-
Added: Added new Host Migration service collection with 10 new operations.
__init__.py
_endpoint/__init__.py
_endpoint/_host_migration.py
host_migration.py
Unit testing expanded to complete code coverage.
tests/test_host_migration.py
-
Added: Added new Certificate Based Exclusions service collection with six new operations.
__init__.py
_endpoint/__init__.py
_endpoint/_certificate_based_exclusions.py
_endpoint/deprecated/_certificate_based_exclusions.py
_payload/__init__.py
_payload/_certificate_based_exclusions.py
certificate_based_exclusions.py
Unit testing expanded to complete code coverage.
tests/test_certificate_based_exclusions.py
-
Added: Added new Compliance Assessments service collection with 11 new operations.
__init__.py
_endpoint/__init__.py
_endpoint/_compliance_assessments.py
compliance_assessments.py
Unit testing expanded to complete code coverage.
tests/test_compliance_assessments.py
- Fixed: Resolved comparison issue with version check helper method.
_version.py
-
Added: USGOV2 cloud region added to Base URL enumerator.
_enum/_base_url.py
-
Added: Automatic base URL detection from context objects when available.
_auth_object/_falcon_interface.py
-
Pinned:
setuptools
package pinned to version 70.3.0 to avoid failures with new iterations of setuptools in Azure environments.requirements.txt
requirements-dev.txt
setup.py
dev-setup.py
- Thanks go out to @gansel51 for identifying this issue and contributing a fix! 🙇
-
Pinned:
zipp
package pinned to version 3.19.1 to avoid a potential vulnerability.requirements-dev.txt
-
Added: Added new API Integrations service collection with two new operations, GetCombinedPluginConfigs and ExecuteCommand.
__init__.py
_endpoint/__init__.py
_endpoint/_api_integrations.py
_payload/__init__.py
_payload/_api_integrations.py
api_integrations.py
Unit testing expanded to complete code coverage.
tests/test_api_integrations.py
tests/test_uber.py
-
Added: Added new allowed parameters for the GetCSPMAwsAccountScriptsAttachment operation within the CSPM Registration service collection.
_endpoint/_cspm_registration.py
cspm_registration.py
-
Added: Added one new operation (update_rules_v2) to the Custom IOA service collection.
_endpoint/_custom_ioa.py
_endpoint/deprecated/_custom_ioa.py
custom_ioa.py
Unit testing expanded to complete code coverage.
tests/test_custom_ioa.py
-
Added: Added new allowed parameters for the GetD4CAWSAccountScriptsAttachment operation within the D4C Registration service collection.
_endpoint/_d4c_registration.py
d4c_registration.py
-
Added: Added new Exposure Management service collection with 6 new operations.
- aggregate_external_assets
- blob_download_external_assets
- blob_preview_external_assets
- get_external_assets
- patch_external_assets
- query_external_assets
_endpoint/__init__.py
_endpoint/_exposure_management.py
_endpoint/deprecated/__init__.py
_endpoint/deprecated/_exposure_management.py
_payload/__init__.py
_payload/_exposure_management.py
__init__.py
exposure_management.py
Unit testing expanded to complete code coverage.
tests/test_exposure_management.py
-
Added: Added five new operations to the FileVantage service collection.
- getActionsMixin0
- startActions
- getContents
- signalChangesExternal
- queryActionsMixin0
_constant/__init__.py
_endpoint/_filevantage.py
_payload/__init__.py
_payload/_filevantage.py
filevantage.py
Unit testing expanded to complete code coverage.
tests/test_filevantage.py
-
Added: Added
cql-master
,cql-update
, andcql-changelog
as allowed options for thetype
keyword within the GetLatestIntelRuleFile and QueryIntelRuleIds operations (Intel service collection)._endpoint/_intel.py
intel.py
-
Added: Added one new operation (RequestDeviceEnrollmentV4) to the Mobile Enrollment service collection.
_endpoint/_mobile_enrollment.py
_payload/__init__.py
_payload/_mobile_enrollment.py
mobile_enrollment.py
Unit testing expanded to complete code coverage.
tests/test_mobile_enrollment.py
-
Added: Added new ThreatGraph service collection with 5 new operations.
__init__.py
_endpoint/__init__.py
_endpoint/_threatgraph.py
_util/_functions.py
_util/uber.py
threatgraph.py
Unit testing expanded to complete code coverage.
tests/test_threatgraph.py
-
Added: Added two new operations (WorkflowActivitiesCombined and WorkflowTriggersCombined) to the Workflows service collection.
_endpoint/_workflows.py
workflows.py
Unit testing expanded to complete code coverage.
tests/test_workflows.py
-
Fixed: Resolved parameter abstraction issue when leveraging form data payloads with certain API operations. Closes #1160.
_util/__init__.py
_util/_functions.py
falconx_sandbox.py
foundry_logscale.py
message_center.py
sample_uploads.py
workflows.py
Unit testing expanding to complete code coverage.
test_falconx_sandbox.py
test_message_center.py
test_sample_uploads.py
test_workflows.py
- Thanks go out to @Destom for reporting this issue! 🙇
-
Fixed: Resolved collision with the
action
keyword argument within the Uber Class and API operations using this string as a key. Closes #1161._util/_uber.py
api_complete/_advanced.py
- Thanks go out to @Don-Swanson-Adobe for identifying and reporting this issue! 🙇
-
Fixed: Resolved potential ValueError when providing invalid values to version comparison method.
_version.py
Unit testing expanded to complete code coverage.
test_timeout.py
-
Adjusted: Unit testing adjusted to allow 204 responses from DeletePolicy operation testing.
test_image_assessment_policies.py
-
Expanded: Unit testing expanded to test context authentication when
base_url
is not specified.test_zero_trust_assessment.py
-
Updated: Updated enumerator for the
sort
parameter definition for the QueryCasesIdsByFilter operation (Message Center service collection)._endpoint/_message_center.py
-
Updated: Updated
filter
parameter description for the query_iot_hosts operation within the Discover service collection._endpoint/_discover.py
_endpoint/deprecated/_discover.py
-
Removed: Removed one operation from the Drift Indicators service collection.
- ReadDriftIndicatorEntities
_endpoint/_drift_indicators.py
drift_indicators.py
Unit testing revised to complete code coverage.
tests/test_drift_indicators.py
-
Updated: Updated
sort
parameter description for the query_rulesMixin0 operation within the Custom IOA service collection._endpoint/_custom_ioa.py
_endpoint/deprecated/_custom_ioa.py
-
Removed: Removed three operations from the Kubernetes Protection service collection.
- ReadContainerEnrichment
- ReadDeploymentEnrichment
- ReadPodEnrichment
_endpoint/_kubernetes_protection.py
kubernetes_protection.py
Unit testing revised to complete code coverage.
tests/test_kubernetes_protection.py
-
Updated: Updated
filter
parameter description for the ReadRunningContainerImages operation within the Kubernetes Protection service collection._endpoint/_kubernetes_protection.py
-
Added: Context Authentication (supports Foundry execution environments).
FalconInterface object refactored to support new authentication mechanism, track mechanism used, add additional comments, and reduce overall complexity.
_auth_object/_falcon_interface.py
ServiceClass object updated to detect Object Authentication and track mechanism used.
_service_class/_service_class.py
New helper method defined to abstract Direct and Credential authentication creation of the _creds dictionary attribute.
_util/__init__.py
_util/_auth.py
Class instantiation logging updated to detail authentication mechanism used. Linting and cleanup.
_util/_functions.py
Unit testing expanded to complete code coverage.
tests/test_authentications.py
tests/test_result_object.py
tests/test_zero_trust_assessment.py
-
Added: Added UpdateCSPMGCPServiceAccountsExt operation to the CSPM Registration service collection.
_endpoint/_cspm_registration.py
cspm_registration.py
Unit testing expanded to complete code coverage.
tests/test_cspm_registration.py
-
Added: Added UpdateD4CGCPServiceAccountsExt operation to the D4C Registration service collection.
_endpoint/_d4c_registration.py
d4c_registration.py
Unit testing expanded to complete code coverage.
tests/test_d4c_registration.py
-
Added: Added
content_files
,content_registry_values
,enable_content_capture
andenable_hash_capture
arguments to the createRules and updateRules operations within the FileVantage service collection._endpoint/_filevantage.py
_payload/_filevantage.py
filevantage.py
-
Added: Added
iar_coverage
as an allowed filter argument to the ReadClustersByKubernetesVersionCount, ReadClustersByStatusCount, ReadClusterCount, and ReadClusterCombined operations within the Kubernetes Protection service collection._endpoint/_kubernetes_protection.py
kubernetes_protection.py
-
Fixed: 406 error when uploading Fusion workflows via the WorkflowDefinitionsImport operation. Closes #1145.
workflows.py
Unit testing expanded to complete code coverage.
tests/test_workflows.py
tests/test.yml
Thanks go out to @RoemIko for identifying and reporting this issue! 🙇
-
Fixed: Added missing
force_default
decorator to the GetCSPMAwsConsoleSetupURLs and GetCSPMAwsAccountScriptsAttachment operations within the CSPM Registration Service Class.cspm_registration.py
-
Updated: Updated
sort
argument description for the ReadCombinedImagesExport operation (Container Images service collection) within the endpoint module._endpoint/_container_images.py
-
Updated: Updated
filter
argument description for the GetConfigurationDetectionIDsV2 operation (CSPM Registration service collection) within the endpoint module._endpoint/_cspm_registration.py
-
Updated: Updated enum for the QueryActivityByCaseID operation (Message Center service collection) within the endpoint module.
_endpoint/_message_center.py
-
Updated: Minor unit testing adjustments to handle updated API responses.
tests/test_container_detections.py
tests/test_container_packages.py
tests/test_container_vulnerabilities.py
tests/test_drift_indicators.py
tests/test_unidentified_containers.py
-
Expanded: Environment Authentication functionality has been expanded to allow developers to customize the names of the environment keys used to store API credentials.
_auth_object/_falcon_interface.py
_auth_object/_uber_interface.py
oauth2.py
Unit testing expanded to complete code coverage.
tests/test_authentications.py
from falconpy import Hosts # We can now define the prefix and the names of the # environment values used for API key lookups environment_keys = { "prefix": "CROWDSTRIKE_", "id_name": "API_ID", "secret_name": "API_SECRET" } # These values are provided as a dictionary to the class hosts = Hosts(environment=environment_keys) # Usage of the class is the same results = hosts.query_devices_by_filter_scroll()
-
Added:
include_hidden
argument added to the PostAggregatesAlertsV2, PatchEntitiesAlertsV3, PostEntitiesAlertsV2 and GetQueriesAlertsV2 operations within the Alerts Service Class.alerts.py
-
Added: Added 4 new operations to the Cloud Snapshots service collection.
- ReadDeploymentsCombined
- ReadDeploymentsEntities
- CreateDeploymentEntity
- GetScanReport
_endpoint/_cloud_snapshots.py
_payload/__init__.py
_payload/_cloud_snapshots.py
cloud_snapshots.py
Unit testing expanded to complete code coverage.
tests/test_cloud_snapshots.py
-
Added: Added GetRuntimeDetectionsCombinedV2 to the Container Detections service collection.
_endpoint/_container_detections.py
container_detections.py
Unit testing expanded to complete code coverage.
tests/test_container_detections.py
-
Added: Added 3 new operations to the CSPM Registration service collection.
- DeleteCSPMAzureManagementGroup
- GetCSPMGCPValidateAccountsExt
- ValidateCSPMGCPServiceAccountExt
_endpoint/_cspm_registration.py
_payload/__init__.py
_payload/_cspm_registration.py
cspm_registration.py
Unit testing expanded to complete code coverage.
tests/test_cspm_registration.py
-
Added: Added query_iot_hostsV2 operation to the Discover service collection.
_endpoint/_discover.py
_endpoint/deprecated/_discover.py
discover.py
Unit testing expanded to complete code coverage.
tests/test_discover.py
-
Added: Added AggregateSupportIssues operation to the Falcon Complete Dashboard service collection.
_endpoint/_falcon_complete_dashboard.py
falcon_complete_dashboard.py
Unit testing expanded to complete code coverage.
tests/test_falcon_complete_dashboard.py
-
Added: Added IngestDataAsyncV1 operation to the Foundry LogScale service collection.
_endpoint/_foundry_logscale.py
foundry_logscale.py
Unit testing expanded to complete code coverage.
tests/test_foundry_logscale.py
-
Added: Added
infer_json_types
andmatch_response_schema
arguments to the CreateSavedSearchesDynamicExecuteV1, GetSavedSearchesExecuteV1 and CreateSavedSearchesExecuteV1 operations within the Foundry LogScale service collection._endpoint/_foundry_logscale.py
foundry_logscale.py
-
Added: Added
infer_json_types
argument to the GetSavedSearchesJobResultsDownloadV1 operation within the Foundry LogScale service collection._endpoint/_foundry_logscale.py
foundry_logscale.py
-
Added: Added 3 new operations to the Intel service collection.
- GetMalwareEntities
- QueryMalware
- QueryMitreAttacksForMalware
_endpoint/_intel.py
intel.py
Unit testing expanded to complete code coverage.
tests/test_intel.py
-
Added: Added 4 new operations to the Sensor Download service collection.
- GetCombinedSensorInstallersByQueryV2
- DownloadSensorInstallerByIdV2
- GetSensorInstallersEntitiesV2
- GetSensorInstallersByQueryV2
_endpoint/_sensor_download.py
sensor_download.py
Unit testing expanded to complete code coverage.
tests/test_sensor_download.py
-
Added: Added
sanitize
argument to the WorkflowDefinitionsExport operation within the Workflows service collection._endpoint/_workflows.py
workflows.py
-
Added: Added 2 new operations to the Workflows service collection.
- WorkflowExecuteInternal
- WorkflowMockExecute
_endpoint/workflows.py
_payload/__init__.py
_payload/_workflows.py
workflows.py
Unit testing expanded to complete code coverage.
tests/test_workflows.py
-
Fixed: Resolved parsing issue with formData arguments provided to the ArchiveUploadV2 operation within the SampleUploads Service Class. Closes #1122.
sample_uploads.py
-
Fixed: Resolved conversion issue with query string boolean parameters not being properly converted to lowercase before API submission. Closes #1129.
_util/_functions.py
-
Updated: Updated
body
argument description for the PatchEntitiesAlertsV3 operation within the endpoint module._endpoint/_alerts.py
-
Updated: Added
highest_cps_current_rating
as an allowed sort parameter to the ReadCombinedImagesExport operation within the Container Images service collection._endpoint/_container_images.py
-
Updated: Added
watch_permissions_key_changes
option to the createRules operation within the FileVantage service collection._endpoint/_filevantage.py
-
Updated: Updated operation and argument descriptions in the deprecated IOCS service collection.
_endpoint/_iocs.py
-
Updated: Added
prevented
as an allowed filter to the ReadKubernetesIomByDateRange, ReadKubernetesIomCount, SearchAndReadKubernetesIomEntities and SearchKubernetesIoms operations within the Kubernetes Protection service collection._endpoint/_kubernetes_protection.py
-
Updated: Updated the
body
argument description for the BatchAdminCmd and RTR_ExecuteAdminCommand operations within the Real Time Response Admin service collection._endpoint/_real_time_response_admin.py
_endpoint/deprecated/_real_time_response_admin.py
-
Updated: Updated the
body
argument description for the BatchActiveResponderCmd, BatchCmd, RTR_ExecuteActiveResponderCommand, and RTR_ExecuteCommand operations within the Real Time Response service collection._endpoint/_real_time_response.py
_endpoint/deprecated/_real_time_response.py
-
Removed: The CreateInventory operation is removed from the Cloud Snapshots Service Class.
_payload/__init__.py
_payload/_cloud_snapshots.py
cloud_snapshots.py
Unit testing updated to reflect current functionality.
tests/test_cloud_snapshots.py
-
Removed: The WorkflowDefinitionsCreate operation is removed from the Workflows service collection.
_endpoint/_workflows.py
workflows.py
Unit testing updated to reflect current functionality.
tests/test_workflows.py
-
Added:
include_hidden
argument added to the PostAggregatesAlertsV2, PostEntitiesAlertsV2, PatchEntitiesAlertsV3 and GetQueriesAlertsV2 operations._endpoint/_alerts.py
-
Added: ReadContainerAlertsCountBySeverity operation added to the Container Alerts service collection.
_endpoint/_container_alerts.py
container_alerts.py
Unit testing expanded to complete code coverage.
tests/test_container_alerts.py
-
Added:
cspm_lite
argument added to the GetCSPMAwsAccount and GetCSPMAzureAccount operations within the CSPM Registration service collection._endpoint/_cspm_registration.py
cspm_registration.py
-
Added:
azure_management_group
argument added to the GetCSPMAzureUserScriptsAttachment operation within the CSPM Registration service collection._endpoint/_cspm_registration.py
cspm_registration.py
-
Added: 9 new operations added to the CSPM Registration service collection.
- GetCSPMAzureManagementGroup
- CreateCSPMAzureManagementGroup
- GetCSPMCGPAccount
- CreateCSPMGCPAccount
- DeleteCSPMGCPAccount
- UpdateCSPMGCPAccount
- ConnectCSPMGCPAccount
- GetCSPMGCPServiceAccountsExt
- GetCSPMGCPUserScriptsAttachment
_endpoint/_cspm_registration.py
_payload/_cspm_registration.py
cspm_registration.py
Unit testing expanded to complete code coverage.
tests/test_cspm_registration.py
-
Added:
azure_management_group
argument added to the GetDiscoverCloudAzureUserScriptsAttachment operation within the D4C Registration service collection._endpoint/_d4c_registration.py
d4c_registration.py
-
Added: 4 new operations added to the D4C Registration service collection.
- DeleteD4CGCPAccount
- ConnectD4CGCPAccount
- GetD4CGCPServiceAccountsExt
- GetD4CGCPUserScriptsAttachment
_endpoint/_d4c_registration.py
_payload/_d4c_registration.py
d4c_registration.py
Unit testing expanded to complete code coverage.
tests/test_d4c_registration.py
-
Added:
execution_cid
argument added to the WorkflowExecute operation within the Workflows service collection._endpoint/_workflows.py
workflows.py
-
Added: New service collection Image Assessment Policies containing 11 new operations.
- ReadPolicies
- CreatePolicies
- UpdatePolicies
- DeletePolicy
- ReadPolicyExclusions
- UpdatePolicyExclusions
- ReadPolicyGroups
- CreatePolicyGroups
- UpdatePolicyGroups
- DeletePolicyGroup
- UpdatePolicyPrecedence
_endpoint/__init__.py
_endpoint/_image_assessment_policies.py
3 new payload handlers are added.
_payload/__init__.py
_payload/_container.py
__init__.py
image_assessment_policies.py
Unit testing expanded to complete code coverage.
tests/test_image_assessment_policies.py
-
Added: 8 new operations added to the Workflows service collection.
- WorkflowDefinitionsCombined
- WorkflowExecutionsCombined
- WorkflowDefinitionsExport
- WorkflowDefinitionsImport
- WorkflowDefinitionsUpdate
- WorkflowDefinitionsCreate
- WorkflowGetHumanInputV1
- WorkflowUpdateHumanInputV1
_endpoint/_workflows.py
workflows.py
2 new payload handlers are added.
_payload/__init__.py
_payload/_workflows.py
Unit testing expanded to complete code coverage.
tests/test_workflows.py
-
Fixed:
member_cid
argument is not being passed to the authentication event when leveraging Environment Authentication. Closes #1105._auth_object/_falcon_interface.py
-
Fixed:
rule_ids
is not included in body payloads when the list is empty for the update_rule_groups operation within the Firewall Management Service Class. Closes #1107._payload/_firewall.py
-
Fixed: Added missing actions to _allowed_actions validator within
PerformActionV2
method of the Hosts service collection. Closes #1108.hosts.py
- Thanks go out to @i-shubham01 for identifying and resolving this issue! 🙇
-
Updated: Enums added to GetCSPMAwsAccount and GetCSPMAwsConsoleSetupURLs operations within the CSPM Registration endpoint module.
_endpoint/_cspm_registration.py
-
Updated: Several parameter descriptions within the Custom IOA endpoint module updated.
_endpoint/_custom_ioa.py
_endpoint/deprecated/_custom_ioa.py
-
Updated: Enum updated within the GetD4CAwsAccount operation of the D4C Registration endpoint module.
_endpoint/_d4c_registration.py
-
Updated: Parameter description for the Submit operation within the Falcon Intelligence Sandbox endpoint module updated.
_endpoint/_falconx_sandbox.py
-
Updated: Multiple parameter descriptions within the Kubernetes Protection endpoint module updated.
_endpoint/_kubernetes_protection_.py
-
Updated: Enum updated within the QueryActivityByCaseID operation of the Message Center endpoint module.
_endpoint/_message_center.py
-
Dropped: Python 3.6 support.
Unit testing adjusted to reflect supported versions.
README.md
SECURITY.md
setup.py
-
Refactored: Simple private child objects within the APIRequest object updated to leverage data classes.
_api_request/_request_connection.py
_api_request/_request_payloads.py
_api_request/_request_validator.py
- Added: 4 new operations added to the Alerts service collection.
- PostAggregateAlertsV2
- PostEntitiesAlertsV2
- PatchEntitiesAlertsV3
- GetQueriesAlertsV2
_endpoint/_alerts.py
alerts.py
Unit testing expanded to complete code coverage.
tests/test_alerts.py
- Added:
source_event_url
argument added to the WorkflowExecute operation definition within the endpoint module._endpoint/_workflows.py
- Added: New Configuration Assessment service collection providing 2 new operations.
- getCombinedAssessmentsQuery
- getRuleDetails
_endpoint/__init__.py
_endpoint/_configuration_assessment.py
__init__.py
configuration_assessment.py
Unit testing expanded to complete code coverage.
tests/test_configuration_assessment.py
- Added: New Configuration Assessment Evaluation Logic service collection providing 1 new operation.
- getEvaluationLogicMixin0
_endpoint/__init__.py
_endpoint/_configuration_assessment_evaluation_logic.py
__init__.py
configuration_assessment_evaluation_logic.py
Unit testing expanded to complete code coverage.
tests/test_configuration_assessment_evaluation_logic.py
- Added: New Container Alerts service collection providing 2 new operations.
- ReadContainerAlertsCount
- SearchAndReadContainerAlerts
_endpoint/__init__.py
_endpoint/_container_alerts.py
__init__.py
container_alerts.py
Unit testing expanded to complete code coverage.
tests/test_container_alerts.py
- Added: New Container Detections service collection providing 6 new operations.
- ReadDetectionsCountBySeverity
- ReadDetectionsCountByType
- ReadDetectionsCount
- ReadCombinedDetections
- ReadDetections
- SearchDetections
_endpoint/__init__.py
_endpoint/_container_detections.py
__init__.py
container_detections.py
Unit testing expanded to complete code coverage.
tests/test_container_detections.py
- Added: New Container Images service collection providing 10 new operations.
- AggregateImageAssessmentHistory
- AggregateImageCountByBaseOS
- AggregateImageCountByState
- AggregateImageCount
- GetCombinedImages
- CombinedImageByVulnerabilityCount
- CombinedImageDetail
- ReadCombinedImagesExport
- CombinedImageIssuesSummary
- CombinedImageVulnerabilitySummary
_endpoint/__init__.py
_endpoint/_container_images.py
__init__.py
container_images.py
Unit testing expanded to complete code coverage.
tests/test_container_images.py
- Added: New Container Packages service collection providing 5 new operations.
- ReadPackagesCountByZeroDay
- ReadPackagesByFixableVulnCount
- ReadPackagesByVulnCount
- ReadPackagesCombinedExport
- ReadPackagesCombined
_endpoint/__init__.py
_endpoint/_container_packages.py
__init__.py
container_packages.py
Unit testing expanded to complete code coverage.
tests/test_container_packages.py
- Added: New Container Vulnerabilities service collection providing 10 new operations.
- ReadCombinedVulnerabilities
- ReadCombinedVulnerabilitiesInfo
- ReadCombinedVulnerabilitiesDetails
- ReadVulnerabilitiesPublicationDate
- ReadVulnerabilitiesByImageCount
- ReadVulnerabilityCount
- ReadVulnerabilityCountBySeverity
- ReadVulnerabilityCountByCPSRating
- ReadVulnerabilityCountByCVSSScore
- ReadVulnerabilityCountByActivelyExploited
_endpoint/__init__.py
_endpoint/_container_vulnerabilities.py
__init__.py
container_vulnerabilities.py
Unit testing expanded to complete code coverage.
tests/test_container_vulnerabilities.py
- Added:
next_token
argument added to the GetConfigurationDetectionIDsV2 operation within the CSPM Registration service collection._endpoint/_cspm_registration.py
cspm_registration.py
- Added: New Drift Indicators service collection providing 5 new operations.
- GetDriftIndicatorsValuesByDate
- ReadDriftIndicatorsCount
- SearchAndReadDriftIndicatorEntities
- ReadDriftIndicatorEntities
- SearchDriftIndicators
_endpoint/__init__.py
_endpoint/_drift_indicators.py
__init__.py
drift_indicators.py
Unit testing expanded to complete code coverage.
tests/test_drift_indicators.py
- Added: 3 new operations added to the Falcon Complete Dashboard service collection.
- AggregatePreventionPolicy
- AggregateSensorUpdatePolicy
- AggregateTotalDeviceCounts
_endpoint/_falcon_complete_dashboard.py
falcon_complete_dashboard.py
Unit testing expanded to complete code coverage.
tests/test_falcon_complete_dashboard.py
- Added: New arguments added to 5 operations within the Foundry LogScale service collection. 2 arguments are removed from 1 operation.
check_test_data
is added to ListReposV1.app_id
is added to CreateSavedSearchesDynamicExecuteV1.app_id
is added to GetSavedSearchesExecuteV1.app_id
is added to CreateSavedSearchesExecuteV1.check_test_data
is added to ListViewV1.- The duplicative query string parameter arguments
mode
andversion
have been removed from CreateSavedSearchesExecuteV1. _endpoint/_foundry_logscale.py
foundry_logscale.py
Unit testing expanded to complete code coverage.
tests/test_foundry_logscale.py
- Added: 1 new operation added to the Hosts service collection.
- QueryDeviceLoginHistoryV2
_endpoint/_hosts.py
hosts.py
Unit testing expanded to complete code coverage.
tests/test_hosts.py
- Added: 3 new operations added to the IOC service collection. These operations replace legacy operations from the deprecated IOCS service collection.
- indicator_get_device_count_v1 replaces DevicesCount.
- indicator_get_devices_ran_on_v1 replaces DevicesRanOn.
- indicator_get_processes_ran_on_v1 replaces ProcessRanOn.
_endpoint/_ioc.py
_endpoint/deprecated/_ioc.py
ioc.py
Unit testing expanded to complete code coverage.
tests/test_ioc.py
- Added: 41 new operations added to the Kubernetes Protection service collection.
- ReadClustersByDateRangeCount
- ReadClustersByKubernetesVersionCount
- ReadClustersByStatusCount
- ReadClusterCount
- ReadContainersByDateRangeCount
- ReadContainerCountByRegistry
- FindContainersCountAffectedByZeroDayVulnerabilities
- ReadVulnerableContainerImageCount
- ReadContainerCount
- FindContainersByContainerRunTimeVersion
- GroupContainersByManaged
- ReadContainerImageDetectionsCountByDate
- ReadContainerImagesByState
- ReadContainersSensorCoverage
- ReadContainerVulnerabilitiesBySeverityCount
- ReadDeploymentsByDateRangeCount
- ReadDeploymentCount
- ReadClusterEnrichment
- ReadContainerEnrichment
- ReadDeploymentEnrichment
- ReadNodeEnrichment
- ReadPodEnrichment
- ReadDistinctContainerImageCount
- ReadContainerImagesByMostUsed
- ReadKubernetesIomByDateRange
- ReadKubernetesIomCount
- ReadNodesByCloudCount
- ReadNodesByContainerEngineVersionCount
- ReadNodesByDateRangeCount
- ReadNodeCount
- ReadPodsByDateRangeCount
- ReadPodCount
- ReadClusterCombined
- ReadRunningContainerImages
- ReadContainerCombined
- ReadDeploymentCombined
- SearchAndReadKubernetesIomEntities
- ReadNodeCombined
- ReadPodCombined
- ReadKubernetesIomEntities
- SearchKubernetesIoms
_endpoint/_kubernetes_protection.py
kubernetes_protection.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_protection.py
- Added: 1 new operation added to the ODS service collection.
- get_scans_by_scan_ids_v2
get_scans_by_scan_ids_v1 has been deprecated. The PEP8 method
get_scans
has been redirected to the new operation. Developers wanting to leverage the legacy operation should callget_scans_v1
orget_scans_by_scan_ids_v1
._endpoint/_ods.py
_endpoint/deprecated/_ods.py
ods.py
Unit testing expanded to complete code coverage.
tests/test_ods.py
- Added: 2 new operations added to the Real Time Response Admin service collection.
- RTR_GetFalconScripts
- RTR_ListFalconScripts
_endpoint/_real_time_response_admin.py
_endpoint/deprecated/_real_time_response_admin.py
real_time_response_admin.py
Unit testing expanded to complete code coverage.
tests/test_real_time_response_admin.py
- Added: New Unidentified Containers service collection providing 3 new operations.
- ReadUnidentifiedContainersByDateRangeCount
- ReadUnidentifiedContainersCount
- SearchAndReadUnidentifiedContainers
_endpoint/__init__.py
_endpoint/_unidentified_containers.py
__init__.py
unidentified_containers.py
Unit testing expanded to complete code coverage.
tests/test_unidentified_containers.py
- Fixed:
batch_id
andbatch_get_cmd_req_id
not available on pythonic Result object._result/_result.py
- Fixed: Pythonic responses not properly populating Result object resources attribute when a dictionary is returned for the resources branch.
_result/_result.py
- Fixed:
trace_id
property is not available on Result objects that do not contain a Meta attribute._result/_headers.py
_result/_result.py
- Fixed: Changes the datatype for the
ids
argument within the GetCSPMPolicy operation fromstring
tointeger
._endpoint/_cspm_registration.py
- Fixed: A typo that incorrectly listed the default value for the
limit
keyword was resolved in the QueryDetects operation docstring. Closes #1089.detects.py
- Refactored: Reduced complexity within the Result object constructor method by abstracting construction logic to a new method.
_result/_result.py
- Regenerated: Updated endpoint module to align to new library automation, resulting in cosmetic changes to description fields.
_endpoint/*
- Renamed: RetrieveUser operation has been renamed to retrieveUser within the User Management service collection.
_endpoint/_user_management.py
- Deprecated: Adds additional deprecated operation IDs to the Firewall Management service collection.
_endpoint/_firewall_management.py
- Fixed: Resolves a constant naming typo within the endpoint module for the Cloud Snapshots service collection.
_endpoint/__init__.py
_endpoint/_cloud_snapshots.py
cloud_snapshots.py
- Fixed: Endpoint definition mismatch in UploadSampleV3 operation within the Sample Uploads service collection.
_endpoint/_sample_uploads.py
- Fixed: Endpoint definition mismatch in UploadSampleV2 operation within the Falcon Intelligence Sandbox service collection.
_endpoint/_falconx_sandbox.py
Unit testing expanded to complete code coverage.
tests/test_falconx_sandbox.py
- Added: Use a Service Class or the Uber Class as a context manager.
Leveraging this functionality will automatically revoke your bearer token on context manager exit.
from falconpy import Hosts with Hosts(pythonic=True) as hosts: for device in hosts.query_devices().data: print(device)
_auth_object/_uber_interface.py
_service_class/_service_class.py
- Added:
app_id
keyword added to CreateSavedSearchesIngestV1 operation.foundry_logscale.py
Unit testing expanded to complete code coverage.
tests/test_foundry_logscale.py
- Fixed: update_policy_container operation payload handler is missing the
policy_id
key. Closes #1068._payload/_firewall.py
Expanded unit testing to complete code coverage.
tests/test_firewall_management.py
- Fixed:
after
property is missing from the Meta object. Closes #1069._result/_meta.py
_result/_result.py
- Fixed: Payload handler for tokens_update operation is not properly passing the
revoked
key. Closes #1074.installation_tokens.py
- Fixed: API operations generating leveraging the raw attribute are not properly displaying results when leveraging result object expansion. Closes #1076.
_result/_result.py
- Fixed: Per-operation pythonic override is not working as expected. Closes #1078.
_util/_functions.py
- Changed: Updated field mapping for Uber Class path variables to a cleaner solution.
_util/_uber.py
- Removed: The unsupported actions
add-rule-group
andremove-rule-group
are removed from the performFirewallPoliciesAction operation. Relates to #1059.firewall_policies.py
- Added: Deprecation warnings for deprecated classes and operations. Closes #1055.
_endpoint/__init__.py
_endpoint/deprecated/__init__.py
_endpoint/deprecated/_mapping.py
_error/__init__.py
_error/_warnings.py
_service_class/_service_class.py
_util/__init__.py
_util/_functions.py
- Added: New Custom Storage service collection.
__init__.py
_endpoint/__init__.py
_endpoint/_custom_storage.py
_util/_functions.py
custom_storage.py
Expanded unit testing to complete code coverage.
tests/test_custom_storage.py
The following new operations are provided by this service collection:
- ListObjects
- SearchObjects
- GetObject
- PutObject
- DeleteObject
- GetObjectMetadata
- Added: New Workflows service collection.
__init__.py
_endpoint/__init__.py
_endpoint/_workflows.py
_endpoint/_workflows.py
_payload/__init__.py
_payload/_generic.py
_payload/_workflows.py
workflows.py
Expanded unit testing to complete code coverage.
tests/test_workflows.py
The following new operations are provided by this service collection:
- WorkflowExecute
- WorkflowExecutionsAction
- WorkflowExecutionResults
- WorkflowSystemsDefinitionsDeProvision
- WorkflowSystemsDefinitionsPromote
- WorkflowSystemsDefinitionsProvision
- Added: New Real Time Response Audit service collection.
__init__.py
_endpoint/__init__.py
_endpoint/_real_time_response_audit.py
real_time_response_audit.py
Expanded unit testing to complete code coverage.
tests/test_real_time_response_audit.py
The following new operations are provided by this service collection:
- RTRAuditSessions
- Added: New Foundry LogScale service collection.
__init__.py
_endpoint/__init__.py
_endpoint/_foundry_logscale.py
_payload/__init__.py
_payload/_foundry.py
foundry_logscale.py
Expanded unit testing to complete code coverage.
tests/test_foundry_logscale.py
The following new operations are provided by this service collection:
- ListReposV1
- ListViewV1
- IngestDataV1
- CreateSavedSearchesDynamicExecuteV1
- GetSavedSearchesExecuteV1
- CreateSavedSearchesExecuteV1
- CreateSavedSearchesIngestV1
- GetSavedSearchesJobResultsDownloadV1
- Fixed: Error when trying to directly import falconpy module (no package installation). Closes #1056.
_auth_object/_falcon_interface.py
_util/_functions.py
- Thanks go out to @tsullivan06 for identifying and reporting this issue. 🙇
- Fixed: Legacy Uber Class is not logging Operation ID in debug logs. Closes #1057.
api_complete/_legacy.py
- Fixed: Can not use
add-rule-group
andremove-rule-group
actions with theperformFirewallPoliciesAction
operation. Closes #1059.firewall_policies.py
- Thanks go out to @api-clobberer for identifying and reporting this issue. 🙇
This release resolves a breaking change introduced in Version 1.3.0. This issue presents itself when developers attempt to call the
authenticated
method directly from theOAuth2
Service Class. Review issue #1043 for more detail.
- Added: Expanded the Uber Class into a submodule, and restored the 1.2.16 version of this class as
APIHarness
. This class is now DEPRECATED. The 1.3.0 version of this class is now namedAPIHarnessV2
(The advanced Uber Class) ._auth_object/_base_falcon_auth.py
_auth_object/_falcon_interface.py
_auth_object/_uber_interface.py
api_complete/__init__.py
api_complete/_advanced.py
api_complete/_legacy.py
__init__.py
Expanded unit testing to complete code coverage.
tests/test_authorizations.py
tests/test_falcon_container.py
tests/test_uber_api_complete.py
tests/test_uber.py
- Fixed: Error generated when trying leverage the legacy
authenticated
lambda method handler within theOAuth2
Service Class. Closes #1043._auth_object/_base_falcon_auth.py
_auth_object/_falcon_interface.py
_service_class/_service_class.py
oauth2.py
Expanded unit testing to complete code coverage.
tests/test_service_class.py
- Thanks go out to @morcef for identifying and reporting this issue. 🙇
- Fixed: Type check failure when creating a mock of the
OAuth2
Service Class. Relates to #1043._service_class/_base_service_class.py
- Thanks go out to @davidt99 for identifying / reporting this issue and providing the fix. 🙇
- Added: 1 new operation added (
highVolumeQueryChanges
) from the FileVantage service collection._endpoint/_filevantage.py
filevantage.py
Unit testing expanded to complete code coverage.
tests/test_filevantage.py
- Added: Warn when providing API arguments that are unnecessarily URLEncoded. Closes #850.
_error/__init__.py
_error/_warnings.py
_util/_functions.py
_util/_uber.py
__init__.py
- Thanks go out to @aboese for suggesting this enhancement. 🙇
- Added:
add_comment
keyword added to the PerformIncidentAction operation within the Incidents Service Class. Closes #1003._payload/_incidents.py
incidents.py
Unit testing expanded to complete code coverage.
tests/test_incidents.py
- Thanks go out to @morcef for suggesting this enhancement. 🙇
- Added:
add-rule-group
andremove-rule-group
options added to performFirewallPoliciesAction operation in the Firewall Policies service collection._endpoint/_firewall_policies.py
firewall_policies.py
- Added: Sort by
alert_ids
option added to QueryBehaviors operation in the _Incidents service collection._endpoint/_incidents.py
- Added: AggregateAlerts and QueryAlertIdsByFilter operations added to the Falcon Complete Dashboard service collection.
_endpoint/_falcon_complete_dashboard.py
falcon_complete_dashboard.py
Unit testing expanded to complete code coverage.
tests/test_falcon_complete_dashboard.py
- Added: GetCombinedImages operation added to the Falcon Container service collection.
_endpoint/_falcon_container.py
falcon_container.py
Unit testing expanded to complete code coverage.
test_falcon_container.py
- Added:
ids
keyword argument added to GetIntelReportPDF and QueryMitreAttacks operations.if_none_match
andif_modified_since
keyword arguments added to GetLatestIntelRuleFile operation. Intel service collection._endpoint/_intel.py
intel.py
Unit testing expanded to complete code coverage.
test_intel.py
- Added: Override functionality - All service classes are now able to call manually specified operation endpoints via the
override
method. This method mirrors functionality provided by theoverride
keyword within the Uber Class._service_class.py
- Added: 23 new operations added to the FileVantage service collection.
- updatePolicyHostGroups
- updatePolicyPrecedence
- updatePolicyRuleGroups
- getPolicies
- createPolicies
- deletePolicies
- updatePolicies
- getScheduledExclusions
- createScheduledExclusions
- deleteScheduledExclusions
- updateScheduledExclusions
- updateRuleGroupPrecedence
- getRules
- createRules
- deleteRules
- updateRules
- getRuleGroups
- createRuleGroups
- deleteRuleGroups
- updateRuleGroups
- highVolumeQueryChanges
- queryRuleGroups
- queryScheduledExclusions
- queryPolicies
_endpoint/_filevantage.py
filevantage.py
4 new payload handlers were implemented.
_payload/__init__.py
_payload/_filevantage.py
Unit testing expanded to complete code coverage.
tests/test_filevantage.py
- Added: A new service collection, Cloud Snapshots was implemented with three new operations (GetCredentialsMixin0, CreateInventory, and RegisterCspmSnapshotAccount).
_endpoint/__init__.py
_endpoint/_cloud_snapshots.py
__init__.py
cloud_snapshots.py
Two new payload handlers were implemented.
_payload/__init__.py
_payload/_cloud_snapshots.py
Unit testing expanded to complete code coverage.
tests/test_cloud_snapshot.py
- Added: 3 new operations added to the Identity Protection service collection (GetSensorAggregates, GetSensorDetails, and QuerySensorsByFilter).
_endpoint/_identity_protection.py
identity_protection.py
Unit testing expanded to complete code coverage.
tests/test_identity_protection.py
- Fixed: API errors generated by the Uber Class do not stop execution when in pythonic mode.
api_complete.py
- Fixed: Result object failure on JSON formatted list response from report_executions_download_get operation within the Report Executions service collection. Closes #1033.
_result/result.py
- Deprecated: deleteCIDGroupMembersV1 is now deprecated. Calls to deleteCIDGroupMembers are now redirected to deleteCIDGroupMembersV2. MSSP service collection.
_endpoint/_mssp.py
mssp.py
Unit testing expanded to complete code coverage.
test_mssp.py
Developer Enhancements Release 🎉
- Added: Developer Extensibility features - Enhanced existing programmatic architecture with new objects and submodules to address technical debt and provide developers with the necessary structures to easily extend core library functionality.
- APIHarness - Derivative and an interface class commonly referred to as the Uber Class, APIHarness has been refactored to inherit common functionality provided by the FalconInterface class, remove technical debt, add typing, and expand available operations and extensibility features.
api_complete.py
- APIRequest - Simple interface class comprised of multiple data classes that is leveraged for managing the components of a request sent to the CrowdStrike API. This is a new object.
_api_request/__init__.py
_api_request/_request.py
_api_request/_request_behavior.py
_api_request/_request_connection.py
_api_request/_request_meta.py
_api_request/_request_payloads.py
_api_request/_request_validator.py
- Constant submodule - Stores global constants used throughout the library. This is a new module implemented to store new and pre-existing constants.
_constant/__init__.py
- Enum submodule - Stores enumerators available within the library. This is a new module implemented to store pre-existing enumerators.
_enum/__init__.py
_enum/_base_url.py
_enum/_container_base_url.py
_enum/_token_fail_reason.py
- Error submodule - Provides python native errors and warnings. This is a new module.
_error/__init__.py
_error/_exceptions.py
_error/_warnings.py
- FalconInterface - Interface class that handles authentication and state management, also referred to as the authentication object or the
auth_object
. Refactored to address technical debt and add new functionality._auth_object/__init__.py
_auth_object/_base_falcon_auth.py
_auth_object/_bearer_token.py
_auth_object/_falcon_interface.py
_auth_object/_interface_config.py
_auth_object/_uber_interface.py
- Log submodule - Provides debug logging functionality. This is a new module.
_log/__init__.py
_log/_facility.py
- Result - Complex interface class that is leveraged to parse and return results received from the CrowdStrike API. This class has been refactored to address technical debt and provide new developer functionality and extensibility. Default behavior for requests received from the CrowdStrike API remains unchanged (results are returned as a Python dictionary). Expanded functionality provides developers the ability to handle received responses as python structures, allowing for easy iteration and processing without having to handle a dictionary.
_result/__init__.py
_result/_base_resource.py
_result/_base_dictionary.py
_result/_errors.py
_result/_expanded_result.py
_result/_headers.py
_result/_meta.py
_result/_resources.py
_result/_response_component.py
_result/_result.py
- ServiceClass - Interface class leveraged by Service Classes to provide common functionality. This class has also been refactored to expand on functionality provided by the FalconInterface class, remove technical debt, add typing and expand extensibility features.
_service_class/_init__.py
_service_class/_base_service_class.py
_service_class/_service_class.py
- Util submodule - Functions and utilities library containing both private and public methods. This is a new module implemented to store new and pre-existing functions.
_util/__init__.py
_util/_auth.py
_util/_functions.py
_util/_uber.py
- APIHarness - Derivative and an interface class commonly referred to as the Uber Class, APIHarness has been refactored to inherit common functionality provided by the FalconInterface class, remove technical debt, add typing, and expand available operations and extensibility features.
- Added: Debug logging - Native debug logging can now be activated per class upon construction. Logs are sanitized by default.
Log sanitization can also be disabled when instantiating the class.
import logging from falconpy import Hosts logging.basicConfig(level=logging.DEBUG) hosts = Hosts(client_id=CLIENT_ID, client_secret=CLIENT_SECRET, debug=True) result = hosts.query_devices_by_filter_scroll()
Local unit testing has been expanded to take advantage of this functionality. To activate, set the environment variablehosts = Hosts(client_id=CLIENT_ID, client_secret=CLIENT_SECRET, debug=True, sanitize_log=False)
FALCONPY_UNIT_TEST_DEBUG
toDEBUG
._log/__init__.py
_log/_facility.py
- Added: Environment Authentication - New authentication mechanism that retrieves CrowdStrike API credentials that are pre-defined as variables within the runtime environment. These environment variables must be named
FALCON_CLIENT_ID
andFALCON_CLIENT_SECRET
and both must be present in order for this mechanism to be used. Environment Authentication is the last mechanism attempted, meaning all other authentication mechanisms will take precedence.from falconpy import Hosts hosts = Hosts() result = hosts.query_devices_by_filter_scroll()
_auth_object/_falcon_interface.py
- Added: Pythonic response handling - Allows for the handling of responses received from the CrowdStrike API as pythonic structures as opposed to dictionaries.
from falconpy import Hosts hosts = Hosts(client_id=CLIENT_ID, client_secret=CLIENT_SECRET, pythonic=True) host_list = hosts.query_devices_by_filter_scroll() for device in host_list: print(device)
_result/__init__.py
_result/_base_resource.py
_result/_base_dictionary.py
_result/_errors.py
_result/_expanded_result.py
_result/_headers.py
_result/_meta.py
_result/_resources.py
_result/_response_component.py
_result/_result.py
- Added: Pythonic errors and warnings - Leverages native Python exceptions to implement error and warning handling.
from falconpy import Hosts, APIError hosts = Hosts(client_id=CLIENT_ID, client_secret=CLIENT_SECRET, pythonic=True) try: device_detail = hosts.get_device_details("not-a-real-id") except APIError as not_found: print(not_found)
_error/__init__.py
_error/_exceptions.py
_error/_warnings.py
- Added: Typing - Type hints have been added throughout the library. This is an ongoing initiative.
- Fixed: Unusual responses from operations within the Falcon Container service collection.
_result/_result.py
_util/_functions.py
- Fixed: Uber Class functionality using operations within the OAuth2 service collection. Closes #835.
api_complete.py
_auth_object/_falcon_interface.py
_auth_object/_uber_interface.py
- Fixed: Inbound strings provided to the
creds
andproxy
keywords are not automatically converted to dictionaries. Closes #909._auth_object/_falcon_interface.py
- Fixed: Fixed missing facet keyword in follow request for vulnerabilities - Grab CVEs for CID sample. Closes #1004.
samples/spotlight/spotlight_grab_cves_for_cid.py
- Fixed: IDs are not being migrated to the body payload when calling the
PostEntitiesAlertsV1
operation. Closes #1016._constant/__init__.py
- Thanks to @tsullivan06 for identifying this issue! 🙇
- Expanded: Unit testing expanded to complete code coverage.
- Updated: Added column prune keyword to Grab CVEs by CID sample. Closes #1005.
samples/spotlight/spotlight_grab_cves_for_cid.py
- PLEASE NOTE: Python 3.6 support will be discontinued in January 2024.
- Added: New keywords were added to 1 operations within the Alerts Service Class.
- exclude, from, include and max_doc_count were added to the
PostAggregatesAlertsV1
operation.
_payload/_generic.py
alerts.py
- exclude, from, include and max_doc_count were added to the
- Added: New keywords were added to 6 operations within the CompleteDashboard Service Class.
- exclude, from, include and max_doc_count were added to the
AggregateBlockList
operation. - exclude, from, include and max_doc_count were added to the
AggregateDetections
operation. - exclude, from, include and max_doc_count were added to the
AggregateDeviceCountCollection
operation. - exclude, from, include and max_doc_count were added to the
AggregateEscalations
operation. - exclude, from, include and max_doc_count were added to the
AggregateFCIncidents
operation. - exclude, from, include and max_doc_count were added to the
AggregateRemediations
operation.
falcon_complete_dashboard.py
- exclude, from, include and max_doc_count were added to the
- Added: 3 new operations added to the CSPMRegistration Service Class,
GetConfigurationDetectionEntities
,GetConfigurationDetectionIDsV2
, andGetCSPMPoliciesDetails
._endpoint/_cspm_registration.py
_payload/_cspm_registration.py
cspm_registration.py
Unit testing expanded to complete code coverage.
tests/test_cspm_registration.py
- Added: New keywords were added to 11 operations within the CSPMRegistration Service Class.
- iam_role_arns and migrated were added to the
GetCSPMAwsAccount
operation. - account_type, behavior_assessment_enabled, iam_role_arn, is_master, sensor_management_enabled and use_existing_cloudtrail were added to the
CreateCSPMAwsAccount
operation. - behavior_assessment_enabled, iam_role_arn, remediation_region, remediation_tou_accepted and sensor_management_enabled were added to the
UpdateCSPMAwsAccount
operation. - ids, use_existing_cloudtrail, and region were added to the
GetCSPMAwsConsoleSetupURLs
operation. - ids was added to the
GetCSPMAwsAccountScriptsAttachment
operation. - tenant_ids was added to the
GetCSPMAzureAccount
operation. - account_type, client_id, default_subscription, tenant_id and years_valid were added to the
CreateCSPMAzureAccount
operation. - retain_tenant and tenant_ids were added to the
DeleteCSPMAzureAccount
operation. - years_valid was added to the
AzureDownloadCertificate
operation. - account_type, subscription_ids, and template were added to the
GetCSPMAzureUserScriptsAttachment
operation. - resource_id and resource_uuid were added to the
GetBehaviorDetections
operation.
_endpoint/_cspm_registration.py
cspm_registration.py
- iam_role_arns and migrated were added to the
- Added: 1 new operation added to the D4CRegistration Service Class,
GetDiscoverCloudAzureTenantIDs
._endpoint/_d4c_registration.py
d4c_registration.py
Unit testing expanded to complete code coverage.
tests/test_d4c_registration.py
- Added: New keywords were added to 11 operations within the D4CRegistration Service Class.
- iam_role_arn was added to the
CreateD4CAwsAccount
operation. - limit, offset, status and tenant_ids were added to the
GetCSPMAzureAccount
operation. - account_type, client_id, default_subscription and years_valid were added to the
CreateCSPMAzureAccount
operation. - object_id and tenant_id were added to the
UpdateCSPMAzureAccountClientID
operation. - subscription_ids, tenant_id and template were added to the
GetCSPMAzureUserScriptsAttachment
operation. - limit, offset, parent_type, sort and status were added to the
GetCSPMCGPAccount
operation. - years_valid was added to the
DiscoverCloudAzureDownloadCertificate
operation. - parent_type was added to the
GetCSPMGCPUserScripts
operation. - parent_type was added to the
CreateD4CGCPAccount
operation.
_endpoint/_d4c_registration.py
_payload/_d4c_registration.py
d4c_registration.py
- iam_role_arn was added to the
- Added: New keywords were added to 2 operations within the Detects Service Class.
- exclude, from, include and max_doc_count were added to the
GetAggregateDetects
operation. - new_behaviors_processed was added to the
UpdateDetectsByIdsV2
operation.
_payload/_detects.py
detects.py
- exclude, from, include and max_doc_count were added to the
- Added: add-rule-group and remove-rule-group added as possible values for the action_name keyword within the
performDeviceControlPoliciesAction
operation in the DeviceControlPolicies Service Class._endpoint/_device_control_policy.py
device_control_policy.py
- Added: 3 new operations added to the FalconXSandbox Service Class,
GetMemoryDumpExtractedStrings
,GetMemoryDumpHexDump
, andGetMemoryDump
._endpoint/_falconx_sandbox.py
falconx_sandbox.py
Unit testing expanded to complete code coverage.
tests/test_falconx_sandbox.py
- Added: New FDR Service Class with 5 new operations,
fdrschema_combined_event_get
,fdrschema_entities_event_get
,fdrschema_entities_field_get
,fdrschema_queries_event_get
, andfdrschema_queries_field_get
._endpoint/_fdr.py
_endpoint/__init__.py
_endpoint/deprecated/_fdr.py
_endpoint/deprecated/__init__.py
fdr.py
Unit testing expanded to complete code coverage.
tests/test_fdr.py
- Added: New keyword was added to 1 operation within the FalconContainer Service Class.
- applicationPackages was added to the
ReadImageVulnerabilities
operation.
_payload/_container.py
falcon_container.py
- applicationPackages was added to the
- Added: New keywords were added to 9 operations within the FirewallManagement Service Class.
- exclude, from, include and max_doc_count were added to the
aggregate_events
operation. - exclude, from, include and max_doc_count were added to the
aggregate_policy_rules
operation. - exclude, from, include and max_doc_count were added to the
aggregate_rule_groups
operation. - exclude, from, include and max_doc_count were added to the
aggregate_rules
operation. - created_by and created_on were added to the
upsert_network_locations
operation. - created_by and created_on were added to the
update_network_locations
operation. - local_logging was added to the
update_policy_container_v1
operation. - platform was added to the
create_rule_group
operation.platform_ids was removed from the
create_rule_group
operation - fqdn and
fqdn_enabled
were added to thecreate_rule_group_validation
operation.
_payload/_firewall.py
firewall_management.py
- exclude, from, include and max_doc_count were added to the
- Added: New keyword was added to 1 operation within the FlightControl Service Class.
- filter was added to the
queryChildren
operation.
_endpoint/_mssp.py
mssp.py
- filter was added to the
- Added: New keyword was added to 1 operation within the Hosts Service Class.
- disable_hostname_check was added to the
entities_perform_action
operation.
_endpoint/_hosts.py
hosts.py
- disable_hostname_check was added to the
- Added: New keywords were added to 1 operation within the Incidents Service Class.
- overwrite_detects and update_detects were added to the
PerformIncidentAction
operation.
_endpoint/_incidents.py
incidents.py
- overwrite_detects and update_detects were added to the
- Added: New keywords were added to 3 operations within the IOC Service Class.
- exclude, from, include and max_doc_count were added to the
indicator_aggregate_v1
operation. - from_parent was added to the
GetIndicatorsReport
operation. - from_parent was added to the
indicator_search_v1
operation. - from_parent was added to the
indicator_update_v1
operation.
_endpoint/_ioc.py
_payload/_ioc.py
ioc.py
- exclude, from, include and max_doc_count were added to the
- Added: New keywords were added to 3 operations within the KubernetesProtection Service Class.
- is_horizon_acct was added to the
GetAWSAccountsMixin0
operation. - is_self_managed_cluster was added to the
GetHelmValuesYaml
operation. - status was added to the
GetClusters
operation.
_endpoint/_kubernetes_protection.py
kubernetes_protection.py
- is_horizon_acct was added to the
- Added: 1 new operation added to the ODS Service Class,
aggregate_query_scan_host_metadata
._endpoint/_ods.py
_endpoint/deprecated/_ods.py
ods.py
Unit testing expanded to complete code coverage.
tests/test_ods.py
- Added: New keywords were added to 3 operations within the ODS Service Class.
- exclude, from, include and max_doc_count were added to the
aggregate_scans
operation. - exclude, from, include and max_doc_count were added to the
aggregate_scheduled_scans
operation. - scan_inclusions was added to the
schedule_scan
operation.
_payload/_ods.py
ods.py
- exclude, from, include and max_doc_count were added to the
- Added: New keyword was added to 1 operation within the OAuth2 Service Class.
- client_id was added to the
revoke
operation.
_endpoint/_oauth2.py
oauth2.py
- client_id was added to the
- Added: New keywords were added to 2 operations within the OverwatchDashboard Service Class.
- exclude, from, include and max_doc_count were added to the
AggregatesEventsCollections
operation. - exclude, from, include and max_doc_count were added to the
AggregatesEvents
operation.
overwatch_dashboard.py
- exclude, from, include and max_doc_count were added to the
- Added: New keyword was added to 1 operation within the Quarantine Service Class.
- exclude, from, include and max_doc_count were added to the
GetAggregateFiles
operation.
quarantine.py
- exclude, from, include and max_doc_count were added to the
- Added: New keyword was added to 1 operation within the RealTimeResponse Service Class.
- exclude, from, include and max_doc_count were added to the
RTR_AggregateSessions
operation.
real_time_response.py
- exclude, from, include and max_doc_count were added to the
- Added: New keywords were added to 7 operations within the Recon Service Class.
- exclude, from, include and max_doc_count were added to the
AggregateNotificationsExposedDataRecordsV1
operation. - exclude, from, include and max_doc_count were added to the
AggregateNotificationsV1
operation. - content_format and trigger_matchless were added to the
CreateActionsV1
operation. - content_format and trigger_matchless were added to the
UpdateActionsV1
operation. - breach_monitoring_enabled and substring_matching_enabled were added to the
CreateRulesV1
operation. - breach_monitoring_enabled and substring_matching_enabled were added to the
UpdateRulesV1
operation. - notificationsDeletionRequested was added to the
DeleteRulesV1
operation.
_endpoint/_recon.py
_payload/_recon.py
recon.py
- exclude, from, include and max_doc_count were added to the
- Added: New keywords were added to 3 operations within the SensorUpdatePolicy Service Class.
- scheduler, show_early_adopter_builds and variants were added to the
createSensorUpdatePoliciesV2
operation. - scheduler, show_early_adopter_builds and variants were added to the
updateSensorUpdatePoliciesV2
operation. - stage was added to the
queryCombinedSensorUpdateBuilds
operation.
_endpoint/_sensor_update_policy.py
sensor_update_policy.py
- scheduler, show_early_adopter_builds and variants were added to the
- Added: add-rule-group and remove-rule-group added as possible values for the action_name keyword within the
performSensorUpdatePoliciesAction
operation in the SensorUpdatePolicy Service Class._endpoint/_sensor_update_policies.py
sensor_update_policies.py
- Added: New keyword was added to 1 operation within the UserManagement Service Class.
- action was added to the
queryiesRolesV1
operation.
_endpoint/_user_management.py
user_management.py
- action was added to the
- Added: 1 new operation added to the ZeroTrustAssessment Service Class,
getCombinedAssessmentsQuery
._endpoint/_zero_trust_assessment.py
zero_trust_assessment.py
Unit testing expanded to complete code coverage.
tests/test_zero_trust_assessment.py
- Expanded: Additional parameters were added to the settings dictionary/keyword within the
createDeviceControlPolicies
andupdateDeviceControlPolicies
operations._payload/_device_control_policies.py
device_control_policies.py
- Renamed: 1 keyword was renamed within the FalconContainer Service Class.
- credentials was renamed to credential within the
CreateRegistryEntities
operation.
_payload/_container.py
falcon_container.py
- credentials was renamed to credential within the
- Reduced: Limit maximum for
queryCombinedSensorUpdateKernels
operation within the SensorUpdatePolicy Service Class was changed from 5000 to 500._endpoint/_sensor_update_policies.py
- Reduced: Limit maximum for
querySensorUpdateKernelsDistinct
operation within the SensorUpdatePolicy Service Class was changed from 5000 to 500._endpoint/_sensor_update_policies.py
- Increased: Limit maximum for
QueryAWSAccounts
operation within the CloudConnectAWS Service Class was changed from 500 to 1000._endpoint/_cloud_connect_aws.py
- Increased: Limit maximum for
QueryAWSAccountsForIDs
operation within the CloudConnectAWS Service Class was changed from 500 to 1000._endpoint/_cloud_connect_aws.py
- Renamed: 8 operations renamed within the D4CRegistration Service Class. Legacy operation IDs were deprecated, with aliases created to avoid introducing breaking changes.
- GetCSPMAzureAccount is now
GetDiscoverCloudAzureAccount
. - CreateCSPMAzureAccount is now
CreateDiscoverCloudAzureAccount
. - UpdateCSPMAzureAccountClientID is now
UpdateDiscoverCloudAzureAccountClientID
. - GetCSPMAzureUserScriptsAttachment is now
GetDiscoverCloudAzureUserScriptsAttachment
. - GetCSPMAzureUserScripts is now
GetDiscoverCloudAzureUserScripts
. - GetCSPMCGPAccount is now
GetD4CCGPAccount
. - CreateCSPMGCPAccount is now
CreateD4CGCPAccount
. - GetCSPMGCPUserScripts is now
GetD4CGCPUserScripts
.
_endpoint/_d4c_registration.py
_endpoint/__init__.py
_endpoint/deprecated/_d4c_registration.py
_endpoint/deprecated/__init__.py
d4c_registration.py
- GetCSPMAzureAccount is now
- Renamed: 1 operation renamed within the ZeroTrustAssessment Service Class. Legacy operation ID was deprecated, with an alias created to avoid introducing a breaking change.
- getComplianceV1 is now
getAuditV1
.
_endpoint/_zero_trust_assessment.py
_endpoint/__init__.py
_endpoint/deprecated/_zero_trust_assessment.py
_endpoint/deprecated/__init__.py
zero_trust_assessment.py
- getComplianceV1 is now
- Added: 1 new operation added to the ZeroTrustAssessment Service Class,
getAssessmentsByScoreV1
._endpoint/_zero_trust_assessment.py
zero_trust_assessment.py
Unit testing expanded to complete code coverage.
tests/test_zero_trust_assessment.py
- Fixed: JSONDecoder error when running within an environment leveraging the
simplejson
3rd party library versus the standardjson
library._util.py
Thanks to @khyberspache for identifying and resolving this issue! 🙇
-
Updated: Added
image_id
anddigest
options to theGetImageAssessmentReport
operation (FalconContainer Service Class)._endpoint/_falcon_container.py
falcon_container.py
-
Added: 5 new operations added to the FalconContainer Service Class,
ReadRegistryEntitiesByUUID
,CreateRegistryEntities
,DeleteRegistryEntities
,UpdateRegistryEntities
,ReadRegistryEntities
._endpoint/_falcon_container.py
falcon_container.py
Adds one new payload handler.
_payload/_container.py
Unit testing expanded to complete code coverage.
tests/test_falcon_container.py
- Added: 2 new operations (IoT) added to the Discover Service Class,
get_iot_hosts
andquery_iot_hosts
._endpoint/_discover.py
_endpoint/deprecated/_discover.py
discover.py
tests/test_discover.py
- Added: 1 new operation added to the MessageCenter Service Class,
CreateCaseV2
._endpoint/_message_center.py
_payload/_message_center.py
message_center.py
tests/test_message_center.py
- Fixed: Docstring typo in the
GetAzureInstallScript
operation within the KubernetesProtection Service Class. Closes #933.kubernetes_protection.py
- Added: Enhanced payload handler for
create_rule
operation to allow for passing a list of dictionaries for thefield_values
keyword. Closes #916._payload/_ioa.py
tests/test_custom_ioa.py
- Added: 5 new operations added to the KubernetesProtection Service Class,
GetAzureInstallScript
,GetAzureTenantConfig
,GetAzureTenantIDs
,GetCombinedCloudClusters
, andGetStaticScripts
._endpoint/_kubernetes_protection.py
kubernetes_protection.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_protection.py
- Fixed: Updated docstring comments to properly reflect syntax for providing a trusted certificate bundle for API requests. Closes #910.
_service_class.py
api_complete.py
- Pinned: IPython version pinned to 8.10.0 to avoid
SNYK-PYTHON-IPYTHON-3318382
.requirements-dev.txt
- Fixed: Added missing
ids
keyword handlers for Uber Class operation calls. Closes #919._uber_default_preferences.py
- Fixed: Updated docstrings for
combinedQueryVulnerabilities
operation to properly list request limit of 5000. Closes #922.spotlight_vulnerabilities.py
- Updated: Removed unnecessary
source
parameter from endpoint module forArchiveUploadV2
operation._endpoint/_sample_uploads.py
- Added: Two new operations added to the Discover Service Class,
query_applications
andget_applications
.discover.py
Unit testing expanded to complete code coverage.
tests/test_discover.py
-
Fixed: Added
variables
keyword toGraphQL
within IdentityProtection Service Class. Closes #902.identity_protection.py
Unit testing expanded to complete code coverage.
tests/test_identity_protection.py
- Thanks go out to @cl6227 for identifying and reporting this issue! 🙇
-
Fixed: Missing default value for
file_data
keyword argument of theupload_sample
method of the SampleUploads Service Class. Closes #898.falconx_sandbox.py
- Thanks go out to @awhogan for identifying and reporting this issue! 🙇
- Added: Two new operations added to the DeviceControlPolicies Service Class,
getDefaultDeviceControlPolicies
andupdateDefaultDeviceControlPolicies
.device_control_policies.py
Adds one new payload handler.
_payload/__init__.py
_payload/_device_control_policy.py
Unit testing expanded to complete code coverage.
tests/test_device_control_policies.py
- Added: Three new operations to the Intel Service Class,
GetMitreReport
,PostMitreAttacks
andQueryMitreAttacks
.intel.py
Unit testing expanded to complete code coverage.
tests/test_intel.py
- Fixed: Error handling
id
argument within the body payload handler for theupdateDeviceControlPolicies
operation._payload/_device_control_policy.py
- Special thanks go out to @CommonVulnerability for reporting this issue and submitting the fix! 🙇
- Updated: Removed
scans_report
operation from the new ODS Service Class.ods.py
Unit testing updated.
tests/test_ods.py
- Fixed: Authentication object synchronization issue for certain scenarios. Relates to #829.
_util.py
- Thanks go out to @davidt99 for contributing this fix!
- Fixed: Add missing operation IDs to
PREFER_IDS_IN_BODY
constant to trigger Uber Class body payload abstraction for theids
keyword. Closes #864._uber_default_preference.py
- Thanks to @tsullivan06 for identifying this issue!
- Added: One operation added to the SampleUploads Service Class,
ArchiveUploadV1
.sample_uploads.py
Unit testing expanded to complete code coverage.
tests/test_sample_uploads.py
- Added: Four new operations to the KubernetesProtection Service Class,
ListAzureAccounts
,CreateAzureSubscription
,DeleteAzureSubscription
, andPatchAzureServicePrincipal
.kubernetes_protection.py
Unit testing expanded to complete code coverage.
tests/test_kubernetes_protection.py
-
Fixed: Missing redirection endpoints for legacy operations within the MSSP Service Class. (
getCIDGroupMembersByV1
,getCIDGroupByIdV1
,getUserGroupMembersByIDV1
andgetUserGroupsByIDV1
) Calls to the generic operation ID (ex:getUserGroupsByID
) are redirected to the v2 equivalent. Closes #859.mssp.py
-
Fixed: Added missing redirection for
update_policy_container_v2
operation to the FirewallManagement Service Class. Closes #856.firewall_management.py
-
Added: Nine new operations added to the FirewallManagement Service Class. (
get_network_location_details
,update_network_locations_metadata
,update_network_locations_precedence
,get_network_locations
,create_network_locations
,update_network_locations
,upsert_network_locations
,delete_network_locations
,query_network_locations
)firewall_management.py
_endpoint/_firewall_management.py
Adds two new payload handlers.
_payload/_firewall.py
Unit testing expanded to complete code coverage.
tests/test_firewall_management.py
-
Added: Five new operations added to the Flight Control (MSSP) Service Class. (
getChildrenV2
,getCIDGroupMembersByV2
,getCIDGroupByIdV2
,getUserGroupMembersByIDV2
,getUserGroupsByIDV2
)mssp.py
_endpoint/_mssp.py
Unit testing expanded to complete code coverage.
tests/test_mssp.py
-
Added: One new operation added to the Hosts Service Class. (
entities_perform_action
)hosts.py
_endpoint/_hosts.py
One new payload handler was added.
_payload/_generic.py
Unit testing expanded to complete code coverage.
tests/test_hosts.py
-
Added: One new operation added to the InstallationTokens Service Class. (
customer_settings_update
)installation_tokens.py
_endpoint/_installation_tokens.py
One new payload handler was added.
_payload/_generic.py
Unit testing expanded to complete code coverage.
tests/test_installation_tokens.py
-
Added: Two new operations added to the Intel Service Class. (
GetVulnerabilities
,QueryVulnerabilities
)intel.py
_endpoint/_intel.py
Unit testing expanded to complete code coverage.
tests/test_intel.py
-
Added: New ODS Service Class (On Demand Scan) with fifteen new operations. (
aggregate_scans
,aggregate_scheduled_scans
,get_malicious_files_by_id
,cancel_scans
,get_scan_host_metadata_by_ids
,scans_report
,get_scans_by_scan_ids
,scans_report
,get_scheduled_scans_by_scan_ids
,schedule_scan
,delete_scheduled_scans
,query_malicious_files
,query_scan_host_metadata
,query_scans
,query_scheduled_scans
)__init__.py
ods.py
_endpoint/__init__.py
_endpoint/_ods.py
_endpoint/deprecated/__init__.py
_endpoint/deprecated/_ods.py
Two new payload handlers were added.
_payload/_ods.py
New unit testing implemented to confirm functionality and complete code coverage.
tests/test_ods.py
-
Added: Seven new operations added to the Recon Service Class. (
AggregateNotificationsExposedDataRecordsV1
,GetFileContentForExportJobsV1
,GetExportJobsV1
,CreateExportJobsV1
,DeleteExportJobsV1
,GetNotificationsExposedDataRecordsV1
,QueryNotificationsExposedDataRecordsV1
)recon.py
_endpoint/_recon.py
One new payload handler was added.
_payload/_recon.py
Unit testing expanded to complete code coverage.
tests/test_recon.py
-
Added: Seven new operations added to the SampleUploads Service Class. (
ArchiveListV1
,ArchiveGetV1
,ArchiveDeleteV1
,ArchiveUploadV2
,ExtractionListV1
,ExtractionGetV1
,ExtractionCreateV1
)sample_uploads.py
_endpoint/_sample_uploads.py
One new payload handler was added.
_payload/_sample_uploads.py
Unit testing expanded to complete code coverage.
tests/test_sample_uploads.py
tests/testfile.zip
- Changed: Due to updates in the latest Ubuntu version used in GitHub actions, unit testing for Python 3.6 has been split off to a stand alone workflow.
- Added: Python 3.11 support.
setup.py
- Fixed: Invalid
body
payload when leveraging the Uber Class to call theRTR_DeleteSession
operation. Closes #839._uber_default_preference.py
- Added: New TailoredIntelligence Service Class.
__init__.py
tailored_intelligence.py
_endpoint/__init__.py
_endpoint/_tailored_intelligence.py
tests/test_tailored_intelligence.py
Unit testing expanded to complete code coverage.
- Added:
GetD4CAwsAccount
,CreateD4CAwsAccount
,DeleteD4CAwsAccount
,GetD4CAwsConsoleSetupURLs
,GetD4CAWSAccountScriptsAttachment
, andGetHorizonD4CScripts
operations to the D4CRegistration Service Class.d4c_registration.py
_endpoint/_d4c_registration.py
_payload/__init__.py
_payload/_d4c_registration.py
Adds one new payload handler.
tests/test_d4c_registration.py
Unit testing expanded to complete code coverage.
- Added:
update_policy_container_v1
,create_rule_group_validation
,update_rule_group_validation
, andvalidate_filepath_pattern
operations to the FirewallManagement Service Class.firewall_management.py
_endpoint/_firewall_management.py
The legacy operation
update_policy_container
now points to the updated endpoint/fwmgr/entities/policies/v2
._payload/__init__.py
_payload/_firewall.py
Adds two new payload handlers.
tests/test_firewall_management.py
Unit testing expanded to complete code coverage.
- Added:
indicator_aggregate_v1
,action_get_v1
,GetIndicatorsReport
,action_query_v1
,ioc_type_query_v1
,platform_query_v1
, andseverity_query_v1
operations to the IOC Service Class.ioc.py
_endpoint/_ioc.py
_payload/__init__.py
_payload/_ioc.py
Adds one new payload handler.
tests/test_ioc.py
Unit testing expanded to complete code coverage.
- Added: from_parent parameter to the
indicator_delete_v1
operation within the IOC Service Class.ioc.py
_endpoint/_ioc.py
- Added: timeout and timeout_duration parameters to the
RTR_InitSession
operation within the RealTimeResponse Service Class.real_time_response.py
_endpoint/_real_time_response.py
- Added: host_timeout_duration parameter to the
BatchAdminCmd
operation within the RealTimeResponseAdmin Service Class.real_time_response_admin.py
_endpoint/_real_time_response_admin.py
- Added: Maximum and minimum limits for the limit parameter used by the
QueryNotificationsV1
operation within the Recon Service Class._endpoint/_recon.py
- Added: New
ReadImageVulnerabilities
operation to the FalconContainer Service Class.falcon_container.py
_endpoint/_falcon_container.py
_payload/__init__.py
_payload/_container.py
Adds one new payload handler.
tests/test_falcon_container.py
Unit testing expanded to complete code coverage.
- Updated: Updated the description, changed datatype from
string
toint
and added maximum / minimum limits for the offset parameter used by theQueryActionsV1
operation within the Recon Service Class._endpoint/_recon.py
- Removed:
X-CS-USERNAME
parameter from all operations within the IOC Service Class._endpoint/_ioc.py
- Updated: query_rule_groups_full and query_rule_groupsMixin0 operations - Removed
description
as an available field from enum. Updated operation description._endpoint/_custom_ioa.py
- Updated: Changed collectionFormat value from
csv
tomulti
for multiple operations within the_endpoint
module._endpoint/_ioa_exclusions.py
(getIOAExclusionsV1, deleteIOAExclusionsV1)_endpoint/_ml_exclusions.py
(getMLExclusionsV1, deleteMLExclusionsV1)_endpoint/_sensor_visibility_exclusions.py
(getSensorVisibilityExclusionsV1, deleteSensorVisibilityExclusionsV1)
- Updated: Removed maxLength and minLength values for multiple operations within the
_endpoint
module._endpoint/_device_control_policies.py
(getDeviceControlPolicies, deleteDeviceControlPolicies)_endpoint/_firewall_policies.py
(getFirewallPolicies, deleteFirewallPolicies)_endpoint/_host_group.py
(getHostGroups, deleteHostGroups)_endpoint/_prevention_policies.py
(getPreventionPolicies, deletePreventionPolicies)_endpoint/_response_policies.py
(getRTResponsePolicies, deleteRTResponsePolicies)_endpoint/_sensor_update_policies.py
(getSensorUpdatePolicies, deleteSensorUpdatePolicies, getSensorUpdatePoliciesV2)
- Updated: GovCloud headers are now returned when providing GovCloud credentials to a commercial cloud region. Deprecated fallback handler within
autodiscover_region
method._util.py
This code will be retained for now. As of this version, GovCloud region autodiscovery is not supported.
- Updated: Pinned
setuptools
version to 65.5.1 (SNYK-PYTHON-SETUPTOOLS-3113904).requirements-dev.txt
- Added: Specify
N-1
andN-2
within the Sensor Download sample. Closes #793.samples/sensor_download/download_sensor.py
-
Fixed: Invalid
body
payload passed when leveraging the Uber Class to call theRTR_GetExtractedFileContents
operation. Closes #788._uber_default_preference.py
-
Fixed: Invalid data type comparison in RTR dump memory sample.
samples/rtr/pid-dump/rtr_dump_memory.py
-
Fixed: Invalid arguments provided to
execute_admin_command
method within RTR dump memory sample. Closes #789.samples/rtr/pid-dump/rtr_dump_memory.py
- Added: Easy Object Authentication syntax. You no longer need to specify the
auth_object
attribute of the Service Class you are using to authenticate to subsequent Service Classes. Legacy Object Authentication is still (and will always be) fully supported.import os from falconpy import Hosts from falconpy import HostGroup # Old Syntax hosts = Hosts(client_id=os.getenv("FALCON_CLIENT_ID"), client_secret=os.getenv("FALCON_CLIENT_SECRET") ) hostgroups = HostGroup(auth_object=hosts.auth_object) # New Syntax hosts = Hosts(client_id=os.getenv("FALCON_CLIENT_ID"), client_secret=os.getenv("FALCON_CLIENT_SECRET") ) hostgroups = HostGroup(auth_object=hosts)
_service_class.py
tests/test_authentications.py
- Changed: Updated development package module name to be
falconpydev
to prevent confusion with the production package module name.dev_setup.py
- Added: Added alias for
post_device_details_v2
to Hosts Service Class. Closes #773.hosts.py
tests/manual/test_get_device_details.py
- Fixed: Typo in docstring for
perform_incident_action
method. Closes #776.incidents.py
- Fixed: Added
host_timeout_duration
documentation to docstrings within operations in the Real Time Response Service Class.real_time_response.py
- Updated: Adjusted unit testing to cover new API returns.
tests/falcon_container.py
tests/kubernetes_protection.py
-
Updated: Updated operation payload parameter datatype details.
_endpoint/_ioc.py
_endpoint/_recon.py
_endpoint/_sample_uploads.py
-
Updated: Updated operation payload parameter data location details.
_endpoint/_falconx_sandbox.py
_endpoint/_sample_uploads.py
-
Added: New
host_timeout_duration
parameter toBatchActiveResponderCmd
,BatchCmd
,BatchGetCmd
andBatchInitSessions
operations within the Real Time Response Service Collection._endpoint/_real_time_response.py
-
Added: New
GetDeviceDetailsV2
andPostDeviceDetailsV2
operations to Hosts Service Collection.The operation
GetDeviceDetails
is now deprecated, and will eventually be removed from the CrowdStrike API. Due to backwards compatibility considerations, and the added functionality provided by the new endpoint, FalconPy will continue to support this operation ID by redirecting requests toPostDeviceDetailsV2
. IDs that are provided in incorrect payload destinations due to the differences between a GET and POST operation are migrated to the appropriate dictionary before the request is made. This solution is implemented within the Hosts Service Class (GetDeviceDetails
,get_device_details
) and within the Uber Class. Developers must upgrade installations to FalconPy v1.2.0 to benefit from this new functionality. Administrators and end users are strongly urged to consider upgrading to v1.2.0 before this endpoint is removed._endpoint/_hosts.py
_uber_default_preference.py
api_complete.py
hosts.py
tests/test_get_device_details.py
-
Added: Falcon Container registry functionality to Falcon Container Service Class.
This solution implements three "mock" operation IDs;
GetImageAssessmentReport
(get_assessment
),DeleteImageDetails
(delete_image_details
), andImageMatchesPolicy
(image_matches_policy
). All mocked operations are available from both the Service and Uber classes. The Falcon Container Registry base URL is calculated based upon the base URL used for authentication._endpoint/_falcon_container.py
__init__.py
_container_base_url.py
_uber_default_preference.py
_util.py
api_complete.py
falcon_container.py
tests/test_falcon_container.py
-
Fixed: Default NoneType preference for body payloads sent to the
RTR_ListFiles
andRTR_ListFilesV2
operations. Closes #750._uber_default_preference.py
-
Removed: Unused header payload parameters from operation payloads.
_endpoint/_falconx_sandbox.py
_endpoint/_firewall_management.py
_endpoint/_recon.py
_endpoint/_report_executions.py
_endpoint/_sample_uploads.py
-
Removed: Duplicate parameter definition (
after
) fromindicator_combined_v1
operation._endpoint/_ioc.py
- Updated: Comment updates.
_endpoint/_d4c_registration.py
- Updated: Fixed docstring typo within
userActionV1
operation. Closes #763.user_management.py
-
Added: New Alerts service collection operation -
PatchEntitiesAlertsV2
(update_alerts_v2
)._endpoint/_alerts.py
_payload/_alerts.py
alerts.py
tests/test_alerts.py
-
Added: New Service Collection - Mobile Enrollment. Matching Service Class / Uber Class functionality. Unit testing expanded to cover new methods.
_endpoint/_mobile_enrollment.py
mobile_enrollment.py
tests/test_mobile_enrollment.py
-
Added: New User Management service collection operations
- combinedUserRolesV1 -
get_user_grants
- get_user_roles -
get_user_grants
- get_user_roles_combined -
get_user_grants
- entitiesRolesV1 -
get_roles_mssp
- userActionV1 -
user_action
- userRolesActionV1 -
user_roles_action
- retrieveUsersGETV1 -
retrieve_users
- createUserV1 -
create_user_mssp
- deleteUserV1 -
delete_user_mssp
- updateUserV1 -
update_user_mssp
- queryRolesV1 -
query_roles
- queriesRolesV1 -
query_roles
- queryUserV1 -
query_users
user_management.py
tests/test_user_management.py
- combinedUserRolesV1 -
-
Added: Extended custom headers (
ext_headers
) functionality for Service Classes._service_class.py
- Added: Alias for
get_online_state_v1
. Closes #739.hosts.py
- Added: New Service Collection - Alerts. Matching Service Class / Uber class functionality. Unit testing expanded to cover new methods.
_endpoint/__init__.py
_endpoint/_alerts.py
_payload/__init__.py
_payload/_alerts.py
alerts.py
__init__.py
tests/test_alerts.py
- Added: Expanded IdentityProtection unit testing to cover
US-2
.tests/test_identity_protection.py
- Fixed: Uber Class override keyword requires a null action parameter. Closes #706.
api_complete.py
- Fixed: Responses containing charset are not parsed as JSON. This impacted responses from the Identity Protection service collection. Closes #708.
_util.py
tests/test_identity_protection.py
- Thanks to @hod-alpert for identifying and resolving this issue!
- Moved: Abstracted Cloud Region autodiscovery functionality into a standalone method to reduce code segment size.
_util.py
- Added: New operation - AzureDownloadCertificate (CSPMRegistration)
_endpoint/_cspm_registration.py
cspm_registration.py
tests/test_cspm_registration.py
- Added: New operation - DiscoverCloudAzureDownloadCertificate (D4CRegistration)
_endpoint/_d4c_registration.py
d4c_registation.py
tests/test_d4c_registration.py
- Added: New parameter -
disable_hostname_check
(QueryString) in performGroupAction (HostGroup)_endpoint/_host_group.py
host_group.py
- Added: New operation - GetOnlineState_V1 (Hosts)
_endpoint/_hosts.py
hosts.py
tests/test_hosts.py
- Added: New parameter -
include_relations
in QueryIntelIndicatorEntities and QueryIntelIndicatorIds (Intel)_endpoint/_intel.py
intel.py
- Added: New operations - RTR_GetPut_FilesV2 and RTR_GetScriptsV2 (RTR Administration)
_endpoint/_real_time_response_admin.py
real_time_response_admin.py
tests/test_real_time_response_admin.py
- Updated: DataType -
csv
->multi
for thefacet
parameter in combinedQueryVulnerabilities (SpotlightVulnerabilities)_endpoint/_spotlight_vulnerabilities.py
- Fixed: Docstring typo in
create_rule_group
method (FirewallManagement)firewall_management.py
- Fixed: Typo in supported values definition for combinedQueryVulnerabilities endpoint definition.
_
_endpoint/_spotlight_vulnerabilities.py
- Added: Firewall rules payload abstraction for the
create_rule_group
method. Firewall diff_operations payload abstraction for theupdate_rule_group
method._payload/_firewall.py
firewall_management.py
tests/test_firewall_management.py
- Fixed: Resolved issue with aggregate payload generation within the Detects, MessageCenter and Recon Service Classes. Closes #664.
detects.py
message_center.py
recon.py
- Updated: Added macOS environment detail to docstring in
submit
method of the Falcon X Sandbox Service Class. Closes #651.falconx_sandbox.py
- Bug fix: Resolved issue impacting the creation of certain action parameters used within payloads for the
perform_incident_action
method of the Incidents Service Class. Closes #656._payload/_incidents.py
-
Added: Results object expansion - expanded results are returned as a tuple, Ex:
(status_code, headers, content)
. This allows for headers and status to be checked on binary API returns. Expanded results are supported for all calls to the API and can be requested from any Service Class method or the Uber Class command method using the keywordexpand_result
._result.py
_util.py
api_complete.py
test_sample_uploads.py
Example
# Pass a boolean True to the `expand_result` keyword to request expanded results. download_result = samples.get_sample(ids=file_sha, expand_result=True) # We're returned a tuple (status, headers, content) # Status will be in 0 print(f"Status returned: {download_result[0]}") # Headers will be in 1 print(f"Headers returned: {download_result[1]}") # File content will be in 2 with open(example_file, "wb") as download_file: download_file.write(download_result[2])
-
Added: Specify action_parameters keys for perform operations using keywords instead of a list of dictionaries.
- Keyword:
group_id
device_control_policies.py
(perform_action method)firewall_policies.py
(perform_action method)prevention_policy.py
(perform_policies_action method)response_policies.py
(perform_policies_action method)sensor_update_policy.py
(perform_policies_action method)
- Keyword:
filter
host_group.py
(perform_group_action method)
- Keywords:
add_tag
,delete_tag
,unassign
,update_name
,update_assigned_to_v2
,update_description
,update_status
_payload/__init__.py
_payload/_incidents.py
incidents.py
(perform_incident_action method)
- Keyword:
- Fixed: Docstring typo in sort options for
query_accounts
andquery_logins
methods within the Discover Service Class.discover.py
- Fixed: Docstring typo not listing
id
requirements for keyword submissions to theindicator_update
method within the IOC Service Class.ioc.py
- Fixed: Docstring typo listing an incorrect return type for the
get_download
operation within the ReportExecutions Service Class.report_executions.py
- Fixed: Docstring typo in Real Time Response Service Class referencing non-existent
action_parameters
payload element.real_time_response.py
- Added: Babel fish operation ID to endpoint translator.
util/babel_fish.py
- Added: FalconPy terminal word search utility.
util/find-strings.sh
- Added: FalconPy module listing utility.
util/public-modules.sh
- Added: FalconPy version check utility.
util/vcheck.sh
- Added: New versions of two operations within the Real Time Response Service Class.
list_files_v2
anddelete_file_v2
are used the same as the original methods, but provide more results detail. You should leveragedelete_file_v2
if you are retrieving files usinglist_files_v2
._endpoint/_real_time_response.py
real_time_response.py
tests/test_real_time_response.py
- Added: New Discover service collection endpoints, matching Service Class operations and unit testing.
- New method:
get_accounts
- New method:
get_logins
- New method:
query_accounts
- New method:
query_logins
_endpoint/_discover.py
discover.py
tests/test_discover.py
- New method:
- Fixed: Docstring typo for the
combinedQueryVulnerabilities
operation within the Spotlight Vulnerabilities Service Class. Closes #608.spotlight_vulnerabilities.py
- Added: Spotlight Evaluation Logic Service Class, related service collection endpoints and related unit tests.
_endpoint/__init__.py
_endpoint/_spotlight_evaluation_logic.py
__init__.py
spotlight_evaluation_logic.py
tests/test_spotlight_evaluation_logic.py
- Fixed: Invalid empty payload sent by
report_executions_download_get
operation when leveraging the Uber Class. Closes #596._util.py
api_complete.py
tests/test_uber_api_complete.py
- Thanks to @tsullivan06 for his assistance in identifying this issue!
- Fixed: Typo in docstring - cspm_registration.py#571,
recurring
->reoccurring
. Closes #592.cspm_registration.py
- Added: Updated docstring to reflect newly available host actions. Closes #585.
hosts.py
- Added: Return headers on failed authorization (401) when using the Uber class. Closes #578.
_util.py
api_complete.py
- Thank you to @tsullivan06 for this enhancement suggestion!
- Added: Allow dashed base url specifiers when creating instances of any class. Closes #580.
_util.py
- Thanks to @jhseceng for this enhancement suggestion!
- Fixed: Bandit false positive introduced by changes to hard-coded password scanning in v1.7.3. Relates to PyCQA/bandit#843.
_token_fail_reason.py
api_complete.py
oauth2.py
- Updated: Docstrings updated to reflect newly available platform names (
android
,iOS
). Closes #582.prevention_policy.py
- Added: Argument check in
update_detects_by_ids
(UpdateDetectsByIdsV2). When only acomment
keyword is provided,show_in_ui
is appended to the request with aTrue
value, which satisfies update requirements.detects.py
tests/test_detects.py
- Added: Default value of
0
forsequence_id
keyword incheck_command_status
,check_active_responder_command_status
andcheck_admin_command_status
methods within Real Time Response Service Classes.real_time_response.py
real_time_response_admin.py
- Added: Publicly exposed
confirm_base_region
,confirm_base_url
methods andBaseURL
enumerator.__init__.py
- Fixed: Missing alias for
api_preempt_proxy_post_graphql
(Operation ID syntax) in Identity Protection Service Class. Closes #567.identity_protection.py
- Thanks to @tsullivan06 for identifying and reporting this issue!
- Fixed: Incorrect variable used for dictionary key on boolean values within
command_payload
body payload handler. Closes #568._payload/_real_time_response.py
- Relates to discussion #415
-
Added: Token renewal window customization. Developers may now customize the length of time between token expiration and token renewal. (Max: 20 minutes)
from falconpy import APIHarness from falconpy import OAuth2 uber = APIHarness(client_id="CLIENT_ID", client_secret="CLIENT_SECRET", renew_window=300) service = OAuth2(client_id="CLIENT_ID", client_secret="CLIENT_SECRET", renew_window=60)
_service_class.py
api_complete.py
oauth2.py
tests/test_authentications.py
- Thank you to @tsullivan06 for this contribution!
-
Added: Error handling for when calling
query_vulnerabilities_combined
(combinedQueryVulnerabilities) without specifying afilter
argument. (Must be present as a keyword or as part of theparameters
dictionary.)spotlight_vulnerabilities.py
tests/test_spotlight_vulnerabilities.py
- Thank you to @tsullivan06 for this contribution!
-
Added: Export of
ServiceClass
generic base class as part of__all__
within__init__.py
. This change will allow developers to inherit from the Service Class base class without importing a protected module (which generates a warning in some editors).from falconpy import ServiceClass
__init__.py
- Thank you to @morcef for this contribution!
- Fixed: Authentication issue when provided a base_url containing a trailing backslash.
_util.py
tests/test_authorizations.py
- Thanks to @mwb8 for identifying and reporting this issue!
- Fixed: Bug in
process_service_request
(_util.py
) impacting thepartition
keyword argument of therefresh_active_stream
method in the Event Streams Service Class. Closes #547._util.py
tests/test_event_streams.py
- Thanks go out to @kra-ts for contributing this fix!
- Added: New queryCombinedSensorUpdateKernels and querySensorUpdateKernelsDistinct operations. (SensorUpdatePolicy Service Class, Uber Class)
_endpoint/_sensor_update_policies.py
_util.py
_version.py
api_complete.py
sensor_update_policy.py
tests/test_sensor_update_policy.py
tests/test_uber_api_complete.py
- Fixed: Parameter abstraction handling issue with the
organization_ids
keyword of thedelete_aws_account
andget_aws_account
methods within the CSPMRegistration Service Class. Closes #539.cspm_registration.py
tests/test_cspm_registration.py
Stable Release
- Updated: Author information,
AUTHORS.md
- Updated: Contributor documentation,
CONTRIBUTING.md
- Formatting: Code of Conduct,
CODE_OF_CONDUCT.md
- Updated: Documentation primer,
docs/README.md
- Updated: Package metadata and classifiers,
setup.py
- Updated: Package information and repository overview,
README.md
- Updated: Pull Request template,
.github/pull_request_template.md
- Updated: Samples documentation,
samples/README.md
- Updated: Security Policy,
SECURITY.md
- Updated: Support documentation,
SUPPORT.md
- Added: Unit testing documentation,
tests/README.md
- Updated: Utilities documentation,
util/README.md
- Fixed: Minor comment typo in Offset vs. Token sample,
samples/hosts/offset_vs_token.py
Release Candidate
-
Added: Token generation failure reason tracking to Service and Uber classes. Closes #501.
_service_class.py
api_complete.py
oauth2.py
Example usage
from falconpy import Detects detects = Detects(client_id="bad ID", client_secret="bad secret") if detects.token_status != 201: print(detects.token_fail_reason)
- Fixed: Code hint warning in PyCharm for missing auth_object definition within _service_class.py.
- Added: FileVantage Service Class and all related endpoints.
_endpoint/_filevantage.py
_endpoint/__init__.py
filevantage.py
tests/test_filevantage.py
- Added: MessageCenter Service Class and all related endpoints.
_endpoint/_message_center.py
_endpoint/__init__.py
_payload/_message_center.py
_payload/__init__.py
message_center.py
__init.py__
tests/test_message_center.py
.github/wordlist.txt
- Fixed: Argument passed to a keyword argument only method error handling.
_util.py
tests/test_hosts.py
- Fixed: Added non-keyword argument handler for
get_sample
method.sample_uploads.py
- Updated: Minor linting adjustments.
sample_uploads.py
tests/test_overwatch_dashboard.py
tests/test_prevention_policy.py
- Updated: README files updated to reflect new service collection.
- Added: New operations (GetBehaviorDetections, GetConfigurationDetections) to both the CSPMRegistration Service Class and the Uber Class. Closes #482.
_endpoint/_cspm_registration.py
cspm_registration.py
tests/test_cspm_registration.py
- Fixed: Added missing payload parameters to body payload handler for
update_policy_settings
method (UpdateCSPMPolicySettings operation) within the CSPMRegistration Service Class. Closes #473.cspm_registration.py
_payload/_cspm_registration.py
tests/test_cspm_registration.py
- Fixed: Stemmed vs. exact comparison for endpoint operation lookup within
args_to_params
method. Closes #467._util.py
- Added: Cloud Region Autodiscovery - Automatically select the correct cloud region for US1, US2 and EU1 users.
- When using a valid login for US1, US2, and EU1, developers will no longer need to specify
base_url
when creating an instance of any Service Class, or the Uber Class. Upon successful login, your correct region will be identified and used for all subsequent requests. If you specify the wrong region for your instance, this will be corrected as part of authentication. _base_url.py
_util.py
_service_class.py
api_complete.py
oauth2.py
test_authentications.py
test_authorization.py
- All unit testing workflows updated to leverage new cross-region testing parameters.
- When using a valid login for US1, US2, and EU1, developers will no longer need to specify
Please note: This functionality does not support the GovCloud region or GovCloud API credentials.
- Fixed: Issue when passing comma-delimited strings or boolean values as keywords to the body payload handler for
indicator_object
. Closes #447._payload/_ioc.py
tests/test_ioc.py
- Fixed: Issue when passing comma-delimited string for the
groups
keyword to the body payload handler forioa_exclusion_payload
. Closes #448._payload/_ioa.py
tests/test_ioa_exclusions.py
- Fixed: Issue when passing comma-delimited string for the
ids
keyword to the body payload handler forupdate_detects_payload
. Resolved boolean handling ofshow_in_ui
keyword. Closes #449._payload/_detects.py
tests/test_detects.py
- Fixed: Issue when passing comma-delimited string for
user_tags
keyword to the body payload handler forsubmit
. Closes #450._payload/_falconx.py
tests/test_falconx_sandbox.py
- Fixed: Issue when passing comma-delimited string for
role_ids
keyword to the body payload handler for Flight Control POST / PATCH operations. Closed #451._payload/_mssp.py
tests/test_mssp.py
- Fixed: Issue when passing comma-delimited strings or boolean False to certain keywords within the
command_payload
body payload handler. Closes #452._payload/_real_time_response.py
tests/test_real_time_response.py
- Fixed: Issue when passing comma-delimited strings to MalQuery Service Class body payload handlers. Closes #453.
_payload/_malquery.py
tests/test_malquery.py
- Fixed: Issue with passing comma-delimited string for
recipients
within body payload handler forupdate_action
method within Recon Service Class. Closes #454._payload/_recon.py
tests/test_recon.py
- Fixed: Issue with passing comma-delimited strings for
rule_ids
andrule_versions
keywords within FirewallManagement Service Class body payload handlers. Closes #455._payload/firewall.py
tests/test_firewall_management.py
- Fixed: Issue with passing comma-delimited string for the
groups
keyword within the generic exclusion body payload handler. Closes #456._payload/_generic.py
tests/test_ml_exclusions.py
- Fixed: TypeError when using a valid credential in the wrong cloud environment. (GOV -> US1 only). Closes #433.
oauth2.py
test_authentications.py
- Gratz to @tsullivan06 for his assistance in identifying and resolving this issue.
- Fixed: Missing method aliases in OAuth2 Service Class. Closes #432.
oauth2.py
- Kudos to @tsullivan06 for identifying this issue.
- Fixed: Docstring typos in Custom IOA Service Class source.
custom_ioa.py
- Added: MSSP Direct Authentication - Additional authentication keyword is now available,
member_cid
, allowing developers targeting MSSP functionality to make use of Direct Authentication as opposed to still using Credential Authentication. This functionality is supported in all Service Classes and the Uber Class._service_class.py
api_complete.py
oauth2.py
tests/test_authorization.py
- Fixed: Issue in
_util.args_to_params
when handling Python reserved words defined as keys incorrectly in the parameter dictionary. Closes #422.- Special thanks to @valerianrossigneux for originally identifying this issue, and his assistance testing a fix. 🙇
- Added: New Discover Service Class and matching unit testing to represent the recently released Falcon Discover API.
discover.py
_endpoint/_discover.py
_endpoint/_deprecated/discover.py
tests/test_discover.py
- Added: New generic body payload handler for report execution / scheduling payloads.
_payload/_reports.py
- Added: New
report_executions_retry
method and matching unit tests to ReportExecutions Service Class.report_executions.py
_endpoint/_report_executions.py
- Added: New
scheduled_reports_launch
method and matching unit tests to ScheduledReports Service Class.scheduled_reports.py
_endpoint/_scheduled_reports.py
- Added: Parameter abstraction for the Uber Class.
- Provides: Query string parameter payload abstraction for calls made using the Uber class.
api_complete.py
_util.py
- Added: PEP-8 friendly
app_id
keyword for theappId
parameter used by methods within the EventStreams Service Class.event_streams.py
- Fixed: Aggregate payload datatype mismatches in Recon Service Class methods.
recon.py
- Fixed: Missing payload parameter in recon rule payload handler.
_payload/_recon.py
- Fixed: Invalid query string parameter referenced in body payload handler for
query_sample
method within FalconXSandbox Service Class. Also resolved matching invalid docstring reference. Closes #409.falconx_sandbox.py
- Fixed: Minor formatting issues within docstrings in all package files.
- Added: Docstring syntax validation workflow leveraging pydocstyle.
- Removed: Deprecated
calc_url_from_args
method_util.py
- Removed: Deprecated
parse_id_list
method_util.py
- Updated: Service Class Refactoring (Rev 4)
- Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
- Provides: PEP-257 formatting of all docstrings.
cspm_registration.py
- Closes #394device_control_policies.py
- Closes #396falconx_sandbox.py
- Closes #397mssp.py
- Closes #398kubernetes_protection.py
- Closes #399custom_ioa.py
- Closes #400falcon_complete_dashboard.py
- Closes #401firewall_policies.py
- Closes #402firewall_management.py
- Closes #403
- Added: New combinedQueryVulnerabilities operation to SpotlightVulnerabilities Service Class.
spotlight_vulnerabilities.py
- Service Class_endpoint/_spotlight_vulnerabilities.py
- Endpoint moduletests/test_spotlight_vulnerabilities.py
- Unit testing
- Updated: Service Class Refactoring (Rev 4)
- Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
- Provides: PEP-257 formatting of all docstrings.
cloud_connect_aws.py
- Closes #386d4c_registration.py
- Closes #391ioc.py
- Closes #388iocs.py
- Closes #387identity_protection.py
- Closes #385incidents.py
- Closes #390overwatch_dashboard.py
- Closes #389real_time_response.py
- Closes #383real_time_response_admin.py
- Closes #384response_policies.py
- Closes #382
- Fixed: Missing body payload in CloudConnectAWS.verify_aws_account_access. Closes #376.
- Updated: Service Class Refactoring (Rev 4)
- Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
- Provides: PEP-257 formatting of all docstrings.
host_group.py
- Closes #361ioa_exclusions.py
- Closes #359installation_tokens.py
- Closes #363ml_exclusions.py
- Closes #360prevention_policy.py
- Closes #364quarantine.py
- Closes #366sensor_update_policy.py
- Closes #368user_management.py
- Closes #367
- Added: Class aliases for Sensor Update Policies and Prevention Policies service collections to provide classes that align to plural naming convention.
- Fixed: Hard-coded user-agent header for all requests. Moving forward, developers may specify a custom string to be used as the User-Agent header for all requests. Closes #365.
from falconpy import Hosts falcon = Hosts(client_id="CLIENT_ID_HERE", client_secret="CLIENT_SECRET_HERE", user_agent="company-product/version" ) result = falcon.query_devices_by_filter_scroll() print(result)
- Added: Updated
__all__
parameter in root__init__.py
, publishing all PEP8 class names. This change allows developers to import these classes directly.from falconpy import Hosts falcon = Hosts(client_id="CLIENT_ID_HERE", client_secret="CLIENT_SECRET_HERE") result = falcon.query_devices_by_filter() print(result)
- Added: Private Base URL enum.
_base_url.py
- You may now specify your base URL by name or by URL.
- US1
- US2
- USGOV1
- EU1
- You may now specify your base URL by name or by URL.
- Added: Default value for action_name parameter in refresh_active_stream method of EventStreams service class.
event_streams.py
- Added: Payload handling sub-module.
_payload/
_payload/__init__.py
_payload/_detects.py
_payload/generic.py
_payload/malquery.py
_payload/recon.py
- Updated: Service Class Refactoring (Rev 4)
- Provides: Body Payload Abstraction - Abstracted BODY payload parameters for all methods using PATCH, POST or PUT requests into keywords. Legacy usage pattern of passing the BODY payload directly as the body keyword is still supported.
- Provides: PEP-257 formatting of all docstrings.
detects.py
- Closes #353.event_streams.py
- Closes #349falcon_container.py
- Closes #348hosts.py
- Closes #340.intel.py
- Closes #352malquery.py
- Closes #354quick_scan.py
- Closes #351recon.py
- Closes #350report_executions.py
- Closes #346sample_uploads.py
- Closes #344scheduled_reports.py
- Closes #345sensor_download.py
- Closes #343sensor_visibility_exclusions.py
- Closes #347spotlight_vulnerabilities.py
- Closes #342zero_trust_assessment.py
- Closes #341
- Updated: Endpoint module updated to reflect recent swagger changes.
_cspm_registration.py
_mssp.py
- Updated: Linter updates now result in usage of
format
being marked as a failure for scenarios where anf-string
can be used. Updated all occurrences of this issue to make use off-string
formatting._service_class.py
_util.py
api_complete.py
oauth2.py
- Updated: PEP-257 syntax applied to all docstrings in all touched files.
- Updated: README.md updated
- Removed: Hash Analyzer Service Class and all related unit tests. (Unavailable at this time)
hash_analyzer.py
_endpoint/_hash_analyzer.py
test_hash_analyzer.py
- Fixed: Missing reference to _quarantine_endpoints in endpoint module.
_endpoint/__init__.py
- This issue only impacted users leveraging the Uber class for these endpoints.
- Added: New Hash Analyzer Service Class
hash_analyzer.py
- Related unit tests
test_hash_analyzer.py
- Related endpoint module
_hash_analyzer.py
- Related unit tests
- Added: Quarantine Service Class unit tests
test_quarantine.py
- Added: New FalconContainer Service Class.
falcon_container.py
- Added: Two new methods (operations)) to the Hosts Service Class.
hosts.py
- query_device_login_history / QueryDeviceLoginHistory
- query_network_address_history / QueryGetNetworkAddressHistoryV1
- Added: New method (operation)) to the SpotlightVulnerabilities Service Class.
spotlight_vulnerabilities.py
- get_remediations_v2 - getRemediationsV2
- Migrated: Ported still viable methods from legacy IOCS Service Class
iocs.py
to the new IOC Service Class.ioc.py
- devices_count / DevicesCount
- devices_ran_on / DevicesRanOn
- processes_ran_on / ProcessesRanOn
- entities_processes / entities_processes
- Updated: Deprecated 5 methods within the legacy IOCS Service Class.
iocs.py
- get_ioc / GetIOC
- create_ioc / CreateIOC
- delete_ioc / DeleteIOC
- update_ioc / UpdateIOC
- query_iocs / QueryIOCs
- Updated: Deprecated cs_username keyword from all methods within CustomIOA and FirewallManagement Service Classes.
custom_ioa.py
,firewall_management.py
- Added: New Quarantine Service Class and endpoints.
quarantine.py
- Updated: Updated endpoint for getComplianceV1 operation within ZeroTrustAssessment Service Class.
zero_trust_assessment.py
- Bug fix: Fixed Uber class passing empty ids parameter array when no ids had been provided to the command method. Closes #314.
_util.py
- Bug fix: Fixed bad comparison for endpoint lookups when using Service Classes. Closes #305.
_util.py
- Bug fix: Fixed typo in operation ID for query_platforms method within CustomIOA Service Class. Closes #307.
custom_ioa.py
- Bug fix: Fixed typo in operation ID for create_user_groups method within FlightControl Service Class. Closes #308.
mssp.py
-
Refactored Cloud Connect AWS Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #271.
cloud_connect_aws.py
-
Refactored CSPM Registration Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #272.
cspm_registration.py
-
Refactored Custom IOA Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #258.
custom_ioa.py
-
Refactored D4C Registration Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #273.
d4c_registration.py
-
Refactored Detects Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #274.
detects.py
-
Refactored Device Control Policies Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #275.
device_control_policies.py
-
Refactored Events Streams Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #248.
event_streams.py
-
Refactored Falcon Complete Dashboard Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #294.
falcon_complete_dashboard.py
-
Refactored Falcon Flight Control Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #292.
mssp.py
-
Refactored Falcon X Sandbox Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #259.
falconx_sandbox.py
-
Refactored Firewall Management Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #257.
firewall_management.py
-
Refactored Firewall Policies Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #296.
firewall_policies.py
-
Refactored Hosts Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #269.
hosts.py
-
Refactored Host Group Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #286.
host_group.py
-
Refactored Identity Protection Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #299.
identity_protection.py
-
Refactored Incidents Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #289.
incidents.py
-
Refactored Installation Tokens Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #287.
installation_tokens.py
-
Refactored Intel Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #264.
intel.py
-
Refactored IOA Exclusions Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #283.
ioa_exclusions.py
-
Refactored IOC Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #267.
ioc.py
-
Refactored IOCs Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #284.
iocs.py
-
Refactored Kubernetes Protection Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #293.
kubernetes_protection.py
-
Refactored MalQuery Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #298.
malquery.py
-
Refactored ML Exclusions Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #281.
ml_exclusions.py
-
Refactored Overwatch Dashboard Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #278.
overwatch_dashboard.py
-
Refactored Prevention Policy Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #290.
prevention_policy.py
-
Refactored Quick Scan Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #282.
quick_scan.py
-
Refactored Real Time Response Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #280.
real_time_response.py
-
Refactored Real Time Response Admin Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #256.
real_time_response_admin.py
-
Refactored Recon Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #297.
recon.py
-
Refactored Response Policies Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #295.
response_policies.py
-
Refactored Sample Uploads Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #255.
sample_uploads.py
-
Refactored Sensor Download Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #285.
sensor_download.py
-
Refactored Sensor Update Policy Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #288.
sensor_update_policy.py
-
Refactored Sensor Visibility Exclusions Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #279.
sensor_visibility_exclusions.py
-
Refactored Spotlight Vulnerabilities Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #277.
spotlight_vulnerabilities.py
-
Refactored User Management Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #276.
user_management.py
-
Refactored Zero Trust Assessment Service Class to the latest pattern (rev 3), aligns syntax to PEP8. Closes #260.
zero_trust_assessment.py
-
Added client_id and client_secret as keywords to the base Service Class, Uber Class, and Authentication class.
api_complete.py
,oauth2.py
,_service_class.py
This change allows you to specify your API ID and secret when you create an instance of any of the service class. (Direct Authentication)
from falconpy.hosts import Hosts falcon = Hosts(client_id="CLIENT_ID_HERE", client_secret="CLIENT_SECRET_HERE") results = falcon.query_devices_by_filter(sort="devices.hostname|desc", limit=10) print(results)
-
Added new Report Executions Service Class.
report_executions.py
- Basic unit test implemented:
test_report_executions.py
- Basic unit test implemented:
-
Added new Schedule Reports Service Class.
scheduled_reports.py
- Basic unit test implemented:
test_scheduled_reports.py
- Basic unit test implemented:
-
Added new operation (getComplianceV1) to Zero Trust Assessment Service Class.
zero_trust_assessment.py
-
Bug fix: Resolved HTTP status code 415 on calls to refreshActiveStreamSession (refresh_active_stream). Closes #247.
event_streams.py
-
Bug fix: Resolved header pollution issue within Falcon X Sandbox Service Class. Closes #250.
falconx_sandbox.py
-
Bug fix: Resolved header pollution issue within Firewall Management Service Class. Closes #252.
firewall_management.py
-
Bug fix: Resolved header pollution issue within Custom IOA Service Class. Closes #253.
custom_ioa.py
-
Bug fix: Resolved header pollution issue within Sample Uploads Service Class. Closes #254.
sample_uploads.py
-
Bug fix: Resolved HTTP status code 500 error on calls to RTR_CreatePut_Files (create_put_files). Closes #261.
real_time_response_admin.py
-
Bug fix: Resolved HTTP status code 400 or 500 error on calls to RTR_UpdateScripts (update_scripts) and calls to RTR_CreateScripts (create_scripts). Closes #262.
real_time_response_admin.py
-
Bug fix: Added handle_single_argument helper to attempt to handle single arguments passed to Service Class methods. Addresses a potential breaking change introduced by v0.5.4. Closes #263.
_util.py
Developers should use keywords, not arguments, when specifying parameters provided to Service Class or the Uber Class command methods.
from falconpy.hosts import Hosts falcon = Hosts(creds={"client_id": "CLIENT_ID_HERE", "client_secret": "CLIENT_SECRET_HERE"}) result = falcon.GetDeviceDetails(ids="12345")) # This syntax will always work print(result) result = falcon.GetDeviceDetails("12345") # This syntax may fail depending on method print(result) # (will work in this example) bad_result = falcon.QueryHiddenDevices(1, 0, "devices.hostname|desc", "") print(bad_result) # This syntax will always fail
Whenever possible, Service Classes attempt to guess the keyword for the first argument passed (if present). Typically these are aligned to the one required parameter for the method. (Example: the ids parameter)
-
Related to #263: Updated Uber class to no longer leverage the force_default helper, allowing users to still use the first argument to specify the action to be performed.
api_complete.py
-
Bug fix: Added the after parameter to the endpoint parameter definitions for indicator_combined_v1 and indicator_search_v1. Closes #266.
_endpoint/_ioc.py
-
Bug fix: Multiple methods within the Flight Control Service Class make use of the wrong HTTP method. Closes #291.
mssp.py
- Initial refactoring of unit test harnesses for service classes detailed above.
- Reduced token-related API requests performed by unit testing series.
- Minor adjustment to Uber class unit tests to better demonstrate proper method usage.
- Updated unit tests to support US-2 / Gov base URL testing.
- Added: New functionality for handling service class modules within FalconDebug.
- Bug fix: Resolved JSONDecode error on RTR_DeleteSession. Closes #238.
- Bug fix: Resolved issue with credential authentication in service classes not respecting custom API configuration attributes. Closes #242.
- Package metadata updates
- Updated IDP unit tests to more accurately cover functionality
- Flaky unit test adjustments
- FalconDebug added to linting workflows
debug.py
- Refactored Custom IOA Service Class to the new pattern to provide for new parameter handling functionality, closes #217.
custom_ioa.py
- Refactored Device Control Policies Service Class to the new pattern to provide for new parameter handling functionality, closes #224.
device_control_policies.py
- Refactored Firewall Policies Service Class to the new pattern to provide for new parameter handling functionality, closes #227.
firewall_policies.py
- Refactored Firewall Management Service Class to match the most recent pattern, closes #232.
firewall_management.py
- Refactored Falcon X Sandbox Service Class to the new pattern to provide for new parameter handling functionality, closes #226.
falconx_sandbox.py
- Refactored Hosts Service Class to the new pattern to provide for new parameter handling functionality, closes #218.
hosts.py
- Refactored Host Group Service Class to the new pattern to provide for new parameter handling functionality, closes #223.
host_group.py
- Refactored Intel Service Class to match the most recent pattern, closes #231.
intel.py
- Refactored OAuth2 class to reflect new functionality and linting patterns, closes #233.
oauth2.py
- Refactored Quick Scan Service Class to match the most recent pattern, closes #219.
quick_scan.py
- Refactored Real Time Response Service Class to match the most recent pattern, closes #230.
real_time_response.py
- Refactored Real Time Response Admin Service Class to match the most recent pattern, closes #229.
real_time_response_admin.py
- Refactored Sensor Updated Policy Service Class to the new pattern to provide for new parameter handling functionality, closes #222.
sensor_update_policy.py
- Refactored Sensor Downloads Service Class to the new pattern to provide for new parameter handling functionality, closes #221.
sensor_downloads.py
- Refactored Sample Uploads Service Class to the new pattern to provide for new parameter handling functionality, closes #220.
sample_uploads.py
- Refactored User Management Service Class to match the most recent pattern, closes #228.
user_management.py
- Bug fix: Resolved issue with the timeout parameter not being passed to the OAuth2 class when legacy authentication was being used. Closes #225.
- Enabled Pylint stopping the build on linting failures within package source.
- Unit test updates to expand code coverage for new code paths.
- This update provides part of the functionality requested in #115.
- Added
identity_protection.py
- Identity Protection service class. - Added utility to create a zip archive to be used with AWS Lambda layers. (
create-lambda-layer.sh
)
- Bug fix: Resolved order of operations issue with body validation in validate_payload helper function. (
_util.py
) - Updated
cloud_connect_aws.py
- Cloud_Connect_AWS Service Class. Closes #209. - Updated
detects.py
- Detects Service Class. Closes #210. - Updated
event_streams.py
- Event Streams Service Class. Closes #212. - Updated
incidents.py
- Incidents Service Class. Closes #213. - Updated
spotlight_vulnerabilities.py
- Spotlight Vulnerabilities Service Class. Closes #214. - Updated
zero_trust_assessment.py
- Zero Trust Assessment Service Class. Closes #211. - Updated query used for unit testing of Spotlight Vulnerabilities service class. 2020 -> 2021 (
test_spotlight_vulnerabilities.py
) - Bug fix: Resolved flaky unit test for RegenerateAPIKey for Kubernetes Protection service class. (
test_kubernetes_protection.py
).
- Added pylint workflow to push / pull_request actions.
- _endpoint module updates to support new service class.
- Added unit testing for new service class.
- Unit testing updates to complete code coverage.
- README.md updated.
- Added additional classifiers and developer requirements to PIP package metadata. (
setup.py
)
- Bug fix: Resolves #200 by moving the failing method (entities_processes) in
iocs.py
to the latest code pattern.
- Fixed: Incorrect endpoint specified in the updateSensorUpdatePoliciesV2 method within the Sensor Update Policy service class.
- Fixed: CrowdStrike#181 by adding the parameters to the create and update ioc functions.
- Added: IOC API Service Class (
ioc.py
)- indicator_combined_v1
- indicator_get_v1
- indicator_create_v1
- indicator_delete_v1
- indicator_update_v1
- indicator_search_v1
- Added: Kubernetes Protection API Service Class (
kubernetes_protection.py
)- GetAWSAccountsMixin0
- CreateAWSAccount
- DeleteAWSAccountsMixin0
- UpdateAWSAccount
- GetLocations
- GetHelmValuesYaml
- RegenerateAPIKey
- GetClusters
- TriggerScan
- Added: Recon API Service Class (
recon.py
)- AggregateNotificationsV1
- PreviewRuleV1
- GetActionsV1
- CreateActionsV1
- DeleteActionV1
- UpdateActionV1
- GetNotificationsDetailedTranslatedV1
- GetNotificationsDetailedV1
- GetNotificationsTranslatedV1
- GetNotificationsV1
- DeleteNotificationsV1
- UpdateNotificationsV1
- GetRulesV1
- CreateRulesV1
- DeleteRulesV1
- UpdateRulesV1
- QueryActionsV1
- QueryActionsV1
- QueryNotificationsV1
- QueryRulesV1
- Added: Response Policies API Service Class (
response_policies.py
)- queryCombinedRTResponsePolicyMembers
- queryCombinedRTResponsePolicies
- performRTResponsePoliciesAction
- setRTResponsePoliciesPrecedence
- getRTResponsePolicies
- createRTResponsePolicies
- deleteRTResponsePolicies
- updateRTResponsePolicies
- queryRTResponsePolicyMembers
- queryRTResponsePolicies
- Updated: CSPM Registration API Service Class (
cspm_registration.py
)- Refactored to utilized updated pattern for Service Classes
- Added: PatchCSPMAwsAccount function
- Added: UpdateCSPMAzureTenantDefaultSubscriptionID function
- Added: GetIOAEvents function
- Added: GetIOAUsers function
- Updated: Unit tests
- Updated: Discover for Cloud Registration API Service Class (
d4c_registration.py
)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: IOA Exclusions API Service Class (
ioa_exclusions.py
)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: IOCs API Service Class (
iocs.py
)- Refactored to utilized updated pattern for Service Classes
- Updated: Deprecated multiple endpoints as part of the release of the new IOC Service Class (
_endpoint/_iocs.py
)
- Updated: Falcon Complete Dashboard API Service Class (
falcon_complete_dashboard.py
)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: Falcon Flight Control API Service Class (
mssp.py
)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: Installation Tokens API Service Class (
installation_tokens.py
)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: Malquery API Service Class (
malquery.py
)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: ML Exclusions API Service Class (
ml_exclusions.py
)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: Overwatch Dashboard API Service Class (
overwatch_dashboard.py
)- Refactored to remove unnecessary private method call / import of the sys library
- Updated: Prevention Policies API Service Class (
prevention_policy.py
)- Refactored to utilized updated pattern for Service Classes
- Updated: Added add-rule-group and remove-rule-group actions to action_name parameter for performPreventionPoliciesAction function. (
_endpoint/_prevention_policy.py
)
- Updated: Sensor Visibility Exclusions API Service Class (
sensor_visibility_exclusions.py
)- Refactored to remove unnecessary private method call / import of the sys library
- Added: CSPM Registration API sample - CSPM registration policy export (@mccbryan3)
- Added: Timeout support - Float / tuple that is passed to the requests library when performing requests to the API. Can specify timeouts for connect, read and global.
- Fixed: Service Class proxy functionality support
- Timeout functionality unit tests (
test_timeout.py
)
- Added: Proxy support - dictionary of proxies that are passed to the requests library when performing requests to the API.
- Related to discussion post #154
- Fixed: Parsing issue with ids argument within MSSP.getChildren (Flight Control Service Class)
- Resolved by migrating
mssp.py
source to the new pattern being tested for Service Classes. - Closes #144
- Resolved by migrating
New Service Class pattern - Query String parameters can now be passed as function arguments.
This functionality is currently only available in the following new Service Classes while regression testing is underway.
- Added: D4C Registration API Service Class (
d4c_registration.py
)- GetCSPMAzureAccount
- CreateCSPMAzureAccount
- UpdateCSPMAzureAccountClientID
- GetCSPMAzureUserScriptsAttachment
- GetCSPMAzureUserScripts
- GetCSPMCGPAccount
- GetCSPMGCPAccount (redirects to GetCSPMCGPAccount)
- CreateCSPMGCPAccount
- GetCSPMGCPUserScriptsAttachment
- GetCSPMGCPUserScripts
- Added unit tests (
test_d4c_registration.py
)
- Added: Installation Tokens API Service Class (
installation_tokens.py
)- audit_events_read
- customer_settings_read
- tokens_read
- tokens_create
- tokens_delete
- tokens_update
- audit_events_query
- tokens_query
- Added unit tests (
test_installation_tokens.py
)
- Added: IOA Exclusions API Service Class (
ioa_exclusions.py
)- getIOAExclusionsV1
- createIOAExclusionsV1
- deleteIOAExclusionsV1
- updateIOAExclusionsV1
- queryIOAExclusionsV1
- Added unit tests (
test_ioa_exclusions.py
)
- Added: Falcon Complete Dashboard API Service Class (
falcon_complete_dashboard.py
)- AggregateAllowList
- AggregateBlockList
- AggregateDetections
- AggregateDeviceCountCollection
- AggregateEscalations
- AggregateFCIncidents
- AggregateRemediations
- QueryAllowListFilter
- QueryBlockListFilter
- QueryDetectionIdsByFilter
- GetDeviceCountCollectionQueriesByFilter
- QueryEscalationsFilter
- QueryIncidentIdsByFilter
- QueryRemediationsFilter
- Added unit tests (
test_falcon_complete_dashboard.py
)
- Added: MalQuery API Service Class (
malquery.py
)- GetMalQueryQuotasV1
- PostMalQueryFuzzySearchV1
- GetMalQueryDownloadV1
- GetMalQueryMetadataV1
- GetMalQueryRequestV1
- GetMalQueryEntitiesSamplesFetchV1
- PostMalQueryEntitiesSamplesMultidownloadV1
- PostMalQueryExactSearchV1
- PostMalQueryHuntV1
- Added unit tests (
test_malquery.py
)
- Added: ML Exclusions API Service Class (
ml_exclusions.py
)- getMLExclusionsV1
- createMLExclusionsV1
- deleteMLExclusionsV1
- updateMLExclusionsV1
- queryMLExclusionsV1
- Added unit tests (
test_ml_exclusions.py
)
- Added: Overwatch Dashboard API Service Class (
overwatch_dashboard.py
)- AggregatesDetectionsGlobalCounts
- AggregatesEventsCollections
- AggregatesEvents
- AggregatesIncidentsGlobalCounts
- AggregatesOWEventsGlobalCounts
- Added unit tests (
test_overwatch_dashboard.py
)
- Added: Sensor Visibility Exclusions API Service Class (
sensor_visibility_exclusions.py
)- getSensorVisibilityExclusionsV1
- createSVExclusionsV1
- deleteSensorVisibilityExclusionsV1
- updateSensorVisibilityExclusionsV1
- querySensorVisibilityExclusionsV1
- Added unit tests (
test_sensor_visibility_exclusions.py
)
- Added: args_to_params function (
_util.py
) - Allows developers to specify parameter dictionary elements as function argumentsimport json from falconpy.ml_exclusions import ML_Exclusions as FalconML falcon = FalconML(creds={"client_id": client_ID, "client_secret": client_secret}) print(json.dumps(falcon.queryMLExclusionsV1(limit=10, offset=20, sort="value.asc"), indent=4))
- Unrecognized parameter values are discarded
- Initial testing in a limited number of Service Classes
- Added: Missing method to Spotlight_Vulnerabilities Service Class (
spotlight_vulnerabilities.py
)- getRemediations
- Added unit test to existing test series (
test_spotlight_vulnerabilities.py
)
-
Added: MSSP (Falcon Flight Control) Service Class
- getChildren
- getCIDGroupMembersBy
- addCIDGroupMembers
- deleteCIDGroupMembers
- getCIDGroupById
- createCIDGroups
- deleteCIDGroups
- updateCIDGroups
- getRolesByID
- addRole
- deleteRoles
- getUserGroupMembersByID
- addUserGroupMembers
- deleteUserGroupMembers
- getUserGroupsByID
- createUserGroup
- deleteUserGroups
- updateUserGroups
- queryChildren
- queryCIDGroupMembers
- queryCIDGroups
- queryRoles
- queryUserGroupMembers
- queryUserGroups
- Added unit tests (
test_mssp.py
)
-
Added: Zero Trust Assessment Service Class
- getAssessmentV1
- Added unit tests (
test_zero_trust_assessment.py
)
- Fixed KeyError when providing invalid credentials to a Service Class using Credential or Object authentication, Closes #134
- Moved _endpoint constant library to a private submodule (No impact to existing usage)
- Added payload parameter information to _endpoint constants
- Adds service collection ID to endpoint lists
- This prepares the package for new functionality planned for future releases
- Added:
force_default
function - decorator function that forces default values for function arguments (_util.py
)- Added: Helper function
get_default
- Refactored Uber class to leverage this new functionality
- Unit tests refactored to cover new code paths (
test_uber_api_complete.py
)
- Unit tests refactored to cover new code paths (
- Depending upon feedback, this updated pattern will be implemented within Service Classes to reduce overall function complexity
- Added: Helper function
- Linting
Developers: These patterns are being tested within the Uber Class for migration over to Service Classes in future versions
- Reduced Uber class method complexity
- Added: Helper function
calc_url_from_args
(_util.py
) - Added: Helper function
_create_header_payload
(api_complete.py
, Requires class internal variables)
- Added: Helper function
- Migrated Uber class variables to snake_case format
- Removed unnecessarily complex lambdas
- New class method:
valid_cred_format
, replaces previous lambda class attribute - New class method:
token_expired
, replaces previous lambda class attribute
- New class method:
- Reduced overall number of instance attributes
- Unit tests updated (
test_uber_api_complete.py
)
- Reduced Uber class method complexity
- Minor unit test update to
test_cspm_registration.py
- Added
util/coverage.config
- Moved unit test coverage reporting over to configuration file for parameter management
- Documentation updates
-
Added: Custom Indicators of Attack (IOA) API Service Class (
custom_ioa.py
)- get_patterns
- get_platformsMixin0
- get_rule_groupsMixin0
- create_rule_groupMixin0
- delete_rule_groupsMixin0
- update_rule_groupMixin0
- get_rule_types
- get_rules_get
- get_rulesMixin0
- create_rule
- delete_rules
- update_rules
- validate
- query_patterns
- query_platformsMixin0
- query_rule_groups_full
- query_rule_groupsMixin0
- query_rule_types
- query_rulesMixin0
- Added unit tests (
test_custom_ioa.py
)
-
Added: Falcon X Quick Scan API Service Class (
quick_scan.py
)- GetScansAggregates
- GetScans
- ScanSamples
- QuerySubmissionsMixin0
- Added unit tests (
test_quick_scan.py
)
-
Added: Uber class endpoints (
_endpoints.py
)- Falcon Complete Dashboard API
- Falcon Overwatch Dashboard API
- Falcon Flight Control API
- Fixed unidiomatic type check in
_util.py
(parse_id_list) - Fixed potentially problematic default payload lists and dictionaries (Service Classes and Uber Class)
- Added CHANGELOG.md
- Documentation updates to reflect new service class and upcoming API additions
- Minor comment updates
- Adjusted GitHub actions to test operating systems as separate workflows
- Minor GitHub workflow adjustments
- Unit test updates
- Cloud Connect AWS
- CSPM Registration
- Sensor Download
- Added: Sensor Download API Service Class (Contributor: @CalebSchwartz)
- GetCombinedSensorInstallersByQuery
- DownloadSensorInstallerById
- GetSensorInstallersEntities
- GetSensorInstallersCCIDByQuery
- GetSensorInstallersByQuery
- Added unit tests
- Fixed: action_name parameter default bug. Resolved by setting a default value and overriding this value if action_name is present in the parameters dictionary, Closes #114.
- Documentation updated to reflect the new Sensor Download Service Class
- Added: Sample_Uploads service class (
sample_uploads.py
)- UploadSampleV3
- GetSampleV3
- DeleteSampleV3
- Added: Sample_Uploads unit tests (
test_sample_uploads.py
)
- Added: FalconDebug - Interactive Python3 debugger that provides a pre-defined API token.
- Fixed: Issue with Uber class command method using the action_name variable instead of file_name variable for actions passing the file_name parameter.
- Fixed: Issue with
setup.py
passing GitHub emoji text to the package description. - Fixed: Issue with Uber class unit testing not deleting uploaded files from Sample_Uploads API. (
test_uber_api_complete.py
)
- Added missing method:
hosts.py
- Added UpdateDeviceTags method to Hosts service class. (Contributor: @rewgord)- Unit test added to
test_hosts.py
to test device tagging functionality.
- Unit test added to
- API Operation summaries added to the Uber class:
_endpoint.py
- This provides for upcoming functionality that will be announced in future updates. - New endpoints added to the Uber class:
_endpoint.py
Deprecation Warning: Legacy API operation IDs that made use of the Python reserved characters "." and "-" have been deprecated. New operation IDs have been generated for each that now aligns to the method names defined in the equivalent service class.
- Added method validation to Uber class calls to the requests library. (HTTP 418 is sent when an invalid method is specified.)
- Cleaned up
event_streams.py
class file to match new patterns. - Updated return type decorators for service_request and perform_request. (
_util.py
) - Updated return type decorators for GetArtifacts, GetReports and GetSampleV2. (
falconx_sandbox.py
) - Abstracted all remaining common error output code paths to a stand-alone generic method. (
_util.py
)
- New service class: cspm_registration.py - Provides the CSPM_Registration service class for handling Horizon registration in Azure and AWS.
- Unit test added
- Added methods: falconx_sandbox.py - Support for the following operations have been added to the FalconX_Sandbox service class.
- QuerySampleV1
- DeleteSampleV2
- GetSampleV2
- DeleteReport
- GetReports
- Unit test added
- Bug fix: Resolved malformed validator in detects.py - UpdateDetectsByIdsV2
- Bug fix: Added action_name parameter to operations that require the parameter. Closes #53.
This issue impacted 6 service classes in total:
-
device_control_policies.py - Device_Control_Policies - performDeviceControlPoliciesAction
-
firewall_policies.py - Firewall_Policies - performFirewallPoliciesAction
-
host_group.py - Host_Group - performGroupAction
-
hosts.py - Host - PerformActionV2
-
prevention_policy.py - Prevention_Policy - performPreventionPoliciesAction
-
sensor_update_policy.py - Sensor_Update_Policy - performSensorUpdatePoliciesAction
-
This issue also impacted the Uber class, resulting in updates to the command method within the APIHarness class.
-
Unit tests modified
-
Breaking Change: The action_name parameter does not currently accept unspecified values. This is resolved in the 0.4.4 version of the package.
- Minor updates to
_endpoints.py
to reflect operation ID corrections for the CSPM registration API. - Abstracted common error output code paths to a stand-alone method within
_util.py
.
- Added additional HTTP status codes
- Added parameter input validation handling
- Additional validations are planned for all service classes. Currently only enabled in
cloud_connect_aws.py
.
- Additional validations are planned for all service classes. Currently only enabled in
- Added body payload input validation handling
- Additional validations are planned for all service classes. Currently only enabled in
cloud_connect_aws.py
.
- Additional validations are planned for all service classes. Currently only enabled in
- Added allowed HTTP method restrictions
- Added ID list handling to API operations that require ID lists
- Developers may now pass in a list of IDs or a comma-delimited string.
- Added status code response checks to authentication events
- Instantiate Service classes without having to manage tokens
- Pass in credentials (Now referred to as "credential authentication")
- Pass in the entire auth object (Now referred to as "object authentication")
Please note: Passing a token into Service classes is still fully supported. This is now referred to as "legacy authentication".
- Added automatic token refresh functionality to Service Class calls
- Developers must make use of either credential or object authentication in order to leverage this functionality.
- Added dynamic package metadata updates (Closes #14)
- Generalized version control
- New constant file:
_version.py
- New constant file:
- Generalized version control
- Added user-agent string to HTTP headers. (Closes #57)
- Resolved a bug with token deauthentication (Uber and Service classes)
- Resolved a bug in Firewall_Management.update_rule_group
- Abstracted calls to the requests library from all classes, reducing code segment size
- New library: _util.py
- New class: _service_class.py
- New class: _result.py
- All Service Classes refactored
- Abstracted endpoint list from the Uber class to a standalone source file
- New constant file: _endpoint.py
- Linting / code cleanup
- Added function input parameter datatype specifications (where possible)
- Added function output datatype decorators
- In order to reduce confusion, references to the
json
requests attribute are now always referred to as "body". - References to the
data
requests attribute are still referred to as "data".
- 100% unit test coverage
- Internal documentation updates