Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version 1.3.1 - New Cloud Snapshots collection, FileVantage operations #1036

Merged
merged 31 commits into from
Sep 1, 2023
Merged

Version 1.3.1 - New Cloud Snapshots collection, FileVantage operations #1036

merged 31 commits into from
Sep 1, 2023

Conversation

jshcodes
Copy link
Member

@jshcodes jshcodes commented Sep 1, 2023

FalconPy v1.3.1

This version provides the following updates:

  • 23 new operations are added to the FileVantage service collection.
  • 3 new operations are added to the Identity Protection service collection.
  • 2 new operations are added to the Falcon Complete Dashboard service collection.
  • 1 new operation is added to the Falcon Container service collection.
  • The Cloud Snapshots service collection is added. (Service Class name: CloudSnapshots)
  • Override functionality is added to all regular Service Classes.
  • Added a warning for when arguments are provided URL encoded unnecessarily.
  • Bug fixes and operation updates
  • Enhancement
  • Bug fixes
  • Updated unit tests
  • Documentation

Unit test coverage

Name                                                             Stmts   Miss  Cover
------------------------------------------------------------------------------------
src/falconpy/__init__.py                                            78      0   100%
src/falconpy/_api_request/__init__.py                                7      0   100%
src/falconpy/_api_request/_request.py                              109      0   100%
src/falconpy/_api_request/_request_behavior.py                      55      0   100%
src/falconpy/_api_request/_request_connection.py                    33      0   100%
src/falconpy/_api_request/_request_meta.py                          26      0   100%
src/falconpy/_api_request/_request_payloads.py                      31      0   100%
src/falconpy/_api_request/_request_validator.py                     17      0   100%
src/falconpy/_auth_object/__init__.py                                6      0   100%
src/falconpy/_auth_object/_base_falcon_auth.py                      19      0   100%
src/falconpy/_auth_object/_bearer_token.py                          63      0   100%
src/falconpy/_auth_object/_falcon_interface.py                     245      0   100%
src/falconpy/_auth_object/_interface_config.py                      40      0   100%
src/falconpy/_auth_object/_uber_interface.py                        33      0   100%
src/falconpy/_constant/__init__.py                                  11      0   100%
src/falconpy/_endpoint/__init__.py                                 140      0   100%
src/falconpy/_endpoint/_alerts.py                                    1      0   100%
src/falconpy/_endpoint/_cloud_connect_aws.py                         1      0   100%
src/falconpy/_endpoint/_cloud_snapshots.py                           1      0   100%
src/falconpy/_endpoint/_cspm_registration.py                         1      0   100%
src/falconpy/_endpoint/_custom_ioa.py                                1      0   100%
src/falconpy/_endpoint/_d4c_registration.py                          1      0   100%
src/falconpy/_endpoint/_detects.py                                   1      0   100%
src/falconpy/_endpoint/_device_control_policies.py                   1      0   100%
src/falconpy/_endpoint/_discover.py                                  1      0   100%
src/falconpy/_endpoint/_event_streams.py                             1      0   100%
src/falconpy/_endpoint/_falcon_complete_dashboard.py                 1      0   100%
src/falconpy/_endpoint/_falcon_container.py                          1      0   100%
src/falconpy/_endpoint/_falconx_sandbox.py                           1      0   100%
src/falconpy/_endpoint/_fdr.py                                       1      0   100%
src/falconpy/_endpoint/_filevantage.py                               1      0   100%
src/falconpy/_endpoint/_firewall_management.py                       1      0   100%
src/falconpy/_endpoint/_firewall_policies.py                         1      0   100%
src/falconpy/_endpoint/_host_group.py                                1      0   100%
src/falconpy/_endpoint/_hosts.py                                     1      0   100%
src/falconpy/_endpoint/_identity_protection.py                       1      0   100%
src/falconpy/_endpoint/_incidents.py                                 1      0   100%
src/falconpy/_endpoint/_installation_tokens.py                       1      0   100%
src/falconpy/_endpoint/_intel.py                                     1      0   100%
src/falconpy/_endpoint/_ioa_exclusions.py                            1      0   100%
src/falconpy/_endpoint/_ioc.py                                       1      0   100%
src/falconpy/_endpoint/_iocs.py                                      1      0   100%
src/falconpy/_endpoint/_kubernetes_protection.py                     1      0   100%
src/falconpy/_endpoint/_malquery.py                                  1      0   100%
src/falconpy/_endpoint/_message_center.py                            1      0   100%
src/falconpy/_endpoint/_ml_exclusions.py                             1      0   100%
src/falconpy/_endpoint/_mobile_enrollment.py                         1      0   100%
src/falconpy/_endpoint/_mssp.py                                      1      0   100%
src/falconpy/_endpoint/_oauth2.py                                    1      0   100%
src/falconpy/_endpoint/_ods.py                                       1      0   100%
src/falconpy/_endpoint/_overwatch_dashboard.py                       1      0   100%
src/falconpy/_endpoint/_prevention_policies.py                       1      0   100%
src/falconpy/_endpoint/_quarantine.py                                1      0   100%
src/falconpy/_endpoint/_quick_scan.py                                1      0   100%
src/falconpy/_endpoint/_real_time_response.py                        1      0   100%
src/falconpy/_endpoint/_real_time_response_admin.py                  1      0   100%
src/falconpy/_endpoint/_recon.py                                     1      0   100%
src/falconpy/_endpoint/_report_executions.py                         1      0   100%
src/falconpy/_endpoint/_response_policies.py                         1      0   100%
src/falconpy/_endpoint/_sample_uploads.py                            1      0   100%
src/falconpy/_endpoint/_scheduled_reports.py                         1      0   100%
src/falconpy/_endpoint/_sensor_download.py                           1      0   100%
src/falconpy/_endpoint/_sensor_update_policies.py                    1      0   100%
src/falconpy/_endpoint/_sensor_visibility_exclusions.py              1      0   100%
src/falconpy/_endpoint/_spotlight_evaluation_logic.py                1      0   100%
src/falconpy/_endpoint/_spotlight_vulnerabilities.py                 1      0   100%
src/falconpy/_endpoint/_tailored_intelligence.py                     1      0   100%
src/falconpy/_endpoint/_user_management.py                           1      0   100%
src/falconpy/_endpoint/_zero_trust_assessment.py                     1      0   100%
src/falconpy/_endpoint/deprecated/__init__.py                       32      0   100%
src/falconpy/_endpoint/deprecated/_custom_ioa.py                     1      0   100%
src/falconpy/_endpoint/deprecated/_d4c_registration.py               1      0   100%
src/falconpy/_endpoint/deprecated/_discover.py                       1      0   100%
src/falconpy/_endpoint/deprecated/_fdr.py                            1      0   100%
src/falconpy/_endpoint/deprecated/_firewall_management.py            1      0   100%
src/falconpy/_endpoint/deprecated/_hosts.py                          1      0   100%
src/falconpy/_endpoint/deprecated/_identity_protection.py            1      0   100%
src/falconpy/_endpoint/deprecated/_installation_tokens.py            1      0   100%
src/falconpy/_endpoint/deprecated/_ioc.py                            1      0   100%
src/falconpy/_endpoint/deprecated/_iocs.py                           1      0   100%
src/falconpy/_endpoint/deprecated/_ods.py                            1      0   100%
src/falconpy/_endpoint/deprecated/_real_time_response.py             1      0   100%
src/falconpy/_endpoint/deprecated/_real_time_response_admin.py       1      0   100%
src/falconpy/_endpoint/deprecated/_report_executions.py              1      0   100%
src/falconpy/_endpoint/deprecated/_scheduled_reports.py              1      0   100%
src/falconpy/_endpoint/deprecated/_zero_trust_assessment.py          1      0   100%
src/falconpy/_enum/__init__.py                                       4      0   100%
src/falconpy/_enum/_base_url.py                                      7      0   100%
src/falconpy/_enum/_container_base_url.py                            6      0   100%
src/falconpy/_enum/_token_fail_reason.py                             4      0   100%
src/falconpy/_error/__init__.py                                      3      0   100%
src/falconpy/_error/_exceptions.py                                  68      0   100%
src/falconpy/_error/_warnings.py                                    37      0   100%
src/falconpy/_log/__init__.py                                        2      0   100%
src/falconpy/_log/_facility.py                                      34      0   100%
src/falconpy/_payload/__init__.py                                   28      0   100%
src/falconpy/_payload/_alerts.py                                    11      0   100%
src/falconpy/_payload/_cloud_connect_aws.py                         23      0   100%
src/falconpy/_payload/_cloud_snapshots.py                           36      0   100%
src/falconpy/_payload/_container.py                                 27      0   100%
src/falconpy/_payload/_cspm_registration.py                         53      0   100%
src/falconpy/_payload/_d4c_registration.py                          38      0   100%
src/falconpy/_payload/_detects.py                                   15      0   100%
src/falconpy/_payload/_device_control_policy.py                     33      0   100%
src/falconpy/_payload/_falconx.py                                   25      0   100%
src/falconpy/_payload/_filevantage.py                               34      0   100%
src/falconpy/_payload/_firewall.py                                 130      0   100%
src/falconpy/_payload/_generic.py                                   64      0   100%
src/falconpy/_payload/_host_group.py                                31      0   100%
src/falconpy/_payload/_incidents.py                                 15      0   100%
src/falconpy/_payload/_ioa.py                                       35      0   100%
src/falconpy/_payload/_ioc.py                                       52      0   100%
src/falconpy/_payload/_malquery.py                                  56      0   100%
src/falconpy/_payload/_message_center.py                            22      0   100%
src/falconpy/_payload/_mssp.py                                      15      0   100%
src/falconpy/_payload/_ods.py                                       13      0   100%
src/falconpy/_payload/_prevention_policy.py                         19      0   100%
src/falconpy/_payload/_real_time_response.py                        27      0   100%
src/falconpy/_payload/_recon.py                                     84      0   100%
src/falconpy/_payload/_reports.py                                   19      0   100%
src/falconpy/_payload/_response_policy.py                           19      0   100%
src/falconpy/_payload/_sample_uploads.py                             9      0   100%
src/falconpy/_payload/_sensor_update_policy.py                      30      0   100%
src/falconpy/_result/__base_resource.py                             28      0   100%
src/falconpy/_result/__init__.py                                     9      0   100%
src/falconpy/_result/_base_dictionary.py                            31      0   100%
src/falconpy/_result/_errors.py                                      2      0   100%
src/falconpy/_result/_expanded_result.py                             7      0   100%
src/falconpy/_result/_headers.py                                    24      0   100%
src/falconpy/_result/_meta.py                                       27      0   100%
src/falconpy/_result/_resources.py                                  14      0   100%
src/falconpy/_result/_response_component.py                         24      0   100%
src/falconpy/_result/_result.py                                    204      0   100%
src/falconpy/_service_class/__init__.py                              3      0   100%
src/falconpy/_service_class/_base_service_class.py                 118      0   100%
src/falconpy/_service_class/_service_class.py                       78      0   100%
src/falconpy/_util/__init__.py                                       5      0   100%
src/falconpy/_util/_auth.py                                         18      0   100%
src/falconpy/_util/_functions.py                                   366      0   100%
src/falconpy/_util/_service.py                                       3      0   100%
src/falconpy/_util/_uber.py                                         44      0   100%
src/falconpy/_version.py                                            33      0   100%
src/falconpy/alerts.py                                              33      0   100%
src/falconpy/api_complete.py                                        57      0   100%
src/falconpy/cloud_connect_aws.py                                   48      0   100%
src/falconpy/cloud_snapshots.py                                     21      0   100%
src/falconpy/cspm_registration.py                                  135      0   100%
src/falconpy/custom_ioa.py                                          86      0   100%
src/falconpy/d4c_registration.py                                    96      0   100%
src/falconpy/detects.py                                             32      0   100%
src/falconpy/device_control_policies.py                             78      0   100%
src/falconpy/discover.py                                            35      0   100%
src/falconpy/event_streams.py                                       20      0   100%
src/falconpy/falcon_complete_dashboard.py                           87      0   100%
src/falconpy/falcon_container.py                                    57      0   100%
src/falconpy/falconx_sandbox.py                                     86      0   100%
src/falconpy/fdr.py                                                 23      0   100%
src/falconpy/filevantage.py                                        127      0   100%
src/falconpy/firewall_management.py                                139      0   100%
src/falconpy/firewall_policies.py                                   71      0   100%
src/falconpy/host_group.py                                          61      0   100%
src/falconpy/hosts.py                                              106      0   100%
src/falconpy/identity_protection.py                                 34      0   100%
src/falconpy/incidents.py                                           41      0   100%
src/falconpy/installation_tokens.py                                 43      0   100%
src/falconpy/intel.py                                               93      0   100%
src/falconpy/ioa_exclusions.py                                      33      0   100%
src/falconpy/ioc.py                                                 82      0   100%
src/falconpy/iocs.py                                                40      0   100%
src/falconpy/kubernetes_protection.py                               94      0   100%
src/falconpy/malquery.py                                            50      0   100%
src/falconpy/message_center.py                                      81      0   100%
src/falconpy/ml_exclusions.py                                       35      0   100%
src/falconpy/mobile_enrollment.py                                   18      0   100%
src/falconpy/mssp.py                                               174      0   100%
src/falconpy/oauth2.py                                              26      0   100%
src/falconpy/ods.py                                                 68      0   100%
src/falconpy/overwatch_dashboard.py                                 31      0   100%
src/falconpy/prevention_policy.py                                   62      0   100%
src/falconpy/quarantine.py                                          46      0   100%
src/falconpy/quick_scan.py                                          27      0   100%
src/falconpy/real_time_response.py                                 127      0   100%
src/falconpy/real_time_response_admin.py                            75      0   100%
src/falconpy/recon.py                                              128      0   100%
src/falconpy/report_executions.py                                   24      0   100%
src/falconpy/response_policies.py                                   61      0   100%
src/falconpy/sample_uploads.py                                      75      0   100%
src/falconpy/scheduled_reports.py                                   20      0   100%
src/falconpy/sensor_download.py                                     33      0   100%
src/falconpy/sensor_update_policy.py                               110      0   100%
src/falconpy/sensor_visibility_exclusions.py                        33      0   100%
src/falconpy/spotlight_evaluation_logic.py                          23      0   100%
src/falconpy/spotlight_vulnerabilities.py                           31      0   100%
src/falconpy/tailored_intelligence.py                               41      0   100%
src/falconpy/user_management.py                                    138      0   100%
src/falconpy/zero_trust_assessment.py                               23      0   100%
------------------------------------------------------------------------------------
TOTAL                                                             6598      0   100%

Bandit analysis

[main]	INFO	running on Python 3.9.17

Run started:2023-09-01 04:17:53.434424

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 53589
	Total lines skipped (#nosec): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
Files skipped (0):

Version 1.3.1

Added features and functionality

  • Added: 1 new operation added (highVolumeQueryChanges) from the FileVantage service collection.
    • _endpoint/_filevantage.py
    • filevantage.py

    Unit testing expanded to complete code coverage.

    • tests/test_filevantage.py
  • Added: Warn when providing API arguments that are unnecessarily URLEncoded. Closes [ ENH ] filter for API does not require urlencode, which sometimes generates ambiguous results #850.
    • _error/__init__.py
    • _error/_warnings.py
    • _util/_functions.py
    • _util/_uber.py
    • __init__.py
    • Thanks go out to @aboese for suggesting this enhancement. 🙇
  • Added: add_comment keyword added to the PerformIncidentAction operation within the Incidents Service Class. Closes [ ENH ] Add add_comment keyword argument to PerformIncidentAction operation #1003.
    • _payload/_incidents.py
    • incidents.py

    Unit testing expanded to complete code coverage.

    • tests/test_incidents.py
    • Thanks go out to @morcef for suggesting this enhancement. 🙇
  • Added: add-rule-group and remove-rule-group options added to performFirewallPoliciesAction operation in the Firewall Policies service collection.
    • _endpoint/_firewall_policies.py
    • firewall_policies.py
  • Added: Sort by alert_ids option added to QueryBehaviors operation in the _Incidents service collection.
    • _endpoint/_incidents.py
  • Added: AggregateAlerts and QueryAlertIdsByFilter operations added to the Falcon Complete Dashboard service collection.
    • _endpoint/_falcon_complete_dashboard.py
    • falcon_complete_dashboard.py

    Unit testing expanded to complete code coverage.

    • tests/test_falcon_complete_dashboard.py
  • Added: GetCombinedImages operation added to the Falcon Container service collection.
    • _endpoint/_falcon_container.py
    • falcon_container.py

    Unit testing expanded to complete code coverage.

    • test_falcon_container.py
  • Added: ids keyword argument added to GetIntelReportPDF and QueryMitreAttacks operations. if_none_match and if_modified_since keyword arguments added to GetLatestIntelRuleFile operation. Intel service collection.
    • _endpoint/_intel.py
    • intel.py

    Unit testing expanded to complete code coverage.

    • test_intel.py
  • Added: Override functionality - All service classes are now able to call manually specified operation endpoints via the override method. This method mirrors functionality provided by the override keyword within the Uber Class.
    • _service_class.py
  • Added: 23 new operations added to the FileVantage service collection.
    • updatePolicyHostGroups
    • updatePolicyPrecedence
    • updatePolicyRuleGroups
    • getPolicies
    • createPolicies
    • deletePolicies
    • updatePolicies
    • getScheduledExclusions
    • createScheduledExclusions
    • deleteScheduledExclusions
    • updateScheduledExclusions
    • updateRuleGroupPrecedence
    • getRules
    • createRules
    • deleteRules
    • updateRules
    • getRuleGroups
    • createRuleGroups
    • deleteRuleGroups
    • updateRuleGroups
    • highVolumeQueryChanges
    • queryRuleGroups
    • queryScheduledExclusions
    • queryPolicies
    • _endpoint/_filevantage.py
    • filevantage.py

    4 new payload handlers were implemented.

    • _payload/__init__.py
    • _payload/_filevantage.py

    Unit testing expanded to complete code coverage.

    • tests/test_filevantage.py
  • Added: A new service collection, Cloud Snapshots was implemented with three new operations (GetCredentialsMixin0, CreateInventory, and RegisterCspmSnapshotAccount).
    • _endpoint/__init__.py
    • _endpoint/_cloud_snapshots.py
    • __init__.py
    • cloud_snapshots.py

    Two new payload handlers were implemented.

    • _payload/__init__.py
    • _payload/_cloud_snapshots.py

    Unit testing expanded to complete code coverage.

    • tests/test_cloud_snapshot.py
  • Added: 3 new operations added to the Identity Protection service collection (GetSensorAggregates, GetSensorDetails, and QuerySensorsByFilter).
    • _endpoint/_identity_protection.py
    • identity_protection.py

    Unit testing expanded to complete code coverage.

    • tests/test_identity_protection.py

Issues resolved

Other

  • Deprecated: deleteCIDGroupMembersV1 is now deprecated. Calls to deleteCIDGroupMembers are now redirected to deleteCIDGroupMembersV2. MSSP service collection.
    • _endpoint/_mssp.py
    • mssp.py

    Unit testing expanded to complete code coverage.

    • test_mssp.py

@github-actions github-actions bot added documentation 📖 Improvements or additions to documentation unit testing Pull requests that include unit testing updates package Pull requests that update the core package pipeline CI/CD related labels Sep 1, 2023
@jshcodes jshcodes self-assigned this Sep 1, 2023
@jshcodes jshcodes added identity protection Identity Protection issues and questions Falcon Complete Falcon Complete Dashboard issues and questions container Falcon Container questions or issues FileVantage FileVantage issues or questions Cloud Snapshots Issues or questions related to Cloud Snapshots labels Sep 1, 2023
crowdstrikedcs
crowdstrikedcs reviewed Sep 1, 2023
View reviewed changes
src/falconpy/_payload/_incidents.py Outdated
@@ -41,6 +41,7 @@ def incident_action_parameters(passed_keywords: dict) -> list:
"""Create a properly formatted action_parameters branch for incident action payload operations.

Available keywords
add_comment - Adds the associated value as a new cmoment on all the incidents in the ids list.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Spelling, not sure if this is coming in from generated docs

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doh! Nice catch, correcting now.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be resolved.

@jshcodes jshcodes merged commit 99d5f91 into main Sep 1, 2023
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crowdstrikedcs crowdstrikedcs crowdstrikedcs approved these changes

@jlangdev jlangdev jlangdev approved these changes

Assignees

@jshcodes jshcodes

Labels
Cloud Snapshots Issues or questions related to Cloud Snapshots container Falcon Container questions or issues documentation 📖 Improvements or additions to documentation Falcon Complete Falcon Complete Dashboard issues and questions FileVantage FileVantage issues or questions identity protection Identity Protection issues and questions package Pull requests that update the core package pipeline CI/CD related unit testing Pull requests that include unit testing updates
Projects
None yet
Milestone
No milestone
3 participants
@jshcodes @jlangdev @crowdstrikedcs