Version 1.4.2 - New operations and updates, expanded Environment Authentication

.github/wordlist.txt

@@ -1339,3 +1339,25 @@ batchgetcmd
 batchgetcmdstatus
 deletefilev
 listfilesv
+ArchiveUploadV
+WorkflowMockExecute
+WorkflowExecuteInternal
+GetSensorInstallersByQueryV
+GetSensorInstallersEntitiesV
+DownloadSensorInstallerByIdV
+GetCombinedSensorInstallersByQueryV
+QueryMitreAttacksForMalware
+QueryMalware
+GetMalwareEntities
+IngestDataAsyncV
+AggregateSupportIssues
+hostsV
+iot
+ValidateCSPMGCPServiceAccountExt
+GetCSPMGCPValidateAccountsExt
+DeleteCSPMAzureManagementGroup
+GetRuntimeDetectionsCombinedV
+GetScanReport
+CreateDeploymentEntity
+ReadDeploymentsEntities
+ReadDeploymentsCombined

.github/workflows/unit_testing_eu1.yml

@@ -24,7 +24,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v5
       with:
-        python-version: '3.10'
+        python-version: '3.9'
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip

.github/workflows/unit_testing_ubuntu.yml

@@ -20,7 +20,7 @@ jobs:
     strategy:
       matrix:
         # os: [macos-latest, windows-latest, ubuntu-latest]
-        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11', '3.12', '3.13-dev']
+        python-version: ['3.10', '3.11', '3.12', '3.13-dev']
     # runs-on: ${{ matrix.os }}
     runs-on: ubuntu-latest
     steps:

.github/workflows/unit_testing_us2.yml

@@ -21,7 +21,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v5
       with:
-        python-version: '3.10'
+        python-version: '3.8'
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip

.github/workflows/unit_testing_usgov1.yml

@@ -21,7 +21,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v5
       with:
-        python-version: '3.10'
+        python-version: '3.7'
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip

AUTHORS.md

@@ -102,11 +102,11 @@ Without the support of these executives, the FalconPy project would not have hap
 | Name | Role |
 | :-- | :-- |
 | Chris Kachigian, `@ckachigian` | Herder of Cats |
-| Rekha Das | Gatekeeper |
 | Robbie Coleman, `@erraggy` | Keymaster |
 | Mike Cryer | Colonel-in-Chief |
 
 #### Honorable mentions
++ Rekha Das
 + Jaime Franklin, `@franklinjff`
 + Shawn Wells, `@shawndwells`
 

CHANGELOG.md

@@ -1,3 +1,164 @@
+# Version 1.4.2
+## Added features and functionality
++ Expanded: Environment Authentication functionality has been expanded to allow developers to customize the names of the environment keys used to store API credentials.
+    - `_auth_object/_falcon_interface.py`
+    - `_auth_object/_uber_interface.py`
+    - `oauth2.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_authentications.py`
+    ```python
+    from falconpy import Hosts
+    # We can now define the prefix and the names of the
+    # environment values used for API key lookups
+    environment_keys = {
+        "prefix": "CROWDSTRIKE_",
+        "id_name": "API_ID",
+        "secret_name": "API_SECRET"
+    }
+    # These values are provided as a dictionary to the class
+    hosts = Hosts(environment=environment_keys)
+    # Usage of the class is the same
+    results = hosts.query_devices_by_filter_scroll()
+    ```
+
++ Added: `include_hidden` argument added to the _PostAggregatesAlertsV2_, _PatchEntitiesAlertsV3_, _PostEntitiesAlertsV2_ and _GetQueriesAlertsV2_ operations within the __Alerts__ Service Class.
+    - `alerts.py`
+
++ Added: Added 4 new operations to the __Cloud Snapshots__ service collection.
+    - _ReadDeploymentsCombined_
+    - _ReadDeploymentsEntities_
+    - _CreateDeploymentEntity_
+    - _GetScanReport_
+    - `_endpoint/_cloud_snapshots.py`
+    - `_payload/__init__.py`
+    - `_payload/_cloud_snapshots.py`
+    - `cloud_snapshots.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_cloud_snapshots.py`
+
++ Added: Added _GetRuntimeDetectionsCombinedV2_ to the __Container Detections__ service collection.
+    - `_endpoint/_container_detections.py`
+    - `container_detections.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_container_detections.py`
+
++ Added: Added 3 new operations to the __CSPM Registration__ service collection.
+    - _DeleteCSPMAzureManagementGroup_
+    - _GetCSPMGCPValidateAccountsExt_
+    - _ValidateCSPMGCPServiceAccountExt_
+    - `_endpoint/_cspm_registration.py`
+    - `_payload/__init__.py`
+    - `_payload/_cspm_registration.py`
+    - `cspm_registration.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_cspm_registration.py`
+
++ Added: Added _query_iot_hostsV2_ operation to the __Discover__ service collection.
+    - `_endpoint/_discover.py`
+    - `_endpoint/deprecated/_discover.py`
+    - `discover.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_discover.py`
+
++ Added: Added _AggregateSupportIssues_ operation to the __Falcon Complete Dashboard__ service collection.
+    - `_endpoint/_falcon_complete_dashboard.py`
+    - `falcon_complete_dashboard.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_falcon_complete_dashboard.py`
+
++ Added: Added _IngestDataAsyncV1_ operation to the __Foundry LogScale__ service collection.
+    - `_endpoint/_foundry_logscale.py`
+    - `foundry_logscale.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_foundry_logscale.py`
+
++ Added: Added `infer_json_types` and `match_response_schema` arguments to the _CreateSavedSearchesDynamicExecuteV1_, _GetSavedSearchesExecuteV1_ and _CreateSavedSearchesExecuteV1_ operations within the __Foundry LogScale__ service collection.
+    - `_endpoint/_foundry_logscale.py`
+    - `foundry_logscale.py`
+
++ Added: Added `infer_json_types` argument to the _GetSavedSearchesJobResultsDownloadV1_ operation within the __Foundry LogScale__ service collection.
+    - `_endpoint/_foundry_logscale.py`
+    - `foundry_logscale.py`
+
++ Added: Added 3 new operations to the __Intel__ service collection.
+    - _GetMalwareEntities_
+    - _QueryMalware_
+    - _QueryMitreAttacksForMalware_
+    - `_endpoint/_intel.py`
+    - `intel.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_intel.py`
+
++ Added: Added 4 new operations to the __Sensor Download__ service collection.
+    - _GetCombinedSensorInstallersByQueryV2_
+    - _DownloadSensorInstallerByIdV2_
+    - _GetSensorInstallersEntitiesV2_
+    - _GetSensorInstallersByQueryV2_
+    - `_endpoint/_sensor_download.py`
+    - `sensor_download.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_sensor_download.py`
+
++ Added: Added `sanitize` argument to the _WorkflowDefinitionsExport_ operation within the __Workflows__ service collection.
+    - `_endpoint/_workflows.py`
+    - `workflows.py`
+
++ Added: Added 2 new operations to the __Workflows__ service collection.
+    - _WorkflowExecuteInternal_
+    - _WorkflowMockExecute_
+    - `_endpoint/workflows.py`
+    - `_payload/__init__.py`
+    - `_payload/_workflows.py`
+    - `workflows.py`
+    > Unit testing expanded to complete code coverage.
+    - `tests/test_workflows.py`
+
+## Issue resolved
++ Fixed: Resolved parsing issue with formData arguments provided to the _ArchiveUploadV2_ operation within the __SampleUploads__ Service Class. Closes #1122.
+    - `sample_uploads.py`
+
++ Fixed: Resolved conversion issue with query string boolean parameters not being properly converted to lowercase before API submission. Closes #1129.
+    - `_util/_functions.py`
+
+## Other
++ Updated: Updated `body` argument description for the _PatchEntitiesAlertsV3_ operation within the endpoint module.
+    - `_endpoint/_alerts.py`
+
++ Updated: Added `highest_cps_current_rating` as an allowed sort parameter to the _ReadCombinedImagesExport_ operation within the __Container Images__ service collection.
+    - `_endpoint/_container_images.py`
+
++ Updated: Added `watch_permissions_key_changes` option to the _createRules_ operation within the __FileVantage__ service collection.
+    - `_endpoint/_filevantage.py`
+
++ Updated: Updated operation and argument descriptions in the deprecated __IOCS__ service collection.
+    - `_endpoint/_iocs.py`
+
++ Updated: Added `prevented` as an allowed filter to the _ReadKubernetesIomByDateRange_, _ReadKubernetesIomCount_, _SearchAndReadKubernetesIomEntities_ and _SearchKubernetesIoms_ operations within the __Kubernetes Protection__ service collection.
+    - `_endpoint/_kubernetes_protection.py`
+
++ Updated: Updated the `body` argument description for the _BatchAdminCmd_ and _RTR_ExecuteAdminCommand_ operations within the __Real Time Response Admin__ service collection.
+    - `_endpoint/_real_time_response_admin.py`
+    - `_endpoint/deprecated/_real_time_response_admin.py`
+
++ Updated: Updated the `body` argument description for the _BatchActiveResponderCmd_, _BatchCmd_, _RTR_ExecuteActiveResponderCommand_, and _RTR_ExecuteCommand_ operations within the __Real Time Response__ service collection.
+    - `_endpoint/_real_time_response.py`
+    - `_endpoint/deprecated/_real_time_response.py`
+
++ Removed: The _CreateInventory_ operation is removed from the __Cloud Snapshots__ Service Class.
+    - `_payload/__init__.py`
+    - `_payload/_cloud_snapshots.py`
+    - `cloud_snapshots.py`
+    > Unit testing updated to reflect current functionality.
+    - `tests/test_cloud_snapshots.py`
+
++ Removed: The _WorkflowDefinitionsCreate_ operation is removed from the __Workflows__ service collection.
+    - `_endpoint/_workflows.py`
+    - `workflows.py`
+    > Unit testing updated to reflect current functionality.
+    - `tests/test_workflows.py`
+
+---
+
 # Version 1.4.1
 ## Added features and functionality
 + Added: `include_hidden` argument added to the _PostAggregatesAlertsV2_, _PostEntitiesAlertsV2_, _PatchEntitiesAlertsV3_ and _GetQueriesAlertsV2_ operations.

README.md

@@ -9,7 +9,7 @@
 [![Release date](https://img.shields.io/github/release-date/CrowdStrike/falconpy)](https://github.com/CrowdStrike/falconpy/releases)
 [![Repo status](https://img.shields.io/osslifecycle/crowdstrike/falconpy?label=repo%20status)](https://github.com/CrowdStrike/falconpy/graphs/code-frequency)
 [![Commit activity](https://img.shields.io/github/commits-since/CrowdStrike/falconpy/latest)](https://github.com/CrowdStrike/falconpy/commits/main)
-![GitHub forks](https://img.shields.io/github/forks/crowdstrike/falconpy)
+![GitHub forks](https://img.shields.io/github/forks/crowdstrike/falconpy?style=flat)
 
 The FalconPy SDK contains a collection of Python classes that abstract CrowdStrike Falcon OAuth2 API interaction, removing duplicative code and allowing developers to focus on just the logic of their solution requirements.
 
@@ -83,6 +83,7 @@ For each CrowdStrike Falcon API service collection, a matching Service Class is
 
 - Closely follows Python and OpenAPI best practice for code style and syntax. PEP-8 compliant.
 - Completely abstracts token management, automatically refreshing your token when it expires.
+- Interact with newly released API operations not yet available in the library via the `override` method.
 - Provides simple programmatic patterns for interacting with CrowdStrike Falcon APIs.
 - Supports [cloud region autodiscovery](https://www.falconpy.io/Usage/Environment-Configuration.html#cloud-region-autodiscovery) for the CrowdStrike `US-1`, `US-2` and `EU-1` regions.
 - Supports dynamic [configuration](https://www.falconpy.io/Usage/Environment-Configuration.html) based upon the needs of your environment.

src/falconpy/_auth_object/_falcon_interface.py

@@ -90,7 +90,8 @@ def __init__(self,
                  debug: Optional[bool] = False,
                  debug_record_count: Optional[int] = None,
                  sanitize_log: Optional[bool] = None,
-                 pythonic: Optional[bool] = False
+                 pythonic: Optional[bool] = False,
+                 environment: Optional[Dict[str, str]] = None
                  ) -> "FalconInterface":
         """Construct an instance of the FalconInterface class."""
         # Set the pythonic behavior mode.
@@ -149,15 +150,16 @@ def __init__(self,
                                      )
 
         # Environment Authentication
+        # User configuration environment keys
+        self._environment = environment if environment else {}
         # When credentials are not provided, attempt to retrieve them from the environment.
         if not self.cred_format_valid and not self.token_value:
             # Both variables must be present within the running environment.
-            if os.getenv("FALCON_CLIENT_ID") and os.getenv("FALCON_CLIENT_SECRET"):
-                api_id = os.getenv("FALCON_CLIENT_ID") if "client_id" not in self.creds else self.creds["client_id"]
-                if "client_secret" not in self.creds:
-                    api_sec = os.getenv("FALCON_CLIENT_SECRET")
-                else:
-                    api_sec = self.creds["client_secret"]
+            if os.getenv(f"{self.env_prefix}{self.env_key}") and os.getenv(f"{self.env_prefix}{self.env_secret}"):
+                api_id = os.getenv(f"{self.env_prefix}{self.env_key}") \
+                    if "client_id" not in self.creds else self.creds["client_id"]
+                api_sec = os.getenv(f"{self.env_prefix}{self.env_secret}") \
+                    if "client_secret" not in self.creds else self.creds["client_secret"]
                 # Environment Authentication will not override values that preexist in the creds dictionary.
                 self._creds = {
                     "client_id": api_id,
@@ -511,3 +513,18 @@ def pythonic(self) -> bool:
     def pythonic(self, value: bool):
         """Enable or disable pythonic mode."""
         self._pythonic = value
+
+    @property
+    def env_prefix(self) -> str:
+        """Return the environment prefix."""
+        return self._environment.get("prefix", "FALCON_")
+
+    @property
+    def env_key(self) -> str:
+        """Return the environment API key name."""
+        return self._environment.get("id_name", "CLIENT_ID")
+
+    @property
+    def env_secret(self) -> str:
+        """Return the environment API key secret."""
+        return self._environment.get("secret_name", "CLIENT_SECRET")

src/falconpy/_auth_object/_uber_interface.py

@@ -77,7 +77,8 @@ def __init__(self,
                  debug: Optional[bool] = False,
                  debug_record_count: Optional[int] = MAX_DEBUG_RECORDS,
                  sanitize_log: Optional[bool] = None,
-                 pythonic: Optional[bool] = None
+                 pythonic: Optional[bool] = None,
+                 environment: Optional[Dict[str, str]] = None
                  ):
         """Construct an instance of the UberInterface class.
 
@@ -126,7 +127,8 @@ def __init__(self,
                          debug=debug,
                          debug_record_count=debug_record_count,
                          sanitize_log=sanitize_log,
-                         pythonic=pythonic
+                         pythonic=pythonic,
+                         environment=environment
                          )
 
         # Complete list of available API operations.

src/falconpy/_endpoint/_alerts.py

@@ -169,7 +169,8 @@
         "in": "query"
       },
       {
-        "description": "request body takes a list of action parameter request that is applied against all \"ids\" provided",
+        "description": "request body takes a list of action parameter request that is applied against all "
+        "\"composite_ids\" provided",
         "name": "body",
         "in": "body",
         "required": True