Added Sample - Host Search Advanced

[David-M-Berry]

Host Search Advanced - Sample

I wanted to introduce some more flexibility for host searches. A potential use case could be to discover additional endpoints where the domain is known, or the naming pattern is known, but not all endpoints have been added to a regular search where the exact FQDN is used.

The host_search_advanced.py will take a partial match in order to find all hosts matching the given pattern in a hostname file. This can help with the above mentioned reconciliation.

Additionally, the updated host read function to ignore comments in the hostname file has been incorporated, this keeping output.csv files cleaner.

The READEME.md has also been updated to explain this.

• Enhancement
• Documentation
• Code sample

Bandit analysis

parallels@ubuntu-linux-22-04-desktop:~/git-projects$ bandit -r host_search_advanced.py 
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[main]	INFO	running on Python 3.10.12
Run started:2024-06-04 03:25:40.398734

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 113
	Total lines skipped (#nosec): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
Files skipped (0):

Added features and functionality

This script retains the original functionality of host_search.py above, but adds in functionality for partial matches of hostnames. This will help with endpoint discovery where the domain is known, or a pattern of host naming is known, but not all endpoints have been discovered.

This script will also ignore comments in a hostname file, thus keeping the output.csv cleaner.

To read an input file of hostnames, the -f option (used in the original host_search.py) has been changed to -i. This made more sense considering the more "insensitive" nature of the search, and makes a visual idendification of the full command easier if you use both the original host_search.py, and the host_search_advanced.py. A potential use case could be to discover hosts using the 'advanced' search, in order to reconcile with hostname files for use with the original host search.

Command-line help

Command-line help is available via the -h argument.

usage: host_search_advanced.py [-h] [-d] [-n HOSTNAME] [-i INPUT_FILE] [-o OUTPUT_PATH]
                               [-k CLIENT_ID] [-s CLIENT_SECRET]
     

  _   _           _     ____                      _      
 | | | | ___  ___| |_  / ___|  ___  __ _ _ __ ___| |__   
 | |_| |/ _ \/ __| __| \___ \ / _ \/ _` | '__/ __| '_ \  
 |  _  | (_) \__ \ |_   ___) |  __/ (_| | | | (__| | | | 
 |_| |_|\___/|___/\__| |____/ \___|\__,_|_|  \___|_| |_| 
     _       _                               _           
    / \   __| |_   ____ _ _ __   ___ ___  __| |          
   / _ \ / _` \ \ / / _` | '_ \ / __/ _ \/ _` |          
  / ___ \ (_| |\ V / (_| | | | | (_|  __/ (_| |          
 /_/   \_\__,_| \_/ \__,_|_| |_|\___\___|\__,_|   

                                                        
This script will take a file listing of hostnames (one host per line) or
a single hostname provided at runtime to produce a CSV containing the 
details for hosts that are found. This solution can be used to compare a
list of hostnames to the list of hosts in the Falcon Console to determine
which hostnames are not currently reporting in to the console, or to discover hosts based on a partial match of the hostname. Comments in input files are also ommitted from lookup, thus keeping the output.csv clean, and allowing you to work with more useful host name files/inventory.

Developed by @Don-Swanson-Adobe, additional functionality by @David-M-Berry

options:
  -h, --help            show this help message and exit
  -d, --debug           Enable API debugging
  -n HOSTNAME, --hostname HOSTNAME
                        Hostname to search for
  -i INPUT_FILE, --input_file INPUT_FILE
                        Text file containing hostnames to search for
  -o OUTPUT_PATH, --output_path OUTPUT_PATH
                        Location to store CSV output

Required arguments:
  -k CLIENT_ID, --client_id CLIENT_ID
                        CrowdStrike Falcon API key
  -s CLIENT_SECRET, --client_secret CLIENT_SECRET
                        CrowdStrike Falcon API secret

Other

Source Code: host_search_advanced.py
Updated Documentation: README.md

[jshcodes]

Linting errors are related to changes introduced in the latest version of pylint. These are being addressed in the dev branch and will be resolved when the samples branch is rebased against main prior to merge.

[jshcodes]

This new sample will merge to main after the current dev branch version (v1.4.4) merges. Thank you for your contribution! 🙇 🚀