Version 1.3.3 - New Custom Storage, Foundry LogScale, Real Time Response Audit and Workflows service collections #1062

jshcodes · 2023-11-02T19:04:41Z

FalconPy v1.3.3

This update provides 4 new service collections encompassing 21 new operations. Several bug fixes are also included.

Enhancement
Bug fixes
Updated unit tests

Unit test coverage

===================================== 376 passed, 1 skipped in 543.79s (0:09:03) ===
Name                                                             Stmts   Miss  Cover
------------------------------------------------------------------------------------
src/falconpy/__init__.py                                            82      0   100%
src/falconpy/_api_request/__init__.py                                7      0   100%
src/falconpy/_api_request/_request.py                              109      0   100%
src/falconpy/_api_request/_request_behavior.py                      55      0   100%
src/falconpy/_api_request/_request_connection.py                    33      0   100%
src/falconpy/_api_request/_request_meta.py                          26      0   100%
src/falconpy/_api_request/_request_payloads.py                      31      0   100%
src/falconpy/_api_request/_request_validator.py                     17      0   100%
src/falconpy/_auth_object/__init__.py                                6      0   100%
src/falconpy/_auth_object/_base_falcon_auth.py                      13      0   100%
src/falconpy/_auth_object/_bearer_token.py                          63      0   100%
src/falconpy/_auth_object/_falcon_interface.py                     245      0   100%
src/falconpy/_auth_object/_interface_config.py                      40      0   100%
src/falconpy/_auth_object/_uber_interface.py                        37      0   100%
src/falconpy/_constant/__init__.py                                  11      0   100%
src/falconpy/_endpoint/__init__.py                                 152      0   100%
src/falconpy/_endpoint/_alerts.py                                    1      0   100%
src/falconpy/_endpoint/_cloud_connect_aws.py                         1      0   100%
src/falconpy/_endpoint/_cloud_snapshots.py                           1      0   100%
src/falconpy/_endpoint/_cspm_registration.py                         1      0   100%
src/falconpy/_endpoint/_custom_ioa.py                                1      0   100%
src/falconpy/_endpoint/_custom_storage.py                            1      0   100%
src/falconpy/_endpoint/_d4c_registration.py                          1      0   100%
src/falconpy/_endpoint/_detects.py                                   1      0   100%
src/falconpy/_endpoint/_device_control_policies.py                   1      0   100%
src/falconpy/_endpoint/_discover.py                                  1      0   100%
src/falconpy/_endpoint/_event_streams.py                             1      0   100%
src/falconpy/_endpoint/_falcon_complete_dashboard.py                 1      0   100%
src/falconpy/_endpoint/_falcon_container.py                          1      0   100%
src/falconpy/_endpoint/_falconx_sandbox.py                           1      0   100%
src/falconpy/_endpoint/_fdr.py                                       1      0   100%
src/falconpy/_endpoint/_filevantage.py                               1      0   100%
src/falconpy/_endpoint/_firewall_management.py                       1      0   100%
src/falconpy/_endpoint/_firewall_policies.py                         1      0   100%
src/falconpy/_endpoint/_foundry_logscale.py                          1      0   100%
src/falconpy/_endpoint/_host_group.py                                1      0   100%
src/falconpy/_endpoint/_hosts.py                                     1      0   100%
src/falconpy/_endpoint/_identity_protection.py                       1      0   100%
src/falconpy/_endpoint/_incidents.py                                 1      0   100%
src/falconpy/_endpoint/_installation_tokens.py                       1      0   100%
src/falconpy/_endpoint/_intel.py                                     1      0   100%
src/falconpy/_endpoint/_ioa_exclusions.py                            1      0   100%
src/falconpy/_endpoint/_ioc.py                                       1      0   100%
src/falconpy/_endpoint/_iocs.py                                      1      0   100%
src/falconpy/_endpoint/_kubernetes_protection.py                     1      0   100%
src/falconpy/_endpoint/_malquery.py                                  1      0   100%
src/falconpy/_endpoint/_message_center.py                            1      0   100%
src/falconpy/_endpoint/_ml_exclusions.py                             1      0   100%
src/falconpy/_endpoint/_mobile_enrollment.py                         1      0   100%
src/falconpy/_endpoint/_mssp.py                                      1      0   100%
src/falconpy/_endpoint/_oauth2.py                                    1      0   100%
src/falconpy/_endpoint/_ods.py                                       1      0   100%
src/falconpy/_endpoint/_overwatch_dashboard.py                       1      0   100%
src/falconpy/_endpoint/_prevention_policies.py                       1      0   100%
src/falconpy/_endpoint/_quarantine.py                                1      0   100%
src/falconpy/_endpoint/_quick_scan.py                                1      0   100%
src/falconpy/_endpoint/_real_time_response.py                        1      0   100%
src/falconpy/_endpoint/_real_time_response_admin.py                  1      0   100%
src/falconpy/_endpoint/_real_time_response_audit.py                  1      0   100%
src/falconpy/_endpoint/_recon.py                                     1      0   100%
src/falconpy/_endpoint/_report_executions.py                         1      0   100%
src/falconpy/_endpoint/_response_policies.py                         1      0   100%
src/falconpy/_endpoint/_sample_uploads.py                            1      0   100%
src/falconpy/_endpoint/_scheduled_reports.py                         1      0   100%
src/falconpy/_endpoint/_sensor_download.py                           1      0   100%
src/falconpy/_endpoint/_sensor_update_policies.py                    1      0   100%
src/falconpy/_endpoint/_sensor_visibility_exclusions.py              1      0   100%
src/falconpy/_endpoint/_spotlight_evaluation_logic.py                1      0   100%
src/falconpy/_endpoint/_spotlight_vulnerabilities.py                 1      0   100%
src/falconpy/_endpoint/_tailored_intelligence.py                     1      0   100%
src/falconpy/_endpoint/_user_management.py                           1      0   100%
src/falconpy/_endpoint/_workflows.py                                 1      0   100%
src/falconpy/_endpoint/_zero_trust_assessment.py                     1      0   100%
src/falconpy/_endpoint/deprecated/__init__.py                       35      0   100%
src/falconpy/_endpoint/deprecated/_custom_ioa.py                     1      0   100%
src/falconpy/_endpoint/deprecated/_d4c_registration.py               1      0   100%
src/falconpy/_endpoint/deprecated/_discover.py                       1      0   100%
src/falconpy/_endpoint/deprecated/_fdr.py                            1      0   100%
src/falconpy/_endpoint/deprecated/_firewall_management.py            1      0   100%
src/falconpy/_endpoint/deprecated/_hosts.py                          1      0   100%
src/falconpy/_endpoint/deprecated/_identity_protection.py            1      0   100%
src/falconpy/_endpoint/deprecated/_installation_tokens.py            1      0   100%
src/falconpy/_endpoint/deprecated/_ioc.py                            1      0   100%
src/falconpy/_endpoint/deprecated/_iocs.py                           1      0   100%
src/falconpy/_endpoint/deprecated/_mapping.py                        2      0   100%
src/falconpy/_endpoint/deprecated/_ods.py                            1      0   100%
src/falconpy/_endpoint/deprecated/_real_time_response.py             1      0   100%
src/falconpy/_endpoint/deprecated/_real_time_response_admin.py       1      0   100%
src/falconpy/_endpoint/deprecated/_report_executions.py              1      0   100%
src/falconpy/_endpoint/deprecated/_scheduled_reports.py              1      0   100%
src/falconpy/_endpoint/deprecated/_zero_trust_assessment.py          1      0   100%
src/falconpy/_enum/__init__.py                                       4      0   100%
src/falconpy/_enum/_base_url.py                                      7      0   100%
src/falconpy/_enum/_container_base_url.py                            6      0   100%
src/falconpy/_enum/_token_fail_reason.py                             4      0   100%
src/falconpy/_error/__init__.py                                      3      0   100%
src/falconpy/_error/_exceptions.py                                  68      0   100%
src/falconpy/_error/_warnings.py                                    73      0   100%
src/falconpy/_log/__init__.py                                        2      0   100%
src/falconpy/_log/_facility.py                                      34      0   100%
src/falconpy/_payload/__init__.py                                   30      0   100%
src/falconpy/_payload/_alerts.py                                    11      0   100%
src/falconpy/_payload/_cloud_connect_aws.py                         23      0   100%
src/falconpy/_payload/_cloud_snapshots.py                           36      0   100%
src/falconpy/_payload/_container.py                                 27      0   100%
src/falconpy/_payload/_cspm_registration.py                         53      0   100%
src/falconpy/_payload/_d4c_registration.py                          38      0   100%
src/falconpy/_payload/_detects.py                                   15      0   100%
src/falconpy/_payload/_device_control_policy.py                     33      0   100%
src/falconpy/_payload/_falconx.py                                   25      0   100%
src/falconpy/_payload/_filevantage.py                               34      0   100%
src/falconpy/_payload/_firewall.py                                 130      0   100%
src/falconpy/_payload/_foundry.py                                   16      0   100%
src/falconpy/_payload/_generic.py                                   66      0   100%
src/falconpy/_payload/_host_group.py                                31      0   100%
src/falconpy/_payload/_incidents.py                                 15      0   100%
src/falconpy/_payload/_ioa.py                                       35      0   100%
src/falconpy/_payload/_ioc.py                                       52      0   100%
src/falconpy/_payload/_malquery.py                                  56      0   100%
src/falconpy/_payload/_message_center.py                            22      0   100%
src/falconpy/_payload/_mssp.py                                      15      0   100%
src/falconpy/_payload/_ods.py                                       13      0   100%
src/falconpy/_payload/_prevention_policy.py                         19      0   100%
src/falconpy/_payload/_real_time_response.py                        27      0   100%
src/falconpy/_payload/_recon.py                                     84      0   100%
src/falconpy/_payload/_reports.py                                   19      0   100%
src/falconpy/_payload/_response_policy.py                           19      0   100%
src/falconpy/_payload/_sample_uploads.py                             9      0   100%
src/falconpy/_payload/_sensor_update_policy.py                      30      0   100%
src/falconpy/_payload/_workflows.py                                 21      0   100%
src/falconpy/_result/__base_resource.py                             28      0   100%
src/falconpy/_result/__init__.py                                     9      0   100%
src/falconpy/_result/_base_dictionary.py                            31      0   100%
src/falconpy/_result/_errors.py                                      2      0   100%
src/falconpy/_result/_expanded_result.py                             7      0   100%
src/falconpy/_result/_headers.py                                    24      0   100%
src/falconpy/_result/_meta.py                                       27      0   100%
src/falconpy/_result/_resources.py                                  14      0   100%
src/falconpy/_result/_response_component.py                         24      0   100%
src/falconpy/_result/_result.py                                    204      0   100%
src/falconpy/_service_class/__init__.py                              3      0   100%
src/falconpy/_service_class/_base_service_class.py                 118      0   100%
src/falconpy/_service_class/_service_class.py                       87      0   100%
src/falconpy/_util/__init__.py                                       5      0   100%
src/falconpy/_util/_auth.py                                         18      0   100%
src/falconpy/_util/_functions.py                                   385      0   100%
src/falconpy/_util/_service.py                                       3      0   100%
src/falconpy/_util/_uber.py                                         50      0   100%
src/falconpy/_version.py                                            33      0   100%
src/falconpy/alerts.py                                              33      0   100%
src/falconpy/api_complete/__init__.py                                3      0   100%
src/falconpy/api_complete/_advanced.py                              57      0   100%
src/falconpy/api_complete/_legacy.py                               202      0   100%
src/falconpy/cloud_connect_aws.py                                   48      0   100%
src/falconpy/cloud_snapshots.py                                     21      0   100%
src/falconpy/cspm_registration.py                                  135      0   100%
src/falconpy/custom_ioa.py                                          86      0   100%
src/falconpy/custom_storage.py                                      68      0   100%
src/falconpy/d4c_registration.py                                    96      0   100%
src/falconpy/detects.py                                             32      0   100%
src/falconpy/device_control_policies.py                             78      0   100%
src/falconpy/discover.py                                            35      0   100%
src/falconpy/event_streams.py                                       20      0   100%
src/falconpy/falcon_complete_dashboard.py                           87      0   100%
src/falconpy/falcon_container.py                                    57      0   100%
src/falconpy/falconx_sandbox.py                                     86      0   100%
src/falconpy/fdr.py                                                 23      0   100%
src/falconpy/filevantage.py                                        127      0   100%
src/falconpy/firewall_management.py                                139      0   100%
src/falconpy/firewall_policies.py                                   71      0   100%
src/falconpy/foundry_logscale.py                                    42      0   100%
src/falconpy/host_group.py                                          61      0   100%
src/falconpy/hosts.py                                              106      0   100%
src/falconpy/identity_protection.py                                 34      0   100%
src/falconpy/incidents.py                                           41      0   100%
src/falconpy/installation_tokens.py                                 43      0   100%
src/falconpy/intel.py                                               93      0   100%
src/falconpy/ioa_exclusions.py                                      33      0   100%
src/falconpy/ioc.py                                                 82      0   100%
src/falconpy/iocs.py                                                40      0   100%
src/falconpy/kubernetes_protection.py                               94      0   100%
src/falconpy/malquery.py                                            50      0   100%
src/falconpy/message_center.py                                      81      0   100%
src/falconpy/ml_exclusions.py                                       35      0   100%
src/falconpy/mobile_enrollment.py                                   18      0   100%
src/falconpy/mssp.py                                               174      0   100%
src/falconpy/oauth2.py                                              30      0   100%
src/falconpy/ods.py                                                 68      0   100%
src/falconpy/overwatch_dashboard.py                                 31      0   100%
src/falconpy/prevention_policy.py                                   62      0   100%
src/falconpy/quarantine.py                                          46      0   100%
src/falconpy/quick_scan.py                                          27      0   100%
src/falconpy/real_time_response.py                                 127      0   100%
src/falconpy/real_time_response_admin.py                            75      0   100%
src/falconpy/real_time_response_audit.py                            10      0   100%
src/falconpy/recon.py                                              128      0   100%
src/falconpy/report_executions.py                                   24      0   100%
src/falconpy/response_policies.py                                   61      0   100%
src/falconpy/sample_uploads.py                                      75      0   100%
src/falconpy/scheduled_reports.py                                   20      0   100%
src/falconpy/sensor_download.py                                     33      0   100%
src/falconpy/sensor_update_policy.py                               110      0   100%
src/falconpy/sensor_visibility_exclusions.py                        33      0   100%
src/falconpy/spotlight_evaluation_logic.py                          23      0   100%
src/falconpy/spotlight_vulnerabilities.py                           31      0   100%
src/falconpy/tailored_intelligence.py                               41      0   100%
src/falconpy/user_management.py                                    138      0   100%
src/falconpy/workflows.py                                           38      0   100%
src/falconpy/zero_trust_assessment.py                               23      0   100%
------------------------------------------------------------------------------------
TOTAL                                                             7099      0   100%

Bandit analysis

[main]	INFO	running on Python 3.9.17

Run started:2023-11-02 18:12:57.649761

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 56229
	Total lines skipped (#nosec): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
Files skipped (0):

Added features and functionality

Added: Deprecation warnings for deprecated classes and operations. Closes [ ENH ] Warn when constructing a deprecated class or calling a deprecated method #1055.
- _endpoint/__init__.py
- _endpoint/deprecated/__init__.py
- _endpoint/deprecated/_mapping.py
- _error/__init__.py
- _error/_warnings.py
- _service_class/_service_class.py
- _util/__init__.py
- _util/_functions.py
Added: New Custom Storage service collection.
- __init__.py
- _endpoint/__init__.py
- _endpoint/_custom_storage.py
- _util/_functions.py
- custom_storage.py
Expanded unit testing to complete code coverage.
- tests/test_custom_storage.py
The following new operations are provided by this service collection:
- ListObjects
- SearchObjects
- GetObject
- PutObject
- DeleteObject
- GetObjectMetadata
Added: New Workflows service collection.
- __init__.py
- _endpoint/__init__.py
- _endpoint/_workflows.py
- _endpoint/_workflows.py
- _payload/__init__.py
- _payload/_generic.py
- _payload/_workflows.py
- workflows.py
Expanded unit testing to complete code coverage.
- tests/test_workflows.py
The following new operations are provided by this service collection:
- WorkflowExecute
- WorkflowExecutionsAction
- WorkflowExecutionResults
- WorkflowSystemsDefinitionsDeProvision
- WorkflowSystemsDefinitionsPromote
- WorkflowSystemsDefinitionsProvision
Added: New Real Time Response Audit service collection.
- __init__.py
- _endpoint/__init__.py
- _endpoint/_real_time_response_audit.py
- real_time_response_audit.py
Expanded unit testing to complete code coverage.
- tests/test_real_time_response_audit.py
The following new operations are provided by this service collection:
- RTRAuditSessions
Added: New Foundry LogScale service collection.
- __init__.py
- _endpoint/__init__.py
- _endpoint/_foundry_logscale.py
- _payload/__init__.py
- _payload/_foundry.py
- foundry_logscale.py
Expanded unit testing to complete code coverage.
- tests/test_foundry_logscale.py
The following new operations are provided by this service collection:
- ListReposV1
- ListViewV1
- IngestDataV1
- CreateSavedSearchesDynamicExecuteV1
- GetSavedSearchesExecuteV1
- CreateSavedSearchesExecuteV1
- CreateSavedSearchesIngestV1
- GetSavedSearchesJobResultsDownloadV1

Issues resolved

Fixed: Error when trying to directly import falconpy module (no package installation). Closes [ BUG ] Support module imports #1056.
- _auth_object/_falcon_interface.py
- _util/_functions.py
- Thanks go out to @tsullivan06 for identifying and reporting this issue. 🙇
Fixed: Legacy Uber Class is not logging Operation ID in debug logs. Closes [ BUG ] Legacy Uber Class is not logging operation IDs #1057.
- api_complete/_legacy.py
Fixed: Can not use add-rule-group and remove-rule-group actions with the performFirewallPoliciesAction operation. Closes [ BUG ] FirewallPolicy.performFirewallPoliciesAction returns 500 error with 'add-rule-group'. #1059.
- firewall_policies.py
- Thanks go out to @api-clobberer for identifying and reporting this issue. 🙇

jshcodes added 20 commits October 23, 2023 22:35

Add deprecation warnings. Closes #1055.

eac3f89

Support module imports. Closes #1056.

7435d9d

Log operation IDs used from the legacy Uber class. Closes #1057.

75dc563

Add Custom Storage service collection

91e4e67

Pass empty dictionary, process all passed args

829ccd6

Fix type hints

80f7440

Add Workflows service collection

a8ab080

Add Real Time Response Audit service collection

4ffe865

Add Foundry LogScale service collection

6b6e7fe

Bump version -> 1.3.3

fb098be

Update README.md

329dd77

Update CHANGELOG.md

03ff0ad

Workflows constants

66bafd9

Abstract path handler from process_service_request

8e19755

Publicly expose deprecation warnings

f87e003

Add custom storage path variable Uber support

8090863

Expand custom storage unit testing

bffd863

Expand deprecation warning unit testing

b01bcb8

Add missing actions to validation. Closes #1059.

d18888b

Add linting to all-inclusive test series

4117667

jshcodes requested a review from crowdstrikedcs as a code owner November 2, 2023 19:04

github-actions bot added documentation 📖 Improvements or additions to documentation unit testing Pull requests that include unit testing updates package Pull requests that update the core package labels Nov 2, 2023

Update wordlist.txt

f071711

github-actions bot added the pipeline CI/CD related label Nov 2, 2023

Adjust unit testing for US-GOV-1

b5c01f4

jshcodes requested a review from jlangdev November 2, 2023 20:10

jshcodes self-assigned this Nov 2, 2023

jlangdev approved these changes Nov 3, 2023

View reviewed changes

jshcodes merged commit d369587 into main Nov 3, 2023
32 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Version 1.3.3 - New Custom Storage, Foundry LogScale, Real Time Response Audit and Workflows service collections #1062

Version 1.3.3 - New Custom Storage, Foundry LogScale, Real Time Response Audit and Workflows service collections #1062

jshcodes commented Nov 2, 2023

Version 1.3.3 - New Custom Storage, Foundry LogScale, Real Time Response Audit and Workflows service collections #1062

Version 1.3.3 - New Custom Storage, Foundry LogScale, Real Time Response Audit and Workflows service collections #1062

Conversation

jshcodes commented Nov 2, 2023

FalconPy v1.3.3

Unit test coverage

Bandit analysis

Added features and functionality

Issues resolved