeting MSSP functionality to make use of Direct Authentication as opposed to still using Credential Authentication. This functionality is supported in all Service Classes and the Uber Class._service_class.pyapi_complete.pyoauth2.pytests/test_authorization.py
- Fixed: Issue in
_util.args_to_paramswhen handling Python reserved words defined as keys incorrectly in the parameter dictionary. Closes #422.- Special thanks to @valerianrossigneux for originally identifying this issue, and his assistance testing a fix. 🙇
- Added: New Discover Service Class and matching unit testing to represent the recently released Falcon Discover API.
discover.py_endpoint/_discover.py_endpoint/_deprecated/discover.pytests/test_discover.py
- Added: New generic body payload handler for report execution / scheduling payloads.
_payload/_reports.py
- Added: New
report_executions_retrymethod and matching unit tests to ReportExecutions Service Class.report_executions.py_endpoint/_report_executions.py
- Added: New
scheduled_reports_launchmethod and matching unit tests to ScheduledReports Service Class.scheduled_reports.py_endpoint/_scheduled_reports.py
- Added: Parameter abstraction for the Uber Class.
- Provides: Query string parameter payload abstraction for calls made using the Uber class.
api_complete.py_util.py
- Added: PEP-8 friendly
app_idkeyword for theappIdparameter used by methods within the EventStreams Service Class.event_streams.py
- Fixed: Aggregate payload datatype mismatches in Recon Service Class methods.
recon.py
- Fixed: Missing payload parameter in recon rule payload handler.
_payload/_recon.py
- Fixed: Invalid query string parameter referenced in body payload handler for
query_samplemethod within FalconXSandbox Service Class. Also resolved matching invalid docstring reference. Closes #409.falconx_sandbox.py
- Fixed: Minor formatting issues within docstrings in all package files.
- Added: Docstring syntax validation workflow leveraging pydocstyle.
- Removed: Deprecated
calc_url_from_argsmethod_util.py
- Removed: Deprecated
parse_id_listmethod_util.py
- Updated: Service Class Refactoring (Rev 4)
- Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
- Provides: PEP-257 formatting of all docstrings.
cspm_registration.py- Closes #394device_control_policies.py- Closes #396falconx_sandbox.py- Closes #397mssp.py- Closes #398kubernetes_protection.py- Closes #399custom_ioa.py- Closes #400falcon_complete_dashboard.py- Closes #401firewall_policies.py- Closes #402firewall_management.py- Closes #403
- Added: New combinedQueryVulnerabilities operation to SpotlightVulnerabilities Service Class.
spotlight_vulnerabilities.py- Service Class_endpoint/_spotlight_vulnerabilities.py- Endpoint moduletests/test_spotlight_vulnerabilities.py- Unit testing
- Updated: Service Class Refactoring (Rev 4)
- Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
- Provides: PEP-257 formatting of all docstrings.
cloud_connect_aws.py- Closes #386d4c_registration.py- Closes #391ioc.py- Closes #388iocs.py- Closes #387identity_protection.py- Closes #385incidents.py- Closes #390overwatch_dashboard.py- Closes #389real_time_response.py- Closes #383real_time_response_admin.py- Closes #384response_policies.py- Closes #382
- Fixed: Missing body payload in CloudConnectAWS.verify_aws_account_access. Closes #376.
- Updated: Service Class Refactoring (Rev 4)
- Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
- Provides: PEP-257 formatting of all docstrings.
host_group.py- Closes #361ioa_exclusions.py- Closes #359installation_tokens.py- Closes #363ml_exclusions.py- Closes #360prevention_policy.py- Closes #364quarantine.py- Closes #366sensor_update_policy.py- Closes #368user_management.py- Closes #367
- Added: Class aliases for Sensor Update Policies and Prevention Policies service collections to provide classes that align to plural naming convention.
- Fixed: Hard-coded user-agent header for all requests. Moving forward, developers may specify a custom string to be used as the User-Agent header for all requests. Closes #365.
from falconpy import Hosts falcon = Hosts(client_id="CLIENT_ID_HERE", client_secret="CLIENT_SECRET_HERE", user_agent="company-product/version" ) result = falcon.query_devices_by_filter_scroll() print(result)
- Added: Updated
__all__parameter in root__init__.py, publishing all PEP8 class names. This change allows developers to import these classes directly.from falconpy import Hosts falcon = Hosts(client_id="CLIENT_ID_HERE", client_secret="CLIENT_SECRET_HERE") result = falcon.query_devices_by_filter() print(result)
- Added: Private Base URL enum.
_base_url.py- You may now specify your base URL by name or by URL.
- US1
- US2
- USGOV1
- EU1
- You may now specify your base URL by name or by URL.
- Added: Default value for action_name parameter in refresh_active_stream method of EventStreams service class.
event_streams.py - Added: Payload handling sub-module.
_payload/_payload/__init__.py_payload/_detects.py_payload/generic.py_payload/malquery.py_payload/recon.py
- Updated: Service Class Refactoring (Rev 4)
- Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
- Provides: PEP-257 formatting of all docstrings.
detects.py- Closes #353.event_streams.py- Closes #349falcon_container.py- Closes #348hosts.py- Closes #340.intel.py- Closes #352malquery.py- Closes #354quick_scan.py- Closes #351recon.py- Closes #350report_executions.py- Closes #346sample_uploads.py- Closes #344scheduled_reports.py- Closes #345sensor_download.py- Closes #343sensor_visibility_exclusions.py- Closes #347spotlight_vulnerabilities.py- Closes #342zero_trust_assessment.py- Closes #341
- Updated: Endpoint module updated to reflect recent swagger changes.
_cspm_registration.py_mssp.py
- Updated: Linter updates now result in usage of
formatbeing marked as a failure for scenarios where anf-stringcan be used. Updated all occurrences of this issue to make use off-stringformatting._service_class.py_util.pyapi_complete.pyoauth2.py
- Updated: PEP-257 syntax applied to all docstrings in all touched files.
- Updated: README.md updated
- Removed: Hash Analyzer Service Class and all related unit tests. (Unavailable at this time)
hash_analyzer.py_endpoint/_hash_analyzer.pytest_hash_analyzer.py
- Fixed: Missing reference to _quarantine_endpoints in endpoint module.
_endpoint/__init__.py- This issue only impacted users leveraging the Uber class for these endpoints.
- Added: New Hash Analyzer Service Class
hash_analyzer.py- Related unit tests
test_hash_analyzer.py - Related endpoint module
_hash_analyzer.py
- Related unit tests
- Added: Quarantine Service Class unit tests
test_quarantine.py
- Added: New FalconContainer Service Class.
falcon_container.py - Added: Two new methods (operations)) to the Hosts Service Class.
hosts.py- query_device_login_history / QueryDeviceLoginHistory
- query_network_address_history / QueryGetNetworkAddressHistoryV1
- Added: New method (operation)) to the SpotlightVulnerabilities Service Class.
spotlight_vulnerabilities.py- get_remediations_v2 - getRemediationsV2
- Migrated: Ported still viable methods from legacy IOCS Service Class
iocs.pyto the new IOC Service Class.ioc.py- devices_count / DevicesCount
- devices_ran_on / DevicesRanOn
- processes_ran_on / ProcessesRanOn
- entities_processes / entities_processes
- Updated: Deprecated 5 methods within the legacy IOCS Service Class.
iocs.py- get_ioc / GetIOC
- create_ioc / CreateIOC
- delete_ioc / DeleteIOC
- update_ioc / UpdateIOC
- query_iocs / QueryIOCs
- Updated: Deprecated cs_username keyword from all methods within CustomIOA and FirewallManagement Service Classes.
custom_ioa.py,firewall_management.py - Added: New Quarantine Service Class and endpoints.
quarantine.py - Updated: Updated endpoint for getComplianceV1 operation within ZeroTrustAssessment Service Class.
zero_trust_assessment.py
- Bug fix: Fixed Uber class passing empty ids parameter array when no ids had been provided to the command method. Closes #314.
_util.py
- Bug fix: Fixed bad comparison for endpoint lookups when using Service Classes. Closes #305.
_util.py - Bug fix: Fixed typo in operation ID for query_platforms method within CustomIOA Service Class. Closes #307.
custom_ioa.py - Bug fix: Fixed typo in operation ID for create_user_groups method within FlightControl Service Class. Closes #308.
mssp.py
-
Refactored Cloud Connect AWS Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #271.
cloud_connect_aws.py -
Refactored CSPM Registration Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #272.
cspm_registration.py -
Refactored Custom IOA Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #258.
custom_ioa.py -
Refactored D4C Registration Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #273.
d4c_registration.py -
Refactored Detects Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #274.
detects.py -
Refactored Device Control Policies Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #275.
device_control_policies.py -
Refactored Events Streams Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #248.
event_streams.py -
Refactored Falcon Complete Dashboard Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #294.
falcon_complete_dashboard.py -
Refactored Falcon Flight Control Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #292.
mssp.py -
Refactored Falcon X Sandbox Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #259.
falconx_sandbox.py -
Refactored Firewall Management Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #257.
firewall_management.py -
Refactored Firewall Policies Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #296.
firewall_policies.py -
Refactored Hosts Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #269.
hosts.py -
Refactored Host Group Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #286.
host_group.py -
Refactored Identity Protection Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #299.
identity_protection.py -
Refactored Incidents Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #289.
incidents.py -
Refactored Installation Tokens Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #287.
installation_tokens.py -
Refactored Intel Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #264.
intel.py -
Refactored IOA Exclusions Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #283.
ioa_exclusions.py -
Refactored IOC Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #267.
ioc.py -
Refactored IOCs Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #284.
iocs.py -
Refactored Kubernetes Protection Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #293.
kubernetes_protection.py -
Refactored MalQuery Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #298.
malquery.py -
Refactored ML Exclusions Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #281.
ml_exclusions.py -
Refactored Overwatch Dashboard Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #278.
overwatch_dashboard.py -
Refactored Prevention Policy Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #290.
prevention_policy.py -
Refactored Quick Scan Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #282.
quick_scan.py -
Refactored Real Time Response Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #280.
real_time_response.py -
Refactored Real Time Response Admin Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #256.
real_time_response_admin.py -
Refactored Recon Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #297.
recon.py -
Refactored Response Policies Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #295.
response_policies.py -
Refactored Sample Uploads Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #255.
sample_uploads.py -
Refactored Sensor Download Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #285.
sensor_download.py -
Refactored Sensor Update Policy Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #288.
sensor_update_policy.py -
Refactored Sensor Visibility Exclusions Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #279.
sensor_visibility_exclusions.py -
Refactored Spotlight Vulnerabilities Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #277.
spotlight_vulnerabilities.py -
Refactored User Management Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #276.
user_management.py -
Refactored Zero Trust Assessment Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #260.
zero_trust_assessment.py -
Added client_id and client_secret as keywords to the base Service Class, Uber Class, and Authentication class.
api_complete.py,oauth2.py,_service_class.pyThis change allows you to specify your API ID and secret when you create an instance of any of the service class. (Direct Authentication)
from falconpy.hosts import Hosts falcon = Hosts(client_id="CLIENT_ID_HERE", client_secret="CLIENT_SECRET_HERE") results = falcon.query_devices_by_filter(sort="devices.hostname|desc", limit=10) print(results)
-
Added new Report Executions Service Class.
report_executions.py- Basic unit test implemented:
test_report_executions.py
- Basic unit test implemented:
-
Added new Schedule Reports Service Class.
scheduled_reports.py- Basic unit test implemented:
test_scheduled_reports.py
- Basic unit test implemented:
-
Added new operation (getComplianceV1) to Zero Trust Assessment Service Class.
zero_trust_assessment.py
-
Bug fix: Resolved HTTP status code 415 on calls to refreshActiveStreamSession (refresh_active_stream). Closes #247.
event_streams.py -
Bug fix: Resolved header pollution issue within Falcon X Sandbox Service Class. Closes #250.
falconx_sandbox.py -
Bug fix: Resolved header pollution issue within Firewall Management Service Class. Closes #252.
firewall_management.py -
Bug fix: Resolved header pollution issue within Custom IOA Service Class. Closes #253.
custom_ioa.py -
Bug fix: Resolved header pollution issue within Sample Uploads Service Class. Closes #254.
sample_uploads.py -
Bug fix: Resolved HTTP status code 500 error on calls to RTR_CreatePut_Files (create_put_files). Closes #261.
real_time_response_admin.py -
Bug fix: Resolved HTTP status code 400 or 500 error on calls to RTR_UpdateScripts (update_scripts) and calls to RTR_CreateScripts (create_scripts). Closes #262.
real_time_response_admin.py -
Bug fix: Added handle_single_argument helper to attempt to handle single arguments passed to Service Class methods. Addresses a potential breaking change introduced by v0.5.4. Closes #263.
_util.pyDevelopers should use keywords, not arguments, when specifying parameters provided to Service Class or the Uber Class command methods.
from falconpy.hosts import Hosts falcon = Hosts(creds={"client_id": "CLIENT_ID_HERE", "client_secret": "CLIENT_SECRET_HERE"}) result = falcon.GetDeviceDetails(ids="12345")) # This syntax will always work print(result) result = falcon.GetDeviceDetails("12345") # This syntax may fail depending on method print(result) # (will work in this example) bad_result = falcon.QueryHiddenDevices(1, 0, "devices.hostname|desc", "") print(bad_result) # This syntax will always fail
Whenever possible, Service Classes attempt to guess the keyword for the first argument passed (if present). Typically these are aligned to the one required parameter for the method. (Example: the ids parameter)
-
Related to #263: Updated Uber class to no longer leverage the force_default helper, allowing users to still use the first argument to specify the action to be performed.
api_complete.py -
Bug fix: Added the after parameter to the endpoint parameter definitions for indicator_combined_v1 and indicator_search_v1. Closes #266.
_endpoint/_ioc.py -
Bug fix: Multiple methods within the Flight Control Service Class make use of the wrong HTTP method. Closes #291.
mssp.py
- Initial refactoring of unit test harnesses for service classes detailed above.
- Reduced token-related API requests performed by unit testing series.
- Minor adjustment to Uber class unit tests to better demonstrate proper method usage.
- Updated unit tests to support US-2 / Gov base URL testing.
- Added: New functionality for handling service class modules within FalconDebug.
- Bug fix: Resolved JSONDecode error on RTR_DeleteSession. Closes #238.
- Bug fix: Resolved issue with credential authentication in service classes not respecting custom API configuration attributes. Closes #242.
- Package metadata updates
- Updated IDP unit tests to more accurately cover functionality
- Flaky unit test adjustments
- FalconDebug added to linting workflows
debug.py
- Refactored Custom IOA Service Class to the new pattern to provide for new parameter handling functionality, closes #217.
custom_ioa.py - Refactored Device Control Policies Service Class to the new pattern to provide for new parameter handling functionality, closes #224.
device_control_policies.py - Refactored Firewall Policies Service Class to the new pattern to provide for new parameter handling functionality, closes #227.
firewall_policies.py - Refactored Firewall Management Service Class to match the most recent pattern, closes #232.
firewall_management.py - Refactored Falcon X Sandbox Service Class to the new pattern to provide for new parameter handling functionality, closes #226.
falconx_sandbox.py - Refactored Hosts Service Class to the new pattern to provide for new parameter handling functionality, closes #218.
hosts.py - Refactored Host Group Service Class to the new pattern to provide for new parameter handling functionality, closes #223.
host_group.py - Refactored Intel Service Class to match the most recent pattern, closes #231.
intel.py - Refactored OAuth2 class to reflect new functionality and linting patterns, closes #233.
oauth2.py - Refactored Quick Scan Service Class to match the most recent pattern, closes #219.
quick_scan.py - Refactored Real Time Response Service Class to match the most recent pattern, closes #230.
real_time_response.py - Refactored Real Time Response Admin Service Class to match the most recent pattern, closes #229.
real_time_response_admin.py - Refactored Sensor Updated Policy Service Class to the new pattern to provide for new parameter handling functionality, closes #222.
sensor_update_policy.py - Refactored Sensor Downloads Service Class to the new pattern to provide for new parameter handling functionality, closes #221.
sensor_downloads.py - Refactored Sample Uploads Service Class to the new pattern to provide for new parameter handling functionality, closes #220.
sample_uploads.py - Refactored User Management Service Class to match the most recent pattern, closes #228.
user_management.py
- Bug fix: Resolved issue with the timeout parameter not being passed to the OAuth2 class when legacy authentication was being used. Closes #225.
- Enabled Pylint stopping the build on linting failures within package source.
- Unit test updates to expand code coverage for new code paths.
- This update provides part of the functionality requested in #115.
- Added
identity_protection.py- Identity Protection service class. - Added utility to create a zip archive to be used with AWS Lambda layers. (
create-lambda-layer.sh)
- Bug fix: Resolved order of operations issue with body validation in validate_payload helper function. (
_util.py) - Updated
cloud_connect_aws.py- Cloud_Connect_AWS Service Class. Closes #209. - Updated
detects.py- Detects Service Class. Closes #210. - Updated
event_streams.py- Event Streams Service Class. Closes #212. - Updated
incidents.py- Incidents Service Class. Closes #213. - Updated
spotlight_vulnerabilities.py- Spotlight Vulnerabilities Service Class. Closes #214. - Updated
zero_trust_assessment.py- Zero Trust Assessment Service Class. Closes #211. - Updated query used for unit testing of Spotlight Vulnerabilities service class. 2020 -> 2021 (
test_spotlight_vulnerabilities.py) - Bug fix: Resolved flaky unit test for RegenerateAPIKey for Kubernetes Protection service class. (
test_kubernetes_protection.py).
- Added pylint workflow to push / pull_request actions.
- _endpoint module updates to support new service class.
- Added unit testing for new service class.
- Unit testing updates to complete code coverage.
- README.md updated.
- Added additional classifiers and developer requirements to PIP package metadata. (
setup.py)
- Bug fix: Resolves #200 by moving the failing method (entities_processes) in
iocs.pyto the latest code pattern.
- Fixed: Incorrect endpoint specified in the updateSensorUpdatePoliciesV2 method within the Sensor Update Policy service class.
- Fixed: CrowdStrike#181 by adding the parameters to the create and update ioc functions.
- Added: IOC API Service Class (
ioc.py)- indicator_combined_v1
- indicator_get_v1
- indicator_create_v1
- indicator_delete_v1
- indicator_update_v1
- indicator_search_v1
- Added: Kubernetes Protection API Service Class (
kubernetes_protection.py)- GetAWSAccountsMixin0
- CreateAWSAccount
- DeleteAWSAccountsMixin0
- UpdateAWSAccount
- GetLocations
- GetHelmValuesYaml
- RegenerateAPIKey
- GetClusters
- TriggerScan
- Added: Recon API Service Class (
recon.py)- AggregateNotificationsV1
- PreviewRuleV1
- GetActionsV1
- CreateActionsV1
- DeleteActionV1
- UpdateActionV1
- GetNotificationsDetailedTranslatedV1
- GetNotificationsDetailedV1
- GetNotificationsTranslatedV1
- GetNotificationsV1
- DeleteNotificationsV1
- UpdateNotificationsV1
- GetRulesV1
- CreateRulesV1
- DeleteRulesV1
- UpdateRulesV1
- QueryActionsV1
- QueryActionsV1
- QueryNotificationsV1
- QueryRulesV1
- Added: Response Policies API Service Class (
response_policies.py)- queryCombinedRTResponsePolicyMembers
- queryCombinedRTResponsePolicies
- performRTResponsePoliciesAction
- setRTResponsePoliciesPrecedence
- getRTResponsePolicies
- createRTResponsePolicies
- deleteRTResponsePolicies
- updateRTResponsePolicies
- queryRTResponsePolicyMembers
- queryRTResponsePolicies
- Updated: CSPM Registration API Service Class (
cspm_registration.py)- Refactored to utilized updated pattern for Service Classes
- Added: PatchCSPMAwsAccount function
- Added: UpdateCSPMAzureTenantDefaultSubscriptionID function
- Added: GetIOAEvents function
- Added: GetIOAUsers function
- Updated: Unit tests
- Updated: Discover for Cloud Registration API Service Class (
d4c_registration.py)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: IOA Exclusions API Service Class (
ioa_exclusions.py)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: IOCs API Service Class (
iocs.py)- Refactored to utilized updated pattern for Service Classes
- Updated: Deprecated multiple endpoints as part of the release of the new IOC Service Class (
_endpoint/_iocs.py)
- Updated: Falcon Complete Dashboard API Service Class (
falcon_complete_dashboard.py)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: Falcon Flight Control API Service Class (
mssp.py)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: Installation Tokens API Service Class (
installation_tokens.py)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: Malquery API Service Class (
malquery.py)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: ML Exclusions API Service Class (
ml_exclusions.py)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: Overwatch Dashboard API Service Class (
overwatch_dashboard.py)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: Prevention Policies API Service Class (
prevention_policy.py)- Refactored to utilized updated pattern for Service Classes
- Updated: Added add-rule-group and remove-rule-group actions to action_name parameter for performPreventionPoliciesAction function. (
_endpoint/_prevention_policy.py)
- Updated: Sensor Visibility Exclusions API Service Class (
sensor_visibility_exclusions.py)- Refactored to remove unnecessary private method call / import of the sys library
- Added: CSPM Registration API sample - CSPM registration policy export (@mccbryan3)
- Added: Timeout support - Float / tuple that is passed to the requests library when performing requests to the API. Can specify timeouts for connect, read and global.
- Fixed: Service Class proxy functionality support
- Timeout functionality unit tests (
test_timeout.py)
- Added: Proxy support - dictionary of proxies that are passed to the requests library when performing requests to the API.
- Related to discussion post #154
- Fixed: Parsing issue with ids argument within MSSP.getChildren (Flight Control Service Class)
- Resolved by migrating
mssp.pysource to the new pattern being tested for Service Classes. - Closes #144
- Resolved by migrating
New Service Class pattern - Query String parameters can now be passed as function arguments.
This functionality is currently only available in the following new Service Classes while regression testing is underway.
- Added: D4C Registration API Service Class (
d4c_registration.py)- GetCSPMAzureAccount
- CreateCSPMAzureAccount
- UpdateCSPMAzureAccountClientID
- GetCSPMAzureUserScriptsAttachment
- GetCSPMAzureUserScripts
- GetCSPMCGPAccount
- GetCSPMGCPAccount (redirects to GetCSPMCGPAccount)
- CreateCSPMGCPAccount
- GetCSPMGCPUserScriptsAttachment
- GetCSPMGCPUserScripts
- Added unit tests (
test_d4c_registration.py)
- Added: Installation Tokens API Service Class (
installation_tokens.py)- audit_events_read
- customer_settings_read
- tokens_read
- tokens_create
- tokens_delete
- tokens_update
- audit_events_query
- tokens_query
- Added unit tests (
test_installation_tokens.py)
- Added: IOA Exclusions API Service Class (
ioa_exclusions.py)- getIOAExclusionsV1
- createIOAExclusionsV1
- deleteIOAExclusionsV1
- updateIOAExclusionsV1
- queryIOAExclusionsV1
- Added unit tests (
test_ioa_exclusions.py)
- Added: Falcon Complete Dashboard API Service Class (
falcon_complete_dashboard.py)- AggregateAllowList
- AggregateBlockList
- AggregateDetections
- AggregateDeviceCountCollection
- AggregateEscalations
- AggregateFCIncidents
- AggregateRemediations
- QueryAllowListFilter
- QueryBlockListFilter
- QueryDetectionIdsByFilter
- GetDeviceCountCollectionQueriesByFilter
- QueryEscalationsFilter
- QueryIncidentIdsByFilter
- QueryRemediationsFilter
- Added unit tests (
test_falcon_complete_dashboard.py)
- Added: MalQuery API Service Class (
malquery.py)- GetMalQueryQuotasV1
- PostMalQueryFuzzySearchV1
- GetMalQueryDownloadV1
- GetMalQueryMetadataV1
- GetMalQueryRequestV1
- GetMalQueryEntitiesSamplesFetchV1
- PostMalQueryEntitiesSamplesMultidownloadV1
- PostMalQueryExactSearchV1
- PostMalQueryHuntV1
- Added unit tests (
test_malquery.py)
- Added: ML Exclusions API Service Class (
ml_exclusions.py)- getMLExclusionsV1
- createMLExclusionsV1
- deleteMLExclusionsV1
- updateMLExclusionsV1
- queryMLExclusionsV1
- Added unit tests (
test_ml_exclusions.py)
- Added: Overwatch Dashboard API Service Class (
overwatch_dashboard.py)- AggregatesDetectionsGlobalCounts
- AggregatesEventsCollections
- AggregatesEvents
- AggregatesIncidentsGlobalCounts
- AggregatesOWEventsGlobalCounts
- Added unit tests (
test_overwatch_dashboard.py)
- Added: Sensor Visibility Exclusions API Service Class (
sensor_visibility_exclusions.py)- getSensorVisibilityExclusionsV1
- createSVExclusionsV1
- deleteSensorVisibilityExclusionsV1
- updateSensorVisibilityExclusionsV1
- querySensorVisibilityExclusionsV1
- Added unit tests (
test_sensor_visibility_exclusions.py)
- Added: args_to_params function (
_util.py) - Allows developers to specify parameter dictionary elements as function argumentsimport json from falconpy.ml_exclusions import ML_Exclusions as FalconML falcon = FalconML(creds={"client_id": client_ID, "client_secret": client_secret}) print(json.dumps(falcon.queryMLExclusionsV1(limit=10, offset=20, sort="value.asc"), indent=4))
- Unrecognized parameter values are discarded
- Initial testing in a limited number of Service Classes
- Added: Missing method to Spotlight_Vulnerabilities Service Class (
spotlight_vulnerabilities.py)- getRemediations
- Added unit test to existing test series (
test_spotlight_vulnerabilities.py)
-
Added: MSSP (Falcon Flight Control) Service Class
- getChildren
- getCIDGroupMembersBy
- addCIDGroupMembers
- deleteCIDGroupMembers
- getCIDGroupById
- createCIDGroups
- deleteCIDGroups
- updateCIDGroups
- getRolesByID
- addRole
- deleteRoles
- getUserGroupMembersByID
- addUserGroupMembers
- deleteUserGroupMembers
- getUserGroupsByID
- createUserGroup
- deleteUserGroups
- updateUserGroups
- queryChildren
- queryCIDGroupMembers
- queryCIDGroups
- queryRoles
- queryUserGroupMembers
- queryUserGroups
- Added unit tests (
test_mssp.py)
-
Added: Zero Trust Assessment Service Class
- getAssessmentV1
- Added unit tests (
test_zero_trust_assessment.py)
- Fixed KeyError when providing invalid credentials to a Service Class using Credential or Object authentication, Closes #134
- Moved _endpoint constant library to a private submodule (No impact to existing usage)
- Added payload parameter information to _endpoint constants
- Adds service collection ID to endpoint lists
- This prepares the package for new functionality planned for future releases
- Added:
force_defaultfunction - decorator function that forces default values for function arguments (_util.py)- Added: Helper function
get_default - Refactored Uber class to leverage this new functionality
- Unit tests refactored to cover new code paths (
test_uber_api_complete.py)
- Unit tests refactored to cover new code paths (
- Depending upon feedback, this updated pattern will be implemented within Service Classes to reduce overall function complexity
- Added: Helper function
- Linting
Developers: These patterns are being tested within the Uber Class for migration over to Service Classes in future versions
- Reduced Uber class method complexity
- Added: Helper function
calc_url_from_args(_util.py) - Added: Helper function
_create_header_payload(api_complete.py, Requires class internal variables)
- Added: Helper function
- Migrated Uber class variables to snake_case format
- Removed unnecessarily complex lambdas
- New class method:
valid_cred_format, replaces previous lambda class attribute - New class method:
token_expired, replaces previous lambda class attribute
- New class method:
- Reduced overall number of instance attributes
- Unit tests updated (
test_uber_api_complete.py)
- Reduced Uber class method complexity
- Minor unit test update to
test_cspm_registration.py - Added
util/coverage.config- Moved unit test coverage reporting over to configuration file for parameter management
- Documentation updates
-
Added: Custom Indicators of Attack (IOA) API Service Class (
custom_ioa.py)- get_patterns
- get_platformsMixin0
- get_rule_groupsMixin0
- create_rule_groupMixin0
- delete_rule_groupsMixin0
- update_rule_groupMixin0
- get_rule_types
- get_rules_get
- get_rulesMixin0
- create_rule
- delete_rules
- update_rules
- validate
- query_patterns
- query_platformsMixin0
- query_rule_groups_full
- query_rule_groupsMixin0
- query_rule_types
- query_rulesMixin0
- Added unit tests (
test_custom_ioa.py)
-
Added: Falcon X Quick Scan API Service Class (
quick_scan.py)- GetScansAggregates
- GetScans
- ScanSamples
- QuerySubmissionsMixin0
- Added unit tests (
test_quick_scan.py)
-
Added: Uber class endpoints (
_endpoints.py)- Falcon Complete Dashboard API
- Falcon Overwatch Dashboard API
- Falcon Flight Control API
- Fixed unidiomatic type check in
_util.py(parse_id_list) - Fixed potentially problematic default payload lists and dictionaries (Service Classes and Uber Class)
- Added CHANGELOG.md
- Documentation updates to reflect new service class and upcoming API additions
- Minor comment updates
- Adjusted GitHub actions to test operating systems as separate workflows
- Minor GitHub workflow adjustments
- Unit test updates
- Cloud Connect AWS
- CSPM Registration
- Sensor Download
- Added: Sensor Download API Service Class (Contributor: @CalebSchwartz)
- GetCombinedSensorInstallersByQuery
- DownloadSensorInstallerById
- GetSensorInstallersEntities
- GetSensorInstallersCCIDByQuery
- GetSensorInstallersByQuery
- Added unit tests
- Fixed: action_name parameter default bug. Resolved by setting a default value and overriding this value if action_name is present in the parameters dictionary, Closes #114.
- Documentation updated to reflect the new Sensor Download Service Class
- Added: Sample_Uploads service class (
sample_uploads.py)- UploadSampleV3
- GetSampleV3
- DeleteSampleV3
- Added: Sample_Uploads unit tests (
test_sample_uploads.py)
- Added: FalconDebug - Interactive Python3 debugger that provides a pre-defined API token.
- Fixed: Issue with Uber class command method using the action_name variable instead of file_name variable for actions passing the file_name parameter.
- Fixed: Issue with
setup.pypassing GitHub emoji text to the package description. - Fixed: Issue with Uber class unit testing not deleting uploaded files from Sample_Uploads API. (
test_uber_api_complete.py)
- Added missing method:
hosts.py- Added UpdateDeviceTags method to Hosts service class. (Contributor: @rewgord)- Unit test added to
test_hosts.pyto test device tagging functionality.
- Unit test added to
- API Operation summaries added to the Uber class:
_endpoint.py- This provides for upcoming functionality that will be announced in future updates. - New endpoints added to the Uber class:
_endpoint.py
Deprecation Warning: Legacy API operation IDs that made use of the Python reserved characters "." and "-" have been deprecated. New operation IDs have been generated for each that now aligns to the method names defined in the equivalent service class.
- Added method validation to Uber class calls to the requests library. (HTTP 418 is sent when an invalid method is specified.)
- Cleaned up
event_streams.pyclass file to match new patterns. - Updated return type decorators for service_request and perform_request. (
_util.py) - Updated return type decorators for GetArtifacts, GetReports and GetSampleV2. (
falconx_sandbox.py) - Abstracted all remaining common error output code paths to a stand-alone generic method. (
_util.py)
- New service class: cspm_registration.py - Provides the CSPM_Registration service class for handling Horizon registration in Azure and AWS.
- Unit test added
- Added methods: falconx_sandbox.py - Support for the following operations have been added to the FalconX_Sandbox service class.
- QuerySampleV1
- DeleteSampleV2
- GetSampleV2
- DeleteReport
- GetReports
- Unit test added
- Bug fix: Resolved malformed validator in detects.py - UpdateDetectsByIdsV2
- Bug fix: Added action_name parameter to operations that require the parameter. Closes #53.
This issue impacted 6 service classes in total:
-
device_control_policies.py - Device_Control_Policies - performDeviceControlPoliciesAction
-
firewall_policies.py - Firewall_Policies - performFirewallPoliciesAction
-
host_group.py - Host_Group - performGroupAction
-
hosts.py - Host - PerformActionV2
-
prevention_policy.py - Prevention_Policy - performPreventionPoliciesAction
-
sensor_update_policy.py - Sensor_Update_Policy - performSensorUpdatePoliciesAction
-
This issue also impacted the Uber class, resulting in updates to the command method within the APIHarness class.
-
Unit tests modified
-
Breaking Change: The action_name parameter does not currently accept unspecified values. This is resolved in the 0.4.4 version of the package.
- Minor updates to
_endpoints.pyto reflect operation ID corrections for the CSPM registration API. - Abstracted common error output code paths to a stand-alone method within
_util.py.
- Added additional HTTP status codes
- Added parameter input validation handling
- Additional validations are planned for all service classes. Currently only enabled in
cloud_connect_aws.py.
- Additional validations are planned for all service classes. Currently only enabled in
- Added body payload input validation handling
- Additional validations are planned for all service classes. Currently only enabled in
cloud_connect_aws.py.
- Additional validations are planned for all service classes. Currently only enabled in
- Added allowed HTTP method restrictions
- Added ID list handling to API operations that require ID lists
- Developers may now pass in a list of IDs or a comma-delimited string.
- Added status code response checks to authentication events
- Instantiate Service classes without having to manage tokens
- Pass in credentials (Now referred to as "credential authentication")
- Pass in the entire auth object (Now referred to as "object authentication")
Please note: Passing a token into Service classes is still fully supported. This is now referred to as "legacy authentication".
- Added automatic token refresh functionality to Service Class calls
- Developers must make use of either credential or object authentication in order to leverage this functionality.
- Added dynamic package metadata updates (Closes #14)
- Generalized version control
- New constant file:
_version.py
- New constant file:
- Generalized version control
- Added user-agent string to HTTP headers. (Closes #57)
- Resolved a bug with token deauthentication (Uber and Service classes)
- Resolved a bug in Firewall_Management.update_rule_group
- Abstracted calls to the requests library from all classes, reducing code segment size
- New library: _util.py
- New class: _service_class.py
- New class: _result.py
- All Service Classes refactored
- Abstracted endpoint list from the Uber class to a standalone source file
- New constant file: _endpoint.py
- Linting / code cleanup
- Added function input parameter datatype specifications (where possible)
- Added function output datatype decorators
- In order to reduce confusion, references to the
jsonrequests attribute are now always referred to as "body". - References to the
datarequests attribute are still referred to as "data".
- 100% unit test coverage
- Internal documentation updates